Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

"Getting started with AWS IoT Core" Shadow Python scripts get connection exception

0

Using "Getting started with AWS IoT Core" to generate Python scripts. The basicPubSub.py sample script works fine. The Shadow examples, basicShadowDetailListener.py, basicShadowUpdater.py and ThingShadowEcho.py all get connection timeout exception when run.

2022-04-03 13:08:49,371 - AWSIoTPythonSDK.core.protocol.mqtt_core - ERROR - Connect timed out Traceback (most recent call last): File "/home/pi/connect_device_package/aws-iot-device-sdk-python/samples/basicShadow/basicShadowDeltaListener.py", line 110, in <module> myAWSIoTMQTTShadowClient.connect() File "/usr/local/lib/python3.9/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 1278, in connect return self._AWSIoTMQTTClient.connect(keepAliveIntervalSecond) File "/usr/local/lib/python3.9/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 520, in connect return self._mqtt_core.connect(keepAliveIntervalSecond) File "/usr/local/lib/python3.9/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 199, in connect raise connectTimeoutException() AWSIoTPythonSDK.exception.AWSIoTExceptions.connectTimeoutException

The IoT client and Shadow client appear to have the same connection configuration parameters

AWSIoTMQTTShadowClient configuration

myAWSIoTMQTTShadowClient.configureAutoReconnectBackoffTime(1, 32, 20) myAWSIoTMQTTShadowClient.configureConnectDisconnectTimeout(10) # 10 sec myAWSIoTMQTTShadowClient.configureMQTTOperationTimeout(5) # 5 sec

AWSIoTMQTTClient connection configuration

myAWSIoTMQTTClient.configureAutoReconnectBackoffTime(1, 32, 20) myAWSIoTMQTTClient.configureOfflinePublishQueueing(-1) # Infinite offline Publish queueing myAWSIoTMQTTClient.configureDrainingFrequency(2) # Draining: 2 Hz myAWSIoTMQTTClient.configureConnectDisconnectTimeout(10) # 10 sec myAWSIoTMQTTClient.configureMQTTOperationTimeout(5) # 5 sec

  • AWS-User-5524412
    vor 2 Jahren

    Running basicPubSub.py results in a 'connack'. Running basicShadowDeltaListener.py results in a 'disconnect' with the same parameters used.

    2022-04-06 08:00:49,884 - AWSIoTPythonSDK.core.protocol.internal.workers - DEBUG - Produced [connack] event

    2022-04-06 08:02:12,820 - AWSIoTPythonSDK.core.protocol.internal.workers - DEBUG - Produced [disconnect] event

Themen
Internet der Dinge (IoT)
Tags
AWS IoT Core
Sprache
English
AWS-User-5524412
gefragt vor 2 Jahren643 Aufrufe
1 Antwort
0

Hi,

the IoT policy that is created by the "getting started" guide in the IoT Core console does not have permissions to interact with the shadow.

  1. The shadow delta listener uses by default the client id basicShadowDeltaListener which is not allowed in the policy.
  2. The policy does not include permissions to interact with the device shadow topics

For me the following modified policy works with the basicShadowDeltaListener in case you use repost as thing name and client id:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Receive",
        "iot:RetainPublish"
      ],
      "Resource": [
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:topic/sdk/test/java",
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:topic/sdk/test/Python",
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:topic/topic_1",
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:topic/topic_2",
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:topic/$aws/things/repost/shadow/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": [
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:topicfilter/sdk/test/java",
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:topicfilter/sdk/test/Python",
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:topicfilter/topic_1",
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:topicfilter/topic_2",
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:topicfilter/$aws/things/repost/shadow/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": [
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:client/sdk-java",
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:client/basicPubSub",
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:client/repost",
        "arn:aws:iot:REPLACE_WITH_YOUR_AWS_REGION:REPLACE_WITH_YOUR_AWS_ACCOUNT_NUMBER:client/sdk-nodejs-*"
      ]
    }
  ]
}

You can find more information about IoT Policies in the developer guide.

KR, Philipp

AWS
EXPERTE
Philipp S
beantwortet vor 2 Jahren
  • AWS-User-5524412
    vor 2 Jahren

    Thanks for your response. After applying the policy changes mentioned, the connection issue still persists.

  • Philipp S EXPERTE
    vor 2 Jahren

    Did you use "repost" for thing name and client id? If not you need to modify the policy accordingly. You can also take a look at CloudWatch logs (insights) to find connection errors.

  • AWS-User-5524412
    vor 2 Jahren

    Changed the "repost" to the name of my Thing

  • AWS-User-5524412
    vor 2 Jahren

    Publishing the get topic to the shadow from the MQTT Test Client returns get/accepted

    $aws/things/GatewayPi4/shadow/get/accepted April 06, 2022, 12:16:07 (UTC-0700) { "state": {}, "metadata": {}, "version": 3, "timestamp": 1649272567 } $aws/things/GatewayPi4/shadow/get April 06, 2022, 12:16:07 (UTC-0700) { "message": "Hello from AWS IoT console" }

  • AWS-User-5524412
    vor 2 Jahren

    publishing to the reserved shadow topics works, but subscribing to reserved topics fails.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt