Hello AWS Community,
I'm currently working on a project where I need to use an AWS IoT rule to republish messages to a thing shadow in a different AWS account. My main question is regarding the feasibility and correct implementation of such a setup.
Here's what I'm trying to accomplish:
Source Account: I have an AWS IoT rule that triggers on receiving certain messages.
Target Account: This account owns the thing shadow that I want to update.
Objective: The goal is to have the IoT rule in the source account republish messages directly to the thing shadow in the target account.
The challenge I'm facing involves setting up cross-account permissions correctly, particularly around assuming a role in the target account that has the necessary permissions to update the thing shadow.
Here are my specific questions:
Is it possible for an AWS IoT rule to assume a role in another AWS account as part of its action (specifically the Republish action)?
If so, what would be the recommended approach to set up the necessary IAM roles and permissions in both the source and target accounts?
Are there any specific configurations or considerations to keep in mind when setting up the IoT rule and the IAM roles for this cross-account communication?
Any insights, experiences, or guidance on this would be greatly appreciated. If anyone has implemented a similar setup or can point me towards relevant documentation or examples, it would be incredibly helpful.
Thank you in advance for your assistance!