运行 greengrass 的设备从 IoT core 获取设备影子时需要的权限

【以下的问题经过翻译处理】 我正在尝试从AWS IoT 获取事物定义名为cycle_topic的影子。权限/配置让我困惑。在我看来，在ShadowManager中，我为SliceOfPi设备获取count_topic 配置了正确的权限。我相信这是一个权限问题。我的配置哪里出了问题？

以下是各组件的配置：

Configure aws.greengrass.clientdevices.mqtt.Bridge:

{
  "reset": [],
  "merge": {
    "mqttTopicMapping": {
      "HelloWorldIotCoreMapping": {
        "topic": "#",
        "source": "Pubsub",
        "target": "IotCore"
      }
    },
    "ShadowsPubsubToLocalMqtt": {
      "topic": "$aws/things/+/shadow/#",
      "source": "Pubsub",
      "target": "LocalMqtt"
    }
  }
}

Configure aws.greengrass.clientdevices.Auth:

{
  "reset": [],
  "merge": {
    "deviceGroups": {
      "formatVersion": "2021-03-05",
      "definitions": {
        "MyPermissiveDeviceGroup": {
          "selectionRule": "thingName: *",
          "policyName": "MyPermissivePolicy"
        }
      },
      "policies": {
        "MyPermissivePolicy": {
          "AllowAll": {
            "statementDescription": "Allow client devices to perform all actions.",
            "operations": [
              "*"
            ],
            "resources": [
              "*"
            ]
          }
        }
      }
    }
  }
}

aws.greengrass.ShadowManager:

{
  "reset": [],
  "merge": {
    "strategy": {
      "type": "realTime"
    },
    "synchronize": {
      "coreThing": {
        "classic": true,
        "namedShadows": [
          "count_topic"
        ]
      },
      "shadowDocuments": [
        {
          "thingName": "SliceOfPi",
          "classic": true,
          "namedShadows": [
            "count_topic"
          ]
        }
      ],
      "direction": "cloudToDevice"
    }
  }
}

我在greengrass.log中看到的错误日志：

2022-09-20T21:51:46.237Z [WARN] (Thread-4) com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler: handle-get-thing-shadow. Not authorized to get shadow. {thing name=SliceOfPi, shadow name=count_topic} com.aws.greengrass.authorization.exceptions.AuthorizationException: Principal com.xxxxxxxxxx.productivity.cycle_count is not authorized to perform aws.greengrass.ShadowManager:aws.greengrass#GetThingShadow on resource $aws/things/SliceOfPi/shadow/name/count_topic at com.aws.greengrass.authorization.AuthorizationHandler.isAuthorized(AuthorizationHandler.java:247) at com.aws.greengrass.authorization.AuthorizationHandler.isAuthorized(AuthorizationHandler.java:255) at com.aws.greengrass.shadowmanager.AuthorizationHandlerWrapper.doAuthorization(AuthorizationHandlerWrapper.java:73) at com.aws.greengrass.shadowmanager.AuthorizationHandlerWrapper.doAuthorization(AuthorizationHandlerWrapper.java:56) at com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler.lambda$handleRequest$0(GetThingShadowRequestHandler.java:87) at com.aws.greengrass.ipc.common.ExceptionUtil.translateExceptions(ExceptionUtil.java:33) at com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler.handleRequest(GetThingShadowRequestHandler.java:75) at com.aws.greengrass.shadowmanager.ipc.GetThingShadowIPCHandler.handleRequest(GetThingShadowIPCHandler.java:82) at com.aws.greengrass.shadowmanager.ipc.GetThingShadowIPCHandler.handleRequest(GetThingShadowIPCHandler.java:28) at software.amazon.awssdk.eventstreamrpc.OperationContinuationHandler.onContinuationMessage(OperationContinuationHandler.java:291) at software.amazon.awssdk.crt.eventstream.ServerConnectionContinuationHandler.onContinuationMessageShim(ServerConnectionContinuationHandler.java:53)