Is there a way to authorize GGv2 core devices to interact with AWS services at the Thing Group level ?
I understand how attaching policies to the GreengrassV2TokenExchangeRole enables code running on your GG core devices to access AWS services by using the device cert to obtain temporary credentials. The token exchange role is associated with the device in that case. Is there a way to do something similar at the group level so that putting a device in a thing group would give it permission to access particular AWS services and resources ?
I'm sorry to say that no, there is no way to assign a role for Greengrass to use at a Thing Group level. The individual things will all need their own permission to assume the role. The permission to assume the role could be stored in one IoT Policy which is then attached to each Thing's certificate; that way at least you don't need to duplicate policies.
Thank you. I guess one could emulate this by having one token exchange role per group and specifying the "group role" during the device install.
Yes, if you have thing groups with unique access requirements, then you can have different roles for each. Note that you are limited to 100 IoT Role Aliases per region, so you can only do that with 100 groups.
Is there a way to authorize GGv2 core devices to interact with AWS services at the Thing Group level ?Accepted Answerwilliamrmayasked 2 days ago
Attaching custom image to user (not domain) in SageMaker StudioAccepted AnswerMODERATORAWS-User-0771205asked a year ago
IoT Core OTA Job FAILED retry techniquesAccepted AnswerGameTech Matasked a year ago
AWS IoT and Micro Servicesyarchasked 2 years ago
Trigger cloud lambda with MQTT messagetgonzaleasked 2 years ago
Match randomly generated clientId to thing-namemathiswiasked 2 years ago
Is there an easy way to make changes when simulation is running?mustafadurmusasked 2 years ago
How to do logarithm y-axis? Using countOver()?rmeehanasked 2 years ago
Definition: Greengrass Core vs Greengrass Group?Accepted AnswerEXPERTOlivier_CRasked a year ago
How to retreive GreengrassV2 Core Device's AWS IoT Thing nameAccepted Answertraviprossasked a year ago