1 個回答
- 最新
- 最多得票
- 最多評論
2
Hello,
Please make sure the access control is properly formed. What you posted excludes the service which must be aws.greengrass.ipc.pubsub
. See the examples provided in https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-publish-subscribe.html#ipc-publish-subscribe-authorization.
Ex:
"aws.greengrass.ipc.pubsub": {
"com.component.test:pubsub:1": {
"policyDescription": "test policy",
"operations": [
"aws.greengrass#SubscribeToTopic"
],
"resources": [
"test/things/+/topic"
]
}
}
If you are changing the default configuration in your component, then make sure that you deploy the new default configuration values by using reset: [""]
in the deployment configuration update.
Also ensure that the policy name is unique within the device.
Cheers,
Michael
相關內容
- AWS 官方已更新 9 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
I excluded the top level part of the object, let me update. It includes what you mentioned above. The policy name is unique. Again, everything works when we don't use wildcards.
Using the greengrass local CLI or local debug console, please look at the active configuration for this component and post it.
I was just able to verify myself using Nucleus 2.11.3 (which has no changes relevant to this compared to 2.11.2). I am able to subscribe to
test/things/+/topic
when authorized only for subscribe to topic withtest/things/+/topic
as the resource.Yep, the active configuration was not updated correctly. IoT Core showed the correct default settings, but when we looked at the local config via the CLI is was showing the old version. This appears to be a problem in our deployment pipeline.
Thank you for your help! Marking as resolved.