bazwilliams/iot.yaml

## iot.yaml
AWSTemplateFormatVersion: "2010-09-09"

Parameters:
  Gen2ButtonCertificate:
    Type: String
  BarryCertificate:
    Type: String
  MqttBridgeCertificate:
    Type: String

Resources:
  BarryCertificatePolicy:
    Type: "AWS::IoT::Policy"
    Properties:
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: "Allow"
          Action: "iot:Connect"
          Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:client/barry"
        - Effect: "Allow"
          Action: "iot:Subscribe"
          Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/owntracks/*"
        - Effect: "Allow"
          Action: "iot:Publish"
          Resource:
          - !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/barry/phone"
          - !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/barry/phone/*"
        - Effect: "Allow"
          Action: "iot:Receive"
          Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/barry/phone/*"

  MqttBridgeCertificatePolicy:
    Type: "AWS::IoT::Policy"
    Properties:
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: "Allow"
          Action: "iot:Connect"
          Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:client/mqtt-awsiot-bridge"
        - Effect: "Allow"
          Action: "iot:Subscribe"
          Resource:
          - !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/iotbutton/*"
          - !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/owntracks/*"
        - Effect: "Allow"
          Action: "iot:Receive"
          Resource:
          - !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/iotbutton/*"
          - !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/*"

  Gen2ButtonPolicy:
    Type: "AWS::IoT::Policy"
    Properties:
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: "Allow"
          Action: "iot:Connect"
          Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:client/G030PT029491XF1N"
        - Effect: "Allow"
          Action: "iot:Publish"
          Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/iotbutton/G030PT029491XF1N"

  Gen2ButtonPolicyAttachment:
    Type: "AWS::IoT::PolicyPrincipalAttachment"
    Properties:
      PolicyName: !Ref Gen2ButtonPolicy
      Principal: !Ref Gen2ButtonCertificate

  MqttBridgePolicyAttachment:
    Type: "AWS::IoT::PolicyPrincipalAttachment"
    Properties:
      PolicyName: !Ref MqttBridgeCertificatePolicy
      Principal: !Ref MqttBridgeCertificate

  BarryPolicyAttachment:
    Type: "AWS::IoT::PolicyPrincipalAttachment"
    Properties:
      PolicyName: !Ref BarryCertificatePolicy
      Principal: !Ref BarryCertificate
	AWSTemplateFormatVersion: "2010-09-09"

	Parameters:
	Gen2ButtonCertificate:
	Type: String
	BarryCertificate:
	Type: String
	MqttBridgeCertificate:
	Type: String

	Resources:
	BarryCertificatePolicy:
	Type: "AWS::IoT::Policy"
	Properties:
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: "Allow"
	Action: "iot:Connect"
	Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:client/barry"
	- Effect: "Allow"
	Action: "iot:Subscribe"
	Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/owntracks/*"
	- Effect: "Allow"
	Action: "iot:Publish"
	Resource:
	- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/barry/phone"
	- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/barry/phone/*"
	- Effect: "Allow"
	Action: "iot:Receive"
	Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/barry/phone/*"

	MqttBridgeCertificatePolicy:
	Type: "AWS::IoT::Policy"
	Properties:
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: "Allow"
	Action: "iot:Connect"
	Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:client/mqtt-awsiot-bridge"
	- Effect: "Allow"
	Action: "iot:Subscribe"
	Resource:
	- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/iotbutton/*"
	- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/owntracks/*"
	- Effect: "Allow"
	Action: "iot:Receive"
	Resource:
	- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/iotbutton/*"
	- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/*"

	Gen2ButtonPolicy:
	Type: "AWS::IoT::Policy"
	Properties:
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: "Allow"
	Action: "iot:Connect"
	Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:client/G030PT029491XF1N"
	- Effect: "Allow"
	Action: "iot:Publish"
	Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/iotbutton/G030PT029491XF1N"

	Gen2ButtonPolicyAttachment:
	Type: "AWS::IoT::PolicyPrincipalAttachment"
	Properties:
	PolicyName: !Ref Gen2ButtonPolicy
	Principal: !Ref Gen2ButtonCertificate

	MqttBridgePolicyAttachment:
	Type: "AWS::IoT::PolicyPrincipalAttachment"
	Properties:
	PolicyName: !Ref MqttBridgeCertificatePolicy
	Principal: !Ref MqttBridgeCertificate

	BarryPolicyAttachment:
	Type: "AWS::IoT::PolicyPrincipalAttachment"
	Properties:
	PolicyName: !Ref BarryCertificatePolicy
	Principal: !Ref BarryCertificate