Add/update Greengrass Service Role empty

0

I have a Greengrass device setup that I'm trying to get SSH tunneling working on but needs a service role associated with my account if I'm understanding that correctly. In AWS IoT > Settings > Greengrass service role, there is no role attached. Clicking attach gives just an empty dropdown box.

I've tried creating a role named "Greengrass_ServiceRole" and attaching the AWS managed "AWSGreengrassResourceAccessRolePolicy", but it still doesn't show up in that dropdown box for Greengrass service role. Based on the docs, this role would be created for me if I used Greengrass V1, but I'm starting from scratch here, do I need to setup my device using V1 just to get things like this setup? https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-service-role.html

2022-10-03T13:35:26.500Z [INFO] (pool-2-thread-15) aws.greengrass.SecureTunneling: shell-runner-start. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=STARTING, command=["java -jar /greengrass/v2/packages/artifacts/aws.greengrass.SecureTunneling/1.0..."]}
2022-10-03T13:35:30.626Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [INFO ] 2022-10-03 08:35:30.610 [main] SecureTunneling - Starting secure tunneling component!. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:31.607Z [WARN] (Copier) aws.greengrass.SecureTunneling: stderr. Oct 03, 2022 8:35:31 AM software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection$1 onConnectionSetup. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:31.607Z [WARN] (Copier) aws.greengrass.SecureTunneling: stderr. INFO: Socket connection /greengrass/v2/ipc.socket:8033 to server result [AWS_ERROR_SUCCESS]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:32.001Z [WARN] (Copier) aws.greengrass.SecureTunneling: stderr. Oct 03, 2022 8:35:32 AM software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection$1 onProtocolMessage. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:32.001Z [WARN] (Copier) aws.greengrass.SecureTunneling: stderr. INFO: Connection established with event stream RPC server. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:32.005Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [INFO ] 2022-10-03 08:35:32.005 [main] SecureTunnelingExecutor - Starting secure tunneling.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.928Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2022-10-03 08:35:48.928 [Thread-1] SecureTunnelingTask - Execution exception while subscribing to topic: $aws/things/TestLocalBaseStation/tunnels/notify. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.940Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.948Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [INFO ] 2022-10-03 08:35:48.947 [Thread-1] SubscribeResponseHandler - Subscribe to topic stream closed.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.952Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [INFO ] 2022-10-03 08:35:48.951 [Thread-1] SubscribeResponseHandler - Subscribe to topic stream closed.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.991Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2022-10-03 08:35:48.936 [main] SecureTunnelingExecutor - Exception while running secure tunneling.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.991Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. java.util.concurrent.ExecutionException: software.amazon.awssdk.aws.greengrass.model.ServiceError: Subscribe to topic $aws/things/TestLocalBaseStation/tunnels/notify failed with error java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: Host name was invalid for dns resolution.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.991Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.991Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2069) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.991Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.aws.greengrass.component.securetunneling.executor.SecureTunnelingExecutor.runSecureTunneling(SecureTunnelingExecutor.java:50) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.aws.greengrass.component.securetunneling.SecureTunneling.main(SecureTunneling.java:38) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. Caused by: software.amazon.awssdk.aws.greengrass.model.ServiceError: Subscribe to topic $aws/things/TestLocalBaseStation/tunnels/notify failed with error java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: Host name was invalid for dns resolution.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:78) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at java.lang.reflect.Constructor.newInstance(Constructor.java:480) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.internal.ConstructorConstructor$4.construct(ConstructorConstructor.java:140) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:211) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at software.amazon.awssdk.eventstreamrpc.EventStreamRPCServiceModel$EventStreamPostFromJsonTypeAdapter.read(EventStreamRPCServiceModel.java:87) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at software.amazon.awssdk.eventstreamrpc.EventStreamRPCServiceModel$EventStreamPostFromJsonTypeAdapter.read(EventStreamRPCServiceModel.java:61) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.Gson.fromJson(Gson.java:991) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.Gson.fromJson(Gson.java:956) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.Gson.fromJson(Gson.java:905) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.994Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.Gson.fromJson(Gson.java:876) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.994Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at software.amazon.awssdk.eventstreamrpc.EventStreamRPCServiceModel.fromJson(EventStreamRPCServiceModel.java:319) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.994Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at software.amazon.awssdk.eventstreamrpc.EventStreamRPCClient$1.onContinuationMessage(EventStreamRPCClient.java:92) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.994Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at software.amazon.awssdk.crt.eventstream.ClientConnectionContinuationHandler.onContinuationMessageShim(ClientConnectionContinuationHandler.java:41) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:50.351Z [INFO] (Copier) aws.greengrass.SecureTunneling: Run script exited. {exitCode=1, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
1 Answer
3

Please see https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-service-role.html#create-greengrass-service-role-console for information about creating the service role correctly.

However, with that said, the service role is not used on the device except in a few rare circumstances and secure tunneling is not one of them. Greengrass V2 uses an IoT Role Alias the assume an IAM role when using non-IoT AWS services. See https://docs.aws.amazon.com/greengrass/v2/developerguide/device-service-role.html for more information.

Make sure that you are using the secure tunneling component: https://docs.aws.amazon.com/greengrass/v2/developerguide/secure-tunneling-component.html.

Then, if you are having issues please clarify what the problem is and provide logs.

AWS
EXPERT
answered a year ago
  • Thanks for the response Michael! I'm still looking through what you've posted. My logs are filled with errors related to the service role and assumed that was going on:

    software.amazon.awssdk.services.greengrassv2data.model.GreengrassV2DataException: Could not find a Service Role associated with this account. (Service: GreengrassV2Data, Status Code: 403, Request ID: 463$
    
  • OK, since that is the error that you're getting, you should follow the first documentation that I linked to create and associate a service role with your account.

  • Still haven't figured out how to correctly add the role/policy posted above. Creating it manually it still does not show up for selection in the settings section of IoT Core. Besides that...

    I've edited my initial post with the SecureTunneling.log file from start till and of a connection attempt. Host name was invalid for dns resolution.. is the only thing that really sticks out to me. Is a dns record required for tunneling?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions