By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Greengrass V2 # Token Exchange Service # Lambda Invoke

0

Hi there!

We want to make Lambda, SNS service calls from Greengrass V2 custom component. Issue we are am facing here is, from where we can get the secret_key and access_key. We do have gone through token exchange service. We have added this service as dependency in custom component.

Following is the method of custom component which make Lambda call.

public String invokeLambda(String functionName, JsonObject payload) {
	InvokeRequest lmbRequest = new InvokeRequest().withFunctionName(functionName).withPayload(payload.toString());
	LOGGER.info("AWS_CONTAINER_AUTHORIZATION_TOKEN  :: " + System.getenv("AWS_CONTAINER_AUTHORIZATION_TOKEN"));
	LOGGER.info("AWS_CONTAINER_CREDENTIALS_FULL_URI :: " + System.getenv("AWS_CONTAINER_CREDENTIALS_FULL_URI"));
	lmbRequest.setInvocationType(InvocationType.RequestResponse);

	AWSLambda lambda = AWSLambdaClientBuilder.standard().withRegion(Regions.US_WEST_2)
			.withCredentials(new EC2ContainerCredentialsProviderWrapper()).build();
	InvokeResult lmbResult = lambda.invoke(lmbRequest);
	String resultJSON = new String(lmbResult.getPayload().array(), Charset.forName("UTF-8"));
	LOGGER.info("Result from Lamdaexecution:::" + resultJSON);
	return resultJSON;
}

Log is printing Token and Credential URI which you can refer in following logs.

Error : com.amazonaws.SdkClientException: Failed to connect to service

Logs of the application is as below

2023-04-12T09:41:56.208Z [WARN] (Copier) DatabaseManager: stderr. 04-12 09:41:56.208 47 W/CouchbaseLite/QUERY: [JAVA] End of query enumeration. {scriptName=services.DatabaseManager.lifecycle.Run, serviceName=DatabaseManager, currentState=RUNNING} 2023-04-12T09:41:56.258Z [WARN] (Copier) DatabaseManager: stderr. 04-12 09:41:56.257 47 W/CouchbaseLite/QUERY: [JAVA] End of query enumeration. {scriptName=services.DatabaseManager.lifecycle.Run, serviceName=DatabaseManager, currentState=RUNNING} 2023-04-12T09:41:56.327Z [WARN] (Copier) DatabaseManager: stderr. 04-12 09:41:56.326 47 W/CouchbaseLite/QUERY: [JAVA] End of query enumeration. {scriptName=services.DatabaseManager.lifecycle.Run, serviceName=DatabaseManager, currentState=RUNNING} 2023-04-12T09:41:56.336Z [INFO] (Copier) DatabaseManager: stdout. 2023-04-12 09:41:56.336 INFO 2832 --- [nio-8081-exec-6] c.s.service.impl.UpdateServiceImpl : Type:::OS Version:::00.00.02. {scriptName=services.DatabaseManager.lifecycle.Run, serviceName=DatabaseManager, currentState=RUNNING} 2023-04-12T09:41:56.379Z [INFO] (Copier) DatabaseManager: stdout. 2023-04-12 09:41:56.379 INFO 2832 --- [nio-8081-exec-6] com.softacuity.util.LambdaUtil : AWS_CONTAINER_AUTHORIZATION_TOKEN :: DNVCLW02DA54UUZX. {scriptName=services.DatabaseManager.lifecycle.Run, serviceName=DatabaseManager, currentState=RUNNING} 2023-04-12T09:41:56.379Z [INFO] (Copier) DatabaseManager: stdout. 2023-04-12 09:41:56.379 INFO 2832 --- [nio-8081-exec-6] com.softacuity.util.LambdaUtil : AWS_CONTAINER_CREDENTIALS_FULL_URI :: http://localhost:41333/2016-11-01/credentialprovider/. {scriptName=services.DatabaseManager.lifecycle.Run, serviceName=DatabaseManager, currentState=RUNNING} 2023-04-12T09:41:59.323Z [INFO] (Copier) DatabaseManager: stdout. 2023-04-12 09:41:59.321 ERROR 2832 --- [nio-8081-exec-6] c.s.controller.UpdateController : Exception !. {scriptName=services.DatabaseManager.lifecycle.Run, serviceName=DatabaseManager, currentState=RUNNING} 2023-04-12T09:41:59.324Z [INFO] (Copier) DatabaseManager: stdout. {scriptName=services.DatabaseManager.lifecycle.Run, serviceName=DatabaseManager, currentState=RUNNING} 2023-04-12T09:41:59.324Z [INFO] (Copier) DatabaseManager: stdout. com.amazonaws.SdkClientException: Failed to connect to service endpoint:. {scriptName=services.DatabaseManager.lifecycle.Run, serviceName=DatabaseManager, currentState=RUNNING} 2023-04-12T09:41:59.324Z [INFO] (Copier) DatabaseManager: stdout. at com.amazonaws.internal.EC2ResourceFetcher.doReadResource(EC2ResourceFetcher.java:112) ~[aws-java-sdk-core-1.12.445.jar!/:na]. {scriptName=services.DatabaseManager.lifecycle.Run, serviceName=DatabaseManager, currentState=RUNNING}

  • MichaelDombrowski-AWS EXPERT
    a year ago

    Review the greengrass log for errors at the same time /greengrass/v2/logs/greengrass.log.

  • rePost-User-7846458
    a year ago

    Hey Michael,

    on same event greengrass.log prints following.

    2023-04-13T04:44:00.775Z [INFO] (pool-2-thread-1229) com.aws.greengrass.tes.CredentialRequestHandler: Received IAM credentials that will be cached until 2023-04-13T05:39:00Z. {iotCredentialsPath=/role-aliases/GreengrassCoreTokenExchangeRoleAlias/credentials}

  • rePost-User-7846458
    a year ago

    Hey Michael,

    It seems that in second attempt application able to make a call to lambda. First time only its giving mentioned error. Is there retry logic required to be implement ??

    Regards, Nalay

  • MichaelDombrowski-AWS EXPERT
    a year ago

    Yes you should certainly implement retries. Please also ensure you are using the latest version of Greengrass Nucleus 2.9.5

Topics
Internet of Things (IoT)ServerlessCompute
Tags
AWS IoT GreengrassAWS Lambda
Language
English
rePost-User-7846458
asked a year ago50 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content