-
Notifications
You must be signed in to change notification settings - Fork 633
/
aws_iot_policy_example_shadow.json
41 lines (41 loc) · 2.14 KB
/
aws_iot_policy_example_shadow.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:Connect",
"Resource": "arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:client/${iot:Connection.Thing.ThingName}"
},
{
"Effect": "Allow",
"Action": "iot:Subscribe",
"Resource": [
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/accepted",
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/rejected",
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/delta",
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/delete/accepted",
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/delete/rejected"
]
},
{
"Effect": "Allow",
"Action": "iot:Receive",
"Resource": [
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/accepted",
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/rejected",
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/delta",
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/delete/accepted",
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/delete/rejected"
]
},
{
"Effect": "Allow",
"Action": "iot:Publish",
"Resource": [
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update",
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/delete",
"arn:aws:iot:[AWS_REGION]:[AWS_ACCOUNT_ID]:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/get"
]
}
]
}