ResourceNotFoundError: No shadow found.

0

We've successfully migrated a long running lambda from Greengrass V1 to V2 and although things appear to work as expected for a while we eventually encounter the following exception:

lambda logs:

Caused by: software.amazon.awssdk.aws.greengrass.model.ResourceNotFoundError: No shadow found. {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at jdk.internal.reflect.GeneratedConstructorAccessor20.newInstance(Unknown Source). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at com.google.gson.internal.ConstructorConstructor$2.construct(ConstructorConstructor.java:91). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:162). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at software.amazon.awssdk.eventstreamrpc.EventStreamRPCServiceModel$EventStreamPostFromJsonTypeAdapter.read(EventStreamRPCServiceModel.java:112). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at software.amazon.awssdk.eventstreamrpc.EventStreamRPCServiceModel$EventStreamPostFromJsonTypeAdapter.read(EventStreamRPCServiceModel.java:86). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at com.google.gson.Gson.fromJson(Gson.java:795). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at com.google.gson.Gson.fromJson(Gson.java:761). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at com.google.gson.Gson.fromJson(Gson.java:710). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at com.google.gson.Gson.fromJson(Gson.java:682). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at software.amazon.awssdk.eventstreamrpc.EventStreamRPCServiceModel.fromJson(EventStreamRPCServiceModel.java:361). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at software.amazon.awssdk.eventstreamrpc.EventStreamRPCClient$1.onContinuationMessage(EventStreamRPCClient.java:109). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}
        at software.amazon.awssdk.crt.eventstream.ClientConnectionContinuationHandler.onContinuationMessageShim(ClientConnectionContinuationHandler.java:41). {serviceInstance=0, serviceName=com.redbite.GreengrassZebraRfidAgent, currentState=RUNNING}

and respectively greengrass.log

2025-01-30T15:48:21.844Z [WARN] (AwsEventLoop 1) com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler: handle-get-thing-shadow. Shadow does not exist. {thing name=TestDeployment, shadow name=}
software.amazon.awssdk.aws.greengrass.model.ResourceNotFoundError: No shadow found
	at com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler.lambda$handleRequest$0(GetThingShadowRequestHandler.java:92)
	at com.aws.greengrass.ipc.common.ExceptionUtil.translateExceptions(ExceptionUtil.java:33)
	at com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler.handleRequest(GetThingShadowRequestHandler.java:75)
	at com.aws.greengrass.shadowmanager.ipc.GetThingShadowIPCHandler.handleRequest(GetThingShadowIPCHandler.java:82)
	at com.aws.greengrass.shadowmanager.ipc.GetThingShadowIPCHandler.handleRequest(GetThingShadowIPCHandler.java:28)
	at software.amazon.awssdk.eventstreamrpc.OperationContinuationHandler.onContinuationMessage(OperationContinuationHandler.java:291)
	at software.amazon.awssdk.crt.eventstream.ServerConnectionContinuationHandler.onContinuationMessageShim(ServerConnectionContinuationHandler.java:53)

I suspected a permission issues but can't seem to find anything wrong:

The IoT Thing certificate policy includes:

    {
      "Effect": "Allow",
      "Action": [
        "iot:GetThingShadow",
        "iot:UpdateThingShadow"
      ],
      "Resource": [
        "arn:aws:iot:*:<account-id>:thing/${iot:Connection.Thing.ThingName}/shadow/*",
        "arn:aws:iot:*:<account-id>:thing/${iot:Connection.Thing.ThingName}/shadow"
      ]
    }

while the merge config for the lambda includes

      "aws.greengrass.ShadowManager": {
        "com.redbite.RfidMiddleware:shadow:1": {
          "policyDescription": "Allows access to shadows",
          "operations": [
            "aws.greengrass#GetThingShadow",
            "aws.greengrass#UpdateThingShadow"
          ],
          "resources": [
            "$aws/things/{iot:thingName}/shadow",
            "$aws/things/{iot:thingName}/shadow/*"
          ]
        }
      }

For the reference, the kotlin code fetching the shadow is:

            val getThingShadowRequest = GetThingShadowRequest().withThingName(Properties.AWS_IOT_THING_NAME()).withShadowName("")
            val result = ipcClient.getThingShadow(getThingShadowRequest)

Please advise!

asked 2 days ago21 views
2 Answers
1

I'm not sure it explains the problem entirely, but the Greengrass shadow manager uses HTTP (not MQTT) to get and update shadows. Accordingly, you can't use the ${iot:Connection.Thing.ThingName} policy variable in the resource definitions.

profile pictureAWS
EXPERT
answered 2 days ago
profile picture
EXPERT
reviewed 2 days ago
  • Replacing ${iot:Connection.Thing.ThingName} with the thing name did not make a difference I'm afraid.

  • What version of Java are you using?

1

The issue you're experiencing seems to be related to the shadow not existing rather than a permissions problem. Your configuration for permissions appears to be correct for both the IoT Thing certificate policy and the Lambda component's shadow access.

In Greengrass v2, shadows are not automatically created. They are created on-demand when you first update them. It's possible that the shadow for your thing hasn't been created yet, which is why you're getting the "No shadow found" error.

To resolve this issue, you could try the following:

  1. Ensure that you've updated the shadow at least once before trying to get it. You can do this programmatically or through the AWS IoT console.

  2. If you're expecting the shadow to exist already, check if there are any issues with the ShadowManager component. Make sure it's running correctly and syncing shadows as expected.

  3. In your code, you might want to handle the case where the shadow doesn't exist yet. You could catch the ResourceNotFoundError and create the shadow if it doesn't exist.

  4. Double-check that you're using the correct thing name in your GetThingShadowRequest. The error message mentions "TestDeployment" as the thing name - make sure this is the intended name.

  5. If you're using a named shadow (which doesn't seem to be the case from your code snippet), make sure you're consistent in specifying (or not specifying) the shadow name in all your operations.

Remember that in Greengrass v2, the way shadows are handled is different from v1. Make sure your component is properly configured to interact with shadows, including setting up the correct event sources if you're reacting to shadow changes.

If the problem persists after trying these steps, you may need to investigate further by examining more detailed logs or reaching out to AWS support for additional assistance.
Sources
Migrating Lambda from Greengrass v1 to Greengrass v2 | AWS re:Post
Is there a presence event associated with my Greengrass v2 lambda component? | AWS re:Post

profile picture
answered 2 days ago
profile picture
EXPERT
reviewed 2 days ago
  • I didn't mention it but obviously shadow does exist both the classical one $aws/things/TestDeployment/shadow and also named one $aws/things/TestDeployment/shadow/name/AWSManagedGreengrassV2Deployment

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions