Skip to content

Instantly share code, notes, and snippets.

@bazwilliams
Created August 29, 2018 09:42
Show Gist options
  • Save bazwilliams/0902d51c2a94bec09ade5c6eb27070da to your computer and use it in GitHub Desktop.
Save bazwilliams/0902d51c2a94bec09ade5c6eb27070da to your computer and use it in GitHub Desktop.
Permit Owntracks and IOT button to use AWS IOT and setup a local MQTT bridge to AWS IOT
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
Gen2ButtonCertificate:
Type: String
BarryCertificate:
Type: String
MqttBridgeCertificate:
Type: String
Resources:
BarryCertificatePolicy:
Type: "AWS::IoT::Policy"
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "iot:Connect"
Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:client/barry"
- Effect: "Allow"
Action: "iot:Subscribe"
Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/owntracks/*"
- Effect: "Allow"
Action: "iot:Publish"
Resource:
- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/barry/phone"
- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/barry/phone/*"
- Effect: "Allow"
Action: "iot:Receive"
Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/barry/phone/*"
MqttBridgeCertificatePolicy:
Type: "AWS::IoT::Policy"
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "iot:Connect"
Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:client/mqtt-awsiot-bridge"
- Effect: "Allow"
Action: "iot:Subscribe"
Resource:
- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/iotbutton/*"
- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/owntracks/*"
- Effect: "Allow"
Action: "iot:Receive"
Resource:
- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/iotbutton/*"
- !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/owntracks/*"
Gen2ButtonPolicy:
Type: "AWS::IoT::Policy"
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "iot:Connect"
Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:client/G030PT029491XF1N"
- Effect: "Allow"
Action: "iot:Publish"
Resource: !Sub "arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/iotbutton/G030PT029491XF1N"
Gen2ButtonPolicyAttachment:
Type: "AWS::IoT::PolicyPrincipalAttachment"
Properties:
PolicyName: !Ref Gen2ButtonPolicy
Principal: !Ref Gen2ButtonCertificate
MqttBridgePolicyAttachment:
Type: "AWS::IoT::PolicyPrincipalAttachment"
Properties:
PolicyName: !Ref MqttBridgeCertificatePolicy
Principal: !Ref MqttBridgeCertificate
BarryPolicyAttachment:
Type: "AWS::IoT::PolicyPrincipalAttachment"
Properties:
PolicyName: !Ref BarryCertificatePolicy
Principal: !Ref BarryCertificate
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment