New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Aws Iot issues with restricted policy permissions #640
Comments
@warlock-jay Sorry to hear that you are having issues. Can you please update to the latest version and try again. We have made some changes to log detailed exceptions upon connection failures. With current logs that you have shared its difficult to root cause the issue. import com.amazonaws.services.iot.AWSIotClient;
import com.amazonaws.mobile.client.AWSMobileClient;
import com.amazonaws.services.iot.model.AttachPolicyRequest;
// Attach principal policy
AttachPolicyRequest attachPolicyReq = new AttachPolicyRequest();
attachPolicyReq.setPolicyName("myIOTPolicy"); // name of your IOT AWS policy
attachPolicyReq.setTarget(AWSMobileClient.getInstance().getIdentityId());
AWSIotClient mIotAndroidClient = new AWSIotClient(AWSMobileClient.getInstance());
mIotAndroidClient.setRegion(Region.getRegion("<YOUR-AWS-REGION>")); // name of your IoT Region such as "us-east-1"
mIotAndroidClient.attachPolicy(attachPolicyReq);
// Connect code
... |
Hi @desokroshan
This is my code
This is the error i got 2019-01-14 10:55:34.854 22852-22852/com.example.aura.app15 I/Iotstatus: Iotactiviuty started Why it is failing? |
@warlock-jay The call to attachPolicy make a network call which cannot be performed on main thread to avoid unresponsive apps. Please move the code to a separate worker thread : new Thread(new Runnable() {
@Override
public void run() {
// Attach principal policy
AttachPolicyRequest attachPolicyReq = new AttachPolicyRequest();
attachPolicyReq.setPolicyName("myIOTPolicy"); // name of your IOT AWS policy
attachPolicyReq.setTarget(AWSMobileClient.getInstance().getIdentityId());
AWSIotClient mIotAndroidClient = new AWSIotClient(AWSMobileClient.getInstance());
mIotAndroidClient.setRegion(Region.getRegion("<YOUR-AWS-REGION>")); // name of your IoT Region such as "us-east-1"
mIotAndroidClient.attachPolicy(attachPolicyReq);
}
}, "Attach Policy").start(); |
Hi @desokroshan 2019-01-14 12:52:00.049 2906-3360/? E/ConnectivityService: RemoteException caught trying to send a callback msg for NetworkRequest [ LISTEN id=1056, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&FOREGROUND] ] I created policy with that name and gave full IOT access also,still it's giving same error. |
Hi @desokroshan public class Iot extends AppCompatActivity {
} This is the output i got when i run connectiot() 2019-01-14 15:37:44.321 893-981/com.example.aura.app15 D/AWSMobileClient: Inspecting user state details It's giving message trying to reconnect and failing showing exception that it is already connected.When i try to subscribe,it's giving the same 2019-01-14 15:53:56.345 893-893/com.example.aura.app15 D/AWSMobileClient: Inspecting user state details So i understood it didn't connected properly or not connected, |
An Amazon Cognito authenticated user needs two policies to access AWS IoT. The first policy is attached to the role of the authenticated pool to authenticate and authorize the Cognito user to communicate with AWS IoT. The second policy is attached to the authenticated Cognito user ID principal for fine-grained permissions. The above snippet attaches policy to the user id. Can you confirm if you have attached required policy to the "authenticated" role of your user pool? |
Yes,I gave full Iot access to authenticated and unauthenticated roles. |
Some comments based your code above :
|
Hi @desokroshan
I have changed and tested my code as you suggested.This is current code
This is the output i got for connectiot() 2019-01-16 17:04:39.069 31277-31371/com.example.aura.app15 W/AWSIotMqttManager: onFailure: connection failed. This is the output i got for subscribeiot() 2019-01-16 17:05:23.626 31277-31277/com.example.aura.app15 E/Iotstatus: Subscription error:
4)I don't understand the question properly,I think this is what you asked |
Thanks for sharing the details. {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:*"
],
"Resource": "*"
}
]
} In general giving full access is discouraged for production apps but you can try above just for debugging purpose. |
Hi @desokroshan But |
Thanks @desokroshan It's working when i change subscribe and publish topic names for publish i used "$aws/things//shadow/update" Still i have confusion on getting full data ,getting only delta,publishing.working on it. |
@warlock-jay Thanks for the update. I will try to reproduce and investigate the issue with restricted policy permissions soon as I can and update the thread. |
Similar issues here. error message:
Attach policy code is run right after user logged in:
policy on AWS IoT:
auth-rule(named cognito-auth-goodlinkeriot@sensor.live) has two policies as followed:
Environment(please complete the following information): SDK Version: 2.12.2 Device: Samsung note 4 and OPPO A57 @desokroshan any further progress ? |
@scdplzop Your issue is different from OP's. From the stacktrace, you need to add
Please feel free to open a new issue if you have follow-up questions. |
@warlock-jay The following documents lists restricted policy documents granting varying degree of authorization on the IoT resources. Can you check to see if you can find one matching your use case : |
This issue has been automatically closed because of inactivity. Please open a new issue if are still encountering problems. |
Hello, com.amazonaws.services.cognitoidentity.model.ResourceNotFoundException: IdentityPool 'us-east-2:1d25e******' not found. (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: ResourceNotFoundException; Request ID: 0a52b7)* Thank you |
State your question
When i am trying to connect my end point its' not connecting,It's showing connection lost
Which AWS Services are you utilizing?
AWS cognito userpool,federated identity pool,Iot
Provide code snippets (if applicable)
This is my code
This is the output i got
2019-01-09 17:54:25.141 29809-29809/com.example.aura.app15 I/Iotstatus: Iotactiviuty started
2019-01-09 17:54:25.142 2936-8444/? D/ConnectivityService: ConnectivityService NetworkRequestInfo binderDied(NetworkRequest [ LISTEN id=5293, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&FOREGROUND] ], android.os.BinderProxy@797f9a3)
2019-01-09 17:54:25.142 2936-4503/? D/ConnectivityService: ConnectivityService NetworkRequestInfo binderDied(NetworkRequest [ LISTEN id=5294, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&FOREGROUND] ], android.os.BinderProxy@e60c4d2)
2019-01-09 17:54:25.142 2936-8444/? D/ConnectivityService: ConnectivityService NetworkRequestInfo binderDied(NetworkRequest [ LISTEN id=5293, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&FOREGROUND] ], android.os.BinderProxy@797f9a3)
2019-01-09 17:54:25.143 2936-3370/? E/ConnectivityService: RemoteException caught trying to send a callback msg for NetworkRequest [ LISTEN id=5293, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&FOREGROUND] ]
2019-01-09 17:54:25.144 2936-3370/? E/ConnectivityService: RemoteException caught trying to send a callback msg for NetworkRequest [ LISTEN id=5294, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&FOREGROUND] ]
2019-01-09 17:54:25.154 29809-29809/com.example.aura.app15 D/AWSMobileClient: Inspecting user state details
2019-01-09 17:54:25.160 29809-29809/com.example.aura.app15 D/AWSMobileClient: hasFederatedToken: true provider: cognito-idp.eu-west-1.amazonaws.com/eu-west-1_*******
2019-01-09 17:54:25.160 29809-29809/com.example.aura.app15 D/AWSMobileClient: waitForSignIn: userState:SIGNED_IN
2019-01-09 17:54:25.160 29809-29922/com.example.aura.app15 D/AWSMobileClient: Inspecting user state details
2019-01-09 17:54:25.166 29809-29809/com.example.aura.app15 I/usersub: usersub ise30e7c1a-28cf-421e-b29c-3e77bf26ebc2
2019-01-09 17:54:25.167 29809-29922/com.example.aura.app15 D/AWSMobileClient: hasFederatedToken: true provider: cognito-idp.eu-west-1.amazonaws.com/eu-west-1_******
2019-01-09 17:54:25.167 29809-29922/com.example.aura.app15 D/AWSMobileClient: waitForSignIn: userState:SIGNED_IN
2019-01-09 17:54:25.167 29809-29922/com.example.aura.app15 D/AWSMobileClient: getCredentials: Validated user is signed-in
2019-01-09 17:54:25.254 2936-3053/? I/LaunchCheckinHandler: Displayed com.example.aura.app15/.Iot,wp,ca,185
2019-01-09 17:54:25.255 2936-3053/? I/ActivityManager: Displayed com.example.aura.app15/.Iot: +181ms
2019-01-09 17:54:25.282 29809-29860/com.example.aura.app15 D/OpenGLRenderer: endAllActiveAnimators on 0x8f49ea80 (RippleDrawable) with handle 0x9bcfd890
2019-01-09 17:54:25.477 29809-29922/com.example.aura.app15 I/AWSIotMqttManager: metrics collection is enabled, username: ?SDK=Android&Version=2.9.1
2019-01-09 17:54:25.477 29809-29922/com.example.aura.app15 I/AWSIotMqttManager: resetting reconnect attempt and retry time
2019-01-09 17:54:25.478 29809-29922/com.example.aura.app15 D/Iotstatus: Connection Status: Connecting
2019-01-09 17:54:25.491 29809-29922/com.example.aura.app15 D/Iotstatus: Connection Status: ConnectionLost
2019-01-09 17:54:25.549 2936-4503/? I/ActivityManager: Killing 26831:com.motorola.motodisplay/u0a67 (adj 906): empty #17
Environment(please complete the following information):
Device Information (please complete the following information):
II have signed in using my user pool and gave full iot access to federated auth role
I just want to publish and subscribe to topic.
Any example code snippets are helpful.
The text was updated successfully, but these errors were encountered: