From 817296528fe93f8d795ae7b70f907a55e1fb67cb Mon Sep 17 00:00:00 2001
From: Alfred Gedeon <alfred2g@hotmail.com>
Date: Thu, 24 Aug 2023 15:09:49 -0700
Subject: [PATCH] Doc: add new policy to cognito sample Readme

---
 samples/node/cognito_connect/README.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/samples/node/cognito_connect/README.md b/samples/node/cognito_connect/README.md
index 9aadc629..4ef9398b 100644
--- a/samples/node/cognito_connect/README.md
+++ b/samples/node/cognito_connect/README.md
@@ -38,6 +38,27 @@ Note that in a real application, you may want to avoid the use of wildcards in y
 ## How to run
 
 To run this sample, you need to have a Cognito identifier ID. You can get a Cognito identifier ID by creating a Cognito identity pool. For creating Cognito identity pools, please see the following page on the AWS documentation: [Tutorial: Creating an identity pool](https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-create-identity-pool.html)
+You should also add _iot:Connect_ permission to the role added to congnito  or the default role created automatically when creating the new identity (or create a
+<details>
+<summary> (see sample policy)</summary>
+<pre>
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "cognito-identity:GetCredentialsForIdentity",
+        "iot:Connect"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+</pre>
+</details>
 
 **Note:** This sample assumes using an identity pool with unauthenticated identity access for the sake of convenience. Please follow best practices in a real world application based on the needs of your application and the intended use case.