By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS IoT Rule to send MQTT message to DynamoDB not working

1

Hello,

I am sending data using MQTT test client in AWS IoT. The data is showing up properly when I subscribe to the topic. I then wanted to send the data to DynamoDB using a rule. I created the rule and double checked everything: made sure the topics were the same, the rule and MQTT were in the same location (ie: u-west-1), i tried creating different roles when the first didn't work, and i double checked to make sure the attributes were spelled correctly in the MQTT message and DynamoDB table. Any help or additional troubleshooting methods will be greatly appreciated. Thanks.

Topics
Internet of Things (IoT)Database
Tags
AWS IoT CoreAmazon DynamoDB
Language
English
AWS-User-3939932
asked 2 years ago1667 views
4 Answers
1

It is possible the IoT rule does not have the proper permissions to send to DynamoDB. See this documentation page on Granting an AWS IoT rule the access it requires.

The user also requires the iam:PassRole permission to pass the role to the rules engine. You can see directions on how to create the permissions in the documentation page on Pass role permissions.

AWS
EXPERT
golderic
answered 2 years ago
  • AWS-User-3939932
    2 years ago

    Thank you for the feedback. Would you be able to provide some greater detail about the proper permissions. I went the documentation page and when I attempted to create a trust policy, the JSON code gave an error using what was on the documentation page. Also where it says "use the create role command" where would I use that command? Sorry I am new to AWS IoT

1

Here is how I did it.

  1. Create a role with a policy to allow writting to DyanamoDB.
const role = new aws_iam.Role(
      this,
      'RoleForIoTCoreToAccessDDB,
      {
        roleName: 'RoleForIoTCoreToAccessDDB',
        assumedBy: new aws_iam.ServicePrincipal('iot.amazonaws.com')
      }
    )

attach an inline policy

role.attachInlinePolicy(
      new aws_iam.Policy(
        this,
        'PolicyForIoTcoreToAccessDDB',
        {
          policyName: 'PolicyForIoTcoreToAccessDDB',
          statements: [
            new aws_iam.PolicyStatement(
              {
                actions: ['dynamodb:*'],
                resources: ['*']
              }
            )
          ]
        }
      )
    )
  1. Attach the role to an IoT topic rule
const topicRule = new aws_iot.CfnTopicRule(
      this,
      'TopicRuleDemo',
      {
        ruleName: 'TopicRuleDemo',
        topicRulePayload: {
          actions: [
            {
              dynamoDb: {
                hashKeyField: 'id',
                hashKeyValue: 'device01',
                hashKeyType: 'STRING',
                rangeKeyField: 'timestamp',
                rangeKeyValue: '${timestamp()}',
                rangeKeyType: 'STRING',
                roleArn: role.roleArn,
                tableName: table.tableName
              }
            }
          ],
          sql: `SELECT *, cast(timestamp() as STRING) AS timestamp FROM 'topic/subtopic'`
        }
      }
    )

GitHub Code

hai
answered 2 years ago
  • AWS-User-3939932
    2 years ago

    Thank you for the feedback. Would you be able to provide some more information on where you add the " const role..." code? Thanks

0
Accepted Answer

I needed to add the "AWSIoTRuleAction" permission to the role. It is working properly now. Thanks for everyone's help

AWS-User-3939932
answered 2 years ago
  • AWS-User-5308894
    2 years ago

    Can you tell me where/how you did this? I am teaching a class and all student following this example are running into this issue. I need a way to explain this to them so they (and I) understand :)

0

If you haven't, enable logging for AWS IoT Core. When the rule execution fails you will find the reason in CloudWatch logs.

BTW: the region name u-west-1 is not valid, it is us-west-1.

KR, Philipp

AWS
EXPERT
Philipp S
answered 2 years ago
  • AWS-User-3939932
    2 years ago

    Thank you for the feedback. I enabled logging, but am not seeing any errors when publishing the MQTT message

  • Philipp S EXPERT
    2 years ago

    You can use CloudWatch insights to search for different topics. You can search for your rule name to find out if the rule is called and if it is called what the result is. You can also look for logging levels like ERROR or look to which topics your client is publishing to to follow the whole chain of publish->call rule->rule result.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content