AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

An error occurred (InvalidRequestException) when calling the CreateProvisioningTemplate operation: Access denied during validating provisioning hook, Hook: arn:aws:lambda:ap-southeast-2::f

0

I am trying to create a provisioning template with a hook lambda for greengras v2. and it show this error

here is the command i used:

aws iot create-provisioning-template \
  --template-name GreengrassFleetProvisioningTemplate \
  --description "A provisioning template for Greengrass core devices." \
  --provisioning-role-arn "arn:aws:iam:::role/GreengrassFleetProvisioningRole" \
  --template-body file://greengrass-fleet-provisioning-template.json \
  --pre-provisioning-hook targetArn=arn:aws:lambda:::function:preprovisioning \
  --enabled

and here is the error:

An error occurred (InvalidRequestException) when calling the CreateProvisioningTemplate operation: Access denied during validating provisioning hook, Hook: arn:aws:lambda:ap-southeast-2::function:preprovisioning

i tried to add "lambda:*" to GreengrassFleetProvisioningRole, and i am sure my aws account has all permissions required to do this. Where should i look into to fix this error

Thanks for your time.

주제
사물 인터넷(IoT)
태그
AWS IoT GreengrassAWS IoT Core
언어
English
AWS-User-6797102
질문됨 2년 전1399회 조회
2개 답변
1
수락된 답변

I think the IAM role of your pre-provisioning hook Lambda may be missing a permission. IoT needs permission to invoke the function.

Some good information here in this workshop: https://iot-device-management.workshop.aws/en/provisioning-options/fleet-provisioning.html#optional-pre-provisioning-hook

At this step:

aws lambda add-permission --statement-id $(date '+%Y%m%d%H%M%S') \
	--principal iot.amazonaws.com \
	--action lambda:InvokeFunction \
	--function-name [YOUR_LAMBDA_FUNCTION_NAME]
profile pictureAWS
전문가
Greg_B
답변함 2년 전
  • AWS-User-6797102
    2년 전

    I added that permission in the lambda execution role instead

0

this is for serverless

functions:
  preprovisioning:
    name: preprovisioning
    handler: functions/preprovisioning.lambda_handler
    timeout: 100
resources:
  Resources:
    PermissionToCallHookLambda:
      Type: "AWS::Lambda::Permission"
      Properties: 
        Action: lambda:InvokeFunction
        FunctionName: preprovisioning
        Principal: "iot.amazonaws.com"
AWS-User-6797102
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠