in gg_group_setup/cmd.py [0:0]
def get_core_policy(self, core_name, account_id=None, region=None):
if region is None:
region = self._region
arn = self._most_restrictive_arn(account_id, region)
core_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Subscribe",
"iot:Connect",
"iot:Receive",
"iot:GetThingShadow",
"iot:DeleteThingShadow",
"iot:UpdateThingShadow"
],
"Resource": ["*"]
},
{
"Effect": "Allow",
"Action": [
"greengrass:AssumeRoleForGroup",
"greengrass:CreateCertificate",
"greengrass:GetConnectivityInfo",
"greengrass:GetDeployment",
"greengrass:GetDeploymentArtifacts",
"greengrass:UpdateConnectivityInfo",
"greengrass:UpdateCoreDeploymentStatus"
],
"Resource": ["*"]
}
]
}
return json.dumps(core_policy)