I was indeed suggesting (incorrectly) that IAM users can either publish/subscribe to either any topic or no topic — I was under that impression because I was unable to find any IAM policies in the documentation giving a resource specification for topics (the documentation exists, but it is unhelpfully under the section for IoT-internal policies). If that was true, the lack of scope-down would mean you couldn’t restrict per-topic. However, since I was wrong, that isn’t a problem! Thanks for the detailed explanation of scope-down policies (AWS should take the cue and expand their documentation).

Cloud Robotics Research Scientist at @iRobot

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store