- Newest
- Most votes
- Most comments
Hi. What MQTT client ID is your device using? For the iot:Connection.Thing.ThingName
policy variable to work, the client ID must match the Thing name. And does your device use the same certificate as what's attached to the Thing in the registry?
https://docs.aws.amazon.com/iot/latest/developerguide/thing-policy-variables.html
The thing name is obtained from the client ID in the MQTT Connect message sent when a thing connects to AWS IoT Core.
AWS IoT Core uses the certificate the device presents when it authenticates to determine which thing to use to verify the connection.
UPDATE: The problem is that the client ID you're using in the Python code should just be 0R281
not arn:aws:iot:eu-west-1:<acc>:client/0R281
. I also recommend you swap to the V2 SDK (https://github.com/aws/aws-iot-device-sdk-python-v2), although that's not an immediate concern.
I created the thing and then created and downloaded the certificates I associated the certificate with the policy written before Using the Python SDK I instantiated an MQTT client for sending messages with the certificates mentioned above
The client that I instantiate uses the following class defined as follows
from AWSIoTPythonSDK import MQTTLib as AWSIoTPyMQTT
class AwsClient:
def __init__(
self,
ca_file_path: str,
key_path: str,
certificate_path: str,
client_id: str,
endpoint: str,
port: int = 8883,
):
self.ca_file_path = ca_file_path
self.key_path = key_path
self.certificate_path = certificate_path
self.client_id = client_id
self.port = port
self.endpoint = endpoint
def get_client(self):
aws_client = AWSIoTPyMQTT.AWSIoTMQTTClient(self.client_id)
aws_client.configureEndpoint(self.endpoint, self.port)
aws_client.configureCredentials(
CAFilePath=self.ca_file_path,
KeyPath=self.key_path,
CertificatePath=self.certificate_path,
)
return aws_client
when the policy has the first definition that I specified in the first post as its active version, the message is not sent and I get the following error
AWSIoTPythonSDK.exception.AWSIoTExceptions.connectTimeoutException
If instead I use the second policy mentioned as the active version of the policy (the less restrictive one) the message is sent and I see it received as in the following image
Hi. The problem is that the client ID you're using in the Python code should just be
0R281
notarn:aws:iot:eu-west-1:<acc>:client/0R281
. I also recommend you swap to the V2 SDK (https://github.com/aws/aws-iot-device-sdk-python-v2), although that's not an immediate concern.
specifying the client with only OR 281 in the code works, thank you very much
Relevant content
- asked 3 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 9 months ago
Answer updated now that I've seen your code. As suspected, the client ID doesn't match the Thing name.