By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

IoT Core Policy - Get/UpdateThingShadow with named shadow leading to 403 errors when using aws.greengrass.ShadowManager.

0

Hi,

I have a Greengrass core device registered with IoT Core (Thing name: M111234). This device is running a custom Greengrass component that makes use of aws.greengrass.ShadowManager to read/update a custom named shadow called 'MyCustomShadow'.

I believe I have setup our IoT Core policy correctly to allow ShadowManager access to sync this named shadow, but when testing, I get 403 status errors in the ShadowManager logs, which I'm interpreting as the device not being authorised to work with the named shadow ('classic' shadow seems unaffected).

I'd be very grateful if someone could provide an example IoT Core policy below that would ensure this device can Get/Update this named shadow? I know SM uses both MQTT and HTTP to work with shadows, and this has led me to become a bit confused about what the minimum policy rules should be to support these actions?

Topics
Internet of Things (IoT)
Tags
AWS IoT GreengrassAWS IoT Core
Language
English
cgddrd
asked 7 months ago184 views
1 Answer
1

Hello,

The required policies are listed in the documentation for shadow manager: https://docs.aws.amazon.com/greengrass/v2/developerguide/shadow-manager-component.html#:~:text=(Optional)%20To%20sync%20shadows%20to%20the%20AWS%20IoT%20Device%20Shadow%20service%2C%20the%20Greengrass%20core%20device%27s%20AWS%20IoT%20policy%20must%20allow%20the%20following%20AWS%20IoT%20Core%20shadow%20policy%20actions%3A.

If you want help with a specific policy, please share the policy you're using and the error you see.

Cheers, Michael

AWS
EXPERT
MichaelDombrowski-AWS
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content