Questions tagged with Internet of Things

Hi, I am working through general LoRaWAN functions and applications as part of a larger IoT project. I'm having trouble connecting my gateway (Multitech Conduit) to AWS. I've gone through all the steps provided in the AWS help documentation and documentation from the manufacturer, including creating new Gateway Cert Manager permissions/roles (AWS steps here https://docs.aws.amazon.com/iot/latest/developerguide/connect-iot-lorawan-rfregion-permissions.html). Still, when I try to add my gateway I get an error message saying that I do not have the correct permissions set to add a gateway. Has anyone run into this? Is there a way to associate the role/permission with my IAM account? or should it be set for the root account?

I have the following mqtt message: ``` { "sensors": [ { "lsid": 412618, "data": [ { "temp_in": 72.3, "heat_index_in": 72, "dew_point_in": 55.9, "ts": 1652785241, "hum_in": 56.3 } ], "sensor_type": 243, "data_structure_type": 12 }, { "lsid": 421195, } ``` I can get the "sensors,0.lsid" value and the entire "data" array using this query: ``` select get(sensors,0).lsid as ls, get(sensors, 0).data as data1 from "topic" ``` but what I really need is to get "temp_in:72.3" , i.e. the values from the second level array I've tried using this :[https://docs.aws.amazon.com/iot/latest/developerguide/iot-sql-nested-queries.html](), but unless i'm not following it correctly, it doesnt seem to work. Any help would be greatly appreciated

Hello community, especially those more experienced in IoT via LoRaWAN: As you can see in the attached image, so far I have only been able to visualize the MQTT broadcast from Helium (label "red485-00)" in the "test client" by subscribing to all the topics of the object "DRAGINO-RS485LN-00" (type "Helium-Things"). Said object is sending the "payload" corresponding to some sensors (temperatures and CO2 in only 9 bytes) Please, I need your help to learn how to program the necessary (and cheapest possible) AWS service/s to decode that payload and represent its values ​​in graphs (historical, last value, etc.). To begin with, I would like to know which AWS services to use, in which language (JSON, JavaScripts, Python, etc.) and in which place to leave that written programming. Thank you very much to those who can give me a hand. [220517-102036_red485FromHeliumToAWS](https://drive.google.com/file/d/1LoAJueLRbJ8-o8omkus5eLlwYC1VU4vR/view?usp=sharing)

Hi, the framework given by AWS for ESP32-DevkitC based OTA MQTT is crashing when internet disconnects. During crash, 6 out of 5 retry for TLS attempts is seen in serial log. Please suggest how to overcome this. If any other info required please let me know.

I have generated a timestream database and table, but am struggling to write data to the table. The data comes from an mqtt topic, and can be seen in the cloudwatch log, so I know my select statement is sound. I think i have given the IAM role the correct permissions. This answer [https://repost.aws/questions/QUmWAjLqG7RwGHCSL2tMrXvw/iot-core-rules-to-map-timestamp-to-timestream#COMoUviJP_TGCAgZvcltBQUw](by @Greg_b) describes how to enter the 'timestamp value' but does not say what is needed in the 'timestamp unit' field. I am a complete newcomer to AWS so apologies if my question is not worded correctly. I would really appreciate some help with this! One further question, why, after i have deactiveted a rule, does it still appear in the cloudwatch logs?

Hello, I generated an MQTT client certificate using create-keys-and-certificate. The issuer of this certificate is: issuer= /OU=Amazon Web Services O=Amazon.com Inc. L=Seattle ST=Washington C=US is there any way to access that intermediate certificate and any other intermediate ones in the chain? I've checked all the certificates here: https://www.amazontrust.com/repository/ but unfortunately none of them is that one. thank you!

Hi All, We are working on ESP32C3 for OTA functionality using https://github.com/espressif/esp-aws-iot/tree/release/beta/examples/ota/ota_mqtt. We understood original C SDK from AWS side updated from ESP side to make it compatible to ESP32C3. As a part of testing, ESP32C3 is always connected to the Router over WiFi (Mobile Hotspot always ON). We are toggling the internet connection to the router.(**Mobile Data turned Off and ON**) We observed on every internet reconnection, there is memory leak of ~3KB. The memory leak used to get restored. But it take ~12 Min, ~17 Min, ~23Min. In one of the captured log, original free heap of 121828 get reduced to 118620 (~3K leak) after internet restore. After ~23 min, memory leak recovered to 121740. We are following with ESP for this issue. But we are getting little slow reply from ESP side. We have following observation, i) The AWS CSDK has WiFi disconnect event. But there is no event to handle Internet disconnect as we highlighted above - **Mobile Data turned Off and ON** ii) On WiFi disconnection and reconnection, memory leak not observed **Our queries/request:** i) If possible, we request AWS to replicate above testing on ESP32 device and share result. We are also trying to build code for ESP32 - mqtt OTA released from AWS side. We are getting some error. We are working on same. ii) Provide input from AWS side for memory leak observation. That will help to work on this issue further. **Did you came across the mentioned memory leak error in past? ** iii) Provide input on Internet disconnect event as we mentioned in observation 1 Thanks....

- I'm using Quectel modem BG95 with a host MCU to connect to AWS IoT core and publish to topics and subscribe to topics as well. - I used to get an error occasionally that closed the MQTT connection exactly while doing pub/sub operations and connection had to be re-established , but that was very rare. - However, since the last few days I have been running tests on multiple devices (using same IoT core endpoint) and have been getting this MQTT dis-connection on each pub or sub operation. I am attaching a log for review. - To me it seems a server side issue since I have tried it with multiple modems and previous versions of firmware. ``` [While publishing to topic] ;2022-05-08T02:29:41Z;28;-966233403;462863960;;RAK000121|-45,RAKTEST|-56 AT+QIDEACT=1 OK[ 2022-05-08T02:29:41Z ] [FARM_IP][INFO] MDM_SET_DEACTIVATE_PDP-else AT+QIACT=1 OK AT+QMTOPEN=0,"a5u9klmd2viw3z-ats.iot.us-west-1.amazonaws.com",8883 OK +QMTOPEN: 0,0 --- [Opening MQTT Connection] [ 2022-05-08T02:29:41Z ] [FARM_IP][INFO] Mqtt opened AT+QMTCONN=0,"0123qwer786" OK +QMTCONN: 0,0,0 --- [MQTT client connected] AT+QMTPUB=0,1,1,0,"fm/1011",72 --- [Publishing to the MQTT Topic] > ;2022-05-08T02:29:41Z;28;-966233403;462863960;;RAK000121|-45,RAKTEST|-56 OK +QMTSTAT: 0,1 --- [MQTT Connection Closed] ``` ``` [While Subscribing to topic] AT+QMTSUB=0,1,"imei/get_logs",0 --- [Subscribing to the MQTT Topic] OK +QMTSTAT: 0,1 --- [MQTT Connection Closed] [ ] [FARM_IP][INFO] Starting timer AT+QMTSUB=0,1,"imei/get_logs",0 --- [Subscribing to the MQTT Topic] OK +QMTSTAT: 0,1 --- [MQTT Connection Closed] ```

I would like to be able to perform local testing of my greengrass components before deployment. The issue is that my components normally use Greengrass IPC, meaning that I cannot perform local testing, as IPC messages cannot be sent/received as the local component test won't be happening in Greengrass. Is there a way to get around this ? Is there a method to mimic/test Greengrass IPC calls in a program, outside of a Greengrass deployment ?

At current, my Greengrass core device (v2.5.5), is on my rasp 3b+ running normally with manual deployment from local/cloud. However, the IDT (version 4.5.3 with suite=GGV2Q_2.3.1) execution passed for 3/6 test cases as below only: ========== Test Summary ========== * Execution Time: 1m51s * Tests Completed: 6 * Tests Passed: 3 * Tests Failed: 3 * Tests Skipped: 0 ---------------------------------- Test Groups: * pretestvalidation: PASSED * version: PASSED * coredependencies: PASSED * mqtt: FAILED * component: FAILED ---------------------------------- Failed Tests: * Group Name: mqtt Test Name: mqttpubsub; Reason: Failed at 'my device is running Greengrass * Group Name: component Test Name: cloudcomponent; Reason: Failed at 'my device is running Greengrass' Test Name: localcomponent; Reason: Failed at 'my device is running Greengrass' ---------------------------------- **Is there further detail/meaningful info from these error log/code?** **I have tried to look into the log folder but nothing else there.** **I have attached all failed logs as below:** # localcomponent: - time="22:48:06+07:00" level=info msg=22:48:06.237 [localdeployment] [INFO] com.aws.greengrass.testing.features.LoggerSteps - Attaching thread context to scenario: 'A component is deployed locally using CLI' - time="22:48:06+07:00" level=info msg=22:48:06.238 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 4: 'my device is registered as a Thing' - time="22:48:08+07:00" level=info msg=22:48:08.085 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotPolicy in IotLifecycle - time="22:48:09+07:00" level=info msg=22:48:09.615 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IamPolicy in IamLifecycle - time="22:48:10+07:00" level=info msg=22:48:10.194 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IamRole in IamLifecycle - time="22:48:10+07:00" level=info msg=22:48:10.639 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotRoleAlias in IotLifecycle - time="22:48:10+07:00" level=info msg=22:48:10.837 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotPolicy in IotLifecycle - time="22:48:11+07:00" level=info msg=22:48:11.040 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotThingGroup in IotLifecycle - time="22:48:12+07:00" level=info msg=22:48:12.066 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotCertificate in IotLifecycle - time="22:48:12+07:00" level=info msg=22:48:12.466 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotThing in IotLifecycle - time="22:48:14+07:00" level=info msg=22:48:14.966 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 5: 'my device is running Greengrass' - time="22:48:14+07:00" level=info msg=22:48:14.976 [localdeployment] [ERROR] greengrass/features/localdeployment.feature - Failed at step: 'my device is running Greengrass' - time="22:48:14+07:00" level=info msg=com.google.inject.ConfigurationException: Guice configuration errors: - time="22:48:14+07:00" level=info msg=1) [Guice/ErrorInUserCode]: Unable to method intercept: GreengrassSteps - time="22:48:14+07:00" level=info msg= while locating GreengrassSteps - time="22:48:14+07:00" level=info msg=22:48:14.990 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 9: 'I create a Greengrass deployment with components' - time="22:48:14+07:00" level=info msg=22:48:14.990 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 11: 'I deploy the Greengrass deployment configuration' - time="22:48:14+07:00" level=info msg=22:48:14.991 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 12: 'the Greengrass deployment is COMPLETED on the device after 180 seconds' - time="22:48:14+07:00" level=info msg=22:48:14.991 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 13: 'I verify greengrass-cli is available in greengrass root' - time="22:48:14+07:00" level=info msg=22:48:14.991 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 14: 'I create a local deployment with components' - time="22:48:14+07:00" level=info msg=22:48:14.991 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 16: 'the local Greengrass deployment is SUCCEEDED on the device after 120 seconds' - time="22:48:14+07:00" level=info msg=22:48:14.991 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 17: 'the aws.greengrass.LocalHelloWorld log on the device contains the line "Hello World!!" within 20 seconds' - time="22:48:16+07:00" level=info msg=22:48:16.569 [localdeployment] [INFO] com.aws.greengrass.testing.features.LoggerSteps - Clearing thread context on scenario: 'A component is deployed locally using CLI' - time="22:48:16+07:00" level=info msg=22:48:16.577 [localdeployment] [ERROR] com.aws.greengrass.testing.launcher.reporting.StepTrackingReporting - Failed: 'A component is deployed locally using CLI': Failed at 'my device is running Greengrass' - time="22:48:16+07:00" level=info msg=22:48:16.584 [] [] [INFO] com.aws.greengrass.testing.modules.AWSResourcesCleanupModule - Cleaned up com.aws.greengrass.testing.resources.iam.IamLifecycle$$EnhancerByGuice$$10441879@e128dc2 - time="22:48:23+07:00" level=error msg=Test exited unsuccessfully error=exit status # cloudcomponent: - 2022-May-04 15:37:28,499 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 9: 'I create a Greengrass deployment with components' - 2022-May-04 15:37:28,499 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 11: 'I deploy the Greengrass deployment configuration' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 12: 'the Greengrass deployment is COMPLETED on the device after 180 seconds' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 13: 'the com.aws.HelloWorld log on the device contains the line "Hello World!!" within 20 seconds' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 15: 'I create a Greengrass deployment with components' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 17: 'I deploy the Greengrass deployment configuration' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 18: 'the Greengrass deployment is COMPLETED on the device after 180 seconds' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 19: 'the com.aws.HelloWorld log on the device contains the line "Hello World Updated!!" within 20 seconds' - 2022-May-04 15:37:31,557 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] com.aws.greengrass.testing.features.LoggerSteps - Clearing thread context on scenario: 'As a developer, I can create a component in Cloud and deploy it on my device' - 2022-May-04 15:37:31,558 [cloudComponent] [idt-b47156801aee3f29c860] [ERROR] com.aws.greengrass.testing.launcher.reporting.StepTrackingReporting - Failed: 'As a developer, I can create a component in Cloud and deploy it on my device': Failed at 'my device is running Greengrass' # mqttpubsub: - 2022-May-04 15:36:55,929 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] greengrass/features/mqtt.feature - line 9: 'I create a Greengrass deployment with components' - 2022-May-04 15:36:55,931 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] greengrass/features/mqtt.feature - line 12: 'I deploy the Greengrass deployment configuration' - 2022-May-04 15:36:55,931 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] greengrass/features/mqtt.feature - line 13: 'the Greengrass deployment is COMPLETED on the device after 180 seconds' - 2022-May-04 15:36:55,931 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] greengrass/features/mqtt.feature - line 14: 'the aws.greengrass.IotMqttSubscriber log on the device contains the line "Subscribed to IoT topic idt/Mqtt/Test with QOS=AT_LEAST_ONCE" within 20 seconds' - 2022-May-04 15:36:55,931 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] greengrass/features/mqtt.feature - line 15: 'the aws.greengrass.IotMqttPublisher log on the device contains the line "Published to IoT topic idt/Mqtt/Test with payload test message and qos AT_LEAST_ONCE" within 10 seconds' - 2022-May-04 15:36:58,922 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] com.aws.greengrass.testing.features.LoggerSteps - Clearing thread context on scenario: 'Component publishes MQTT message to Iot core and retrieves it as well' - 2022-May-04 15:36:58,924 [mqtt] [idt-614fb227a4f0913ba4be] [ERROR] com.aws.greengrass.testing.launcher.reporting.StepTrackingReporting - Failed: 'Component publishes MQTT message to Iot core and retrieves it as well': Failed at 'my device is running Greengrass' - 2022-May-04 15:36:58,930 [] [] [INFO] com.aws.greengrass.testing.modules.AWSResourcesCleanupModule - Cleaned up com.aws.greengrass.testing.resources.s3.S3Lifecycle$$EnhancerByGuice$$11137706@7e3ca22c

We installed Greengrass v2 on several EC2s that simulate edge devices. We subscribed to telemetry data from them as explained in the docs: https://docs.aws.amazon.com/greengrass/v2/developerguide/telemetry.html. We defined a very general rule on eventBridge using the default event bus and the following event pattern : { "source": ["aws.greengrass"] } We forwarded the events to a CloudWatch log group. However, we received almost no data. We notice that every time we restart the ec2, the first MQTT message is always received, but then, after a while (2-4 days), we didn't receive the messages anymore (even if we didn't change anything in the ec2 or in the Greengrass components). In the docs, it says that the telemetry agent tries to send an MQTT message every day with QOS 0, so some misses could be expected. But since we are using EC2, we assume to have an internet connection almost all the time and we expect to receive more telemetry messages. Why is this not happening? We received the expected messages only for 2/4 days. For instance, for the core device GGv2-CoreDevice, we received telemetry data on 2022-04-21 and 2022-04-22 and we didn't receive any message on the following days. Should we expect worse performance when we will use on-premise edges? IoT Greengrass Core software version: 2.5.5

Imagine if we have a time series values like this, lets say the timestamps are in epoch and device is emitting a payload every minute. |timestamp| device| sensorName| sensorValue| |---|---|---|---| |1612828800001| device1| mode | Running| |1612828800001| device1| fuelUsed |23| |1612828800011| device1| mode | Running| |1612828800011| device1| fuelUsed |33| |1612828800021| device1| mode | Running| |1612828800021| device1| fuelUsed |50| |1612828800002| device1| mode | Not Running |1612823800002| device1| fuelUsed | 45| |1612828800002| device2| mode | Running| |1612823800002| device2| fuelUsed | 77| And we would like to know what was the TotalfuelUsed in the last 30 days when the mode was Running (mode Not Running means engine is on but not moving = idle). We tried using calculated field and periodToDateAvg function but somehow it is just not possible to do this complex query in one or multiple calculations * Calculated Field 1: Productive Productive time = sum(periodToDateAvg({sensorName} = 'mode' and {sensorValue} = 'Running', Month )) <<<---- Need help here * Calculated Field 1: TotalFuelUsedDuringProductive TotalFuelUsedDuringProductive = TotalFuelUsed/Productive * Expected Output device1 TotalFuelUsedDuringProductive = (50-23)/(3-2) Is this even possible to do in Quicksight? or do we have to use Athena SQL Query?

I want to be bale to add a lot of devices automatically when they first activate and not one by one using the console or the API. I think I need to use OTAA but it is not clear to me how I can automate this process. I read [this ](https://docs.aws.amazon.com/iot/latest/developerguide/connect-iot-lorawan-end-devices-add.html) but did not understand how to scale this. Thanks

Hello, i have been using aws iot jobs for sending custom jobs like restarting a service, rebooting a device or running a custom ota job like pulling from git. I have noticed that when i run the built binary of aws-iot-client manually from a shell with the job's config file it works when it recieves a custom ota job. But when the same binary with same config file is run from aws iot service it doesn't work. The job reports failed state with a message code exited with status code 1. Can you help me more on this. The update-software.sh file for ota handler is: ``` #!/usr/bin/env sh set -e echo "Running update-software.sh" user=$1 echo "Username: $user" if id "$user" 2>/dev/null && command -v "git" > /dev/null then echo "Starting the update command" . /home/pi/triton_software/update.sh else "Update failed!!" exit 1 fi echo "update-software command is done" ``` and the update.sh script which is being called is ``` #!/usr/bin/env sh cd /home/pi/amazon-kinesis-video-streams-producer-sdk-cpp; git pull origin main; cd build/; cmake -DBUILD_GSTREAMER_PLUGIN=TRUE ..; make; ``` Any help is appreciated, Thanks Subham

I am using IDT v4.5.3 with test suite GGV2Q_2.3.1 with Greengrass nucleus v2.5.5. When running the lambdadeployment test I am getting the following error, "Test failed with error: failed to validate lambda publish: timed out". Any suggestions for debugging this issue?

I have purchased a HW v1.1 DeepLens and I am unable to register the device either through the PC or directly through the device using micro HDMI / Monitor / HBU breakout port with wired keyboard and wired mouse. For PC, no LAN, No VPN and no blocking from Firewall, but no recognition or registry. For connect direct to device, three screens scroll within 1 second at start-up and then the device goes dormant, monitor goes into hibernate because of no output signal from the device. I am preparing to return three DeepLens devices and give up on this initiative. Any support is appreciated.

Today, we are announcing the general availability of [AWS IoT TwinMaker](https://aws.amazon.com/iot-twinmaker/), a service that makes it easier for developers to create digital twins of real-world systems such as buildings, factories, production lines, and equipment. Customers are increasingly adopting digital twins to make better operational and strategic decisions in industries such as smart buildings, manufacturing, construction, energy, power & utilities, and more. With AWS IoT TwinMaker you now have the tools you need to build digital twins to help you monitor and improve your industrial operations. With AWS IoT TwinMaker, you can quickly get started creating digital twins of equipment, processes, and facilities by connecting data from different data sources without having to re-ingest or move the data to another location. You can use built-in data connectors for the following AWS services: [AWS IoT SiteWise](https://aws.amazon.com/iot-sitewise/) for equipment and time-series sensor data, and [Amazon Kinesis Video Streams](https://aws.amazon.com/kinesis/video-streams/) for video data. AWS IoT TwinMaker also provides a framework for you to create your own data connectors to use with other AWS or third-party data sources (such as [Amazon Timestream](https://aws.amazon.com/timestream/), Snowflake, and Siemens MindSphere). Then, you can easily access all digital twin data using the AWS IoT TwinMaker unified data access API to underlying data sources without needing to query each data source individually. AWS IoT TwinMaker AWS IoT TwinMaker lets you model your physical environment using entities (e.g. any physical asset or system like a furnace, an assembly line, or an entire factory) and its components (e.g. data connectors) and then saves you time by automatically creating a knowledge (or digital twin) graph that combines and understands the relationships among the connected data sources. As your built environment evolves, for example if you add new sources of data, you can easily update your model so your digital twin remains accurate and current. Once the digital twin graph is created, you can then visualize the data in context of the physical environment. Using AWS IoT TwinMaker, you can import existing 3D models (such as CAD files, and point cloud scans) to compose and arrange 3D scenes of a physical space and its contents (e.g. a factory and its equipment) using simple 3D composition tools. To create a spatially aware visualization of your operations, you can then add interactive video and sensor data from connected data sources, insights from connected machine learning (ML) and simulation services, and equipment maintenance records and manuals. To help developers quickly build a web-based application for end users, such as plant operators and maintenance engineers, AWS IoT TwinMaker includes a plugin for Grafana and [Amazon Managed Grafana](https://aws.amazon.com/grafana/), a fully managed service for the open source dashboard and visualization platform from Grafana Labs. AWS IoT TwinMaker is generally available in regions of US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Europe (Frankfurt), and Europe (Ireland), with more regions to come soon. To learn more visit the AWS IoT TwinMaker product page, and to find an AWS Partner to help you on your digital twin journey, visit the AWS IoT TwinMaker [partner page](https://aws.amazon.com/iot-twinmaker/partners/). Use the [AWS Management Console](https://console.aws.amazon.com/iottwinmaker) to get started, or visit our [GitHub repository](https://github.com/aws-samples/aws-iot-twinmaker-samples) for a sample digital twin application.

Hi, I'm referring to https://github.com/espressif/esp-aws-iot/tree/release/beta/examples/ota/ota_mqtt for OTA over MQTT on ESP32C3 device. As per my understanding this framework is modified based on aws-iot-device-sdk-embedded-C release by AWS. Currently issue faced is: 1. Heap memory leak (3 kB) found on internet re-connect (WiFi=on, Internet=off). But no/ less leak on WiFi re-connect. 2. TLS break issue seen when internet is turned off. Please suggest how to resolve this.

I have a device "Device1" in group A, and there is a deployment in place for that group. Now, I would like to move Device1 to group B, for which there is a different deployment. I removed the device from group A, but the deployment is still running. How can I stop the deployment of group A for this specific device, and remove the components ?

Hello We are using Greengrass v2 with the Sagemaker component in order to do inference on the edge. The following error is seen intermettently while running our application. Could you please advise of anything we can do to avoid it? File "/usr/local/lib/python3.6/dist-packages/grpc/_channel.py", line 946, in __call__ return _end_unary_response_blocking(state, call, False, None) File "/usr/local/lib/python3.6/dist-packages/grpc/_channel.py", line 849, in _end_unary_response_blocking raise _InactiveRpcError(state) grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with: status = StatusCode.UNAVAILABLE details = "Socket closed" debug_error_string = "{"created":"@1650459124.460491853","description":"Error received from peer unix:/tmp/aws.greengrass.SageMakerEdgeManager.sock","file":"src/core/lib/surface/call.cc","file_line":906,"grpc_message":"Socket closed","grpc_status":14}"

Hello all, I am extremely new to the AWS community as well as working with LoRa integrations. I have integrated my LoRa application to my AWS IoT core. I am now trying to republish specific data from my application into another topic. I followed a tutorial on youtube and created a Lambda function to grab that specific data. When I try to verify its functionality in the MQTT broker I get nothing ``` function Decoder(bytes, port) { var decoded = {}; var sensorRead = bytes[2] & 0x7f; var BatteryPerc = bytes[2] & 0x64; var Hour = bytes[2] & 0x00; var Min = bytes[2] & 0x64; var Sec = bytes[2] & 0x00; var lat = bytes[4] & 0x00; var lon = bytes[4] & 0x00; var alt = bytes[4] & 0x00; var time = ((Hour) + ":" + (Min) + ":" + (Sec)); var Sensor = ((sensorRead) / 240.0625); var Battery = ((BatteryPerc) / 256); decoded.Sensor = Sensor; decoded.Battery = Battery decoded.time = time; decoded.lat = lat; decoded.lon = lon; decoded.alt = alt; return decoded; } exports.handler = async (event) => { console.log(event); return { "device" : event.DeviceId, "payload" : Decoder(Buffer.from(event.PayloadData, 'base64'), 2) }; }; ``` this is my Lambda function. I have no idea how to fix my problem or what resources to read to help.

Using IoT Analytics but cannot find button to empty the contents. Can only delete the entire data store.

I have multiple device to which my component is deployed to. I added a new device "my-device15", but the component was not properly started on it. I SSH'd into the device and fixed the problem. Can I retry the deployment only on this device without revising the deployment (since that would impact all the other device)?

Hello, I have a question regarding cloud service types (IaaS, PaaS & SaaS). For an internship, the company I work at has asked me to look into a specific cloud solution. I wish to create a scalable IoT-capable cloud solution for customers. So in turn, I have done quite a bit of research on cloud/edge computing for the past few weeks. However, one thing still confuses me a little. If I used an IaaS cloud architecture, would I still be able to use services like AWS (IoT) analytics, or would this mean it isn't an IaaS architecture anymore? I looked all over, but I can't find an answer for this specific question. I hoped to find some IaaS/PaaS/SaaS cloud architecture diagrams to gain some clarity, but haven't found these. Could someone help me clarify this? Thank you very much!

I'd like to use a device's Thing name in the MQTT topic subscription for a Greengrass Lambda, e.g.: ``` { "topic": "hello/${AWS_IOT_THING_NAME}", "type": "IOT_CORE" } ``` This question was asked a year ago and the guidance was that this sort of configuration was not possible at that time, and instead one might setup the subscription manually within a pinned Lambda or custom component: https://repost.aws/questions/QU5dTq6p3mTsyT5dFPMtWvGA/v-2-use-thing-name-in-mqtt-topic-for-triggering-lambda Is that still the case today? Alternatively, would it be possible to use the configuration merge feature to modify the Lambda subscription to a device-specific topic after deployment or some other simple workaround? Apologies for the duplicate question if indeed the guidance is still the same as before!

Hi, For audit trail/security purposes we would like to store a log of AWS IoT Secure Tunnel instances, including dates, durations, etc. If possible, even the originating IP address. What would be the easiest way to log IoT Secure Tunnel instances in Cloudwatch ? I can see that tunnels are displayed in the IoT dash, but these disappear if the tunnel is deleted. Current setup: - Secure Tunnel Component deployed via Greengrass - Using the provided docker-run.sh / localproxy cli method to connect - If we wish to close tunnels before timeout we are using the "close/delete" tunnel method via the AWS dash

Hello, I was wondering if there's any easy and fast implantation way to get online/offline status in the console as soon as a iot thing comes online or goes offline. Any help is appreciated.

Hello, i have been trying to setup a rpi using the tutorials [here](https://docs.aws.amazon.com/iot/latest/developerguide/iot-dc-install-configure.html) and when i run the command `./aws-iot-device-client --config-file ~/dc-configs/dc-testconn-config.json ` i am getting errors on the terminal saying that the aws crt sdk is not found with a fatal error like this ``` 2022-04-11T07:38:13.850Z [WARN] {Config.cpp}: Key {template-name} was provided in the JSON configuration file with an empty value 2022-04-11T07:38:13.850Z [WARN] {Config.cpp}: Key {csr-file} was provided in the JSON configuration file with an empty value 2022-04-11T07:38:13.850Z [WARN] {Config.cpp}: Key {device-key} was provided in the JSON configuration file with an empty value 2022-04-11T07:38:13.850Z [WARN] {Config.cpp}: Key {file} was provided in the JSON configuration file with an empty value 2022-04-11T07:38:13.850Z [WARN] {Config.cpp}: Key {publish-file} was provided in the JSON configuration file with an empty value 2022-04-11T07:38:13.851Z [WARN] {Config.cpp}: Key {subscribe-file} was provided in the JSON configuration file with an empty value 2022-04-11T07:38:13.851Z [WARN] {Config.cpp}: Shadow Name {shadow-name} was provided in the JSON configuration file with an empty value 2022-04-11T07:38:13.851Z [WARN] {Config.cpp}: Input file {shadow-input-file} was provided in the JSON configuration file with an empty value 2022-04-11T07:38:13.851Z [WARN] {Config.cpp}: Output file {shadow-output-file} was provided in the JSON configuration file with an empty value 2022-04-11T07:38:13.851Z [INFO] {Config.cpp}: Successfully fetched JSON config file: { "endpoint": "a32vqcn021ykiy-ats.iot.ap-south-1.amazonaws.com", "cert": "~/certs/testconn/device.pem.crt", "key": "~/certs/testconn/private.pem.key", "root-ca": "~/certs/AmazonRootCA1.pem", "thing-name": "Triton_Dp_Office", "logging": { "enable-sdk-logging": true, "level": "DEBUG", "type": "STDOUT", "file": "" }, "jobs": { "enabled": false, "handler-directory": "" }, "tunneling": { "enabled": false }, "device-defender": { "enabled": false, "interval": 300 }, "fleet-provisioning": { "enabled": false, "template-name": "", "template-parameters": "", "csr-file": "", "device-key": "" }, "samples": { "pub-sub": { "enabled": true, "publish-topic": "test/dc/pubtopic", "publish-file": "", "subscribe-topic": "test/dc/subtopic", "subscribe-file": "" } }, "config-shadow": { "enabled": false }, "sample-shadow": { "enabled": false, "shadow-name": "", "shadow-input-file": "", "shadow-output-file": "" } } 2022-04-11T07:38:13.851Z [DEBUG] {Config.cpp}: Did not find a runtime configuration file, assuming Fleet Provisioning has not run for this device 2022-04-11T07:38:13.852Z [DEBUG] {EnvUtils.cpp}: Updated PATH environment variable to: /home/pi/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games:/snap/bin:/home/pi/.aws-iot-device-client:/home/pi/.aws-iot-device-client/jobs:/home/pi/aws-iot-device-client/build:/home/pi/aws-iot-device-client/build/jobs 2022-04-11T07:38:13.852Z [INFO] {Main.cpp}: Now running AWS IoT Device Client version v1.5.19-868465b 2022-04-11T07:38:13.860Z [ERROR] {FileUtils.cpp}: Failed to create empty file: /var/log/aws-iot-device-client/sdk.log errno: 17 msg: File exists 2022-04-11T07:38:13.860Z [ERROR] {Main.cpp}: *** AWS IOT DEVICE CLIENT FATAL ERROR: Failed to initialize AWS CRT SDK. AWS IoT Device Client must abort execution, reason: Failed to initialize AWS CRT SDK Please check the AWS IoT Device Client logs for more information Aborted ``` I need this setup asap to work on deploying a fleet and test out AWS IOT Jobs. Any help is appreciated.

Hi, Please provide the tutorials in greengrass v2 document related to publishing the messages to IoT core from an imported lambda using greengrass v2.

I am trying to use lambdas on greengrass v2. I created and packaged the hello world lambda from the greengrass tutorial and deployed it to the core but it continues to error out. It doesnt seem to run to completion, or the lambda isnt getting called correctly and the core reports it as timed out. This is the stacktrace. How do I get this lambda to work in greeengrass v2? com.aws.greengrass.lambdamanager.StatusTimeoutException: Lambda status not received within timeout at com.aws.greengrass.lambdamanager.Lambda.lambda$createInstanceKeepAliveTask$5(Lambda.java:282) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833) aws.greengrass.LambdaManager 2.2.2 using Python Python 3.7 With the following hello world lambda ``` import json import awsiot.greengrasscoreipc import awsiot.greengrasscoreipc.client as client from awsiot.greengrasscoreipc.model import ( QOS, PublishToIoTCoreRequest ) TIMEOUT = 10 ipc_client = awsiot.greengrasscoreipc.connect() def greengrass_hello_world_run(): topic = "my/topic" message = "Hello, World" qos = QOS.AT_LEAST_ONCE request = PublishToIoTCoreRequest() request.topic_name = topic request.payload = bytes(message, "utf-8") request.qos = qos operation = ipc_client.new_publish_to_iot_core() operation.activate(request) future = operation.get_response() future.result(TIMEOUT) Timer(5, greengrass_hello_world_run).start() greengrass_hello_world_run() def lambda_handler(event, context): return ```

Is there a way to deploy a component with different configuration for each device group or tag ? We have different kind of device that should have slightly different component behavior. For instance, a device A may not want to use sensor X. Is there a way to have a deployment that deploys to all my devices, but has a configuration parameter specifically for device A ? I could implement htat using an API call ListTagsForResource but that would happen too late in my workflow. I could also have two different deployments with different config, but then I have no guarantee that all my device are running the same component version, plus the logic would now be replicated in two deployments. Edit: There seems to be a way to achieve it by setting "platformOverride" to the nucleus component, altough I am not sure how that would be done

I try and connect from a client device over localMQTT to the broker on the greengrass core. However, when I connect, I get this error on the awsiotsdk side. I ran an almost identical script to this a couple months ago and I don't think it had the same problems. ``` Traceback (most recent call last): File "client_v2.py", line 76, in <module> connect_future.result() File "/Users/username/.pyenv/versions/3.8.11/lib/python3.8/concurrent/futures/_base.py", line 444, in result return self.__get_result() File "/Users/username/.pyenv/versions/3.8.11/lib/python3.8/concurrent/futures/_base.py", line 389, in __get_result raise self._exception awscrt.exceptions.AwsCrtError: AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE: TLS (SSL) negotiation failed ``` On the Core side, I have just the Moquette broker and the bridge and a component that subscribes to the messages coming off of LocalMqtt and through the bridge. This is the message in greengrass.log ``` 2022-04-05T07:00:56.397Z [ERROR] (nioEventLoopGroup-7-10) io.moquette.broker.NewNettyMQTTHandler: Unexpected exception while processing MQTT message. Closing Netty channel. CId=null. {} io.netty.handler.codec.DecoderException: javax.net.ssl.SSLProtocolException: Received close_notify during handshake at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.moquette.broker.metrics.BytesMetricsHandler.channelRead(BytesMetricsHandler.java:51) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:829) Caused by: javax.net.ssl.SSLProtocolException: Received close_notify during handshake at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:129) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:339) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:295) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:286) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:250) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:185) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681) at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433) at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1282) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1329) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) ... 25 more 2022-04-05T07:00:56.399Z [INFO] (nioEventLoopGroup-7-10) io.moquette.broker.metrics.MQTTMessageLogger: Channel Inactive. {} ``` I'm using the mqtt_connection_builder.mtls_from_path function to create my connection setup between the client and the core, but obviously during the connect function itself it breaks because of the TLS handshake.

Hi. I have created a Greengrass fleet deployment workflow for my devices which works great - cloud resources are provisioned, claim certs are used to obtain device individual certs, and device gets connected. However in production environment the scenario will be different: 1. An IoT device is installed by an engineer in a newly built home, with no occupiers and no internet connection. 2. The Greengrass is ready to claim device certs and connect as soon as the device is powered up. 3. The device then is powered up by the installing engineer, meaning the Greengrass fleet provisioning plugin will try to do its job, but there is no internet connection, so it will fail. 4. The engineer will leave the device on, and it will be permanently on since now on. 5. The occupiers will move in some time later and install their broadband router, the Internet is now available. At this point, from my tests, I noticed the Greengrass/provisioning plugin won't detect Internet connection and won't try to register the device/obtain certs - meaning there is no retry functionality implemented. I understand that the device can be rebooted or Greengrass service restarted to initialize new registration attempt, however - if possible I'd like to avoid occupiers fiddling with the device, and prefer the device to the retry automatically. I also understand that I can write a software that will be automatically cyclically restarting the Greengrass service if the previous registration attempt failed (probably by checking if the thingCert.crt is present) but before I'll spend my time on coding, **the question is**: Is it possible to configure Greengrass to retry delayed provisioning using claim certificates if previous attempt has failed? Appreciate any help.

Hi there I have some problem with stream manager in ggv1, I can fix this after I reboot the device. However I dont think this is a good solution. Do you have any suggestion where I can look into ``` [2022-04-01T09:19:31.876+11:00][INFO]-imageCamera.py:108,>>> Get frame atm hour:9 - sleep_time:11 s [2022-04-01T09:19:31.876+11:00][INFO]-imageCamera.py:112,>>> Frame size from rtsp: (720, 1280, 3) [2022-04-01T09:19:31.889+11:00][INFO]-imageCamera.py:119,>>> Resized farme: (720, 1280, 3) [2022-04-01T09:19:32.002+11:00][INFO]-imageCamera.py:144, >>>>> realite-data-image Sleep time: 60 - payload size: 189004 [2022-04-01T09:19:32.002+11:00][INFO]-Response: 1065 [2022-04-01T09:19:39.336+11:00][INFO]-lambda_runtime.py:366,Caught signal 15. Stopping runtime. [2022-04-01T09:20:22.061+11:00][INFO]-imageCamera.py:173,>> Getting hub config ... [2022-04-01T09:20:22.064+11:00][INFO]-ipc_client.py:167,Posting work for function [:function:secret_loader] to http://localhost:8000/2016-11-01/functions/arn:aws:lambfunction:secret_loader [2022-04-01T09:20:22.078+11:00][INFO]-ipc_client.py:177,Work posted with invocation id [14ce6b2c-add7-4dc0-452d-be84d2700e4e] [2022-04-01T09:20:22.078+11:00][INFO]-ipc_client.py:290,Getting work result for invocation id [14ce6b2c-add7-4dc0-452d-be84d2700e4e] from http://localhost:8000/2016-11-01/functions/arn:aws:lambda:ap:function:secret_loader [2022-04-01T09:20:26.32+11:00][INFO]-ipc_client.py:298,Got result for invocation id [14ce6b2c-add7-4dc0-452d-be84d2700e4e] [2022-04-01T09:20:26.321+11:00][INFO]-imageCamera.py:175,>> Done ... [2022-04-01T09:20:26.321+11:00][INFO]-imageCamera.py:180,Setup tranfer stream [2022-04-01T09:20:26.628+11:00][INFO]-imageCamera.py:151, >>> Stream list: ['kstream1'] [2022-04-01T09:20:27.291+11:00][ERROR]-imageCamera.py:209, >>>>> Exception while running: Broken bit parity [2022-04-01T09:20:27.291+11:00][ERROR]-Traceback (most recent call last): [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/.imageCamera.14/imageCamera.py", line 182, in main [2022-04-01T09:20:27.291+11:00][ERROR]- stream_client=setup_data_stream(stream_name,kinesis_stream_name) [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/.function.imageCamera.14/imageCamera.py", line 154, in setup_data_stream [2022-04-01T09:20:27.291+11:00][ERROR]- client.delete_message_stream(stream_name=stream_name) [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/arn.aws.lambda.ap-southeast-Camera.14/greengrasssdk/stream_manager/streammanagerclient.py", line 448, in delete_message_stream [2022-04-01T09:20:27.291+11:00][ERROR]- return Util.sync(self._delete_message_stream(stream_name), loop=self.__loop) [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/.function.imageCamera.14/greengrasssdk/stream_manager/util.py", line 28, in sync [2022-04-01T09:20:27.291+11:00][ERROR]- return asyncio.run_coroutine_threadsafe(coro, loop=loop).result() [2022-04-01T09:20:27.291+11:00][ERROR]- File "/usr/lib/python3.7/concurrent/futures/_base.py", line 432, in result [2022-04-01T09:20:27.291+11:00][ERROR]- return self.__get_result() [2022-04-01T09:20:27.291+11:00][ERROR]- File "/usr/lib/python3.7/concurrent/futures/_base.py", line 384, in __get_result [2022-04-01T09:20:27.291+11:00][ERROR]- raise self._exception [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/arn.aws.lambda.ap-southeast-2era.14/greengrasssdk/stream_manager/streammanagerclient.py", line 352, in _delete_message_stream [2022-04-01T09:20:27.291+11:00][ERROR]- Util.raise_on_error_response(delete_stream_response) [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/ar.imageCamera.14/greengrasssdk/stream_manager/util.py", line 148, in raise_on_error_response [2022-04-01T09:20:27.291+11:00][ERROR]- raise UnknownFailureException(response.error_message, response.status, response.request_id) [2022-04-01T09:20:27.291+11:00][INFO]-imageCamera.py:210,>>> restart module after 10s ```

Here is my issue. I have fleet provisioning working good, and I have a deployment that goes to the devices in the group associated with the fleet provisioning. Everything is working fine. When I reset a device, it goes to the provisioning steps again, create a new key/certificate and reconnect to the things with the same name. Great, this way no shadow information is lost. The problem is, after provisioning again, the deployment is not pushed to the re-provisioned device, as if decision to deploy was made based on info on the cloud rather than the local device. How can I make sure that the deployment is pushed to a re-provisioned device? TIA

I am trying to set up a simple service where I send messages from an edge device towards AWS IOT. AWS IOT then has a rule functionality (https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html) that allows me to route that message towards a web app or service. I have managed to do is to send messages to a topic on AWS IOT Core and save them in a S3 Bucket. Now I am trying to set up a rule to route them to Telegram. I followed a Telegram Bot tutorial and obtained a link https://api.telegram.org/bot<bot token>/sendMessage?chat_id=<chat id>&text=<my message>. I have a bot token and chat id entered in. If I substitute <my message> with my personal message and add to that my browser, my telegram channel will get the message. I am trying to have custom messages to my telegram channel based on received messages on MQTT, AWS IoT Rules Engine requires a confirmation that I can access the data sent to that endpoint. The Rules Engine issues a challenge message to the specified endpoint with a token. If I can get the token and send that back to Rules Engine, then I can prove that I have access to the data on the receiving side, which would complete the confirmation process. The message has a format like this: HTTP POST {confirmationUrl}/?confirmationToken={confirmationToken} I am seriously confused how to verify that with the link from Telegram above. According to AWS, if you control that endpoint, you can simply look in your service logs for POST requests to that resource with the confirmationToken URI query, extract that token value, and paste it back into the AWS IoT console. I guess my main questions based on the telegram link I have above would be: 1. What is the HTTPS Endpoint I should enter for my rule action here? 2. What is the Confirmation Url I should enter for my rule action here? 3. How would I check for the confirmation token? I have no idea how to open the service log.

I built an MQTT client in Java using Amazon's provided SDK (software.amazon.awssdk.crt.mqtt.MqttClientConnection, and related classes). I've been testing it by running it on my workstation, and it's been working fine. Today I tried running the same code on an EC2 instance, and got this exception. I can't figure out why. java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: TLS (SSL) negotiation failed at java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:357) at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1928) at cgp.aws.IOTSubscriber.<init>(IOTSubscriber.java:105) at cgp.Thing.main(Thing.java:23) Caused by: software.amazon.awssdk.crt.mqtt.MqttException: TLS (SSL) negotiation failed at software.amazon.awssdk.crt.mqtt.MqttClientConnection.onConnectionComplete(MqttClientConnection.java:139)

Hello, To make my device development more straightforward, I'd like to use the [AWS IoT Device SDK Embedded C release 202108.00](https://github.com/aws/aws-iot-device-sdk-embedded-C/tree/202108.00#20210800). However, I am having trouble cross-compiling it for my platform (based on the BG77, using a Qualcomm version of Clang). I am unable to configure & build the project. Here is my configure command: ``` cmake -G Ninja -B build -S . -DCMAKE_TOOLCHAIN_FILE=path/to/bg77.cmake -DBUILD_DEMOS=OFF -DBUILD_TESTS=OFF -DINSTALL_PLATFORM_ABSTRACTIONS=OFF ``` And the error I am seeing is: ``` <trim> Downloading the Amazon Root CA certificate... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1188 100 1188 0 0 20941 0 --:--:-- --:--:-- --:--:-- 21214 Downloading the Baltimore Cybertrust Root CA certificate... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1262 100 1262 0 0 13008 0 --:--:-- --:--:-- --:--:-- 13010 -- Configuring done CMake Error: The following variables are used in this project, but they are set to NOTFOUND. Please set them or make sure they are set and tested correctly in the CMake files: OPENSSL_CRYPTO_LIBRARY (ADVANCED) linked by target "openssl_posix" in directory aws-iot-device-sdk-embedded-C/platform/posix/transport OPENSSL_SSL_LIBRARY (ADVANCED) linked by target "openssl_posix" in directory aws-iot-device-sdk-embedded-C/platform/posix/transport -- Generating done CMake Generate step failed. Build files cannot be regenerated correctly. ``` At this point, there is no `build.ninja` file generated, so I cannot build the project. The README in the repo says the following: ``` The follow table shows libraries that need to be installed in your system to run certain demos. If a dependency is not installed and cannot be built from source, demos that require that dependency will be excluded from the default all target. ``` What is the proper way to build this without these dependencies? Thank you, Jonathan

Hello I am working with IOT Wireless with LoRaWAN I have 868 MHz - Class C devices with confirmed messages. Messages are not always being actioned by my devices. I can see the message in the Downlink message queue. Its my understanding that if the message is confirmed it should either arrive at the device or there should be some indication it failed. I some times see the following CloudWatch Log: `{ "timestamp": "2022-03-21T07:44:03.2699141Z", "resource": "WirelessDevice", "wirelessDeviceId": "xxxxxxxxxxxxxxxxx", "wirelessDeviceType": "LoRaWAN", "devEui": "xxxxxxxxxxxxxxx", "event": "Downlink_Data", "logLevel": "ERROR", "messageId": "9114ba31-84af-44eb-ab1b-a92b67addbbb", "message": "Downlink message failed. MessageId: 9114ba31-84af-44eb-ab1b-a92b67addbbb" }` But why did it fail ? How can I find out more on what the cause is? In additon to this I have tried Multi-Cast but that also doesn't work with all devices stuck as: Package attempting Note I have tried the devices / gatways with TTN and I have no issues. Thank you JT

Hi there I tried to deploy a component to a new provisioned device, however i encounter this error com.aws.greengrass.deployment.DeploymentConfigMerger: merge-config. merge-config-service BROKEN here is part of the logs ``` 2022-03-20T23:26:34.797Z [INFO] (pool-2-thread-6) com.aws.greengrass.componentmanager.ComponentManager: Found running component which meets the requirement and use it.. {ComponentIdentifier=rtt.ancillary-v1.0.1} 2022-03-20T23:26:34.798Z [INFO] (pool-2-thread-6) com.aws.greengrass.componentmanager.ComponentManager: Found the best local candidate that satisfies the requirement.. {LocalCandidateId=rtt.ancillary-v1.0.1} 2022-03-20T23:26:35.377Z [INFO] (pool-2-thread-6) com.aws.greengrass.componentmanager.ComponentManager: resolve-component-version-end. Resolved component version.. {ResolvedComponent=rtt.ancillary-v1.0.1} 2022-03-20T23:26:35.409Z [INFO] (pool-2-thread-6) com.aws.greengrass.componentmanager.DependencyResolver: resolve-group-dependencies-finish. Finish resolving group dependencies. {resolvedComponents={rtt.ancillary=ComponentMetadata(componentIdentifier=rtt.ancillary-v1.0.1, dependencies={})}, componentToVersionRequirements={rtt.ancillary={thing/test123==1.0.1}}} 2022-03-20T23:26:35.439Z [INFO] (pool-2-thread-6) com.aws.greengrass.componentmanager.ComponentManager: prepare-package-start. {packageIdentifier=rtt.ancillary-v1.0.1} 2022-03-20T23:26:35.502Z [INFO] (pool-2-thread-5) com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService: register-service-update-action. {action=0-071b-439e-9e57-303d24e2748f, serviceName=UpdateSystemPolicyService, currentState=RUNNING} 2022-03-20T23:26:35.508Z [INFO] (pool-2-thread-6) com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService: service-update-start. {serviceName=UpdateSystemPolicyService, currentState=RUNNING} 2022-03-20T23:26:35.513Z [INFO] (pool-2-thread-6) com.aws.greengrass.deployment.DeploymentConfigMerger: merge-config. Applying deployment changes, deployment cannot be cancelled now. {deployment=07e027a5-071b-439e-9e57-303d24e2748f} 2022-03-20T23:26:35.514Z [INFO] (pool-2-thread-6) com.aws.greengrass.deployment.DeploymentDirectoryManager: Persist configuration snapshot. {file=/greengrass/v2/deployments/07e027a5-071b-439e-9e57-303d24e2748f/rollback_snapshot.tlog} 2022-03-20T23:26:35.574Z [INFO] (main-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=main, currentState=FINISHED, newState=INSTALLED} 2022-03-20T23:26:35.587Z [INFO] (Serialized listener processor) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-config-change. Requesting restart for component. {configNode=services.main.lifecycle, serviceName=main, currentState=INSTALLED} 2022-03-20T23:26:35.804Z [ERROR] (pool-2-thread-14) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-errored. {reason=Script errored in install, serviceName=rtt.ancillary, currentState=NEW} 2022-03-20T23:26:35.806Z [INFO] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=rtt.ancillary, currentState=NEW, newState=ERRORED} 2022-03-20T23:26:35.807Z [INFO] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=rtt.ancillary, currentState=ERRORED, newState=NEW} 2022-03-20T23:26:35.905Z [ERROR] (pool-2-thread-14) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-errored. {reason=Script errored in install, serviceName=rtt.ancillary, currentState=NEW} 2022-03-20T23:26:35.905Z [INFO] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=rtt.ancillary, currentState=NEW, newState=ERRORED} 2022-03-20T23:26:35.906Z [INFO] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=rtt.ancillary, currentState=ERRORED, newState=NEW} 2022-03-20T23:26:35.996Z [ERROR] (pool-2-thread-14) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-errored. {reason=Script errored in install, serviceName=rtt.ancillary, currentState=NEW} 2022-03-20T23:26:35.997Z [INFO] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=rtt.ancillary, currentState=NEW, newState=BROKEN} 2022-03-20T23:26:35.997Z [ERROR] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-broken. service is broken. Deployment is needed. {serviceName=rtt.ancillary, currentState=BROKEN} 2022-03-20T23:26:36.701Z [WARN] (pool-2-thread-6) com.aws.greengrass.deployment.DeploymentConfigMerger: merge-config. merge-config-service BROKEN. {serviceName=rtt.ancillary} 2022-03-20T23:26:36.702Z [ERROR] (pool-2-thread-6) com.aws.greengrass.deployment.activator.DeploymentActivator: merge-config. Deployment failed. {deploymentId=07e027a5-439e-9e57-303d24e} com.aws.greengrass.deployment.exceptions.ServiceUpdateException: Service rtt.ancillary in broken state after deployment at com.aws.greengrass.deployment.DeploymentConfigMerger.waitForServicesToStart(DeploymentConfigMerger.java:194) at com.aws.greengrass.deployment.activator.DefaultActivator.activate(DefaultActivator.java:84) at com.aws.greengrass.deployment.DeploymentConfigMerger.updateActionForDeployment(DeploymentConfigMerger.java:150) at com.aws.greengrass.deployment.DeploymentConfigMerger.lambda$mergeInNewConfig$0(DeploymentConfigMerger.java:102) at com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService.runUpdateActions(UpdateSystemPolicyService.java:95) at com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService.lambda$startup$0(UpdateSystemPolicyService.java:165) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) 2022-03-20T23:26:36.708Z [INFO] (pool-2-thread-6) com.aws.greengrass.deployment.activator.DeploymentActivator: merge-config. Rolling back failed deployment. {deploymentId=07e027a5-071b-9e57-303d} 2022-03-20T23:26:36.769Z [INFO] (pool-2-thread-6) com.aws.greengrass.config.ConfigurationWriter: truncate-tlog. queued immediate truncation. {} 2022-03-20T23:26:36.882Z [INFO] (Serialized listener processor) com.aws.greengrass.config.ConfigurationWriter: truncate-tlog. completed successfully. {} 2022-03-20T23:26:36.889Z [INFO] (pool-2-thread-6) com.aws.greengrass.deployment.DeploymentConfigMerger: merge-config. Removing services. {service-to-remove=[rtt.ancillary]} 2022-03-20T23:26:36.889Z [INFO] (pool-2-thread-14) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-close. Service is now closing. {serviceName=rtt.ancillary, currentState=BROKEN} ``` here is my deployment config ``` { "targetArn": "arn:aws:iot::thing/test123", "revisionId": "2", "deploymentId": "07e027a5-9e57-303d2", "deploymentName": "update firmware", "deploymentStatus": "ACTIVE", "components": { "rtt.ancillary": { "componentVersion": "1.0.1", "configurationUpdate": { "merge": "{\"thing_name\":\"test_name\"}" } } }, "deploymentPolicies": { "failureHandlingPolicy": "ROLLBACK", "componentUpdatePolicy": { "timeoutInSeconds": 30, "action": "NOTIFY_COMPONENTS" }, "configurationValidationPolicy": { "timeoutInSeconds": 60 } }, "iotJobConfiguration": { "jobExecutionsRolloutConfig": { "exponentialRate": { "baseRatePerMinute": 5, "incrementFactor": 2.0, "rateIncreaseCriteria": { "numberOfNotifiedThings": 10, "numberOfSucceededThings": 5 } }, "maximumPerMinute": 50 }, "timeoutConfig": { "inProgressTimeoutInMinutes": 15 } }, "creationTimestamp": 1647818095.423, "isLatestForTarget": true, "tags": { "PRODUCT": "GGv2 Deployment" } } ```

Hi, I plan to have several distinct IoT projects on my account which will not share devices or business logic. I also need to be able to configure separate production and development environments for these projects so that testing can occur without impacting production. It's unclear to me how this should be done. With most other services, you start by creating a container or an environment, like with data you might create separate databases, or with servers, separate Ec2 instances. When I started working with IoT services, I was surprised that I didn't have to start by setting up such an environment. I assume that people are able to run distinct dev and production environments, and different projects, without having to resort to getting different Amazon accounts for each project. What's the right way to do this? Thanks, Frank

Hi there I have a problem with the iot permision on my device which already have gg installed and running so when i run the gg installer I put GGTokenAccessRole for "iotRoleAlias" instead of the actual name ``` 2022-03-18T05:43:45.295Z [ERROR] (pool-2-thread-5) com.aws.greengrass.tes.CredentialRequestHandler: TES responded with status code: 403. Caching response. {"message":"Access Denied"}. {iotCredentialsPath=/role-aliases/GGTokenAccessRole/credentials} 2022-03-18T05:43:45.296Z [ERROR] (pool-2-thread-5) com.aws.greengrass.tes.CredentialRequestHandler: Error in retrieving AwsCredentials from TES. {iotCredentialsPath=/role-aliases/GGTokenAccessRole/credentials, credentialData=TES responded with status code: 403. Caching response. {"message":"Access Denied"}} 2022-03-18T05:44:27.897Z [ERROR] (pool-2-thread-5) com.aws.greengrass.tes.CredentialRequestHandler: Error in retrieving AwsCredentials from TES. {iotCredentialsPath=/role-aliases/GGTokenAccessRole/credentials, credentialData=TES responded with status code: 403. Caching response. {"message":"Access Denied"}} 2022-03-18T05:45:22.119Z [ERROR] (pool-2-thread-5) com.aws.greengrass.tes.CredentialRequestHandler: Error in retrieving AwsCredentials from TES. {iotCredentialsPath=/role-aliases/GGTokenAccessRole/credentials, credentialData=TES responded with status code: 403. Caching response. {"message":"Access Denied"}} ``` Also i did not create iot aliase so i wonder if that is a problem? can it use a IAMF role directly ? Thanks for your help

I get the below error when i try to authenticate, my word press SMTP using my SES credentials. This is the error log below, how do i fix this? Versions: WordPress: 5.9.2 WordPress MS: No PHP: 7.4.27 WP Mail SMTP: 3.3.0 Params: Mailer: smtp Constants: No ErrorInfo: SMTP Error: data not accepted.SMTP server error: DATA END command failed Detail: Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-1: SMTP code: 554 Host: email-smtp.us-east-1.amazonaws.com Port: 587 SMTPSecure: tls SMTPAutoTLS: bool(true) SMTPAuth: bool(true) Server: OpenSSL: OpenSSL 1.1.1d 10 Sep 2019 Debug: Email Source: WP Mail SMTP Mailer: Other SMTP SMTP Error: data not accepted.SMTP server error: DATA END command failed Detail: Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-1: SMTP code: 554 SMTP Debug: 2022-03-17 22:48:33 Connection: opening to email-smtp.us-east-1.amazonaws.com:587, timeout=300, options=array() 2022-03-17 22:48:33 Connection: opened 2022-03-17 22:48:33 SERVER -> CLIENT: 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-d-BCF0QJ2IG JBrz7mJEs78kGQwGHZFv 2022-03-17 22:48:33 CLIENT -> SERVER: EHLO 2022-03-17 22:48:33 SERVER -> CLIENT: 250-email-smtp.amazonaws.com250-8BITMIME250-STARTTLS250-AUTH PLAIN LOGIN250 Ok 2022-03-17 22:48:33 CLIENT -> SERVER: STARTTLS 2022-03-17 22:48:33 SERVER -> CLIENT: 220 Ready to start TLS

Hi, I noticed that if I query the Thing registry through the Java SDK (describeThing() function), the return value, DescribeThingResponse, has a "thingId" property. I don't see this value when I examine the thing in the AWS console. What is its purpose? Is it safe to ignore the thingId in my application and just use the thingName as the unique identifier? Thanks, Frank

I'm a little confused about what a Thing's "name" really means in IoT services. I created a Thing with a name ("thing1") and created a certificate for it at the same time. That certificate is only assigned to thing1. I set up a client using the certificate, and it was able to connect to the IoT service and send shadow updates as "thing1". Then I tried having that device send shadow updates as "thing2" or "thing3". To my surprise, this worked, even though there is no "thing2" or "thing3" defined on my account. I had planned to give each of my devices its own certificate and assumed that by having separate certificates, the devices would not be able to spoof another device. But this doesn't seem to be the case. What's the recommended way to achieve the security I want?

When creating provisioning templates in AWS IoT Core you can attach a pre-provisioning hook. https://docs.aws.amazon.com/iot/latest/developerguide/pre-provisioning-hook.html I'm looking at onboarding devices using the JITP flow referenced here. https://docs.aws.amazon.com/iot/latest/developerguide/jit-provisioning.html There exist thing attributes that need to be populated at provisioning time. These attributes are not available to be encoded in the device certificate at manufacturing time. The attributes are used as part of the device policy and topic pattern in a multi-tenant solution to ensure no cross-contamination of data between customers. I would like to use a pre-provisioning hook to further augment the data available to the provisioning template. Is this possible? I understand that JITR is an option that would allow further augmentation but I would like to avoid having to manage the infrastructure necessary to support that approach.

What is the recommended approach for querying data from both AWS IoT & Greengrass V2? I have been attempting to use the SDK to get the data required, but I am forced to use multiple API calls *per device* to get the required data, which results in Rate Exceeded errors. Is there a way to build a query either with Fleet Hub or Fleet Indexing to get the data below without multiple calls? thingName, thingId, shadow, thing connectivity, Greengrass core version, Greengrass status, Greengrass installed components

Starting to use AWS IOT for collecting manufacturing data off of machines on the floor. That data could be productivity (when was the machine on or cycled) or process (what temperature is the over). Of course the kinds of data collected could get out of hand real quick, the potential is endless. My question is about hardware. It is confusing. Let's say I have 50 machines and I want to send a MQTT packet to AWS IOT for each machine each time that machine was cycled. We currently have one machine and I am using a [Opto22 Rio](https://www.opto22.com/products/groov-rio) to collect a few simple data points and sent a MQTT message to AWS. They run in the $750 each range currently. We started out using Raspberry Pi's for this but they were a bit painful. For us the pain of writing the python, securing the devices, putting the pi in a plastic din rail was not worth the low cost of the equipment. The questions: * Is this a reasonable piece of hardware to use for this? Seems a bit overpowered and expensive for no more than what it is doing. * Would this be considered a gateway and my sensors/inputs be considered things? * In our use case (many machines with a few inputs) what kind of hardware solution would you recommend for collecting the data and sending the MQTT packet to AWS with?

I set up a rule in my IoT service that examines shadow update requests coming in from my devices by monitoring the topic with the reserved name for shadow updates, namely, $aws/things/+/shadow/update. When it notices certain kinds of updates that we consider exceptional, the rule forwards the message to an SQS queue. We plan to have a server running on an EC2 instance that monitors this queue so it can take appropriate action. The problem I'm having is that when the EC2 instance receives the message from the queue, all it gets is the JSON containing the desired state as requested by the device. But there is nothing in this message that includes the name or identity of the device that sent it. I need that information to take action. One solution might be to have the device itself include its own name in the shadow state, but I don't really like this idea. Ideally, I'd like to somehow have the rule append the device name to the message (or just append the name of the topic which includes the device name). I don't see any obvious way for rules to send modified messages or append information this way. Is it a viable solution? If not, what's the recommended approach? Thanks, Frank

I'm hoping I can write a quick function that simulates a "thing" in Java and be able to use it to either post messages to a topic, or update its shadow. I have the AWS Java SDK in my project and I know how to use the IotClient and IotDataPlaneClient. The problem is that these clients are both authenticated with an access key that belongs to an AWS account, and in the case of the IotDataPlane client, I have to specify the name of the thing who's shadow I want to update. What I'd like to do instead is mimic what an actual thing would do, which is to say, use a certificate to connect with the service, and only be able to update its own shadow, etc. It seems like this should be possible, but I can't find any kind of credentials provider that works with certificates or any other obvious way to do it. I know there is a complicated device simulator available and I may use it months from now when my application is further along, but for right now I'm just looking for something very quick and simple to prove a few concepts and work out my strategy. Thanks, Frank

Hi, For "MQTT over WebSockets" found in [https://docs.aws.amazon.com/iot/latest/developerguide/custom-auth.html](), the credential can be passed "Through request headers or query parameters in the HTTP UPGRADE request to establish the WebSockets connection." Does anyone know how to do this using the AWS IoT SDK C++? I understand that I can use Mqtt::OnWebSocketHandshakeIntercept() to embed authorisation into the HTTP header. However, it is unclear how it can be done since Http::HttpHeader basically only has name and value data members or is there another way to do it? Any assistance is greatly appreciated, Andi

I have a GreenGrass device that can be intermittently offline, and I would like to inform the server of important events that happen. Is there a message queuing system I can use within GreenGrass where I publish the event locally and whenever the Device is re-connected it will deliver this message. Can I use IoT-Core for this ? Will it allow me to publish multiple messages to a topic and will they all get cached until delivery, and they arrive in the same order that they were sent with ? Does it have a 'save to disk' option so it will retain the messages for delivery even in-between reboots ?

Hi there, I have setup everything according to this guide https://docs.aws.amazon.com/greengrass/v2/developerguide/fleet-provisioning.html but when it run ``` sudo -E java -Droot="/greengrass/v2" -Dlog.store=FILE \ -jar ./GreengrassInstaller/lib/Greengrass.jar \ --trusted-plugin ./GreengrassInstaller/aws.greengrass.FleetProvisioningByClaim.jar \ --init-config ./GreengrassInstaller/config.yaml \ --component-default-user ggc_user:ggc_group \ --setup-system-service true ``` iot returns CLIENT ERROR in $aws/events/presence/connected/4df1e0dd-c0ab-4fae-8642-f5c30 so i check the ip, which is the ip of my device ``` { "clientId": "4df1e0dd-c0ab-4fae-8642-f5c307", "timestamp": 1646954873555, "eventType": "connected", "sessionIdentifier": "da85a477-c309-4ed6-92e0-ccdf1fa", "principalIdentifier": "de56ae093b3d75481acf40b3d30e38053ad2e8219fa925e8b9ecc", "ipAddress": "", "versionNumber": 0 } { "clientId": "4df1e0dd-c0ab-4fae-8642-f5c307", "timestamp": 1646954873704, "eventType": "disconnected", "clientInitiatedDisconnect": false, "sessionIdentifier": "da85a477-c309-4ed6-92e0-ccdf1fa", "principalIdentifier": "de56ae093b3d75481acf40b3d30e38053ad2e8219fa925e8b9ecc", "disconnectReason": "CLIENT_ERROR", "versionNumber": 0 } ``` Thanks for your helps

In creating an Mqtt client connection using the class AwsIotMqttConnectionBuilder, I encounter a configuration setting called "withCleanSession(boolean)" that is described in the documentation this way: /** * Configures whether or not the service should try to resume prior * subscriptions, if it has any * * @param cleanSession true if the session should drop prior subscriptions when * a connection from this builder is established, false to resume the session * @return {@link AwsIotMqttConnectionBuilder} */ public AwsIotMqttConnectionBuilder withCleanSession(boolean cleanSession) { this.config.setCleanSession(cleanSession); return this; } What is the meaning of "session" in this context? Is a session something that is local to one computer, or is it a state stored on the network somewhere? Is the client ID of the connection related to its state?

I'm trying to build a Java client that subscribes to IoT services topics. In the IoT console, I went to the MQTT test client and subscribed to a topic named "test". In my Java code, I set up an MqttClientConnection. For the endpoint, I gave the value returned by IotClient.describeEndpoint(). I also gave my AWS credentials. I'm able to instantiate the client, connect, and publish a message to the "test" topic without encountering any exceptions. However, the message doesn't appear in the AWS console. Similarly, I can subscribe to the topic, but messages I publish via the console don't show up in the Java application. I suspect the problem is that the topic name is not simply "test", but some string that has a prefix which associates it with IoT services. I can't find any documentation to this effect, though. Thanks, Frank

I'm using the aws Java SDK to build a Java server application that works with IOT services. My server application is designed to be a supervisor that can communicate with all of the IOT devices in my network. So far I've been able to instantiate an instance of IotClient using an AWS access key/secret key pair. I can call functions like listThings() or describeEndpoint() which return valid results. I'm confused as to how to proceed from here. I need a simple way to publish and subscribe to messages, but there doesn't seem to be any such functionality available in the IotClient class. I found some documentation pointing me to an "AWS Iot Device Service" SDK, but I don't think this is what I want; I think it's probably intended for devices. What's the simplest way for my Java server application to publish and subscribe to messages? Thanks, Frank

Hi, I'm working with IOT services using the Java SDK. I'm able to instantiate an IotClient (software.amazon.awssdk.services.iot.IotClient) and perform some basic functions like listThings() or describeEndpoint(). So I know my integration and credentials are working as expected. The next thing I need to do is work with the message queues (MQTT) associated with my IOT things. I'm a bit confused here. I see that there is a package called mq, which contains an MqClient; I've imported that package into my project and I can create the MqClient (and I've also made sure my credentials have full access to MQ). I'm not sure what to do next. The MqClient doesn't appear to have any functions related to sending or receiving messages. I'm also not sure how to configure it to work with the message queues used by IOT services, as opposed to others. Do I need some kind of third-party MQTT client? I've noticed that some are available and I think MQ is a non-proprietary protocol, but I'd definitely prefer to steer clear of random third-party pacakges if the functionality I need is available from the AWS Java SDK. Thanks, Frank

I'm working with IOT services using the Java SDK. The main class I'm using is software.amazon.awssdk.services.iot.IotClient. Is there a way to get a list of MQTT topics via the SDK? I can see that there is a function to listTopicRules, but I don't see anything to list the topics themselves. Thanks, Frank

Hi, I've create and registered a CA certificate in IoT core. When I use this for greengrass fleet provisioning it fails with ``` java.lang.RuntimeException: software.amazon.awssdk.crt.mqtt.MqttException: TLS (SSL) negotiation failed ``` The documentation is not very clear about how to use it with Greengrass. But the existence of "Automatic certificate registration" when doing "Register CA certificate" suggests it should work and I'm missing something. Any advice much appreciated.

Hi, I've read that the recommended way to use IOT services is via MQTT topics, and I'd like to do that, but I'm unsure how. Is there some MQTT topic already created that is associated with my IOT instance? Or, do I need to create the topic myself and link it to my IOT instance? If the latter, how is this done? Thanks.

How does an AWS IOT device know what endpoint to hit in order to access the IOT instance associated with my AWS account? Do all devices just hit the same endpoint, and IOT figures it out based on their certificate? Or do I need to program my device with an endpoint, or some other information to tell it to communicate with my account? Thanks.

I'm having a lot of trouble getting started with IOT services. I've read all the introductory information and understand how the system works at the high level. I'm now at the point where my hardware partner needs device certificates, and I'm kind of lost in the morass of documentation. How do I create these certificates? Do I need some kind of external CSA or does Amazon provide that? Also, is there any way I can test the iOT services without a physical device (is there some software I can run that simulates a device)? Is there a book or a tutorial that can walk me through this process? The Amazon tutorials seem to jump directly from vague statements about what the system can do, to details that are over my head.

for ota job creation for code signing esp32c3 device is not available.... tried as per https://docs.aws.amazon.com/freertos/latest/userguide/ota-code-sign-cert-win.html having errors and update is failing: E (514394) OTA: Failed to decode Base64 data: base64Decode returned error: error=1 E (514404) OTA: Failed to extract document parameter: error=4, paramter key=sig-sha256-ecdsa I (514404) OTA: Failed to parse JSON document as AFR_OTA job: DocParseErr_t=4 E (514414) OTA: Failed to parse custom job document: OtaJobParseErr_t=OtaJobParseErrUnknown, jobIdLength=17 E (514424) OTA: Failed to parse the job document after parsing the job name: OtaJobParseErr_t=OtaJobParseErrNonConformingJobDoc, Job name=AFR_OTA-esp32c305 for esp32 ota update was ok. please suggest what changes required for aws ota esp32c3 device.

In the case of an AWS Greengrass Core Device (V2) that has components which perform the following: - Downloading from AWS S3 - Subscribing to AWS IoT MQTT Topics + receiving messages - Posting to AWS IoT MQTT Topics - Uploading to S3 buckets - Downloading container images from ECR as part of a Greengrass component where each of these operations is carried out in a component, being permitted via the TokenExchangeRole, which AWS endpoints are being used? In the case of the S3 operations, this page (https://docs.aws.amazon.com/general/latest/gr/s3.html) lists a number of endpoints for our region, which ones of these would be used in the case of a greengrass component interacting with S3?

I setup an IoT greengrass core device with the aws.greengrass.LogManager plugin but its not pushing logs to cloudwatch. I created the GreengrassV2TokenExchangeRole + policy with cloudformation (since i want to manage the role and policy myself and deploy it to multiple accounts) and passed that to the greengrass installer as an argument. The policy is of the same type (customer managed) and has the same permission scope as when the installer creates it, Im not sure if this is actually causing issues for the component but I really dont know what else it could be. Questions: - Is it possible to manage the IAM policy and role in cloudformation and have AWS greengrass nucleus use it? - Should i even be doing it like this? - if no then Is there a different/better approach to achieve this? Side notes - There are no errors about the logmanager not being able to push logs to cloudwatch in the greengrass.log file. - The access adviser of the policy i see that it has never been accessed throughout the tracking period. - Having Greengrass create the roles and policies itself works.

Hi there, i just upgrade my Greengrass (GG) core software from 1.10 to 1.11.5. Cus i want to use S3ExportTaskDefinition. However there is some error with the create_message_stream() the attached is the log of my lambda (which i copy from: https://github.com/aws-greengrass/aws-greengrass-stream-manager-sdk-python) I manually trackback and found the error at line 336 `result = await self.__requests[data.request_id].get()` in the streammanagerclient.py::__send_and_receive() GGStreamManager.log ``` [2022-02-28T16:43:51.367+11:00][ERROR]-Feb 28, 2022 4:43:51 PM com.amazonaws.internal.DefaultServiceEndpointBuilder getServiceEndpoint [2022-02-28T16:43:51.367+11:00][ERROR]-INFO: {iotsitewise, ap-southeast-2} was not found in region metadata, trying to construct an endpoint using the standard pattern for this region: 'iotsitewise.ap-southeast-2.amazonaws.com'. [2022-02-28T16:43:51.646+11:00][INFO]- (main) com.amazonaws.iot.greengrass.streammanager.server.StreamServer: Starting streamServer on port: 8088 [2022-02-28T16:43:51.665+11:00][INFO]- (main) com.amazonaws.iot.greengrass.streammanager.export.decider.Decider: Starting decider [2022-02-28T16:43:52.186+11:00][INFO]- (pool-6-thread-1) com.amazonaws.iot.greengrass.streammanager.server.StreamServer: StreamServer ready to accept connections on port 8088 [2022-02-28T16:43:52.207+11:00][INFO]-Putting initialization result for function arn [arn:aws:lambda:::function:GGStreamManager:1] to http://localhost:8000/2016-11-01/functions/arn:aws:lambda:::function:GGStreamManager:1/initialized [2022-02-28T16:43:52.377+11:00][INFO]-Put initialization result for function arn [arn:aws:lambda:::function:GGStreamManager:1] [2022-02-28T16:43:53.407+11:00][ERROR]- (nioEventLoopGroup-3-1) com.amazonaws.iot.greengrass.streammanager.server.handlers.CreateMessageStreamRequestHandler: Encountered unknown exception while creating message stream SomeStatusStreamName [2022-02-28T16:43:53.407+11:00][ERROR]-org.mapdb.DBException$PointerChecksumBroken: Broken bit parity [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.DataIO.parity4Get(DataIO.java:476) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.StoreWAL.longStackLoadChunk(StoreWAL.kt:732) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.StoreWAL.longStackPut(StoreWAL.kt:712) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.StoreDirectAbstract.releaseData(StoreDirectAbstract.kt:367) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.StoreWAL.updateProtected(StoreWAL.kt:455) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.StoreWAL.update(StoreWAL.kt:426) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.IndexTreeListJava.treePut(IndexTreeListJava.java:341) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.IndexTreeLongLongMap.put(IndexTreeLongLongMap.kt:77) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.HTreeMap.putprotected(HTreeMap.kt:363) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.HTreeMap.put(HTreeMap.kt:324) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at com.amazonaws.iot.greengrass.streammanager.dao.MapDbMetadataDao.put(MapDbMetadataDao.java:73) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at com.amazonaws.iot.greengrass.streammanager.store.log.LogStore.createMessageStream(LogStore.java:113) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at com.amazonaws.iot.greengrass.streammanager.server.handlers.CreateMessageStreamRequestHandler.handle(CreateMessageStreamRequestHandler.java:41) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at com.amazonaws.iot.greengrass.streammanager.server.handlers.MessageStreamHandler.channelRead(MessageStreamHandler.java:133) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:321) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:295) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:321) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:295) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at java.lang.Thread.run(Thread.java:834) [?:?] ``` thanks for your help

I want a custom domain for my mqtt endpoint like mqtt.abc.example.org. I followed this guide https://aws.amazon.com/it/blogs/iot/migrating-devices-aws-iot-custom-domains/ All seems to be correct compared with screenshot on guide, but when I do mosquitto_pub --cert test-2022b.pem --key test-2022b.key -h mqtt.abc.example.org -p 8883 -d -t 'test/pippo' -i pub -m "Ciao mondo" --tls-version tlsv1.2 --cafile AmazonRootCA1.pem I got: Client pub sending CONNECT OpenSSL Error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Error: Success I also tried with this Python srcipt: from AWSIoTPythonSDK.MQTTLib import AWSIoTMQTTClient myMQTTClient = AWSIoTMQTTClient("myClientID") myMQTTClient.configureEndpoint("mqtt.abc.example.org", 8883) myMQTTClient.configureCredentials("AmazonRootCA1.pem", "test-2022b.key", "test-2022b.pem") myMQTTClient.connect() Result: ssl.SSLCertVerificationError: ("hostname 'mqtt.abc.example.org' doesn't match either of 'iot.eu-west-3.amazonaws.com', '*.iot.eu-west-3.amazonaws.com'",) If I use xxxxxxxxx-ats.iot.eu-west-3.amazonaws.com it works. Server side I use a certificate issued by aws.

I'm trying to create an IoT Core Rule that triggers a Kafka action to send our device data directly to our Kafka cluster, using Basic Ingest. I have successfully setup the VPC Destination that this action needs, specifying our subnets that contain the Kafka brokers; however, I am getting the following log in CloudWatch when the KafkaAction fails: ``` { "ruleName": "testKafkaAction", "topic": "", "cloudwatchTraceId": "<id>", "clientId": "test", "base64OriginalPayload": "<payload>", "failures": [ { "failedAction": "KafkaAction", "failedResource": "iot-core-sensordata-stream", "errorMessage": "KafkaAction failed to send a message to the specified bootstrap servers. SSL handshake failed. Message arrived on: , Action: kafka, topic: test-kafka-action, bootstrap.servers: <bootstrap_servers>" } ] } ``` Our Kafka cluster is self hosted, and uses a self-signed CA. I have created a binary secret in Secrets Manager containing the truststore in pkcs12 format. The truststore contains our self-signed CA. I am using SASL_SSL as the security protocol for the rule, and SCRAM-SHA-512 as the mechanism. The username and password are also stored as a separate secret in Secrets Manager. My rule's IAM policy is setup correctly to access these secrets. One other thing to note: My bootstrap servers list for the rule are the private ip:port of the nodes running the Kafka brokers in our VPC, and I have ensured these IPs are on the SAN list for the cert. Here is the json template for my rule as a reference: ``` { "sql": "SELECT *", "ruleDisabled": false, "awsIotSqlVersion": "2016-03-23", "actions": [ { "kafka": { "destinationArn": "<VPC_DESTINATION_ARN>", "topic": "test-kafka-action", "clientProperties": { "bootstrap.servers": "<KAFKA_BOOTSTRAP_SERVERS>", "key.serializer": "org.apache.kafka.common.serialization.StringSerializer", "value.serializer": "org.apache.kafka.common.serialization.ByteBufferSerializer", "security.protocol": "SASL_SSL", "ssl.truststore": "${get_secret('<SECRET_NAME>', 'SecretBinary', '<KAFKA_RULE_ROLE_ARN>')}", "ssl.truststore.password": "{{SSL_TRUSTSTORE_PASSWORD}}", "sasl.mechanism": "SCRAM-SHA-512", "sasl.scram.username": "${get_secret('<SECRET_NAME>', 'SecretString', 'kafkaUser', '<KAFKA_RULE_ROLE_ARN>')}", "sasl.scram.password": "${get_secret('<SECRET_NAME>', 'SecretString', 'kafkaPassword', '<KAFKA_RULE_ROLE_ARN>')}" } } } ], "errorAction": { "cloudwatchLogs": { "logGroupName": "AWSIotLogsV2", "<KAFKA_RULE_LOGS_ROLE_ARN>" } } } ``` This error message does not provide any reason as to why the handshake failed, so my only guess is that IoT Core does not allow self-signed CAs for the KafkaAction in a rule. Is this true, or am I missing something elsewhere potentially? I am able to connect and publish a message to our Kafka cluster with no issues using a python client, giving it the same credentials and self-signed CA, after having to add our servers' IP addresses to the SAN list on the cert.

I have implemented a custom authorizer for my AWS IoT and it is working fine for publishing messages. But returns "Internal Server Error" if I tried to fetch retained messages via HTTPS. Policies seems to be fine and the lambda function is executing correctly as per the logs. Any help is much appreciated. { "message": "Internal Server Error", "traceId": "975693ad-b482-2e21-8686-60f8392cfd4a" }

Hi, I have remote battery powered cellular devices uploading their measurements to IOT Core. They disconnected their modem each packet upload, which could be 1/min. However the data overhead required to connect and handshake, exchange certs etc is too large. At the moment 4k-6k is required on each connect, even if just sending 100bytes of data. The handshake is killing my data usage. See this blog I found for info on the overhead required by TLS 1.2 http://netsekure.org/2010/03/tls-overhead/ For devices that need to be as efficient as possible with data and power, is it possible to a) resume TLS connections? or b) what is the recommended way for these devices to connect to the MQTT IOT Core service? This is a low power sensor device that is not able to run the SDK. So we need to implement out own connection to the MQTT ports on AWS (8883). AWS also does not allow unencrypted connections... A very similar and related question that went unanswered (https://forums.aws.amazon.com/thread.jspa?messageID=891100&#891100), however considering MQTT is desinged for IOT devices and is supposed to minimise load and be efficient it is hard to accept a 4k-6k overhead on each connection.

Hello, when i am trying to send a Downlink to a lorawan device and want to check the message queue in the aws console IoTCore -> Wireless connectivity -> Devices -> specific device: i am receiving this error as a red notification error pop up after a few seconds. > Value not valid 1 validation error detected: Value 'null' at 'WirelessDeviceType' failed to satisfy constraint: Member must have non-null and nonempty value Althought i get no error message if i invoked the send data to device API from the CLI command line or from an lambda function using boto3. Also when i am using the console to queue a downlink i got a green conformation box but afterwars this error and nothing is displayed in the downlink queue section. All the devices send the data normally and apart from this issue everything seems to work just fine. I have no clue why i am getting this error and i found nothing in the documentation. Did anyone encountered the same problem and knows how to solve it ? Thanks for your help in advance.

Hello, This is tangentially related to my question here [Permissions for IoT Things and Cognito User/Identity Pools](https://repost.aws/questions/QUkhT9MqeVR-mysdzKc2YQcA#AN8JHCJ_V2RTq8t38UGEK_IQ). I am trying to understand why my IoT Core Policy isn't working as expected using `aws iot test-authorization`, but am getting this error: `"missingContextValues": ["cognito-identity.amazonaws.com:sub" ]`. Setup * I have cognito user ABC, with associated Identity ID `us-east-1:xxxxxx-xxxx-xxxx-xxxx-5f7a793d20cb`. This identity has the IoT Core Policy `test-policy` (defined below) attached to it. The identity pool ID is `us-east-1:xxxxxxx-xxxx-xxxx-xxxx-fe1a9f14f96b`. * IAM policy for the Identity Pool allows full access to `iot:*` * IoT Thing named TestThing w/the `test-policy` (defined below) attached to it. * IoT Core Policy (named `test-policy`): ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:Connect", "Resource": "*" }, { "Effect": "Allow", "Action": "iot:Publish", "Resource": "*", "Condition": { "StringEquals": { "cognito-identity.amazonaws.com:sub": "us-east-1:xxxxxx-xxxx-xxxx-xxxx-5f7a793d20cb" } } } ] } ``` I am running this test: ``` aws iot test-authorization --principal us-east-1:xxxxxx-xxxx-xxxx-xxxx-5f7a793d20cb --cognito-identity-pool-id us-east-1:xxxxxxx-xxxx-xxxx-xxxx-fe1a9f14f96b --auth-infos actionType=CONNECT,resources=arn:aws:iot:us-east-1:xxxxxxxxxxxxxxxx:client/ABC ``` However, I am getting this response: ``` { "authResults": [ { "authInfo": { "actionType": "CONNECT", "resources": [ "arn:aws:iot:us-east-1:xxxxxxxxxxxxx:client/ABC" ] }, "allowed": { "policies": [] }, "denied": { "implicitDeny": { "policies": [ { "policyName": "test-policy", "policyArn": "arn:aws:iot:us-east-1:xxxxxxxxxxxxx:policy/test-policy" } ] }, "explicitDeny": { "policies": [] } }, "authDecision": "IMPLICIT_DENY", "missingContextValues": [ "cognito-identity.amazonaws.com:sub" ] } ] } ``` I would expect this to pass, since the CONNECT action is allowed for everyone. My best guess is that the policy can't properly be evaluated because of the missingContextValues issue, so it returns a deny. When I test this with my Python script that logs the user in, retrieves credentials and connects to the MQTT server just fine. Is there a way to provide this context value in the `test-authorization` call? Thank you!

Hi, please help with following for aws s3 ota with mqtt having freertos: ota demo code flow. referring "https://github.com/espressif/esp-aws-iot/tree/release/beta/examples/ota/ota_mqtt" ota bootloader code availability what libraries are required for ota what are ram and flash usage for ota when programming esp, if 2 partitions are created say ota0 & ota1, are both partitions erased while programming from esp idf eclipse thanks

As long as I see IoT Core, it's possible to realize similar functions by using API Gateway, Lambda, Cognito etc... Is having physical devices the only reason to choose IoT Core? Are there any other reasons to choose IoT Core?

In order to give an IoT device a simple access to an S3 bucket, one must do all this: https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html (phew!) I would like this understand what I'm actually doing. The first thing is to let "credentials.iot.amazonaws.com" service to "assume a role", in more details "role that the credentials provider assumes on behalf of your device". The device has a role which let's it to do pubsub on MQTT messages (among other things). Why the credential services would be interested in "assuming a role on behalf/from the device" ? I mean, it is going to give out an access key id & secret access key associated to the IoT device certificate. Such a task is farm from the "roles" that the device does.

Hello, I am having some issues architecting a good security scheme for managing IoT Thing access for Cognito users. My use case is the following: * We have a number of users (corresponding to users in a User Pool, with an associated Identity Pool). Each user belongs to a particular "Company". Currently this is done via an attribute (`custom:Company`). * We have a number of IoT Things. Each of these Things belongs to a static Thing Group, whose name matches the attribute above. I'd like for a given User/Identity to be able to receive the MQTT data stream from Things that belong to a static group that matches their custom:Company attribute. Example: * I have 6 Things: A, B, C, D, E, F. * A, B & C belong to static group "FirstCompany" * D, E & F belong to static group "SecondCompany" * I have two cognito users/identities: Alice and Bob. * Alice has the custom attribute `custom:Company` = FirstCompany * Bob has the custom attribute `custom:Company` = SecondCompany I'd like for Alice to be able to subscribe to the MQTT topics for devices A, B and C, but NOT D, E and F. This means permissions for iot:Connect, iot:Receive, iot:Publish and iot:Subscribe. The pseudo-policy I'd like to assign to all users is something like this: ``` effect = allow, action = ["iot:Receive", ...] condition: target thing group == ${aws:PrincipalTag/custom:Company} ``` Unfortunately I haven't found something as straight-forward as this. As I see it, my options are: 1. Draft custom policies for each customer, in which each Thing (and associated topics) are explicitly allowed. This seemingly wouldn't scale well if a customer has thousands of Things. 2. Create a custom IoT authorizer that compares the principal's attribute with the Thing's static group. This seems like it'd run into rate limiting issues, especially if I have to check which groups a Thing belongs to for every MQTT message. 3. Come up with a naming scheme for devices that includes a customer name in some way (e.g., instead of A, B, C I'd have FirstCustomer-A, FirstCustomer-B, FirstCustomer-C). This doesn't feel like a great approach. However, it seems like this situation would be pretty common! Is there a particular way this should be done? Any guidance would be appreciated! -------------- Edit: Following up on the suggestion from Pronoy_C, I've set up the following IoT Core Policy: ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:Connect", "Resource": "*" }, { "Condition": { "StringEquals": { "cognito-identity.amazonaws.com:sub": "${iot:Connection.Thing.Attributes[Owner]}" } }, "Effect": "Allow", "Action": "iot:*", "Resource": "arn:aws:iot:us-east-1:xxxxxxxxxxxx:thing/*" } ] } ``` and I've attached this policy both to Thing A and to Alice's Identity. However, while Alice is able to connect to the MQTT host, I cannot publish to `$aws/things/A/shadow/get`. The AWS logs indicate AUTHORIZATION_FAILURE. I do indeed have the Owner attribute set to Alice's Identity ID. I tried testing with the CLI tool, but have run into issues there (see [this thread](https://repost.aws/questions/QUIy1VujDmTvO-3Il99dw-xQ/aws-io-t-test-authorization-missing-context-values)).

Hello, I'm quite new to AWS GreenGrass and I try to create a deployment which will work for more then just one device. I work with a raspberry pi 4 which runs Greengrass and connects to some energy meters and sensors through software things that run on the raspberry pi. I created a deployment using the following AWS provided components: - MQTT Broker - MQTT Bridge - Auth - Shadow manager Let's say the Greengrass core device is called __mainDevice01__ and it should subscribe through MQTT bridge to all subjects containing *__mainDevice01__/things/#*. End users can add things (energy meters, sensors,...) to _mainDevice01_ which will run as a piece of software on the device. From what I experience: - I must create a separate deployment for every mainDevice in my cluster. Correct? - Every new thing that is connected to a Greengrass core devices should trigger a lot of updates to the deployment. (Which shadows to collect, new MQTT bridge links,...) I want to create a single deployment for many _mainDevices_ which all subscribe to their respective sub-topic. I tried to use _{iot:thingName}_ as a variable within the merge configuration of the MQTT bridge but that doesn't seem to work. ```json { "reset": [], "merge": { "ThingData": { "topic": "{iot:thingName}/things/#", "source": "IotCore", "target": "LocalMqtt" } } } } ``` In the same way I would like to automatically configure the Shadow manager (if possible) to collect the shadows of a things belonging to a core device or specific group. I'm not sure if my design idea is correct this way? Any suggestions on how this should be done the correct way are more then welcome! Warm regards, Hacor

I'm trying to use IoT Events custom payload with Lambda action. When I pass a JSON list format data from input and use it in the Lambda Action with JSON payload the following error occurs: ` We couldn't parse your content expression for the payload of LambdaAction. Enter a content expression with the correct syntax.` Code example: ` { lambda: { functionArn: consumer.functionArn, payload: { contentExpression: "{\"deviceId\": \"test\", \"applianceId\": \"another test\"}", type: 'JSON' } } }` The answer from https://repost.aws/questions/QUJ23sjtbVTMSmG4JzITEK1g/io-t-events-custom-payload-error not working. Did something change?

For an upcoming project we want to use greengrass v2 with a custom component(lambda) that requests data using an appsync api call. Using the TokenExchangeService component we are able to make requests to S3 and other service but we are unable to use the AwsAppsyncClient library to connect to Appsync. is there a way to have the appsync client use the token exchange service or to get the credentials by calling the service directly?

I'm trying to figure out the best way to separate environments for AWS IoT LoRaWAN. I'd like to have `dev`, `staging` and `prod` separation, but haven't quite figured out how best to implement. My complete service includes Lambda, SNS, SQS and Dynamo, which I think should be easy enough to separate. But I'd like to be able to do the same for Wireless. Does this have to be done with completely isolated AWS accounts? Also, with custom IoT Core domains is it possible to create multiple custom domains like dev-iot.mydomain.com, stg-iot.mydomain.com and iot.mydomain.com?

Hi, When attempting to deploy the new aws.greengrass.SystemsManagerAgent (v1.0.0) Greengrass component, onto our IoT device (Nvidia Jetson Nano - running Ubuntu 18.04), it consistently fails to install, giving the error message 'Snap - Failed to install'. To test what was going on, I found the installation steps used in the component recipe and attempted to replicate these manually. In doing so, I discovered that the command 'ssm-setup-cli -install' used in the 'Install' lifecycle step doesn't work on it's own, with the CLI tool erroring with the message 'Region must be specified'. After changing the command to 'ssm-setup-cli -install -region eu-west-1' (i.e. adding the region in as an additional flag), the installation of the agent completed successfully. Therefore, I believe a simple fix for this issue is to provide a means of specifying the region as part of the aws.greengrass.SystemsManager component configuration (https://docs.aws.amazon.com/greengrass/v2/developerguide/systems-manager-agent-component.html#systems-manager-agent-component-configuration), but I can't help feeling that is this was a problem for everyone, then it would have been reported and fixed by now? Would appreciate any feedback on whether anyone's got this component installing correctly first time round? Many thanks.

I am attempting to install greengrass on an ubuntu VM. I get the *Successfully set up Nucleus as a system service* message, but it is not creating a greengrass core. And, my log says: `com.aws.greengrass.mqttclient.AwsIotMqttClient: Unable to connect to AWS IoT Core.` This issue looks similar to a [previous question](https://repost.aws/questions/QUYwvG_kXvR0CncHiPvYEs5Q/com-aws-greengrass-mqttclient-aws-iot-mqtt-client-unable-to-connect-to-aws-io-t-core) I have tried two things. First, I created a deployment with a merge config below for the nucleus before running greengrass install command. ``` { "greengrassDataPlanePort": 443, "mqtt": { "port": 443 } } ``` I have also tried stopping the greengrass service on my VM and then replacing all of the 8443's with 443's and also adding "port": 443 to the mqtt objects. This has not helped. I still get the **Unable to connect to AWS IoT Core**

I'm following this AWS workshop https://iot-analytics.workshop.aws/2-streaming-workflow/1-iot-device-simulation.html and they instruct to create a Widget but there is no option to create a Widget. They ask to go to Modules -> Widgets -> Add Widget but there is no such thing as Modules. Why can't I see it?

Hi I have just implemented an api to get the online status for our IoT devices using the SearchIndex operation in AWS IoT. This worked fine during testing, but when it was put into production it failed immediately. I tried manually doing a SearchIndex from the console at the time and got the following error: ``` > aws iot search-index --index-name "AWS_Things" --query-string "thingName:xxx" --profile yyy An error occurred (ThrottlingException) when calling the SearchIndex operation (reached max retries: 2): Rate exceeded ``` How can I find out what the current throttling limit is for this operation? I found a list of throttling limits in the documentation, but can't see anything that concerns the IoT Index: https://docs.aws.amazon.com/general/latest/gr/iot-core.html#throttling-limits From our logs found that the API was hit about 90 times per second at the time. We currently have around 430K devices. We could reduce the load by doing some caching on our side, but without knowing what the limits are, it is difficult to know if that will be sufficient. Is there perhaps a better way to query the online status of a device?

hello, --- i'm trying to connect to AWS IoT Core from my PC using mqtt client tools. (like, MQTT.fx, mqttbox) --- I can connect successfully by certificate mode. --- But I cannot connect by user id / pwd mode. (IAM user access key id, access key pwd) --- Let me know how to configure AWS settings or mqtt client settings. ---

Hi, we expect high traffic in our AWS IoT Core endpoint and performed load testing recently to understand its limits. After sending thousands of events it started to throttle and ignore our messages which is perfectly fine considering the limits defined [here](https://docs.aws.amazon.com/general/latest/gr/iot-core.html#limits_iot): ``` { "timestamp": "2022-02-04 15:55:46.100", "logLevel": "ERROR", "traceId": "-----------", "accountId": "-----------", "status": "Failure", "eventType": "Publish-In", "protocol": "MQTT", "topicName": "-------------", "clientId": "-------------", "principalId": "-------------", "sourceIp": "-------------", "sourcePort": 55497, "reason": "throttled" } ``` The problem is it seems it never "cools down". If we give it one hour or days, the message is still rejected (Failure/throttled). I thought that maybe a new clientid could help it didn't. Is this known and expected? If so, how can we deal with it? It's been hard to understand what is being taken into consideration for the throttling once it's active, maybe the sourceIp?

hi, i was refering to advanced ota example from esp32. there im getting error when project us run as shown below: I (5624) advanced_https_ota_example: Starting Advanced OTA example E (5904) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700 I (5904) esp-tls-mbedtls: Failed to verify peer certificate! I (5914) esp-tls-mbedtls: verification info: ! The certificate is not correctly signed by the trusted CA E (5924) esp-tls: Failed to open new connection E (5924) TRANS_SSL: Failed to open a new connection E (5934) HTTP_CLIENT: Connection failed, sock < 0 E (5934) esp_https_ota: Failed to open HTTP connection: ESP_ERR_HTTP_CONNECT E (5944) esp_https_ota: Failed to establish HTTP connection E (5954) advanced_https_ota_example: ESP HTTPS OTA Begin failed W (6544) wifi:<ba-del>idx W (9604) wifi:<ba-add>idx:0 (ifx:0, e8:48:b8:61:bb:81), tid:0, ssn:21, winSize:64 W (10564) wifi:<ba-del>idx W (13594) wifi:<ba-add>idx:0 (ifx:0, e8:48:b8:61:bb:81), tid:0, ssn:22, winSize:64 W (14594) wifi:<ba-del>idx please suggest how to resolve. what to steps to generate certificate and where to include in project.

Hi, I am trying to integrate IoT rule with timestream. I managed to handle a case when I have one incoming measurement per messages, but for network optimisation (or something) we receive packed measurements as JSON array (examples below). Is there a way to compose SQL code which will parse incoming array and put multiple measurements into timestream db? Single measurement example: >{ > "value": 335, > "dataId": "Wroclaw1" > "takenAt": "2022-02-01T11:40:46.770Z" >} my case: >[[{ > "value": 35, > "dataId": "Wroclaw1" > "takenAt": "2022-02-01T11:40:46.770Z" >}, >{ > "value": 37, > "dataId": "Wroclaw2" > "takenAt": "2022-02-01T11:41:49.260Z" >}]]

Hello: How I can delete an instance of the detector model? I mean, for each input with different key, a new instance is created from the detector model. If at some point I want to delete that particular instance, how can I do that? I couldn't get any information on that. Thanks

Hi folks, Hope you are well and safe and also hope that this question doesn't gonna be an already asked question. I'm here to ask a help about a possible solution with AWS Lambda and other AWS environment stuffs: I need to understand if it is possible to use AWS Lambda function as bridge between HTTP request and MQTT topic. In particular, I need where and HTTP request trigger an AWS Lambda function, which in turn publish on a topic; when datas are published on this topic, an IoT thing response to the request, posting response on a topic. I require AWS Lambda to receive this event and send back to the first HTTP request, the response received from IoT thing. Is it possible to achieve this kind of synchronization mechanism similar to the one shown [here](https://aws.amazon.com/blogs/compute/managing-backend-requests-and-frontend-notifications-in-serverless-web-apps/) where, instead of a DynamoDB there is a pub/sub mechanism? Cheers.