def create_and_attach_thing_policy(self): if self.config['core']['thing_name'] is '<device_thing_name>': raise ValueError("Config file values seem to be mis-configured.") # Create and attach to the principal/certificate the minimal action # privileges Thing policy that allows publish and subscribe thing_policy = { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "iot:*", "greengrass:*" # "iot:Connect", # "iot:Publish", # "iot:Receive", # "iot:Subscribe" ], "Resource": [ # "arn:aws:iot:{0}:*:*".format(region) "*" ] }] } iot = Session(region_name=self.region).client('iot') policy_name = '{0}-{1}'.format(self.type_name, self.config['core']['thing_name']) policy = json.dumps(thing_policy) logging.debug( "[create_and_attach_thing_policy] policy:{0}".format(policy)) try: p = iot.create_policy(policyName=policy_name, policyDocument=policy) logging.debug( "[create_and_attach_thing_policy] Created Policy: {0}".format( p['policyName'])) cert_arn = self.config['core']['cert_arn'] iot.attach_principal_policy(policyName=policy_name, principal=cert_arn) logging.debug( "[create_and_attach_thing_policy] Attached {0} to {1}".format( policy_name, cert_arn)) return p['policyName'], p['policyArn'] except ClientError as ce: if ce.response['Error'][ 'Code'] == 'ResourceAlreadyExistsException': logging.warning("[create_and_attach_thing_policy] {0}".format( ce.response['Error']['Message']))