![](/img/trans.png)
[英]AWS Greengrass V2 Node Publishing problem with aws-iot-sdk-v2 JS
[英]AWS Greengrass V2 Fleet Provisioning thing policy problem
我目前想要設置 GreengrassV2 隊列配置(在所需端口打開的 EC2 實例上)。 我已經構建了證書並配置了事物/核心設備。
我想讓這個生產就緒,所以我使用了最小的 greengrass 核心物聯網策略: https://docs.aws.amazon.com/greengrass/v2/developerguide/device-auth.html#greengrass-core-minimal-iot -政策
這是我的政策:
{
"Statement": [
{
"Action": [
"iot:Publish",
"iot:Subscribe",
"iot:Receive",
"iot:Connect"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:eu-central-1:123123123123:topic/data/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:eu-central-1:123123123123:topic/cmd/${iot:Connection.Thing.ThingName}/*"
]
},
{
"Action": [
"iot:Connect"
],
"Effect": "Allow",
"Resource": "arn:aws:iot:eu-central-1:123123123123:client/${iot:Connection.Thing.ThingName}*"
},
{
"Action": [
"iot:Subscribe"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:eu-central-1:123123123123:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}*/jobs/*",
"arn:aws:iot:eu-central-1:123123123123:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}*/shadow/*",
]
},
{
"Action": [
"iot:Receive",
"iot:Publish"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:eu-central-1:123123123123:topic/$aws/things/${iot:Connection.Thing.ThingName}*/greengrass/health/json",
"arn:aws:iot:eu-central-1:123123123123:topic/$aws/things/${iot:Connection.Thing.ThingName}*/greengrassv2/health/json",
"arn:aws:iot:eu-central-1:123123123123:topic/$aws/things/${iot:Connection.Thing.ThingName}*/jobs/*",
"arn:aws:iot:eu-central-1:123123123123:topic/$aws/things/${iot:Connection.Thing.ThingName}*/shadow/*"
]
},
{
"Action": [
"greengrass:ResolveComponentCandidates",
"greengrass:Get*",
"greengrass:List*",
"greengrass:Describe*",
"greengrass:Resolve*",
"greengrass:PutCertificateAuthorities"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iot:AssumeRoleWithCertificate",
"Effect": "Allow",
"Resource": "arn:aws:iot:eu-central-1:123123123123:rolealias/TerraformGreengrassCoreTokenExchangeRoleAlias"
}
],
"Version": "2012-10-17"
}
問題是我無法獲得事物組的部署。 greengrass 核心設備總是斷開連接日志消息:
[...]
2023-01-05T08:58:18.602Z [DEBUG] (pool-2-thread-37) com.aws.greengrass.mqttclient.AwsIotMqttClient: Subscribing to topic. {clientId=TestCustomerCoreDevice, qos=AT_LEAST_ONCE, topic=$aws/things/TestCustomerCoreDevice/jobs/12312397-1d2d-1d2d-1d2d-01de629ddcf2/namespace-aws-gg-deployment/update/rejected}
com.aws.greengrass.mqtt.bridge.clients.MQTTClient: Unable to connect. Will be retried after 120 seconds
[...]
如果我現在允許訂閱資源:
“arn:aws:iot:eu-central-1:123123123123:*”
它有效 - 但這不是我想要的生產。 我認為這與 topicfilter/$aws 資源有關,但我無法弄清楚問題是什么。
之后我還可以訂閱主題 data/TestCustomerCoreDevice/test
有人知道如何解決這個問題嗎?
提前致謝!
我清理了一些你的政策,因為它有點重復信息:
{
"Statement": [
{
"Action": [
"iot:Connect"
],
"Effect": "Allow",
"Resource": "arn:aws:iot:eu-central-1:123123123123:client/${iot:Connection.Thing.ThingName}"
},
{
"Action": [
"iot:Subscribe"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:eu-central-1:123123123123:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*",
"arn:aws:iot:eu-central-1:123123123123:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/*"
]
},
{
"Action": [
"iot:Receive",
"iot:Publish"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:eu-central-1:123123123123:topic/$aws/things/${iot:Connection.Thing.ThingName}/greengrass/health/json",
"arn:aws:iot:eu-central-1:123123123123:topic/$aws/things/${iot:Connection.Thing.ThingName}/greengrassv2/health/json",
"arn:aws:iot:eu-central-1:123123123123:topic/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*",
"arn:aws:iot:eu-central-1:123123123123:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/*",
"arn:aws:iot:eu-central-1:123123123123:topic/data/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:eu-central-1:123123123123:topic/cmd/${iot:Connection.Thing.ThingName}/*"
]
},
{
"Action": [
"greengrass:ResolveComponentCandidates",
"greengrass:Get*",
"greengrass:List*",
"greengrass:Describe*",
"greengrass:Resolve*",
"greengrass:PutCertificateAuthorities"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iot:AssumeRoleWithCertificate",
"Effect": "Allow",
"Resource": "arn:aws:iot:eu-central-1:123123123123:rolealias/TerraformGreengrassCoreTokenExchangeRoleAlias"
}
],
"Version": "2012-10-17"
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.