I am installing Greengrass V2 on core devices, following the steps in https://docs.aws.amazon.com/greengrass/v2/developerguide/getting-started.html, heading 'Install the AWS IoT Greengrass Core software (CLI)' for Linux.
The role alias, and iot core policy is clear enough - I can see how they are created. The installation script also creates another policy, which seems to be callled 'GreengrassTESCertificatePolicy{nameOfRoleAlias}'.
For example, if I install device 1 with a role alias of 'Foo' and device 2 with a role alias of 'Bar', the installation scripts above will lead to the creation of policies 'GreengrassTESCertificatePolicyFoo' and 'GreengrassTESCertificatePolicyBar', respectively.
My questions:
- Is there a way to specify the name of that policy in the install script, to allow devices to use that upon install instead of creating another ?
- Is it possible to add that permission to the standard GreengrassV2IoTThingPolicy, and omit a second policy that serves just one purpose ?
