in gg_group_setup/group.py [0:0]
def create_and_attach_thing_policy(self):
if self.config['core']['thing_name'] is '<device_thing_name>':
raise ValueError("Config file values seem to be mis-configured.")
# Create and attach to the principal/certificate the minimal action
# privileges Thing policy that allows publish and subscribe
thing_policy = {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"iot:*",
"greengrass:*"
# "iot:Connect",
# "iot:Publish",
# "iot:Receive",
# "iot:Subscribe"
],
"Resource": [
# "arn:aws:iot:{0}:*:*".format(region)
"*"
]
}]
}
iot = Session(region_name=self.region).client('iot')
policy_name = '{0}-{1}'.format(self.type_name,
self.config['core']['thing_name'])
policy = json.dumps(thing_policy)
logging.debug(
"[create_and_attach_thing_policy] policy:{0}".format(policy))
try:
p = iot.create_policy(
policyName=policy_name,
policyDocument=policy
)
logging.debug(
"[create_and_attach_thing_policy] Created Policy: {0}".format(
p['policyName']))
cert_arn = self.config['core']['cert_arn']
iot.attach_principal_policy(policyName=policy_name,
principal=cert_arn)
logging.debug(
"[create_and_attach_thing_policy] Attached {0} to {1}".format(
policy_name, cert_arn))
return p['policyName'], p['policyArn']
except ClientError as ce:
if ce.response['Error']['Code'] == 'ResourceAlreadyExistsException':
logging.warning(
"[create_and_attach_thing_policy] {0}".format(
ce.response['Error']['Message']))