MQTT communication for GG V2 between Native and Lambda component

0

Good evening everyone 👋,

I have a question that has been bugging me for a couple of hours at this point.

I'm trying to set up a local MQTT communication between a Lambda and a Native component. However, I keep running into authorization issues when I try to publish a message from the Lambda function.

I realized that in for Native components, such authorizations can be granted through accessControl parameters in the configuration of the component, such as:

"ComponentConfiguration": {
        "DefaultConfiguration": {
            "accessControl": {
                "aws.greengrass.ipc.mqttproxy": {
                    "com.iotcommunication:mqttproxy:1": {
                        "policyDescription": "Allow IoT Core MQTT communication to component",
                        "operations": [
                            "aws.greengrass#SubscribeToIoTCore"
                        ],
                        "resources": [
                            "thesis/start"
                        ]
                    }
                },
                "aws.greengrass.ipc.pubsub": {
                    "com.localcommunication:pubsub:1": {
                        "policyDescription": "Allows Local MQTT communication to component",
                        "operations": [
                            "aws.greengrass#PublishToTopic",
                            "aws.greengrass#SubscribeToTopic"
                        ],
                        "resources": [
                            "*"
                        ]
                    }
                }
            }
        }
    },

However, this is not the case in a Lambda function component, where only Event Sources can be configured. These sources are just there for subscribing to topics, but not for publishing.

"componentLambdaParameters": {
  "eventSources": [
        {
           "topic": "local/nocontainer/nopinned",
           "type": "PUB_SUB"
        }
   ],
}

Therefore, when a message is published by the Lambda function to the topic, the following error is given in the execution:

2023-11-02T15:51:44.247Z [ERROR] (pool-2-thread-62) lambda_nocontainer_nopinned: lambda_function.py:118,Unauthorized error while publishing to topic: thesis/gateway. {serviceInstance=1, serviceName=lambda_nocontainer_nopinned, currentState=RUNNING}

I'm assuming that this error is given due to insufficient access control. So my question is, how do I make this setup work where my Lambda function can just publish messages to a Local MQTT topic.

I appreciate it a lot 🙏

Ed
已提問 6 個月前檢視次數 187 次
1 個回答
2

Hi Ed. With the Lambda component, the recipe is generated, so you can't set access control through the default configuration of the recipe. However, you can still update the Lambda component configuration by merging configuration in a deployment: https://docs.aws.amazon.com/greengrass/v2/developerguide/update-component-configurations.html#merge-configuration-update. You can use the local Greengrass CLI to verify that the configuration has successfully merged: https://docs.aws.amazon.com/greengrass/v2/developerguide/gg-cli-component.html#component-details

More details in these two previous answers:

profile pictureAWS
專家
Greg_B
已回答 6 個月前
AWS
專家
已審閱 6 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南