Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

An error occurred (InvalidRequestException) when calling the CreateProvisioningTemplate operation: Access denied during validating provisioning hook, Hook: arn:aws:lambda:ap-southeast-2::f

0

I am trying to create a provisioning template with a hook lambda for greengras v2. and it show this error

here is the command i used:

aws iot create-provisioning-template \
  --template-name GreengrassFleetProvisioningTemplate \
  --description "A provisioning template for Greengrass core devices." \
  --provisioning-role-arn "arn:aws:iam:::role/GreengrassFleetProvisioningRole" \
  --template-body file://greengrass-fleet-provisioning-template.json \
  --pre-provisioning-hook targetArn=arn:aws:lambda:::function:preprovisioning \
  --enabled

and here is the error:

An error occurred (InvalidRequestException) when calling the CreateProvisioningTemplate operation: Access denied during validating provisioning hook, Hook: arn:aws:lambda:ap-southeast-2::function:preprovisioning

i tried to add "lambda:*" to GreengrassFleetProvisioningRole, and i am sure my aws account has all permissions required to do this. Where should i look into to fix this error

Thanks for your time.

Themen
Internet der Dinge (IoT)
Tags
AWS IoT GreengrassAWS IoT Core
Sprache
English
AWS-User-6797102
gefragt vor 2 Jahren1399 Aufrufe
2 Antworten
1
Akzeptierte Antwort

I think the IAM role of your pre-provisioning hook Lambda may be missing a permission. IoT needs permission to invoke the function.

Some good information here in this workshop: https://iot-device-management.workshop.aws/en/provisioning-options/fleet-provisioning.html#optional-pre-provisioning-hook

At this step:

aws lambda add-permission --statement-id $(date '+%Y%m%d%H%M%S') \
	--principal iot.amazonaws.com \
	--action lambda:InvokeFunction \
	--function-name [YOUR_LAMBDA_FUNCTION_NAME]
profile pictureAWS
EXPERTE
Greg_B
beantwortet vor 2 Jahren
  • AWS-User-6797102
    vor 2 Jahren

    I added that permission in the lambda execution role instead

0

this is for serverless

functions:
  preprovisioning:
    name: preprovisioning
    handler: functions/preprovisioning.lambda_handler
    timeout: 100
resources:
  Resources:
    PermissionToCallHookLambda:
      Type: "AWS::Lambda::Permission"
      Properties: 
        Action: lambda:InvokeFunction
        FunctionName: preprovisioning
        Principal: "iot.amazonaws.com"
AWS-User-6797102
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt