rek*_*eku 0 amazon-web-services aws-cli aws-iot aws-amplify aws-policies
我正在尝试配置 AWS IoT 以与 AWS Amplify 一起使用。我总是看到错误为“ AMQJS0008I 套接字已关闭。 \xe2\x80\x9d 并且 CloudWatch 说 \xe2\x80\x9c AUTHORIZATION_FAILURE \xe2\x80\x9d。这是我配置的
\n\n {\n "Version": "2012-10-17",\n "Statement": [\n {\n "Sid": "VisualEditor0",\n "Effect": "Allow",\n "Action": [\n "cognito-identity:*",\n "mobileanalytics:PutEvents",\n "cognito-sync:*",\n "iot:Connect",\n "iot:Publish",\n "iot:Subscribe",\n "iot:Receive",\n "iot:GetThingShadow",\n "iot:UpdateThingShadow",\n "iot:DeleteThingShadow",\n "iot:AttachPolicy",\n "iot:AttachPrincipalPolicy"\n ],\n "Resource": "*"\n }\n ]\n }\n{\n "Version": "2012-10-17",\n "Statement": [\n {\n "Effect": "Allow",\n "Action": "iot:Connect",\n "Resource": "arn:aws:iot:ap-south-1:XXXXXXX:client/${iot:ClientId}"\n },\n {\n "Effect": "Allow",\n "Action": [\n "iot:Publish",\n "iot:Subscribe",\n "iot:Receive"\n ],\n "Resource": "arn:aws:iot:ap-south-1:XXXXXXX:topic/*"\n },\n {\n "Effect": "Allow",\n "Action": [\n "iot:UpdateThingShadow",\n "iot:GetThingShadow",\n "iot:DeleteThingShadow"\n ],\n "Resource": "arn:aws:iot:ap-south-1:XXXXXXX:thing/*"\n },\n {\n "Effect": "Allow",\n "Action": [\n "iot:AttachPrincipalPolicy\xe2\x80\x9d,\n "iot:AttachPolicy"\n ],\n "Resource": [\n "*"\n ]\n }\n ]\n}\naws iot attach-policy --policy-name "hub-iot-policy" --target "ap-south-1:XXXX-USER_COGNITO_IDENTITY\n \xe2\x80\x9c@aws-amplify/api": "^3.1.7",\n "@aws-amplify/auth": "^3.2.4",\n "@aws-amplify/core": "^3.2.4",\n "@aws-amplify/pubsub": "^3.0.8\xe2\x80\x9d,\n代码是
\n\nPubSub.addPluggable(new AWSIoTProvider({\n aws_pubsub_region: config.pubsub.REGION,\n aws_pubsub_endpoint: `wss://${config.pubsub.MQTT_ID}.iot.${config.pubsub.REGION}.amazonaws.com/mqtt`,\n }));\nPubSub.subscribe(\'hub31-iot-thing\').subscribe({\n next: data => console.log(\'Message received\', data),\n error: error => console.error(error),\n close: () => console.log(\'Done\'),\n });\n }\n\n\n\n{提供商:AWSIoTProvider,错误:{\xe2\x80\xa6}}错误:{inplicationContext:\n未定义,错误代码:8,errorMessage:“ AMQJS0008I套接字\n已关闭。 ”}提供商:AWSIoTProvider {_config:{\xe2\ x80\xa6},_clientsQueue:\n ClientsQueue,_topicObservers:Map(1),_clientIdObservers:Map(1)}
\n
{\n "timestamp": "2020-04-21 00:13:24.953",\n "logLevel": "ERROR",\n "traceId": \xe2\x80\x9c308de5a7-XXXX-d2d5-XXXX-7e24b6d6e0e6",\n "accountId": \xe2\x80\x9cXXXXXXXX",\n "status": "Failure",\n "eventType": "Connect",\n "protocol": "MQTT",\n "clientId": \xe2\x80\x9cf5e1abef-XXXX-44af-XXXX-4a327b45481c",\n "principalId": \xe2\x80\x9cXXXXX:CognitoIdentityCredentials",\n "sourceIp": \xe2\x80\x9cXXXX",\n "sourcePort": 59101,\n "reason": "AUTHORIZATION_FAILURE",\n "details": "Authorization Failure"\n}\n遇到同样的错误,这就是我解决的方法。
\n\n1. Cognito 政策为
\n\n{\n "Version": "2012-10-17",\n "Statement": [\n {\n "Sid": "VisualEditor0",\n "Effect": "Allow",\n "Action": [\n "iot:Receive",\n "cognito-identity:*",\n "iot:Subscribe",\n "iot:AttachPolicy",\n "iot:AttachPrincipalPolicy",\n "iot:Connect",\n "mobileanalytics:PutEvents",\n "iot:GetThingShadow",\n "iot:DeleteThingShadow",\n "iot:UpdateThingShadow",\n "iot:Publish",\n "cognito-sync:*"\n ],\n "Resource": "*"\n }\n ]\n}\n另请注意,AttachPrincipalPolicy 已弃用,但为了安全起见,我将其包含在内
\n\n2. 物联网政策为
\n\n{\n "Version": "2012-10-17",\n "Statement": [\n {\n "Effect": "Allow",\n "Action": "iot:*",\n "Resource": "*"\n }\n ]\n}\n3. 通过 lambda 或 AWS CLI 将 IoT 策略附加到个人认知身份。\n使用 CLI 这个命令看起来像
\n\naws iot attach-policy --policy-name "iot-policy" --target "ap-south-1:XXXX-USER-COGNITO-IDENTITY\xe2\x80\x9d\n再次注意 AttachPrincipalPolicy 已弃用,请使用 AttachPolicy
\n\n使用拉姆达:
\n\nexport const main = async (event, context, callback) => {\n const principal = event.requestContext.identity.cognitoIdentityId;\n const policyName = \'iot-policy\';\n\n const iot = new AWS.Iot();\n await iot.attachPrincipalPolicy({ principal, policyName }).promise();\n callback(null, "success");\n};\n4. 测试\n如果您的前端配置正确,您应该能够解决 \n errorCode: 8, errorMessage: AMQJS0008I Socket closeed错误。
\n\n5. 微调\n现在根据您的要求微调 iot-policy 并立即检查更改是否有效
\n| 归档时间: |
|
| 查看次数: |
4051 次 |
| 最近记录: |