Skip to content

Commit 211f6fa

Browse files
author
Frank
committed
Realtime: grant iot permissions when linked
1 parent 210c68a commit 211f6fa

File tree

2 files changed

+12
-3
lines changed

2 files changed

+12
-3
lines changed

examples/aws-realtime/sst.config.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ export default $config({
4141
SST_TOPIC: topic,
4242
},
4343
url: true,
44+
link: [realtime],
4445
});
4546

4647
return {

platform/src/components/aws/realtime.ts

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import { Function, FunctionArgs, FunctionArn } from "./function";
66
import { hashStringToPrettyString, logicalName } from "../naming";
77
import { RealtimeLambdaSubscriber } from "./realtime-lambda-subscriber";
88
import { iot, lambda } from "@pulumi/aws";
9+
import { permission } from "./permission";
910

1011
export interface RealtimeArgs {
1112
/**
@@ -175,9 +176,10 @@ export class Realtime extends Component implements Link.Linkable {
175176
createPermission();
176177

177178
this.constructorOpts = opts;
178-
this.iotEndpoint = iot.getEndpointOutput({
179-
endpointType: "iot:Data-ATS",
180-
}, { parent }).endpointAddress;
179+
this.iotEndpoint = iot.getEndpointOutput(
180+
{ endpointType: "iot:Data-ATS" },
181+
{ parent },
182+
).endpointAddress;
181183
this.constructorName = name;
182184
this.authHadler = authHadler;
183185
this.iotAuthorizer = iotAuthorizer;
@@ -328,6 +330,12 @@ export class Realtime extends Component implements Link.Linkable {
328330
endpoint: this.endpoint,
329331
authorizer: this.authorizer,
330332
},
333+
include: [
334+
permission({
335+
actions: ["iot:Publish"],
336+
resources: ["*"],
337+
}),
338+
],
331339
};
332340
}
333341
}

0 commit comments

Comments
 (0)