in source/lambda/iot-mr-jitr/lambda_function.py [0:0]
def create_iot_policy(c_iot, policy_name):
global ERRORS
policy_document = {
"Version":"2012-10-17",
"Statement":[
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:*:*:client/${iot:Connection.Thing.ThingName}"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Receive"
],
"Resource": [
"arn:aws:iot:*:*:topic/dt/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:*:*:topic/cmd/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:*:*:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:*:*:topicfilter/dt/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:*:*:topicfilter/cmd/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:*:*:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/*"
]
}
]
}
try:
logger.info('policy_name: {}'.format(policy_name))
if not policy_exists(c_iot, policy_name):
response = c_iot.create_policy(
policyName=policy_name,
policyDocument=json.dumps(policy_document)
)
logger.info("create_iot_policy: response: {}".format(response))
else:
logger.info("policy exists already: {}".format(policy_name))
except c_iot.exceptions.ResourceAlreadyExistsException:
logger.warn('policy_name {}: exists already - might have been created in a parallel thread'.format(policy_name))
except Exception as e:
logger.error("create_iot_policy: {}".format(e))
ERRORS.append("create_iot_policy: {}".format(e))