Problem: I am hitting an "AccessDeniedException" when sending a message to an IOT Events Input from an IOT Core rule only when I attach an Alarm Model to that input. When there is no Alarm Model attached to the input, then the message is successfully sent to the IoT Events Input
Steps to reproduce:
- Create a new rule in IoT Core
- Add Action "Send a message to an IoT Events Input"
- When selecting an input, press "Create" which will bring you over to the IoT Events service and create your new Input (in my case, I call this input 'input_3')
- Let the UI create a relevant role or select a role that has the relevant access to complete the Action.
- Then go to the IoT Events service and add a new Alarm Model using 'input_3' as the input
When the rule is triggered, I get the following error from IoT Core
{
"ruleName": "storage",
"topic": "core-freshpet/devices/freshpet-lucan-temp/up",
"cloudwatchTraceId": "9d4051ae-1d35-6b7b-9464-05b082dba748",
"clientId": "integration-aws/unknown-q1B0hqp6yA4",
"base64OriginalPayload": "eyJhcHBfaWQiOiJjb3JlLWZyZXNocGV0IiwiZGV2X2lkIjoiZnJlc2hwZXQtbHVjYW4tdGVtcCIsImhhcmR3YXJlX3NlcmlhbCI6IkE4NDA0MTAwMDE4MUNGODMiLCJwb3J0IjoyLCJjb3VudGVyIjoxNDEwNCwicGF5bG9hZF9yYXciOiJESmYvNHdFRmdQLy8vLzg9IiwicGF5bG9hZF9maWVsZHMiOnsiQURDX0NIMFYiOjAuMjYxLCJCYXRWIjozLjIyMywiRGlnaXRhbF9JU3RhdHVzIjoiTCIsIkRvb3Jfc3RhdHVzIjoiQ0xPU0UiLCJFWFRJX1RyaWdnZXIiOiJGQUxTRSIsIkh1bV9TSFQiOjY1NTMuNSwiVGVtcEMxIjotMi45LCJUZW1wQ19TSFQiOi0wLjEsIldvcmtfbW9kZSI6IklJQyJ9LCJtZXRhZGF0YSI6eyJ0aW1lIjoiMjAyMS0wMS0xMVQyMzozMzoyMC4zODQ0ODIwMjZaIiwiZnJlcXVlbmN5Ijo4NjcuNywibW9kdWxhdGlvbiI6IkxPUkEiLCJkYXRhX3JhdGUiOiJTRjdCVzEyNSIsImFpcnRpbWUiOjYxNjk2MDAwLCJjb2RpbmdfcmF0ZSI6IjQvNSIsImdhdGV3YXlzIjpbeyJndHdfaWQiOiJldWktYTg0MDQxMWVlYTY0NDE1MCIsInRpbWVzdGFtcCI6MjQxMDcyMDI0NCwidGltZSI6IjIwMjEtMDEtMTFUMjM6MzM6MjAuMzI5MjAzWiIsImNoYW5uZWwiOjYsInJzc2kiOi02Nywic25yIjoxMCwicmZfY2hhaW4iOjB9XX19",
"failures": [
{
"failedAction": "IotEventsAction",
"failedResource": "input_3",
"errorMessage": "Failed to send message to Iot Events. null (Service: AWSIoTEventsData; Status Code: 403; Error Code: AccessDeniedException; Request ID: 97a6a8b1-838c-432b-a86b-0ce60e8285ad; Proxy: null). Message arrived on: core-freshpet/devices/freshpet-lucan-temp/up, Action: iotEvents, InputName: input_3, MessageId: aa694491-8b0c-4ce7-af65-97da7a53e1e1"
}
]
}
- Delete the alarm model you just created in IoT Events but do not touch your rules in IoT Core
The following is the [info] message I get from IoT Core when the rule is triggered once more, but this time when there is no alarm model attached to the input
2021-01-11 23:38:20.695 TRACEID:e907757e-8c3e-f469-11b3-de5b5f03c3fd PRINCIPALID:d9995c0652c616d7c94dc1713d559e14f8bc16caadd5ca10e1cbf386f496d510 [INFO] EVENT:IotEventsActionSuccess TOPICNAME:core-freshpet/devices/freshpet-lucan-temp/up CLIENTID:integration-aws/unknown-q1B0hqp6yA4 MESSAGE:Successfully sent message to IoT Events. Message arrived on: core-freshpet/devices/freshpet-lucan-temp/up, Action: iotEvents, InputName: input_3, MessageId: 69625f7a-3af2-4fe1-980b-6d94ddc0efe5