- Newest
- Most votes
- Most comments
I can see that you are using the ipc_client.new_publish_to_topic() method. This is used for local pub/sub as shown here https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-publish-subscribe.html#ipc-operation-publishtotopic. Instead you should be using ipc_client.new_publish_to_iot_core() as shown in the publish to IoT core tutorial (and also add relevant permissions) as shown here https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-iot-core-mqtt.html#ipc-operation-publishtoiotcore
Hi Bradley,
- Can you check the IAM Role (associated to the IoT Role alias) for the GG Core to make sure it has permissions to publish to the IoT Core? Can you share the policy document?
- To debug further, it will be helpful to get the debug logs for both the component and greengrass.log. Have you taken a look at the greengrass.log file for any clues?
Thanks
Thanks for the help! I assume from your response I SHOULD be seeing the published message in the console??
My log output is:
2021-11-14T01:20:32.376Z [INFO] (pool-2-thread-36) com.example.HelloWorld: shell-runner-start. {scriptName=services.com.example.HelloWorld.lifecycle.Run, serviceName=com.example.HelloWorld, currentState=STARTING, command=["python3 -u /greengrass/v2/packages/artifacts/com.example.HelloWorld/1.0.0/hell..."]}
2021-11-14T01:20:32.716Z [INFO] (Copier) com.example.HelloWorld: stdout. BKG2 Hello, world! Current time: 2021-11-14 01:20:32.715702.. {scriptName=services.com.example.HelloWorld.lifecycle.Run, serviceName=com.example.HelloWorld, currentState=RUNNING}
2021-11-14T01:20:32.727Z [INFO] (Copier) com.example.HelloWorld: stdout. SCRIPT DONE. {scriptName=services.com.example.HelloWorld.lifecycle.Run, serviceName=com.example.HelloWorld, currentState=RUNNING}
2021-11-14T01:20:32.773Z [INFO] (Copier) com.example.HelloWorld: Run script exited. {exitCode=0, serviceName=com.example.HelloWorld, currentState=RUNNING}
i.e. There is NOT reference to the publish failing.
MQTT Test Client is showing a few events like:
$aws/events/subscriptions...
and
$aws/events/presence/...
for my GG node if I restart the Nucleus - so something is connecting. But nothing for the topic I am publishing to or anything else on the "#" topic.
The script (I removed a little to make it shorter):
message = "BKG2 Hello, %s! Current time: %s." % (sys.argv[1], datetime.datetime.now())
print(message)
ipc_client = awsiot.greengrasscoreipc.connect()
topic = "my/topic"
message = "Hello, World!"
request = PublishToTopicRequest()
request.topic = topic
publish_message = PublishMessage()
publish_message.binary_message = BinaryMessage()
publish_message.binary_message.message = bytes(message, "utf-8")
request.publish_message = publish_message
operation = ipc_client.new_publish_to_topic()
operation.activate(request)
future = operation.get_response()
future.result(10)
print ("SCRIPT DONE")
IAM access advisor says that any IoT accesses were "Not accessed in the tracking period"
The IAM policy for this thing is as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"logs:ListTagsLogGroup",
"iot:ListProvisioningTemplateVersions",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogStreams",
"iot:ListJobExecutionsForJob",
"logs:DescribeSubscriptionFilters",
"logs:StartQuery",
"logs:DescribeMetricFilters",
"iot:ListThingsInThingGroup",
"iot:ListTargetsForSecurityProfile",
"logs:DeleteLogStream",
"iot:ListJobExecutionsForThing",
"iot:ListSecurityProfilesForTarget",
"logs:CreateExportTask",
"logs:CreateLogStream",
"logs:DeleteMetricFilter",
"iot:Subscribe",
"iot:GetBehaviorModelTrainingSummaries",
"iot:ListDetectMitigationActionsExecutions",
"logs:DeleteRetentionPolicy",
"logs:GetLogEvents",
"iot:ListPolicyVersions",
"iot:GetThingShadow",
"logs:AssociateKmsKey",
"logs:FilterLogEvents",
"iot:Publish",
"iot:ListViolationEvents",
"logs:DisassociateKmsKey",
"iot:ListNamedShadowsForThing",
"logs:DescribeLogGroups",
"logs:DeleteLogGroup",
"iot:ListSecurityProfiles",
"logs:CreateLogGroup",
"logs:PutLogEvents",
"iot:UpdateThingShadow",
"logs:PutMetricFilter",
"iot:Receive",
"iot:ListActiveViolations",
"iot:ListTargetsForPolicy",
"iot:ListThingsInBillingGroup",
"iot:ListThingGroupsForThing",
"logs:PutSubscriptionFilter",
"logs:PutRetentionPolicy",
"logs:GetLogGroupFields"
],
"Resource": [
"arn:aws:logs:us-east-1:583841319539:log-group:greengrasstest:log-stream:",
"arn:aws:logs:us-east-1:583841319539:log-group:greengrasstest",
"arn:aws:iot::583841319539:thinggroup/"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"logs:ListTagsLogGroup",
"iot:ListProvisioningTemplateVersions",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogStreams",
"iot:ListJobExecutionsForJob",
"logs:DescribeSubscriptionFilters",
"logs:StartQuery",
"logs:DescribeMetricFilters",
"iot:ListTargetsForSecurityProfile",
"logs:DeleteLogStream",
"iot:ListJobExecutionsForThing",
"logs:CreateExportTask",
"logs:CreateLogStream",
"logs:DeleteMetricFilter",
"iot:Subscribe",
"iot:GetBehaviorModelTrainingSummaries",
"iot:ListDetectMitigationActionsExecutions",
"logs:DeleteRetentionPolicy",
"logs:GetLogEvents",
"iot:ListPolicyVersions",
"iot:GetThingShadow",
"logs:AssociateKmsKey",
"logs:FilterLogEvents",
"iot:Publish",
"iot:ListViolationEvents",
"logs:DisassociateKmsKey",
"iot:ListNamedShadowsForThing",
"logs:DescribeLogGroups",
"logs:DeleteLogGroup",
"iot:ListSecurityProfiles",
"logs:CreateLogGroup",
"logs:PutLogEvents",
"iot:UpdateThingShadow",
"logs:PutMetricFilter",
"iot:Receive",
"iot:ListActiveViolations",
"iot:ListTargetsForPolicy",
"iot:ListThingsInBillingGroup",
"iot:ListThingGroupsForThing",
"logs:PutSubscriptionFilter",
"logs:PutRetentionPolicy",
"logs:GetLogGroupFields"
],
"Resource": [
"arn:aws:logs:us-east-1:583841319539:log-group:greegrasstest:log-stream:",
"arn:aws:logs:us-east-1:583841319539:log-group:greengrasstest",
"arn:aws:iot::583841319539:custommetric/",
"arn:aws:iot::583841319539:dimension/",
"arn:aws:iot::583841319539:topic/",
"arn:aws:iot::583841319539:thing/",
"arn:aws:iot::583841319539:securityprofile/",
"arn:aws:iot::583841319539:topicfilter/",
"arn:aws:iot::583841319539:job/",
"arn:aws:iot::583841319539:provisioningtemplate/",
"arn:aws:iot::583841319539:billinggroup/",
"arn:aws:iot::583841319539:policy/"
]
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"logs:ListTagsLogGroup",
"logs:DisassociateKmsKey",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:DeleteLogGroup",
"logs:DescribeLogStreams",
"logs:DescribeSubscriptionFilters",
"logs:StartQuery",
"logs:DescribeMetricFilters",
"logs:CreateLogGroup",
"logs:DeleteLogStream",
"logs:PutLogEvents",
"logs:CreateExportTask",
"logs:PutMetricFilter",
"logs:CreateLogStream",
"logs:DeleteMetricFilter",
"logs:DeleteRetentionPolicy",
"logs:GetLogEvents",
"logs:AssociateKmsKey",
"logs:FilterLogEvents",
"logs:PutSubscriptionFilter",
"logs:PutRetentionPolicy",
"logs:GetLogGroupFields"
],
"Resource": "arn:aws:logs:us-east-1:583841319539:log-group:greegrasstest"
},
{
"Sid": "VisualEditor3",
"Effect": "Allow",
"Action": [
"iot:ListOTAUpdates",
"logs:GetLogRecord",
"iot:ListAuditSuppressions",
"iot:ListTunnels",
"iot:ListV2LoggingLevels",
"iot:ListAuditMitigationActionsExecutions",
"iot:ListBillingGroups",
"logs:ListLogDeliveries",
"iot:ListJobTemplates",
"iot:Subscribe",
"iot:ListScheduledAudits",
"logs:CancelExportTask",
"iot:ListDomainConfigurations",
"iot:ListThingRegistrationTasks",
"iot:ListMitigationActions",
"iot:ListDetectMitigationActionsTasks",
"logs:DescribeDestinations",
"iot:ListCertificatesByCA",
"iot:ListAuditFindings",
"logs:StopQuery",
"logs:DeleteQueryDefinition",
"iot:ListCustomMetrics",
"iot:Receive",
"logs:CreateLogDelivery",
"logs:DescribeExportTasks",
"iot:ListAuditMitigationActionsTasks",
"iot:ListPrincipalThings",
"logs:GetQueryResults",
"logs:UpdateLogDelivery",
"iot:ListPolicies",
"iot:ListFleetMetrics",
"iot:ListRoleAliases",
"iot:ListIndices",
"iot:ListThings",
"iot:ListTopicRuleDestinations",
"iot:ListDimensions",
"iot:ListOutgoingCertificates",
"iot:ListCACertificates",
"logs:GetLogDelivery",
"iot:ListThingGroups",
"iot:ListPrincipalPolicies",
"logs:DeleteLogDelivery",
"iot:ListProvisioningTemplates",
"logs:DescribeQueryDefinitions",
"logs:PutDestination",
"logs:DescribeResourcePolicies",
"iot:Publish",
"iot:ListThingRegistrationTaskReports",
"logs:DescribeQueries",
"iot:ListAuditTasks",
"iot:ListTopicRules",
"logs:PutDestinationPolicy",
"iot:ListPolicyPrincipals",
"logs:TestMetricFilter",
"logs:DeleteDestination",
"logs:PutQueryDefinition",
"iot:ListAttachedPolicies",
"iot:ListThingTypes",
"iot:ListRetainedMessages",
"iot:ListStreams",
"iot:ListThingPrincipals",
"iot:ListAuthorizers",
"iot:ListJobs",
"iot:UpdateThing",
"iot:ListCertificates"
],
"Resource": "*"
}
]
}
Relevant content
- asked 3 years ago
- asked 3 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago