optimize topicRepublishing

.projenrc.js

@@ -24,6 +24,12 @@ const project = new awscdk.AwsCdkConstructLibrary({
   // description: undefined,  /* The description is just a string that helps people understand the purpose of the package. */
   // devDeps: [],             /* Build dependencies for this module. */
   // packageName: undefined,  /* The "name" in package.json. */
+
+
+/*   publishToPypi: {
+    distName: 'cdk-iot-wireless',
+    module: 'cdk-iot-wireless',
+  }, */
 });
 
 project.synth();

API.md

@@ -502,11 +502,11 @@ public readonly republishTopic: string;
 ```
 
 - *Type:* string
-- *Default:* '${topic()}'
+- *Default:* 'republish/${topic()}'
 
 Republish topic.
 
-The encoded message will be republished to this MQTT topic prefixed by 'public/'
+The encoded message will be republished to this MQTT topic. For a correct permission granting, please make sure that the first level does not contain a Substitution Template.
 
 ---
 

README.md

@@ -35,7 +35,7 @@ The Dragino sensor transmits an encoded payload. To decode it we use a IoT topic
 
 ```typescript
 const rule = new LHT65PayloadDecoderRule(this, "decoder", {
-  republishTopic: "${topic()}",
+  republishTopic: "republish/${topic()}",
 });
 
 new CfnOutput(this, "ruleName", {
@@ -44,4 +44,4 @@ new CfnOutput(this, "ruleName", {
 ```
 
 - `republishTopic`  
-  The message will be republished to the provided topic. For permission reasons, the provided topic will be automatically prefixed by the value `public/`. (E.g. `mytopic` will end up being `public/mytopic`). [Substitution Templates](https://docs.aws.amazon.com/iot/latest/developerguide/iot-substitution-templates.html) are allowed.
+  The message will be republished to the provided topic. For permission reasons, do not use [Substitution Templates](https://docs.aws.amazon.com/iot/latest/developerguide/iot-substitution-templates.html) on the first level. Otherwise permissions will not be set correctly.

src/dragino.ts

@@ -15,9 +15,9 @@ export interface ILHT65PayloadDecoderRuleProps {
   /**
    * Republish topic
    *
-   * The encoded message will be republished to this MQTT topic prefixed by 'public/'
+   * The encoded message will be republished to this MQTT topic. For a correct permission granting, please make sure that the first level does not contain a Substitution Template.
    *
-   * @default '${topic()}'
+   * @default 'republish/${topic()}'
    */
   readonly republishTopic?: string;
 }
@@ -50,6 +50,10 @@ export class LHT65PayloadDecoderRule extends Construct {
     /* grant the iot rule to invoke the lambda */
     decoderLambda.grantInvoke(new ServicePrincipal('iot.amazonaws.com'));
 
+    /* set default topic if necessary */
+    const rpTopic = props.republishTopic ? props.republishTopic : 'republish/${topic()}';
+
+
     /* create an IAM role that allows the IoT rule to republish to a topic */
     const iotTopicPublishRole = new Role(this, 'iotPublishToTopic', {
       assumedBy: new ServicePrincipal('iot.amazonaws.com'),
@@ -62,8 +66,8 @@ export class LHT65PayloadDecoderRule extends Construct {
                 effect: Effect.ALLOW,
                 actions: ['iot:Publish'],
                 resources: [
-                  `arn:aws:iot:${stack.region}:${stack.account}:topic/public/*`,
-                  `arn:aws:iot:${stack.region}:${stack.account}:topic/downlink/*`,
+                  `arn:aws:iot:${stack.region}:${stack.account}:topic/${rpTopic.split('/')[0]}/*`,
+                  //`arn:aws:iot:${stack.region}:${stack.account}:topic/downlink/*`,
                 ],
               }),
             ],
@@ -81,7 +85,7 @@ export class LHT65PayloadDecoderRule extends Construct {
         actions: [
           {
             republish: {
-              topic: 'public/' + (props.republishTopic ? props.republishTopic : '${topic()}'),
+              topic: rpTopic,
               roleArn: iotTopicPublishRole.roleArn,
             },
           },