in src/integ_test_resources/ios/sdk/integration/cdk/cdk_integration_tests_ios/iot_stack.py [0:0]
def setup_test_policies(self, common_stack):
cert_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["iot:AttachPrincipalPolicy"],
resources=[f"arn:aws:iot:{self.region}:{self.account}:cert/*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=cert_policy)
client_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["iot:Connect"],
resources=[f"arn:aws:iot:{self.region}:{self.account}:client*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=client_policy)
thing_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["iot:DeleteThingShadow", "iot:GetThingShadow", "iot:UpdateThingShadow"],
resources=[f"arn:aws:iot:{self.region}:{self.account}:thing*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=thing_policy)
topic_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["iot:Publish", "iot:Receive"],
resources=[f"arn:aws:iot:{self.region}:{self.account}:topic*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=topic_policy)
topicfilter_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["iot:Subscribe"],
resources=[f"arn:aws:iot:{self.region}:{self.account}:topicfilter*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=topicfilter_policy)
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["iot:CreateCertificateFromCsr"],
resources=["*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=all_resources_policy)