使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Add/update Greengrass Service Role empty

0

I have a Greengrass device setup that I'm trying to get SSH tunneling working on but needs a service role associated with my account if I'm understanding that correctly. In AWS IoT > Settings > Greengrass service role, there is no role attached. Clicking attach gives just an empty dropdown box.

I've tried creating a role named "Greengrass_ServiceRole" and attaching the AWS managed "AWSGreengrassResourceAccessRolePolicy", but it still doesn't show up in that dropdown box for Greengrass service role. Based on the docs, this role would be created for me if I used Greengrass V1, but I'm starting from scratch here, do I need to setup my device using V1 just to get things like this setup? https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-service-role.html

2022-10-03T13:35:26.500Z [INFO] (pool-2-thread-15) aws.greengrass.SecureTunneling: shell-runner-start. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=STARTING, command=["java -jar /greengrass/v2/packages/artifacts/aws.greengrass.SecureTunneling/1.0..."]}
2022-10-03T13:35:30.626Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [INFO ] 2022-10-03 08:35:30.610 [main] SecureTunneling - Starting secure tunneling component!. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:31.607Z [WARN] (Copier) aws.greengrass.SecureTunneling: stderr. Oct 03, 2022 8:35:31 AM software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection$1 onConnectionSetup. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:31.607Z [WARN] (Copier) aws.greengrass.SecureTunneling: stderr. INFO: Socket connection /greengrass/v2/ipc.socket:8033 to server result [AWS_ERROR_SUCCESS]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:32.001Z [WARN] (Copier) aws.greengrass.SecureTunneling: stderr. Oct 03, 2022 8:35:32 AM software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection$1 onProtocolMessage. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:32.001Z [WARN] (Copier) aws.greengrass.SecureTunneling: stderr. INFO: Connection established with event stream RPC server. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:32.005Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [INFO ] 2022-10-03 08:35:32.005 [main] SecureTunnelingExecutor - Starting secure tunneling.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.928Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2022-10-03 08:35:48.928 [Thread-1] SecureTunnelingTask - Execution exception while subscribing to topic: $aws/things/TestLocalBaseStation/tunnels/notify. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.940Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.948Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [INFO ] 2022-10-03 08:35:48.947 [Thread-1] SubscribeResponseHandler - Subscribe to topic stream closed.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.952Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [INFO ] 2022-10-03 08:35:48.951 [Thread-1] SubscribeResponseHandler - Subscribe to topic stream closed.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.991Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. [ERROR] 2022-10-03 08:35:48.936 [main] SecureTunnelingExecutor - Exception while running secure tunneling.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.991Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. java.util.concurrent.ExecutionException: software.amazon.awssdk.aws.greengrass.model.ServiceError: Subscribe to topic $aws/things/TestLocalBaseStation/tunnels/notify failed with error java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: Host name was invalid for dns resolution.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.991Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.991Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2069) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.991Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.aws.greengrass.component.securetunneling.executor.SecureTunnelingExecutor.runSecureTunneling(SecureTunnelingExecutor.java:50) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.aws.greengrass.component.securetunneling.SecureTunneling.main(SecureTunneling.java:38) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. Caused by: software.amazon.awssdk.aws.greengrass.model.ServiceError: Subscribe to topic $aws/things/TestLocalBaseStation/tunnels/notify failed with error java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: Host name was invalid for dns resolution.. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:78) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.992Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at java.lang.reflect.Constructor.newInstance(Constructor.java:480) ~[?:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.internal.ConstructorConstructor$4.construct(ConstructorConstructor.java:140) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:211) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at software.amazon.awssdk.eventstreamrpc.EventStreamRPCServiceModel$EventStreamPostFromJsonTypeAdapter.read(EventStreamRPCServiceModel.java:87) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at software.amazon.awssdk.eventstreamrpc.EventStreamRPCServiceModel$EventStreamPostFromJsonTypeAdapter.read(EventStreamRPCServiceModel.java:61) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.Gson.fromJson(Gson.java:991) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.Gson.fromJson(Gson.java:956) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.993Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.Gson.fromJson(Gson.java:905) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.994Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at com.google.gson.Gson.fromJson(Gson.java:876) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.994Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at software.amazon.awssdk.eventstreamrpc.EventStreamRPCServiceModel.fromJson(EventStreamRPCServiceModel.java:319) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.994Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at software.amazon.awssdk.eventstreamrpc.EventStreamRPCClient$1.onContinuationMessage(EventStreamRPCClient.java:92) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:48.994Z [INFO] (Copier) aws.greengrass.SecureTunneling: stdout. at software.amazon.awssdk.crt.eventstream.ClientConnectionContinuationHandler.onContinuationMessageShim(ClientConnectionContinuationHandler.java:41) ~[GreengrassV2SecureTunnelingComponent-1.0-all.jar:?]. {scriptName=services.aws.greengrass.SecureTunneling.lifecycle.run.script, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
2022-10-03T13:35:50.351Z [INFO] (Copier) aws.greengrass.SecureTunneling: Run script exited. {exitCode=1, serviceName=aws.greengrass.SecureTunneling, currentState=RUNNING}
主題
物聯網 (IoT)安全性、身分識別與合規
標籤
AWS IoT GreengrassAWS IoT CoreAWS Identity and Access Management物聯網 (IoT)IAM 政策
語言
English
jbanahan
已提問 2 年前檢視次數 313 次
1 個回答
3

Please see https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-service-role.html#create-greengrass-service-role-console for information about creating the service role correctly.

However, with that said, the service role is not used on the device except in a few rare circumstances and secure tunneling is not one of them. Greengrass V2 uses an IoT Role Alias the assume an IAM role when using non-IoT AWS services. See https://docs.aws.amazon.com/greengrass/v2/developerguide/device-service-role.html for more information.

Make sure that you are using the secure tunneling component: https://docs.aws.amazon.com/greengrass/v2/developerguide/secure-tunneling-component.html.

Then, if you are having issues please clarify what the problem is and provide logs.

AWS
專家
MichaelDombrowski-AWS
已回答 2 年前
  • jbanahan
    2 年前

    Thanks for the response Michael! I'm still looking through what you've posted. My logs are filled with errors related to the service role and assumed that was going on:

    software.amazon.awssdk.services.greengrassv2data.model.GreengrassV2DataException: Could not find a Service Role associated with this account. (Service: GreengrassV2Data, Status Code: 403, Request ID: 463$
  • MichaelDombrowski-AWS 專家
    2 年前

    OK, since that is the error that you're getting, you should follow the first documentation that I linked to create and associate a service role with your account.

  • jbanahan
    2 年前

    Still haven't figured out how to correctly add the role/policy posted above. Creating it manually it still does not show up for selection in the settings section of IoT Core. Besides that...

    I've edited my initial post with the SecureTunneling.log file from start till and of a connection attempt. Host name was invalid for dns resolution.. is the only thing that really sticks out to me. Is a dns record required for tunneling?

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容