AWS IoT for Web Clients
I have used AWS IoT for an IoT project previously. I thought many of the constructs required for that would apply to the web. After doing some more research, I may be wrong about that.
The main area I found confusing is Authenticating web users. It is not well explained in the documentation.
To authenticate with the AWS IoT service requires the use of IAM. I suspect you could use STS to get credentials for an IAM via AssumeRoleWithWebIdentity. Access could be controlled through the IAM policy on the role and an IAM policy for the user. Signed requests could then be made directly to AWS IoT.
Rather than this, it would be easier to use existing tokens with a custom authorizer. When making a connection, you should be able to pass a token in the query string. It should then be possible to use a Lambda function to grant / deny access to topics.
This is one of my weaker wish list items. I probably just haven’t given using the IoT service for web a good chance yet.
Thanks for commenting on this and making me think.