Can anyone help me out with the idt error problem 'the Greengrass deployment is COMPLETED on the device after 180 seconds'

0

it has been weeks already stiil cannot find the correct result

I also have tried with the command which recommend --timeout-multiplier 5

but did not work out what I have done is under the link https://repost.aws/questions/QUfFmnIZhqQTa2qcwMpale-A/nucleus-idt-4-7-0-for-greengrass-v2-cloudcomponent-test-failed-failed-at-the-greengrass-deployment-is-completed-on-the-device-after-180-seconds

here is my user credential

hope someone can help me out with the mass GreengrassV2IoTThingPolicy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "passRoleForResources",
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:PassedToService": [
                        "iot.amazonaws.com",
                        "lambda.amazonaws.com",
                        "greengrass.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Sid": "lambdaResources",
            "Effect": "Allow",
            "Action": [
                "lambda:CreateFunction",
                "lambda:PublishVersion",
                "lambda:DeleteFunction",
                "lambda:GetFunction"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "iotResources",
            "Effect": "Allow",
            "Action": [
                "iot:CreateThing",
                "iot:DeleteThing",
                "iot:DescribeThing",
                "iot:CreateThingGroup",
                "iot:DeleteThingGroup",
                "iot:DescribeThingGroup",
                "iot:AddThingToThingGroup",
                "iot:RemoveThingFromThingGroup",
                "iot:AttachThingPrincipal",
                "iot:DetachThingPrincipal",
                "iot:UpdateCertificate",
                "iot:DeleteCertificate",
                "iot:CreatePolicy",
                "iot:AttachPolicy",
                "iot:DetachPolicy",
                "iot:DeletePolicy",
                "iot:GetPolicy",
                "iot:Publish",
                "iot:TagResource",
                "iot:ListThingPrincipals",
                "iot:ListAttachedPolicies",
                "iot:ListTargetsForPolicy",
                "iot:ListThingGroupsForThing",
                "iot:ListThingsInThingGroup",
                "iot:CreateJob",
                "iot:DescribeJob",
                "iot:DescribeJobExecution",
                "iot:CancelJob",
                "iot:DescribeCertificate",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:DescribeLogStreams",
                "iot:Connect",
                "iot:Publish",
                "iot:Subscribe",
                "iot:Receive",
                "iot:ListThingPrincipals",
                "iot:GetThingShadow",
                "iot:UpdateThingShadow",
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:PutObject",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "s3Resources",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObjectVersion",
                "s3:DeleteObject",
                "s3:CreateBucket",
                "s3:ListBucket",
                "s3:ListBucketVersions",
                "s3:DeleteBucket",
                "s3:PutObjectTagging",
                "s3:PutBucketTagging"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "roleAliasResources",
            "Effect": "Allow",
            "Action": [
                "iot:CreateRoleAlias",
                "iot:DescribeRoleAlias",
                "iot:DeleteRoleAlias",
                "iot:TagResource",
                "iam:GetRole"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "idtExecuteAndCollectMetrics",
            "Effect": "Allow",
            "Action": [
                "iot-device-tester:SendMetrics",
                "iot-device-tester:SupportedVersion",
                "iot-device-tester:LatestIdt",
                "iot-device-tester:CheckVersion",
                "iot-device-tester:DownloadTestSuite"
            ],
            "Resource": "*"
        },
        {
            "Sid": "genericResources",
            "Effect": "Allow",
            "Action": [
                "greengrass:*",
                "iot:GetThingShadow",
                "iot:UpdateThingShadow",
                "iot:ListThings",
                "iot:DescribeEndpoint",
                "iot:CreateKeysAndCertificate"
            ],
            "Resource": "*"
        },
        {
            "Sid": "iamResourcesUpdate",
            "Effect": "Allow",
            "Action": [
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:CreatePolicy",
                "iam:DeletePolicy",
                "iam:AttachRolePolicy",
                "iam:DetachRolePolicy",
                "iam:TagRole",
                "iam:TagPolicy",
                "iam:GetPolicy",
                "iam:ListAttachedRolePolicies",
                "iam:ListEntitiesForPolicy"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}


my GreengrassV2TokenExchangeRole role credential

GreengrassV2TokenExchangeRoleAccess

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iot:DescribeCertificate",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:DescribeLogStreams",
                "iot:Connect",
                "iot:Publish",
                "iot:Subscribe",
                "iot:Receive",
                "iot:ListThingPrincipals",
                "iot:GetThingShadow",
                "iot:UpdateThingShadow",
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:PutObject",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": "*"
        }
    ]
}

IAM role must be configured with the following minimum trust policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "lambda.amazonaws.com",
                    "sagemaker.amazonaws.com",
                    "credentials.iot.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
1回答
1
承認された回答

the iam credential dones the job

GreengrassV2IoTThingPolicy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "passRoleForResources",
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:PassedToService": [
                        "iot.amazonaws.com",
                        "lambda.amazonaws.com",
                        "greengrass.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Sid": "lambdaResources",
            "Effect": "Allow",
            "Action": [
                "lambda:CreateFunction",
                "lambda:PublishVersion",
                "lambda:DeleteFunction",
                "execute-api:Invoke",
                "lambda:GetFunction"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "iotResources",
            "Effect": "Allow",
            "Action": [
                "iot:CreateThing",
                "iot:DeleteThing",
                "iot:DescribeThing",
                "iot:CreateThingGroup",
                "iot:DeleteThingGroup",
                "iot:DescribeThingGroup",
                "iot:AddThingToThingGroup",
                "iot:RemoveThingFromThingGroup",
                "iot:AttachThingPrincipal",
                "iot:DetachThingPrincipal",
                "iot:UpdateCertificate",
                "iot:DeleteCertificate",
                "iot:CreatePolicy",
                "iot:AttachPolicy",
                "iot:DetachPolicy",
                "iot:DeletePolicy",
                "iot:GetPolicy",
                "iot:Publish",
                "iot:TagResource",
                "iot:ListThingPrincipals",
                "iot:ListAttachedPolicies",
                "iot:ListTargetsForPolicy",
                "iot:ListThingGroupsForThing",
                "iot:ListThingsInThingGroup",
                "iot:CreateJob",
                "iot:DescribeJob",
                "iot:DescribeJobExecution",
                "iot:DeleteJob",
                "iot:CancelJob",
                "iot:DescribeCertificate",
                "iot:DescribeEndpoint",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:DescribeLogStreams",
                "iot:Connect",
                "iot:Publish",
                "iot:Subscribe",
                "iot:Receive",
                "iot:ListThingPrincipals",
                "iot:GetThingShadow",
                "iot:UpdateThingShadow",
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:PutObject",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "s3Resources",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObjectVersion",
                "s3:DeleteObject",
                "s3:CreateBucket",
                "s3:ListBucket",
                "s3:ListBucketVersions",
                "s3:DeleteBucket",
                "s3:PutObjectTagging",
                "s3:PutBucketTagging"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "roleAliasResources",
            "Effect": "Allow",
            "Action": [
                "iot:CreateRoleAlias",
                "iot:DescribeRoleAlias",
                "iot:DeleteRoleAlias",
                "iot:TagResource",
                "iam:GetRole"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "idtExecuteAndCollectMetrics",
            "Effect": "Allow",
            "Action": [
                "iot-device-tester:SendMetrics",
                "iot-device-tester:SupportedVersion",
                "iot-device-tester:LatestIdt",
                "iot-device-tester:CheckVersion",
                "iot-device-tester:DownloadTestSuite"
            ],
            "Resource": "*"
        },
        {
            "Sid": "genericResources",
            "Effect": "Allow",
            "Action": [
                "greengrass:*",
                "iot:GetThingShadow",
                "iot:UpdateThingShadow",
                "iot:ListThings",
                "iot:DescribeEndpoint",
                "iot:CreateKeysAndCertificate",
                "iot:CreateCertificateFromCsr"
            ],
            "Resource": "*"
        },
        {
            "Sid": "iamResourcesUpdate",
            "Effect": "Allow",
            "Action": [
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:CreatePolicy",
                "iam:DeletePolicy",
                "iam:AttachRolePolicy",
                "iam:DetachRolePolicy",
                "iam:TagRole",
                "iam:TagPolicy",
                "iam:GetPolicy",
                "iam:ListAttachedRolePolicies",
                "iam:ListEntitiesForPolicy"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}
loordb
回答済み 1年前
profile picture
エキスパート
レビュー済み 4ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ