Realtime: grant iot permissions when linked

Author: Frank

examples/aws-realtime/sst.config.ts

@@ -41,6 +41,7 @@ export default $config({
         SST_TOPIC: topic,
       },
       url: true,
+      link: [realtime],
     });
 
     return {

platform/src/components/aws/realtime.ts

@@ -6,6 +6,7 @@ import { Function, FunctionArgs, FunctionArn } from "./function";
 import { hashStringToPrettyString, logicalName } from "../naming";
 import { RealtimeLambdaSubscriber } from "./realtime-lambda-subscriber";
 import { iot, lambda } from "@pulumi/aws";
+import { permission } from "./permission";
 
 export interface RealtimeArgs {
   /**
@@ -175,9 +176,10 @@ export class Realtime extends Component implements Link.Linkable {
     createPermission();
 
     this.constructorOpts = opts;
-    this.iotEndpoint = iot.getEndpointOutput({
-      endpointType: "iot:Data-ATS",
-    }, { parent }).endpointAddress;
+    this.iotEndpoint = iot.getEndpointOutput(
+      { endpointType: "iot:Data-ATS" },
+      { parent },
+    ).endpointAddress;
     this.constructorName = name;
     this.authHadler = authHadler;
     this.iotAuthorizer = iotAuthorizer;
@@ -328,6 +330,12 @@ export class Realtime extends Component implements Link.Linkable {
         endpoint: this.endpoint,
         authorizer: this.authorizer,
       },
+      include: [
+        permission({
+          actions: ["iot:Publish"],
+          resources: ["*"],
+        }),
+      ],
     };
   }
 }