Publishing to AWS IOT MQTT from a Lambda function - connection timeout

0

Hi

I have a Lambda function that is invoked via MQTT messages coming from AWS IOT message routing. The Lambda function then checks an MSSQL database, and decides what to do next. This bit works.

Depending on the result of the database query, my Lambda function may choose to publish an MQTT message back to AWS IOT. This works when I test locally on my development machine and using the "Mock Lambda Test tool". However, when I publish the Lambda function and try it out, the published Lambda function times out at the point of trying to connect to the MQTT client (time out is 30 seconds).

  1. I'm using NET Core 6, C#, and MQTTnet.
  2. I have configured a VPC endpoint, and made sure the security groups and subnets match the Lambda function.
  3. I have a policy on my Lambda function role as below:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Connect" ], "Resource": "*" } ] }

I've now run out of ideas , so any help appreciated.

Thanks

David

질문됨 일 년 전1109회 조회
3개 답변
1
수락된 답변

Gavin_A. Much appreciated. Your suggested link fixed the problem.

For anyone else - the answer is here:

https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

답변함 일 년 전
profile picture
전문가
검토됨 2달 전
0

Hi Greg - thank for getting back to me . I've changed my code to use "AmazonIotDataClient.PublishAsync" as you suggested, and that seems like the sensible thing to do.

Unfortunately, I still have the same fundamental problem. Everything works well when I run locally with the "Mock Lambda Test Tool", but my call to publishAsync “times out” on my Lambda function when I try and run the deployed lambda function. (After about 30 seconds, so plenty long enough to publish).

Out of desperation I've changed my policy to the below, and that didn't help. I've guessing that for some reason there is no IP connectivity between my Lambda function and my MQTT url, but fiddling around with vpc's and endpoints hasn't got me any further.

Policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:", "Resource": "" } ] }

Any ideas ?

Thanks

David

답변함 일 년 전
  • Hi David, is your Lambda within a VPC? If so, you can either provide it Internet access or create an IoT VPC endpoint within the VPC.

0

Hi David. I recommend you that do not try to connect to the IoT Core broker from your lambda using an MQTT client. Instead, you can use the Publish HTTPS API of the IoT data plane: https://docs.aws.amazon.com/iot/latest/apireference/API_iotdata_Publish.html . This is the most common way of publishing from a Lambda. Our .Net SDK supports this operation: https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/IotData/MIotDataPublishAsyncPublishRequestCancellationToken.html.

As HTTP doesn't require a connection to the broker before publishing, you can then delete the iot:Connect action from the Lambda's policy.

profile pictureAWS
전문가
Greg_B
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인