in infra/stack/iot/thing-installer-stack.ts [75:102]
private createThingInstallerProvisionPolicy(): iam.PolicyStatement {
const statement = {
"Effect": "Allow",
"Action": [
"iot:AddThingToThingGroup",
"iot:AttachPolicy",
"iot:AttachThingPrincipal",
"iot:CreateKeysAndCertificate",
"iot:CreatePolicy",
"iot:CreateRoleAlias",
"iot:CreateThing",
"iot:DescribeEndpoint",
"iot:DescribeRoleAlias",
"iot:DescribeThingGroup",
"iot:GetPolicy",
"iam:GetRole",
"iam:CreateRole",
"iam:PassRole",
"iam:CreatePolicy",
"iam:AttachRolePolicy",
"iam:GetPolicy",
"sts:GetCallerIdentity"
],
"Resource": "*"
};
return iam.PolicyStatement.fromJson(statement);
}