AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

How to fix `Authorization Failure` error when installing Greengrass Core software on edge device?

0

So I am using fleet provisioning to provision devices from as described in the fleet tempalte. That did work a few times and when today I tried to do it again, I get the following error in Cloud Watch logs:

{
    "timestamp": "2021-12-21 20:59:22.486",
    "logLevel": "ERROR",
    "traceId": "0cdb55f5-2d44-7057-e224-a28735791",
    "accountId": "accound_id",
    "status": "Failure",
    "eventType": "Connect",
    "protocol": "MQTT",
    "clientId": "b99f2af6-4195-4145-86c4-",
    "principalId": "d4ef80aa40cbed0388db1b682198e9879fd009b8f89cf2037a9853fe",
    "sourceIp": "80.57.107.22",
    "sourcePort": 52891,
    "reason": "AUTHORIZATION_FAILURE",
    "details": "Authorization Failure"
}

I have not changed anything from what have worked yesterday.

This is the logs from the edge device:

2021-12-21T20:59:21.997Z [WARN] (main) com.aws.greengrass.deployment.DeviceConfiguration: Error looking up AWS region. {}
software.amazon.awssdk.core.exception.SdkClientException: Unable to load region from any of the providers in the chain software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain@c05fddc: [software.amazon.awssdk.regions.providers.SystemSettingsRegionProvider@5e2c3d18: Unable to load region from system settings. Region must be specified either via environment variable (AWS_REGION) or  system property (aws.region)., software.amazon.awssdk.regions.providers.AwsProfileRegionProvider@6440112d: No region provided in profile: default, software.amazon.awssdk.regions.providers.InstanceProfileRegionProvider@7e990ed7: Unable to contact EC2 metadata service.]

As far as I can see I have my region properly defined and if it was not defined well, it should have given me this exception the first time which it did not since it worked before.

This is my IoT Policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Subscribe",
        "iot:Receive",
        "iot:Connect",
        "greengrass:*"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:AssumeRoleWithCertificate",
      "Resource": "arn:aws:iot:region:accoun_id:rolealias/GGCV2TokenExchangeRoleAlias"
    }
  ]
}

Fleet Provisioning Template:

{
  "Parameters": {
    "ThingName": {
      "Type": "String"
    },
    "ThingGroupName": {
      "Type": "String"
    },
    "AWS::IoT::Certificate::Id": {
      "Type": "String"
    }
  },
  "Resources": {
    "certificate": {
      "Properties": {
        "CertificateId": {
          "Ref": "AWS::IoT::Certificate::Id"
        },
        "Status": "Active"
      },
      "Type": "AWS::IoT::Certificate"
    },
    "policy": {
      "Properties": {
        "PolicyName": "GGCV2IoTThingPolicy"
      },
      "Type": "AWS::IoT::Policy"
    },
    "thing": {
      "OverrideSettings": {
        "AttributePayload": "MERGE",
        "ThingGroups": "DO_NOTHING",
        "ThingTypeName": "REPLACE"
      },
      "Properties": {
        "AttributePayload": {},
        "ThingGroups": [],
        "ThingName": {
          "Fn::Join": [
            "",
            [
              "Prefix_",
              {
                "Ref": "ThingName"
              }
            ]
          ]
        }
      },
      "Type": "AWS::IoT::Thing"
    }
  }
}

Greengrass Config file:

services:
  aws.greengrass.Nucleus:
    version: "2.5.2"
  aws.greengrass.FleetProvisioningByClaim:
    configuration:
      rootPath: /greengrass/v2
      awsRegion: "region"
      iotDataEndpoint: "endpoint"
      iotCredentialEndpoint: "credentialsPoint"
      iotRoleAlias: "GGCV2TokenExchangeRoleAlias"
      provisioningTemplate: "GGCV2FleetProvisioning"
      claimCertificatePath: "/greengrass/v2/claim-certs/claim.pem.crt"
      claimCertificatePrivateKeyPath: "/greengrass/v2/claim-certs/claim.private.pem.key"
      rootCaPath: "/greengrass/v2/AmazonRootCA1.pem"
      templateParameters:
        ThingName: "MyGreengrassCore"
        ThingGroupName: "MyGreengrassCoreGroup"
주제
사물 인터넷(IoT)
태그
AWS IoT Greengrass사물 인터넷(IoT)
언어
English
AWS-User-2130413
질문됨 2년 전818회 조회
1개 답변
0

2021-12-22T17:55:52.354Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: DockerApplicationManagerService. {} 2021-12-22T17:55:52.354Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: DeploymentService. {} 2021-12-22T17:55:52.355Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: UpdateSystemPolicyService. {} 2021-12-22T17:55:52.356Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: FleetStatusService. {} 2021-12-22T17:55:52.356Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: TelemetryAgent. {} 2021-12-22T17:55:52.357Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: TokenExchangeService. {} 2021-12-22T17:55:52.387Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: DockerApplicationManagerService. {} 2021-12-22T17:55:52.387Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: DeploymentService. {} 2021-12-22T17:55:52.387Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: UpdateSystemPolicyService. {} 2021-12-22T17:55:52.387Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: FleetStatusService. {} 2021-12-22T17:55:52.388Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: TelemetryAgent. {} 2021-12-22T17:55:52.388Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Found Plugin: TokenExchangeService. {} 2021-12-22T17:55:52.388Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: serviceImplementors: {UpdateSystemPolicyService:class com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService...}. {} 2021-12-22T17:55:52.390Z [INFO] (main) com.aws.greengrass.lifecyclemanager.Kernel: Attempt to load service from plugins. {serviceName=aws.greengrass.Nucleus} 2021-12-22T17:55:52.392Z [INFO] (pool-2-thread-2) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Running provisioning plugin: aws.greengrass.FleetProvisioningByClaim. {} 2021-12-22T17:55:52.407Z [INFO] (main) com.aws.greengrass.lifecyclemanager.Kernel: Attempt to load service from plugins. {serviceName=main} 2021-12-22T17:55:52.412Z [INFO] (main) com.aws.greengrass.lifecyclemanager.Kernel: Attempt to load service from plugins. {serviceName=DeploymentService} 2021-12-22T17:55:52.750Z [ERROR] (pool-2-thread-2) com.aws.greengrass.FutureExceptionHandler: [Ljava.lang.String;@6fd122d2. {} java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: The connection was closed unexpectedly. at java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:357) at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1928) at com.aws.greengrass.FutureExceptionHandler.getFutureAfterCompletion(FutureExceptionHandler.java:56) at com.aws.greengrass.FutureExceptionHandler.getFutureAfterCompletion(FutureExceptionHandler.java:39) at com.aws.greengrass.FleetProvisioningByClaimPlugin.updateIdentityConfiguration(FleetProvisioningByClaimPlugin.java:139) at com.aws.greengrass.lifecyclemanager.KernelLifecycle.lambda$executeProvisioningPlugin$1(KernelLifecycle.java:189) at com.aws.greengrass.util.RetryUtils.runWithRetry(RetryUtils.java:50) at com.aws.greengrass.lifecyclemanager.KernelLifecycle.lambda$executeProvisioningPlugin$2(KernelLifecycle.java:188) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: software.amazon.awssdk.crt.mqtt.MqttException: The connection was closed unexpectedly. at software.amazon.awssdk.crt.mqtt.MqttClientConnection.onConnectionComplete(MqttClientConnection.java:139)

2021-12-22T17:55:52.751Z [ERROR] (pool-2-thread-2) com.aws.greengrass.lifecyclemanager.KernelLifecycle: Caught exception while running provisioning plugin. Moving on to run Greengrass without provisioning. {} java.lang.RuntimeException: software.amazon.awssdk.crt.mqtt.MqttException: The connection was closed unexpectedly. at com.aws.greengrass.FutureExceptionHandler.getFutureAfterCompletion(FutureExceptionHandler.java:69) at com.aws.greengrass.FutureExceptionHandler.getFutureAfterCompletion(FutureExceptionHandler.java:39) at com.aws.greengrass.FleetProvisioningByClaimPlugin.updateIdentityConfiguration(FleetProvisioningByClaimPlugin.java:139) at com.aws.greengrass.lifecyclemanager.KernelLifecycle.lambda$executeProvisioningPlugin$1(KernelLifecycle.java:189) at com.aws.greengrass.util.RetryUtils.runWithRetry(RetryUtils.java:50) at com.aws.greengrass.lifecyclemanager.KernelLifecycle.lambda$executeProvisioningPlugin$2(KernelLifecycle.java:188) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: software.amazon.awssdk.crt.mqtt.MqttException: The connection was closed unexpectedly. at software.amazon.awssdk.crt.mqtt.MqttClientConnection.onConnectionComplete(MqttClientConnection.java:139)

2021-12-22T17:55:52.911Z [WARN] (main) com.aws.greengrass.deployment.IotJobsHelper: Device not configured to talk to AWS Iot cloud. IOT job deployment is offline. {errorMessage=[thingName cannot be empty, certificateFilePath cannot be empty, privateKeyPath cannot be empty, rootCaPath cannot be empty, iotDataEndpoint cannot be empty, iotCredEndpoint cannot be empty]} 2021-12-22T17:55:52.918Z [WARN] (main) com.aws.greengrass.deployment.ShadowDeploymentListener: Device not configured to talk to AWS Iot cloud. Single device deployment is offline. {} 2021-12-22T17:55:52.919Z [INFO] (main) com.aws.greengrass.lifecyclemanager.Kernel: Attempt to load service from plugins. {serviceName=UpdateSystemPolicyService} 2021-12-22T17:55:52.920Z [INFO] (main) com.aws.greengrass.lifecyclemanager.Kernel: Attempt to load service from plugins. {serviceName=TelemetryAgent} 2021-12-22T17:55:53.002Z [INFO] (main) com.aws.greengrass.lifecyclemanager.Kernel: effective-config-dump-complete. {file=/greengrass/v6/config/effectiveConfig.yaml} 2021-12-22T17:55:53.002Z [INFO] (main) com.aws.greengrass.lifecyclemanager.KernelLifecycle: system-start. {main=services.main:NEW} 2021-12-22T17:55:53.005Z [INFO] (UpdateSystemPolicyService-lifecycle) com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService: service-set-state. {serviceName=UpdateSystemPolicyService, currentState=NEW, newState=INSTALLED} 2021-12-22T17:55:53.006Z [INFO] (UpdateSystemPolicyService-lifecycle) com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService: service-set-state. {serviceName=UpdateSystemPolicyService, currentState=INSTALLED, newState=STARTING} 2021-12-22T17:55:53.007Z [INFO] (UpdateSystemPolicyService-lifecycle) com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService: service-set-state. {serviceName=UpdateSystemPolicyService, currentState=STARTING, newState=RUNNING}

AWS-User-2130413
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠