-
Notifications
You must be signed in to change notification settings - Fork 1
/
Fleet.ts
93 lines (89 loc) · 2.32 KB
/
Fleet.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import { aws_iam as IAM, Stack, aws_iot as IoT } from 'aws-cdk-lib'
import { StringParameter } from 'aws-cdk-lib/aws-ssm'
import { Construct } from 'constructs'
import { Scope, settingsPath } from '../../util/settings.js'
import { STACK_NAME } from '../stacks/stackConfig.js'
export class Fleet extends Construct {
public readonly template: IoT.CfnProvisioningTemplate
public constructor(parent: Construct) {
super(parent, 'fleet')
const templateNameParameter = StringParameter.fromStringParameterName(
this,
'templateNameParameter',
settingsPath({
stackName: STACK_NAME,
scope: Scope.PROVISION,
property: 'templateName',
}),
)
const role = new IAM.Role(this, 'role', {
assumedBy: new IAM.ServicePrincipal('iot.amazonaws.com'),
managedPolicies: [
IAM.ManagedPolicy.fromManagedPolicyArn(
this,
'AWSIoTThingsRegistration',
'arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration',
),
],
})
this.template = new IoT.CfnProvisioningTemplate(this, 'fleet', {
provisioningRoleArn: role.roleArn,
enabled: true,
templateName: templateNameParameter.stringValue,
templateBody: JSON.stringify({
Parameters: {
SerialNumber: {
Type: 'String',
},
'AWS::IoT::Certificate::Id': {
Type: 'String',
},
},
Resources: {
policy: {
Type: 'AWS::IoT::Policy',
Properties: {
PolicyDocument: {
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Action: ['iot:connect'],
Resource: ['*'],
},
{
Effect: 'Allow',
Action: ['iot:publish', 'iot:receive'],
Resource: [
`arn:aws:iot:${Stack.of(this).region}:${
Stack.of(this).account
}:topic/any/topic/for/device/*`,
],
},
{
Effect: 'Allow',
Action: ['iot:subscribe'],
Resource: [
`arn:aws:iot:${Stack.of(this).region}:${
Stack.of(this).account
}:topicfilter/any/topic/for/device/*`,
],
},
],
},
},
},
certificate: {
Type: 'AWS::IoT::Certificate',
Properties: {
CertificateId: {
Ref: 'AWS::IoT::Certificate::Id',
},
Status: 'Active',
},
},
},
}),
})
}
}