AWS MQTT Push Not working, what is SVCUID

Question

I can't seem to get mqtt pushing to work. Trying to run a lambda at the edge. I put in the topic name when creating the component, I've attached a policy to the cert. Component upload successfully. When I run the script I get  
**Traceback (most recent call last):**  
  File "main.py", line 54, in   
    connection = ipc_utils.connect()  
  File "main.py", line 47, in connect  
    connect_future = connection.connect(self.lifecycle_handler)  
  File "/greengrass/v2/packages/artifacts/MqttTestGGCv2/4.0.0/awsiot/eventstreamrpc.py", line 440, in connect  
    raise e  
  File "/greengrass/v2/packages/artifacts/MqttTestGGCv2/4.0.0/awsiot/eventstreamrpc.py", line 434, in connect  
    tls_connection_options=self._tls_connection_options)  
  File "/greengrass/v2/packages/artifacts/MqttTestGGCv2/4.0.0/awscrt/eventstream/rpc.py", line 307, in connect  
    connection)  
RuntimeError: 1047 (AWS_IO_SOCKET_CONNECTION_REFUSED): socket connection refused.

I believe the error is:  
amender = MessageAmendment.create_static_authtoken_amender(os.getenv("SVCUID"))  
  
I don't know what SVCUID is?  
  
**Full python code**:  
from awsiot.greengrasscoreipc.model import (  
    PublishToTopicRequest,  
    PublishMessage,  
    BinaryMessage  
)  
  
import os  
import awsiot.greengrasscoreipc.client as client  
import time  
  
from awsiot.greengrasscoreipc.model import (  
    QOS,  
    PublishToIoTCoreRequest  
)  
  
from awscrt.io import (  
    ClientBootstrap,  
    DefaultHostResolver,  
    EventLoopGroup,  
    SocketDomain,  
    SocketOptions,  
)  
from awsiot.eventstreamrpc import Connection, LifecycleHandler, MessageAmendment  
  
TIMEOUT = 15

class IPCUtils:  
    def connect(self):  
        elg = EventLoopGroup()  
        resolver = DefaultHostResolver(elg)  
        bootstrap = ClientBootstrap(elg, resolver)  
        socket_options = SocketOptions()  
        socket_options.domain = SocketDomain.Local  
        amender = MessageAmendment.create_static_authtoken_amender(os.getenv("SVCUID"))  
        #amender = MessageAmendment.create_static_authtoken_amender(100061)  
        #hostname = os.getenv("AWS_GG_NUCLEUS_DOMAIN_SOCKET_FILEPATH_FOR_COMPONENT")  
        hostname = "/greengrass/v2/ipc.socket"  
        connection = Connection(  
            host_name=hostname,  
            port=8033,  
            bootstrap=bootstrap,  
            socket_options=socket_options,  
            connect_message_amender=amender,  
        )  
        self.lifecycle_handler = LifecycleHandler()  
        connect_future = connection.connect(self.lifecycle_handler)  
        connect_future.result(TIMEOUT)  
        return connection

while True:  
    ipc_utils = IPCUtils()  
    connection = ipc_utils.connect()  
    ipc_client = client.GreengrassCoreIPCClient(connection)  
  
    topic = "my/topic"  
    message = "Hello, World!"  
  
    request = PublishToTopicRequest()  
    request.topic = topic  
    request.qos = QOS.AT_LEAST_ONCE  
  
    publish_message = PublishMessage()  
    publish_message.binary_message = BinaryMessage()  
    publish_message.binary_message.message = bytes(message, "utf-8")  
    request.publish_message = publish_message  
    #try:  
    operation = ipc_client.new_publish_to_topic()  
    #except Exception as e:  
    #   print("ERRORRRR: " + str(e))  
    #operation.activate(request)  
    #future = operation.get_response()  
    #future.result(TIMEOUT)  
  
    time.sleep(5)

**Attached Policy**:  
{  
  "Version": "2012-10-17",  
  "Statement": \[  
    {  
      "Effect": "Allow",  
      "Action": "iot:Connect",  
      "Resource": "*"  
    },  
    {  
      "Effect": "Allow",  
      "Action": "iot:Publish",  
      "Resource": "*"  
    }  
  ]  
}  
  
Edited by: brayden on Feb 11, 2021 2:45 PM

Answer

I'm getting (when using a lambda):  
2021-02-16T18:03:22.674Z \[INFO] (Thread-7) com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal MqttTestGGCv2 is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource my/topic}  
  
I attached a policy to the cert to allow pub/sub all topics, when creating component I specified the topic for the cloud and local  
  
I get (when using recipe):  
component log  
2021-02-16T20:58:57.336Z \[INFO] (Copier) com.example.HelloWorld: stdout. DEBUG:awsiot.eventstreamrpc: received #1 APPLICATION_ERROR \[Header(':content-type', 'application/json', ), Header('service-model-type', 'aws.greengrass#UnauthorizedError', ), Header(':message-type', 1, ), Header(':message-flags', 2, ), Header(':stream-id', 1, )] b'{"message":"Not Authorized","_service":"aws.greengrass#GreengrassCoreIPC","_message":"Not Authorized","_errorCode":"UnauthorizedError","detailMessage":"UnauthorizedError\[aws.greengrass#GreengrassCoreIPC]: Not Authorized","stackTrace":\[],"suppressedExceptions":\[]}'. {scriptName=services.com.example.HelloWorld.lifecycle.Run, serviceName=com.example.HelloWorld, currentState=RUNNING}  
  
greengrass log  
2021-02-16T20:58:57.335Z \[INFO] (Thread-4) com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.example.HelloWorld is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource my/topic}  
  
Recipe:  
"ComponentConfiguration": {  
    "DefaultConfiguration": {  
      "accessControl": {  
        "aws.greengrass.ipc.pubsub": {  
          "com.example.HelloWorld:pubsub:1": {  
            "policyDescription": "Allows access to publish to test/topic.",  
            "operations": "aws.greengrass#PublishToTopic",  
            "resources": "my/topic"  
          }  
        }  
      }  
    }  
  },  
  
I also tried (got same error):  
 "accessControl": {  
        "aws.greengrass.ipc.pubsub": {  
          "com.example.HelloWorld:pubsub:1": {  
            "policyDescription": "Allows access to publish to test/topic.",  
            "operations": "aws.greengrass#PublishToIoTCore",  
            "resources": "my/topic"  
          }  
        }  
      }  
  
Edited by: brayden on Feb 16, 2021 1:19 PM

Answer

I read that but still unclear were that config is located (docs are for CLI but I'm using the console). I thought it brought over the settings from component config to deployment config but now thinking it is the "Reset paths" under "Configuration update".

Thanks so much for your help!!

Answer

Since you are trying to use MQTT, follow this guide: https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-iot-core-mqtt.html.  
  
Your access control policies are not proper for allowing IoT Core messaging. The service identifier needs to be "aws.greengrass.ipc.mqttproxy" and not "aws.greengrass.ipc.pubsub" and the operation must be "aws.greengrass#PublishToIoTCore"  
  
When you make a change, if you are making the change through a deployment using the "MERGE" option, then that will work fine. However, if you are editing the default in the recipe you must use
 `RESET: [""]`
 in the deployment configuration for the component. That way it will use the default configuration from your recipe instead of the existing configuration which is present in the Nucleus. Read https://docs.aws.amazon.com/greengrass/v2/developerguide/update-component-configurations.html for more information on this topic.  
  
Cheers,  
Michael Dombrowski

Answer

**Policy**  
"accessControl": {  
        "aws.greengrass.ipc.mqttproxy": {  
          "com.example.HelloWorld:pubsub:1": {  
            "policyDescription": "Allows access to publish to my/topic.",  
            "operations": \[  
              "aws.greengrass#PublishToTopic",  
              "aws.greengrass#PublishToIoTCore",  
              "aws.greengrass#GreengrassCoreIPC"  
            ],  
            "resources": \[  
              "my/topic"  
            ]  
          }  
        }  
      }  
    }

**configuration update** (I'm not using the cli, using console)  
{  
  "reset": \[],  
  "merge": {  
    "accessControl": {  
      "aws.greengrass.ipc.mqttproxy": {  
        "com.example.HelloWorld:pubsub:1": {  
          "policyDescription": "Allows access to publish to my/topic.",  
          "operations": \[  
            "aws.greengrass#PublishToTopic",  
            "aws.greengrass#PublishToIoTCore",  
            "aws.greengrass#GreengrassCoreIPC"  
          ],  
          "resources": \[  
            "my/topic"  
          ]  
        }  
      }  
    }  
  }  
}

Answer

Hi,  
  
SVCUID is a secret token provided to your component by Greengrass. In order to run using IPC, your component must be started by Greengrass, not by you on the command line.  
  
Your code is creating the IPC client and connecting inside of the while true, which is going to make it create more and more clients. You should take this out of the while loop so that you only create a single connection and connect once.  
  
Using the python SDK version 1.5.4 or later you can now simply use

```
import awsiot.greengrasscoreipc

ipc_client = awsiot.greengrasscoreipc.connect()
```

Prior to that version, please make sure that you are using the IPCUtils exactly as it is provided from https://docs.aws.amazon.com/greengrass/v2/developerguide/interprocess-communication.html, otherwise you may run into trouble.

If you're still having problems, please provide your full component log file as well as the greengrass log file.  
  
Cheers,  
Michael Dombrowski

Answer

**grep "error" logs/greengrass.log**

```
2021-02-18T17:26:35.272Z [ERROR] (main) com.aws.greengrass.authorization.AuthorizationPolicyParser: load-authorization-config-deserialization-error. Unable to deserialize access control map services.com.example.HelloWorld.configuration.accessControl:{aws.greengrass.ipc.pubsub=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.pubsub:{com.example.HelloWorld:pubsub:1=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.pubsub.com.example.HelloWorld:pubsub:1:{operations=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.pubsub.com.example.HelloWorld:pubsub:1.operations:aws.greengrass#PublishToTopic, policyDescription=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.pubsub.com.example.HelloWorld:pubsub:1.policyDescription:Allows access to publish to test/topic., resources=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.pubsub.com.example.HelloWorld:pubsub:1.resources:my/topic}}, aws.greengrass.ipc.mqttproxy=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy:{com.example.HelloWorld:pubsub:1=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:1:{operations=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:1.operations:[aws.greengrass#PublishToTopic, aws.greengrass#PublishToIoTCore, aws.greengrass#GreengrassCoreIPC], policyDescription=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:1.policyDescription:Allows access to publish to my/topic., resources=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:1.resources:[my/topic]}}} for com.example.HelloWorld. {}
2021-02-18T17:26:37.715Z [INFO] (Thread-4) com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.example.HelloWorld is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource my/topic}
2021-02-18T17:26:37.831Z [INFO] (Thread-4) com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.example.HelloWorld is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource my/topic}
2021-02-18T17:26:37.938Z [INFO] (Thread-4) com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.example.HelloWorld is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource my/topic}
2021-02-18T17:26:54.348Z [INFO] (Thread-4) com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.example.HelloWorld is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource my/topic}
2021-02-18T17:26:54.448Z [INFO] (Thread-4) com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.example.HelloWorld is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource my/topic}
2021-02-18T17:26:54.558Z [INFO] (Thread-4) com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.example.HelloWorld is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource my/topic}
```

**grep "error" logs/com.example.HelloWorld.log**

```
2021-02-18T17:26:37.722Z [INFO] (Copier) com.example.HelloWorld: stdout. DEBUG:awsiot.eventstreamrpc: received #1 APPLICATION_ERROR [Header(':content-type', 'application/json', ), Header('service-model-type', 'aws.greengrass#UnauthorizedError', ), Header(':message-type', 1, ), Header(':message-flags', 2, ), Header(':stream-id', 1, )] b'{"message":"Not Authorized","_service":"aws.greengrass#GreengrassCoreIPC","_message":"Not Authorized","_errorCode":"UnauthorizedError","detailMessage":"UnauthorizedError[aws.greengrass#GreengrassCoreIPC]: Not Authorized","stackTrace":[],"suppressedExceptions":[]}'. {scriptName=services.com.example.HelloWorld.lifecycle.Run, serviceName=com.example.HelloWorld, currentState=RUNNING}
2021-02-18T17:26:37.832Z [INFO] (Copier) com.example.HelloWorld: stdout. DEBUG:awsiot.eventstreamrpc: received #1 APPLICATION_ERROR [Header(':content-type', 'application/json', ), Header('service-model-type', 'aws.greengrass#UnauthorizedError', ), Header(':message-type', 1, ), Header(':message-flags', 2, ), Header(':stream-id', 1, )] b'{"message":"Not Authorized","_service":"aws.greengrass#GreengrassCoreIPC","_message":"Not Authorized","_errorCode":"UnauthorizedError","detailMessage":"UnauthorizedError[aws.greengrass#GreengrassCoreIPC]: Not Authorized","stackTrace":[],"suppressedExceptions":[]}'. {scriptName=services.com.example.HelloWorld.lifecycle.Run, serviceName=com.example.HelloWorld, currentState=RUNNING}
2021-02-18T17:26:37.939Z [INFO] (Copier) com.example.HelloWorld: stdout. DEBUG:awsiot.eventstreamrpc: received #1 APPLICATION_ERROR [Header(':content-type', 'application/json', ), Header('service-model-type', 'aws.greengrass#UnauthorizedError', ), Header(':message-type', 1, ), Header(':message-flags', 2, ), Header(':stream-id', 1, )] b'{"message":"Not Authorized","_service":"aws.greengrass#GreengrassCoreIPC","_message":"Not Authorized","_errorCode":"UnauthorizedError","detailMessage":"UnauthorizedError[aws.greengrass#GreengrassCoreIPC]: Not Authorized","stackTrace":[],"suppressedExceptions":[]}'. {scriptName=services.com.example.HelloWorld.lifecycle.Run, serviceName=com.example.HelloWorld, currentState=RUNNING}
2021-02-18T17:26:54.349Z [INFO] (Copier) com.example.HelloWorld: stdout. DEBUG:awsiot.eventstreamrpc: received #1 APPLICATION_ERROR [Header(':content-type', 'application/json', ), Header('service-model-type', 'aws.greengrass#UnauthorizedError', ), Header(':message-type', 1, ), Header(':message-flags', 2, ), Header(':stream-id', 1, )] b'{"message":"Not Authorized","_service":"aws.greengrass#GreengrassCoreIPC","_message":"Not Authorized","_errorCode":"UnauthorizedError","detailMessage":"UnauthorizedError[aws.greengrass#GreengrassCoreIPC]: Not Authorized","stackTrace":[],"suppressedExceptions":[]}'. {scriptName=services.com.example.HelloWorld.lifecycle.Run, serviceName=com.example.HelloWorld, currentState=RUNNING}
2021-02-18T17:26:54.449Z [INFO] (Copier) com.example.HelloWorld: stdout. DEBUG:awsiot.eventstreamrpc: received #1 APPLICATION_ERROR [Header(':content-type', 'application/json', ), Header('service-model-type', 'aws.greengrass#UnauthorizedError', ), Header(':message-type', 1, ), Header(':message-flags', 2, ), Header(':stream-id', 1, )] b'{"message":"Not Authorized","_service":"aws.greengrass#GreengrassCoreIPC","_message":"Not Authorized","_errorCode":"UnauthorizedError","detailMessage":"UnauthorizedError[aws.greengrass#GreengrassCoreIPC]: Not Authorized","stackTrace":[],"suppressedExceptions":[]}'. {scriptName=services.com.example.HelloWorld.lifecycle.Run, serviceName=com.example.HelloWorld, currentState=RUNNING}
2021-02-18T17:26:54.559Z [INFO] (Copier) com.example.HelloWorld: stdout. DEBUG:awsiot.eventstreamrpc: received #1 APPLICATION_ERROR [Header(':content-type', 'application/json', ), Header('service-model-type', 'aws.greengrass#UnauthorizedError', ), Header(':message-type', 1, ), Header(':message-flags', 2, ), Header(':stream-id', 1, )] b'{"message":"Not Authorized","_service":"aws.greengrass#GreengrassCoreIPC","_message":"Not Authorized","_errorCode":"UnauthorizedError","detailMessage":"UnauthorizedError[aws.greengrass#GreengrassCoreIPC]: Not Authorized","stackTrace":[],"suppressedExceptions":[]}'. {scriptName=services.com.example.HelloWorld.lifecycle.Run, serviceName=com.example.HelloWorld, currentState=RUNNING}
```

PS thanks so much for the help!

Answer

Got it working! But doesn't make sense. I deployed 0 components and then deployed the mqtt component (hello world). Seems like the reset param isn't working as expected.

Answer

Your update seems to be correct. That should now allow your component to publish to the topic.  
  
If not, please provide update logs showing the failure.  
  
Cheers,  
Michael Dombrowski

Answer

I think there's something I'm not understanding correctly. Seems like its attempting to load past policies, but as I understand because I have that reset parameter in there those should go away on deployment.  
  
**recipe**  
 "ComponentConfiguration": {  
    "DefaultConfiguration": {  
      "reset": \[  
        ""  
      ],  
      "accessControl": {  
        "aws.greengrass.ipc.mqttproxy": {  
          "com.example.HelloWorld:pubsub:4": {  
            "policyDescription": "Allows access to publish to my/topic.",  
            "operations": \[  
              "aws.greengrass#PublishToIoTCore"  
            ],  
            "resources": \[  
              "my/topic"  
            ]  
          }  
        }  
      }  
    }  
  }  
  
**error message**  
2021-02-18T19:01:30.197Z \[ERROR] (Serialized listener processor) com.aws.greengrass.authorization.AuthorizationPolicyParser: load-authorization-config-deserialization-error. Unable to deserialize access control map services.com.example.HelloWorld.configuration.accessControl:{aws.greengrass.ipc.pubsub=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.pubsub:{com.example.HelloWorld:pubsub:1=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.pubsub.com.example.HelloWorld:pubsub:1:{operations=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.pubsub.com.example.HelloWorld:pubsub:1.operations:aws.greengrass#PublishToTopic, policyDescription=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.pubsub.com.example.HelloWorld:pubsub:1.policyDescription:Allows access to publish to test/topic., resources=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.pubsub.com.example.HelloWorld:pubsub:1.resources:my/topic}}, aws.greengrass.ipc.mqttproxy=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy:{com.example.HelloWorld:pubsub:3=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:3:{operations=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:3.operations:\[aws.greengrass#PublishToTopic, aws.greengrass#PublishToIoTCore, aws.greengrass#GreengrassCoreIPC], policyDescription=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:3.policyDescription:Allows access to publish to my/topic., resources=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:3.resources:\[my/topic]}, com.example.HelloWorld:pubsub:4=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:4:{operations=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:4.operations:\[aws.greengrass#PublishToIoTCore], policyDescription=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:4.policyDescription:Allows access to publish to my/topic., resources=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:4.resources:\[my/topic]}, com.example.HelloWorld:pubsub:1=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:1:{operations=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:1.operations:\[aws.greengrass#PublishToTopic, aws.greengrass#PublishToIoTCore, aws.greengrass#GreengrassCoreIPC], policyDescription=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:1.policyDescription:Allows access to publish to my/topic., resources=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:1.resources:\[my/topic]}, com.example.HelloWorld:pubsub:2=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:2:{operations=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:2.operations:\[aws.greengrass#PublishToTopic, aws.greengrass#PublishToIoTCore, aws.greengrass#GreengrassCoreIPC], policyDescription=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:2.policyDescription:Allows access to publish to my/topic., resources=services.com.example.HelloWorld.configuration.accessControl.aws.greengrass.ipc.mqttproxy.com.example.HelloWorld:pubsub:2.resources:\[my/topic]}}} for com.example.HelloWorld. {}

Answer

One issue you have is a malformed accessControl policy. Seems that the policy for mqttproxy, com.example.HelloWorld:pubsub:1 has "operations" which must be an array, but is just a single string. You then have a duplicated policy with the same name under pubsub. This is not allowed. The names must be unique.  
  
I'd suggest resetting the configuration and only merging the mqttproxy related access control policy. The operation that you need is only aws.greengrass#PublishToIoTCore.

Answer

Putting reset into the component recipe does not do anything. Have a look at https://docs.aws.amazon.com/greengrass/v2/developerguide/update-component-configurations.html#reset-configuration-update for information about resetting deployments.

AWS MQTT Push Not working, what is SVCUID

Relevant content