By using AWS re:Post, you agree to the AWS re:Post Terms of Use

named shadow not found

0

Getting closer to actually accessing the shadow

my configuration allows access to the config1 topic: https://gist.github.com/clogwog/210abc5aae94218b166ff6832a1b21dc

I'm getting an error saying that the shadow doesn't exist:

2021-10-11T03:10:47.008Z [WARN] (Thread-6) com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler: handle-get-thing-shadow. Shadow does not exist. {thing name=smartdvr-1423019132001, shadow name=config1}
software.amazon.awssdk.aws.greengrass.model.ResourceNotFoundError: No shadow found
at com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler.lambda$handleRequest$0(GetThingShadowRequestHandler.java:91)
at com.aws.greengrass.ipc.common.ExceptionUtil.translateExceptions(ExceptionUtil.java:33)
at com.aws.greengrass.shadowmanager.ipc.GetThingShadowRequestHandler.handleRequest(GetThingShadowRequestHandler.java:75)
at com.aws.greengrass.shadowmanager.ipc.GetThingShadowIPCHandler.handleRequest(GetThingShadowIPCHandler.java:82)
at com.aws.greengrass.shadowmanager.ipc.GetThingShadowIPCHandler.handleRequest(GetThingShadowIPCHandler.java:28)
at software.amazon.awssdk.eventstreamrpc.OperationContinuationHandler.onContinuationMessage(OperationContinuationHandler.java:271)
at software.amazon.awssdk.crt.eventstream.ServerConnectionContinuationHandler.onContinuationMessageShim(ServerConnectionContinuationHandler.java:53)

i've double checked on the online console that thing smartdvr-1423019132001 does have a config1 named shadow with content.

Where can i look further on why it thinks the named shadow doesn't exist ?

--component :

import sys
import datetime
import os
import logging
import awsiot.greengrasscoreipc
import awsiot.greengrasscoreipc.client as client
from awsiot.greengrasscoreipc.model import GetThingShadowRequest

device = os.environ['AWS_IOT_THING_NAME']
logger = logging.getLogger(name)
logger.setLevel(logging.INFO)

TIMEOUT = 10

def get_thing_shadow_request(thingName, shadowName):
try:
# set up IPC client to connect to the IPC server
ipc_client = awsiot.greengrasscoreipc.connect()

    # create the GetThingShadow request  
    get_thing_shadow_request = GetThingShadowRequest()  
    get_thing_shadow_request.thing_name = thingName  
    get_thing_shadow_request.shadow_name = shadowName  
     
    # retrieve the GetThingShadow response after sending the request to the IPC server  
    op = ipc_client.new_get_thing_shadow()  
    op.activate(get_thing_shadow_request)  
    fut = op.get_response()  
     
    result = fut.result(TIMEOUT)  
    logger.error(result.payload)  
    return result.payload  
except BaseException as err: #InvalidArgumentsError as e:  
    logger.error("TS>" + err)  

test = get_thing_shadow_request(device, "config1")

Edited by: clogwog on Oct 11, 2021 4:09 PM

Edited by: clogwog on Oct 11, 2021 4:11 PM

this editor hides details in my question..

Edited by: clogwog on Oct 11, 2021 9:52 PM

asked 3 years ago964 views
7 Answers
0

Hello clogwog,
regarding the policy you posted, the resource does not match the minimal policy we require. Check https://docs.aws.amazon.com/greengrass/v2/developerguide/device-auth.html#greengrass-core-minimal-iot-policy The policy includes the ** wildcard after the core device thing name (For example, core-device-thing-name**).

{  
            "Effect": "Allow",  
            "Action": \[  
                "iot:GetThingShadow",  
                "iot:UpdateThingShadow",  
                "iot:DeleteThingShadow"  
            ],  
            "Resource": \[  
                "arn:aws:iot:region:account-id:thing/core-device-thing-name*"  
            ]  
        },  

Please also find more about the shadow manager configuration requirements at: https://docs.aws.amazon.com/greengrass/v2/developerguide/sync-shadows-with-iot-core.html

-zhaoylin

AWS
answered 3 years ago
  • The policy you describe

            "Resource": \[  
                "arn:aws:iot:region:account-id:thing/core-device-thing-name*"  
    

    is on the server, and would be applied to all devices. Is there a way to put in a wildcard that specifies the thing name itself ?

    we tried

            "Resource": [
                "arn:aws:iot:ap-southeast-2:[our account id]:thing/${iot:Connection.Thing.ThingName}*"
    

    but that doesn't seem to work.

0

note: the aws discussion forum editor is stripping details out of my configuration
see here for the full config:
https://gist.github.com/clogwog/210abc5aae94218b166ff6832a1b21dc

answered 3 years ago
0

Hello,

I am assuming that the shadow has been created in the cloud and you are expecting that to be synced back to the device. Is smartdvr-1423019132001 the name of your GG v2 core? If so, can you attach all the logs from the logs folder to this ticket? There should be an indication in the greengrass.log file on why it was unable to sync that shadow to the device.

Cheers,
Nikkhil

AWS
answered 3 years ago
0

Thank you for that suggestion.

i found:
com.aws.greengrass.shadowmanager.exception.SkipSyncRequestException: software.amazon.awssdk.services.iotdataplane.model.IotDataPlaneException: null (Service: IotDataPlane, Status Code: 403,

in greengrass.log

so it was the core policy. I had used :
{
"Effect": "Allow",
"Action": [
"iot:GetThingShadow",
"iot:UpdateThingShadow"
],
"Resource": [
"arn:aws:iot:ap-southeast-2:....:thing/${iot:ClientId}"
]
},

I had found it somewhere in an example so i can re-use the policy for all my greengrass devices with a device specific wildcard, but it (now) obviously didn't work because as soon as i set it to * the sync started working.

answered 3 years ago
0

Hello,

as soon as i add the "iot:DeleteThingShadow"
permission the shadow manager deletes my server shadow. which is why i left it out.

there is a ticket for it at
https://github.com/aws-greengrass/aws-greengrass-shadow-manager/pull/96

i would just like to know if I need to wait for this ticket to me merged and available before or if there is a way around it ?

thanks,
tom

answered 3 years ago
0

Is the Shadow Manager public component currently being used in a production environment by anyone ?

answered 3 years ago
0

Hi clogwog,

Thanks for your followup. We'll be tracking this issue on GitHub and keep that updated: https://github.com/aws-greengrass/aws-greengrass-shadow-manager/issues/98

-zhaoylin

AWS
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions