Can you use thing 'Attributes' in recipe access control for setting permissions


In the IoT thing policy I am able to set a policy resource to allow the action publish to a topic using the variable:


Is there a way to replicate this in the access control of a recipe? Something similar to the below.

          policyDescription: Allows access to everything
            - 'aws.greengrass#SubscribeToIoTCore'
            - 'aws.greengrass#PublishToIoTCore'
            - 'Iot/{iot:thingName}*'
            - 'Iot/{iot:Connection.Thing.Attributes[fleetOperator]}/{iot:Connection.Thing.ThingName}/*'

Additionally what would be the preferred method to access the thing attributes in a greengrass component - currently I use the aws sdk however need to set the appropriate permissions using the TES, I would prefer to use the IoT credentials if possible.

asked 10 months ago203 views
1 Answer
Accepted Answer

Unfortunately, {iot:Connection.Thing.Attributes} is not supported, just thing name

For your second question, greengrass provides the AWS_IOT_THING_NAME environment variable, But for other attributes, I believe using the sdk would be the right approach.

answered 10 months ago

