in infra/stack/iot/thing-monitor-stack.ts [73:110]
private createIotRule(ruleName: string, topic: string, table: ddb.Table) {
const sql = `SELECT * FROM '$aws/events/thing/+/${topic}'`;
// const sql = `SELECT * FROM '$aws/events/thing/#'`;
const role = new iam.Role(this, `${ruleName}Role`, {
roleName: `${this.projectPrefix}-${ruleName}Role`,
assumedBy: new iam.ServicePrincipal('iot.amazonaws.com'),
});
role.addToPolicy(
new iam.PolicyStatement({
resources: [table.tableArn],
actions: [
"dynamodb:BatchGetItem",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:Query",
"dynamodb:GetItem",
"dynamodb:Scan",
"dynamodb:ConditionCheckItem",
"dynamodb:BatchWriteItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem"
]
})
);
new iot.CfnTopicRule(this, ruleName, {
ruleName: `${this.projectPrefix.toLowerCase().replace('-', '_')}_${ruleName}`,
topicRulePayload: {
ruleDisabled: false,
sql: sql,
awsIotSqlVersion: '2016-03-23',
actions: [{ dynamoDBv2: { putItem: { tableName: table.tableName }, roleArn: role.roleArn } }]
}
});
}