Following the tutorial for IoT Ingestion to Sitewise - Step 7, the Sitewise action creates an unworkable policy if there are substitutions in the property alias (as described in the tutorial). Regardless of whether you create a fresh role, or assign to an existing role, the policy is unworkable because it doesn't take account of the substitution in the policy alias.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iotsitewise:BatchPutAssetPropertyValue",
"Resource": [
"arn:aws:iotsitewise:eu-west-1:907963324750:asset/_"
]
},
{
"Effect": "Allow",
"Action": "iotsitewise:BatchPutAssetPropertyValue",
"Resource": "arn:aws:iotsitewise:eu-west-1:907963324750:time-series/*",
"Condition": {
"StringLike": {
"iotsitewise:propertyAlias": [
"/lorawan/${topic(3)}/snr",
"/lorawan/${topic(3)}/frequency",
"/lorawan/${topic(3)}/rssi"
]
}
}
}
]
}
Elsewhere in the docs where it describes how to construct rules and talks about a more liberal policy. If the generated policy is left in place, no data will be ingested (set a MQTT topic or log for the error action in the rule and you'll see the failure messages relating to no matching policy.
If you modify the policy to have a more liberal policy, then the ingestion will work.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "iotsitewise:BatchPutAssetPropertyValue",
"Resource": "*"
}
]
}
AWS OFFICIALUpdated 5 months ago
