in api/infrastructure/stacks/chaliceapp.py [0:0]
def _create_credential_provider_role(self):
"""
Create Credentials Provider Role
:return:
credentials provider role object
"""
credential_provider_role = Role(
self,
"AWSIoTCredentialProviderRole",
assumed_by=ServicePrincipal("credentials.iot.amazonaws.com"),
)
# Add API Gateway execute-api permissions
rest_api_id = self.chalice.get_resource("RestAPI")
credential_provider_role.add_to_policy(PolicyStatement(
resources=["arn:aws:execute-api:*:*:{0}/api/*/*".format(rest_api_id.ref)],
actions=["execute-api:Invoke"]
))
# Add S3 bucket upload permissions to specific key for thing
credential_provider_role.add_to_policy(PolicyStatement(
resources=[self.s3_upload_bucket.bucket_arn + "/${credentials-iot:ThingName}/*"],
actions=["s3:PutObject", "s3:GetObject"]
))
return credential_provider_role