Publishing to AWS IOT MQTT from a Lambda function - connection timeout

0

Hi

I have a Lambda function that is invoked via MQTT messages coming from AWS IOT message routing. The Lambda function then checks an MSSQL database, and decides what to do next. This bit works.

Depending on the result of the database query, my Lambda function may choose to publish an MQTT message back to AWS IOT. This works when I test locally on my development machine and using the "Mock Lambda Test tool". However, when I publish the Lambda function and try it out, the published Lambda function times out at the point of trying to connect to the MQTT client (time out is 30 seconds).

  1. I'm using NET Core 6, C#, and MQTTnet.
  2. I have configured a VPC endpoint, and made sure the security groups and subnets match the Lambda function.
  3. I have a policy on my Lambda function role as below:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Connect" ], "Resource": "*" } ] }

I've now run out of ideas , so any help appreciated.

Thanks

David

asked a year ago1058 views
3 Answers
1
Accepted Answer

Gavin_A. Much appreciated. Your suggested link fixed the problem.

For anyone else - the answer is here:

https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

answered a year ago
profile picture
EXPERT
reviewed a month ago
0

Hi Greg - thank for getting back to me . I've changed my code to use "AmazonIotDataClient.PublishAsync" as you suggested, and that seems like the sensible thing to do.

Unfortunately, I still have the same fundamental problem. Everything works well when I run locally with the "Mock Lambda Test Tool", but my call to publishAsync “times out” on my Lambda function when I try and run the deployed lambda function. (After about 30 seconds, so plenty long enough to publish).

Out of desperation I've changed my policy to the below, and that didn't help. I've guessing that for some reason there is no IP connectivity between my Lambda function and my MQTT url, but fiddling around with vpc's and endpoints hasn't got me any further.

Policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:", "Resource": "" } ] }

Any ideas ?

Thanks

David

answered a year ago
  • Hi David, is your Lambda within a VPC? If so, you can either provide it Internet access or create an IoT VPC endpoint within the VPC.

0

Hi David. I recommend you that do not try to connect to the IoT Core broker from your lambda using an MQTT client. Instead, you can use the Publish HTTPS API of the IoT data plane: https://docs.aws.amazon.com/iot/latest/apireference/API_iotdata_Publish.html . This is the most common way of publishing from a Lambda. Our .Net SDK supports this operation: https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/IotData/MIotDataPublishAsyncPublishRequestCancellationToken.html.

As HTTP doesn't require a connection to the broker before publishing, you can then delete the iot:Connect action from the Lambda's policy.

profile pictureAWS
EXPERT
Greg_B
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions