Using Token Exchange Service with aws-iot-device-sdk-js-v2 and greengrass

Hi Philbegg,

The aws-iot-device-sdk-js-v2 SDK is used for IoT operations which does not require TokenExchangeService component or its IAM role, but requires appropriate IoT permissions on the IoT Policy that is attached to the certificate that your IoT device has, please see https://docs.aws.amazon.com/greengrass/v2/developerguide/device-auth.html .

From Greengrass Core devices, our recommended method to send data to IoT Core topics is through Greengrass IPC APIs we provide for that https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-iot-core-mqtt.html . But Greengrass IPC is not available with the JS SDK at the moment aws-iot-device-sdk-js-v2, the current supported languages are Java, Python and C++. You could either switch to one of these or if you need to keep using the JS SDK, you can still connect to IoT Core directly using it (not via Greengrass IPC) and the certificate on the device that you can find in the Greengrass root directory.

The TES component and role are needed for any non IoT services e.g. S3 and to use that, you can declare a dependency on the aws.greeengrass.TokenExchangeService component inside your own component's recipe and provide relevant permissions on your Token Exchange IAM role policy.