By using AWS re:Post, you agree to the Terms of Use
All Questions
Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Authoriztion failure when publishing to IoT Core MQTT topic

Hello, I'm currently running into some trouble setting up an IoT Core MQTT broker. I am able to connect to my broker using my terminal and mosquitto, but when I try to publish a message to any topic, the mosquitto client disconnects and reconnects without being able to publish. I have validated this connect/disconnect behaviour through the `$aws/events/presence/# topic` and the mosquitto client in debug mode for which I can provide a sample output : ``` Client william_terminal sending CONNECT Client william_terminal received CONNACK (0) HELLO Client william_terminal sending PUBLISH (d0, q0, r0, m1, 'test', ... (5 bytes)) Client william_terminal sending CONNECT Client william_terminal received CONNACK (0) ``` Using the AWSIotLogs set at debug level, I was able to find out that this behaviour is caused by an authorization problem happening at publish time. Here are consecutively sampled logs for the stream : ``` { "timestamp": "2022-09-29 15:16:55.406", "logLevel": "INFO", "traceId": "5697ba84-38f7-eefc-08e9-b6dd00096727", "accountId": "673559919736", "status": "Success", "eventType": "Connect", "protocol": "MQTT", "clientId": "$GEN/af403525-5e3b-4f81-9888-a31f16e300f0", "principalId": "49964471e92f354742f5394e648c97d9ac3aa940081cccf0962918bf97fcdf09", "sourceIp": "10.240.100.18", "sourcePort": 46898 } { "timestamp": "2022-09-29 15:16:59.554", "logLevel": "ERROR", "traceId": "067b15e5-9bcb-5c6d-2061-9bbefbccb3d0", "accountId": "673559919736", "status": "Failure", "eventType": "Publish-In", "protocol": "MQTT", "topicName": "sim/2", "clientId": "$GEN/af403525-5e3b-4f81-9888-a31f16e300f0", "principalId": "49964471e92f354742f5394e648c97d9ac3aa940081cccf0962918bf97fcdf09", "sourceIp": "10.240.100.18", "sourcePort": 46898, "reason": "AUTHORIZATION_FAILURE", "details": "Authorization Failure" } ``` The certificates I use to authenticate to my account have the following policy attached : ``` { "Statement": [ { "Action": [ "iot:Connect" ], "Condition": { "Bool": { "iot:Connection.Thing.IsAttached": [ "true" ] } }, "Effect": "Allow", "Resource": "*" }, { "Action": [ "iot:Publish" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iot:Subscribe" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iot:Receive" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" } ``` The only restrictive part of this permissions being set on the connection action, I don't understand how it is possible to have a publication authorization failure. I will deeply appreciate any help on this topic. Cheers, William Didier
2
answers
0
votes
22
views
asked 19 hours ago
1
answers
0
votes
12
views
asked 21 hours ago