Simplified Permission Management for AWS IoT
AWS IoT now supports Simplified Permission Management. This feature allows you to easily manage permission policies for a large number of devices by using variables that reference the Device Registry or X.509 certificate properties. The integration of Device Registry and Certificate properties with device policies offers the following benefits:
1. You can now reference Registry properties in device permission policies.
Referencing device properties defined in the Device Registry allows your policies to reflect any changes made in the Device Registry. For example, referencing the Thing Attribute “building-address” as a variable in the policy, devices will automatically inherit a new set of permissions when they move buildings.
2. You can share a single generic policy for multiple devices.
A generic policy can be shared among the same category of devices instead of creating a unique policy per device. For example, a policy that references the “serial-number” as a variable, can be attached to all the devices of the same model. When devices of the same model connect, policy variables will be automatically substituted by their serial-number.
To learn more about the use cases and guidelines on how to implement policy variables, please refer to the AWS IoT Documentation.