Publishing to AWS IOT MQTT from a Lambda function - connection timeout

0

Hi

I have a Lambda function that is invoked via MQTT messages coming from AWS IOT message routing. The Lambda function then checks an MSSQL database, and decides what to do next. This bit works.

Depending on the result of the database query, my Lambda function may choose to publish an MQTT message back to AWS IOT. This works when I test locally on my development machine and using the "Mock Lambda Test tool". However, when I publish the Lambda function and try it out, the published Lambda function times out at the point of trying to connect to the MQTT client (time out is 30 seconds).

  1. I'm using NET Core 6, C#, and MQTTnet.
  2. I have configured a VPC endpoint, and made sure the security groups and subnets match the Lambda function.
  3. I have a policy on my Lambda function role as below:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Connect" ], "Resource": "*" } ] }

I've now run out of ideas , so any help appreciated.

Thanks

David

已提問 1 年前檢視次數 1115 次
3 個答案
1
已接受的答案

Gavin_A. Much appreciated. Your suggested link fixed the problem.

For anyone else - the answer is here:

https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

已回答 1 年前
profile picture
專家
已審閱 2 個月前
0

Hi Greg - thank for getting back to me . I've changed my code to use "AmazonIotDataClient.PublishAsync" as you suggested, and that seems like the sensible thing to do.

Unfortunately, I still have the same fundamental problem. Everything works well when I run locally with the "Mock Lambda Test Tool", but my call to publishAsync “times out” on my Lambda function when I try and run the deployed lambda function. (After about 30 seconds, so plenty long enough to publish).

Out of desperation I've changed my policy to the below, and that didn't help. I've guessing that for some reason there is no IP connectivity between my Lambda function and my MQTT url, but fiddling around with vpc's and endpoints hasn't got me any further.

Policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:", "Resource": "" } ] }

Any ideas ?

Thanks

David

已回答 1 年前
  • Hi David, is your Lambda within a VPC? If so, you can either provide it Internet access or create an IoT VPC endpoint within the VPC.

0

Hi David. I recommend you that do not try to connect to the IoT Core broker from your lambda using an MQTT client. Instead, you can use the Publish HTTPS API of the IoT data plane: https://docs.aws.amazon.com/iot/latest/apireference/API_iotdata_Publish.html . This is the most common way of publishing from a Lambda. Our .Net SDK supports this operation: https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/IotData/MIotDataPublishAsyncPublishRequestCancellationToken.html.

As HTTP doesn't require a connection to the broker before publishing, you can then delete the iot:Connect action from the Lambda's policy.

profile pictureAWS
專家
Greg_B
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南