In the IoT thing policy I am able to set a policy resource to allow the action publish to a topic using the variable:
${iot:Connection.Thing.Attributes[fleetOperator]}
arn:aws:iot:ap-southeast-2:949179323480:topic/Iot/${iot:Connection.Thing.Attributes[fleetOperator]}/${iot:Connection.Thing.ThingName}/*
Is there a way to replicate this in the access control of a recipe? Something similar to the below.
aws.greengrass.ipc.mqttproxy:
'test:mqttproxy:1':
policyDescription: Allows access to everything
operations:
- 'aws.greengrass#SubscribeToIoTCore'
- 'aws.greengrass#PublishToIoTCore'
resources:
- 'Iot/{iot:thingName}*'
- 'Iot/{iot:Connection.Thing.Attributes[fleetOperator]}/{iot:Connection.Thing.ThingName}/*'
Additionally what would be the preferred method to access the thing attributes in a greengrass component - currently I use the aws sdk however need to set the appropriate permissions using the TES, I would prefer to use the IoT credentials if possible.