I am trying to use update_thing_shadow to update the status of the device in the shadow, so it can be queried using other apps/services. Here is my code:
import boto3
import json
client_iot = boto3.client("iot-data")
data = json.dumps({"state":{"reported":{"something":"hi"}}})
client_iot.update_thing_shadow(thingName=self.thing_name, payload=data)
However, I get the following error:
An error occurred (ForbiddenException) when calling the UpdateThingShadow operation: None
My policy attached to my device's certificate is:
{
"Effect": "Allow",
"Action": [
"iot:UpdateThingShadow"
],
"Resource": "*"
}
And the AWS credentials are managed by the aws.greengrass.TokenExchangeService dependency.
Actually, this works fine when I run the standalone Python code outside of a component, using environmental variables generated using aws sts get-session-token for authentication (which I assume would have the same permissions as my IAM account?). But when I try to deploy my component using the TokenExchangeService, I get the aforementioned error. In the same code, I'm uploading data to S3 and that part works fine regardless of auth method.
Any suggestions?
