Jen*_*nuJ 6 websocket http-status-code-403 mqtt iot aws-iot
我有aws lambda函数,它生成IOT websocket URL,如下所示.
const v4 = require('aws-signature-v4');
const crypto = require('crypto');
const WSSURL = v4.createPresignedURL(
'GET',
process.env.IOT_ENDPOINT_HOST.toLowerCase(),
'/mqtt',
'iotdevicegateway',
crypto.createHash('sha256').update('', 'utf8').digest('hex'),
{
'key': process.env.IOT_ACCESS_KEY,
'secret': process.env.IOT_SECRET_KEY,
'protocol': 'wss',
'region': process.env.IOT_AWS_REGION,
}
);
我在客户端有mqttjs使用此URL并尝试连接web套接字如下.
var options = {
will : {
topic : LAST_WILL_TOPIC,
payload: getMessageString(wss_userId, wss_email, wss_userType, {})
},
clientId: wss_userType + '||' + wss_userId
};
wssClient = mqtt.connect(WSSURL, options);
这个代码在几个月之前就完美了,但是现在连接没有启动并且出现以下错误
failed: Error during WebSocket handshake: Unexpected response code: 403
小智 4
我们的团队最近也遇到了这个问题。
版本 > 1.2.0 的模块中存在问题aws-signature-v4。
这是一个代码:
`options.sessionToken = options.sessionToken || process.env.AWS_SESSION_TOKEN;`
AWS lambda 默认情况下有一个AWS_SESSION_TOKENinprocess.env
您应该使用 STS 承担角色并使用其中的 sessionToken
import v4 from 'aws-signature-v4' // ^1.3.0
import STS from 'aws-sdk/clients/sts'
const { IOT_ENDPOINT_HOST, IOT_ROLE_ARN } = process.env
const sts = new STS()
const createSocketUrl = async () => {
const data = await sts
.assumeRole({
RoleArn: IOT_ROLE_ARN,
RoleSessionName: `some-role-session-name`,
DurationSeconds: 3600
})
.promise()
return v4.createPresignedURL(
'GET',
IOT_ENDPOINT_HOST,
'/mqtt',
'iotdevicegateway',
'',
{
key: data.Credentials.AccessKeyId,
secret: data.Credentials.SecretAccessKey,
sessionToken: data.Credentials.SessionToken,
protocol: 'wss'
}
)
}
或者如果您不想使用 STS
import v4 from 'aws-signature-v4' // ^1.3.0
const { IOT_ENDPOINT_HOST, IOT_ACCESS_KEY_ID, IOT_SECRET_ACCESS_KEY } = process.env
const createSocketUrl = () => {
const { AWS_SESSION_TOKEN } = process.env
delete process.env['AWS_SESSION_TOKEN']
const url = v4.createPresignedURL(
'GET',
IOT_ENDPOINT_HOST,
'/mqtt',
'iotdevicegateway',
'',
{
key: IOT_ACCESS_KEY_ID,
secret: IOT_SECRET_ACCESS_KEY,
protocol: 'wss'
}
)
process.env['AWS_SESSION_TOKEN'] = AWS_SESSION_TOKEN
return url
}
| 归档时间: |
|
| 查看次数: |
563 次 |
| 最近记录: |