-
Notifications
You must be signed in to change notification settings - Fork 0
/
iot.tf
72 lines (62 loc) · 1.68 KB
/
iot.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
data "aws_iot_endpoint" "iot" {
endpoint_type = "iot:Data-ATS"
}
resource "aws_iot_thing" "iot_thing" {
count = length(var.things)
name = var.things[count.index]
}
resource "aws_iot_certificate" "iot_certificate" {
count = length(var.things)
active = true
}
resource "aws_iot_thing_principal_attachment" "iot_thing_attachment" {
count = length(var.things)
principal = aws_iot_certificate.iot_certificate[count.index].arn
thing = aws_iot_thing.iot_thing[count.index].name
}
resource "aws_iot_policy" "iot_policy" {
name = "iot-policy"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"iot:*",
]
Effect = "Allow"
Resource = "*"
},
]
})
}
resource "aws_iam_policy" "iot_shadow_iam_policy" {
name = "iot-shadow-policy"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"iot:GetThingShadow",
"iot:UpdateThingShadow"
]
Effect = "Allow"
Resource = aws_iot_thing.iot_thing.*.arn
},
]
})
}
resource "aws_iot_policy_attachment" "iot_policy_attachment" {
count = length(var.things)
policy = aws_iot_policy.iot_policy.name
target = aws_iot_certificate.iot_certificate[count.index].arn
}
resource "aws_iot_topic_rule" "delta_iot_topic_rule" {
name = "iot_delta_rule"
description = "Shadow Delta rule"
enabled = true
sql = "SELECT state.reported as state, topic(3) as thing_id FROM '$aws/things/+/shadow/update/accepted' WHERE NOT isUndefined(state.reported)"
sql_version = "2016-03-23"
lambda {
function_arn = aws_lambda_function.iot_gh_state.arn
}
}