AWS Java IOT get policy by policy variable

0
votes

I have created a policy by using AWSIotClient.createPolicy() and one variable containing the client ID in my policy looks like:

{ "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": "arn:aws:iot:us-east-1:095750864911:client/ClientId" }

Now my scenario like in another request, I would like to find the policies belongs to this client ID and deactivate if any exist.

How I can do this by using AWS Java IOT? Is there any way to find a policy by its variables?

1
aws-iotaws-java-sdk

1 Answers

0
votes

There are multiple ways of retrieving Aws IOT policy information and find out if they are attached to targets (principals / certificates). I'm using the CLI here but all of these calls are available in the AWS IOT service SDKs for Java.

List policies attached to a certificate

I assume you have 1 policy per certificate. If you have the certificate ARN, you can lookup the policy attached to this certificate using the list-attached-policies call.

aws iot list-attached-policies --target arn:aws:iot:eu-central-1:xxxx:cert/xxxx {
    "policies": [
        {
            "policyName": "Policy_Thing1", 
            "policyArn": "arn:aws:iot:eu-central-1:xxx:policy/Policy_Thing1"
        }
    ] }

Then you retrieve the details of the policy using the get-policy call 

aws iot get-policy --policy-name "Policy_Thing1"
{
    "policyName": "Policy_Thing1", 
    "policyArn": "arn:aws:iot:eu-central-1:xxx:policy/Policy_Thing", 
    "policyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"iot:Connect\"],\"Resource\":\"arn:aws:iot:eu-central-1:xxxx:client/Thing2\"},{\"Effect\":\"Allow\",\"Action\":[\"iot:Publish\",\"iot:Receive\"],\"Resource\":\"arn:aws:iot:eu-central-1:xxxx:topic/testing123/Thing2/*\"},{\"Effect\":\"Allow\",\"Action\":[\"iot:Subscribe\"],\"Resource\":\"arn:aws:iot:eu-central-1:xxxx:topicfilter/testing123/Thing2/*\"}]}", 
    "defaultVersionId": "1"
}

List all policies

If your policies aren't attached to a certificate yet, you can list all policies and filter them in memory to search for your particular policy.

aws iot list-policies
{
    "policies": [
        {
            "policyName": "Policy_thing3", 
            "policyArn": "arn:aws:iot:eu-central-1:xxxx:policy/Policy_thing1"
        }, 
        {
            "policyName": "Policy_Thing1", 
            "policyArn": "arn:aws:iot:eu-central-1:xxxx:policy/Policy_Thing1"
        }
    ]
}

To find out if the policy is attached to a target, execute the list-targets-for-policy call :

aws iot list-targets-for-policy --policy-name "Policy_Thing2"
{
    "targets": [
        "arn:aws:iot:eu-central-1:xxxx:cert/xxxxx"
    ]
}