Doc: Update Cognito sample Readme to add permissions

aws · Aug 24, 2023 · 429ec3f · 429ec3f
1 parent d50afe5
commit 429ec3f
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/samples/mqtt/cognito_connect/README.md b/samples/mqtt/cognito_connect/README.md
@@ -38,6 +38,27 @@ Note that in a real application, you may want to avoid the use of wildcards in y
 ## How to run
 
 To run this sample, you need to have a Cognito identifier ID. You can get a Cognito identifier ID by creating a Cognito identity pool. For creating Cognito identity pools, please see the following page on the AWS documentation: [Tutorial: Creating an identity pool](https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-create-identity-pool.html)
+You should also add _iot:Connect_ permission to the role added to congnito  or the default role created automatically when creating the new identity (or create a new policy attached to the new role).
+<details>
+<summary> (see sample policy)</summary>
+<pre>
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cognito-identity:GetCredentialsForIdentity",
+                "iot:Connect"
+            ],
+            "Resource": [
+                "*"
+            ]
+        }
+    ]
+}
+</pre>
+</details>
 
 **Note:** This sample assumes using an identity pool with unauthenticated identity access for the sake of convenience. Please follow best practices in a real world application based on the needs of your application and the intended use case.