Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

An error occurred (InvalidRequestException) when calling the CreateProvisioningTemplate operation: Access denied during validating provisioning hook, Hook: arn:aws:lambda:ap-southeast-2::f

0

I am trying to create a provisioning template with a hook lambda for greengras v2. and it show this error

here is the command i used:

aws iot create-provisioning-template \
  --template-name GreengrassFleetProvisioningTemplate \
  --description "A provisioning template for Greengrass core devices." \
  --provisioning-role-arn "arn:aws:iam:::role/GreengrassFleetProvisioningRole" \
  --template-body file://greengrass-fleet-provisioning-template.json \
  --pre-provisioning-hook targetArn=arn:aws:lambda:::function:preprovisioning \
  --enabled

and here is the error:

An error occurred (InvalidRequestException) when calling the CreateProvisioningTemplate operation: Access denied during validating provisioning hook, Hook: arn:aws:lambda:ap-southeast-2::function:preprovisioning

i tried to add "lambda:*" to GreengrassFleetProvisioningRole, and i am sure my aws account has all permissions required to do this. Where should i look into to fix this error

Thanks for your time.

Tópicos
Internet das Coisas (IoT)
Tags
AWS IoT GreengrassAWS IoT Core
Idioma
English
AWS-User-6797102
feita há 2 anos1399 visualizações
2 Respostas
1
Resposta aceita

I think the IAM role of your pre-provisioning hook Lambda may be missing a permission. IoT needs permission to invoke the function.

Some good information here in this workshop: https://iot-device-management.workshop.aws/en/provisioning-options/fleet-provisioning.html#optional-pre-provisioning-hook

At this step:

aws lambda add-permission --statement-id $(date '+%Y%m%d%H%M%S') \
	--principal iot.amazonaws.com \
	--action lambda:InvokeFunction \
	--function-name [YOUR_LAMBDA_FUNCTION_NAME]
profile pictureAWS
ESPECIALISTA
Greg_B
respondido há 2 anos
  • AWS-User-6797102
    há 2 anos

    I added that permission in the lambda execution role instead

0

this is for serverless

functions:
  preprovisioning:
    name: preprovisioning
    handler: functions/preprovisioning.lambda_handler
    timeout: 100
resources:
  Resources:
    PermissionToCallHookLambda:
      Type: "AWS::Lambda::Permission"
      Properties: 
        Action: lambda:InvokeFunction
        FunctionName: preprovisioning
        Principal: "iot.amazonaws.com"
AWS-User-6797102
respondido há 2 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante