我需要集成基于AWS IOT的MQTT服务。其他一些开发人员已经设置了MQTT并给我aws帐户凭据。他们还给了我们两个主题名称。一个用于发布数据,另一个用于订阅获取状态数据。
出于测试目的,我在AWS IOT Panel中创建了一个设备,它向我提供了节点iot sdk下载。我在本地计算机上设置的。然后,我在examples文件夹中使用设备示例脚本。我修改了设备随附的aws策略,以允许访问两个主题,一个主题用于发布,一个主题用于订阅。
但是所有这些都失败了。脚本给出以下输出。
connect
offline
close
reconnect
connect
offline
close
以此类推。
当我在AWS CloudWatch Logs中检查IOT时遇到问题。
{
"timestamp": "2018-10-25 07:13:10.056",
"logLevel": "ERROR",
"traceId": "TRACEID",
"accountId": "ACCOUNTID",
"status": "Failure",
"eventType": "Subscribe",
"protocol": "MQTT",
"topicName": "status topic name",
"clientId": "sdk-nodejs-uuid",
"principalId": "clientid",
"sourceIp": "IP",
"sourcePort": PORT,
"reason": "AUTHORIZATION_FAILURE"
}
我更改的政策是
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-east-2:clientid:topic/publish-topic-name"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe",
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-east-2:clientid:topic/subscribe-topic-name"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-east-2:clientid:client/sdk-nodejs-*",
"arn:aws:iot:us-east-2:clientid:topic/publish-topic-name",
"arn:aws:iot:us-east-2:clientid:topic/subscribe-topic-name"
]
}
]
}
然后,我什至为所有主题授予了所有iot权限,但仍然收到验证错误
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:*"
],
"Resource": [
"arn:aws:iot:us-east-2:clientid:client/sdk-nodejs-*",
"arn:aws:iot:us-east-2:clientid:topic/*"
]
}
]
}
对于发布,我只获得连接控制台的输出,也没有在Cloud Watch上获得任何日志,因此我不确定它是否成功。
更新:好的,我经过一番搜索后发现了问题,那就是在策略中添加topicfilter和topic。订阅主题看起来好像是必需的。更新的政策如下。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:*"
],
"Resource": [
"arn:aws:iot:us-east-2:clientid:client/sdk-nodejs-*",
"arn:aws:iot:us-east-2:clientid:topicfilter/*",
"arn:aws:iot:us-east-2:clientid:topic/*"
]
}
]
}
答案 0 :(得分:0)
您还配置了IoT策略吗?要使用IAM用户(WSS上的MQTT)连接到IoT平台,不仅需要允许访问的IAM策略,还需要允许访问的IoT策略。最重要的是,您应该检查策略是否使用了正确的资源标识符。为iot:publish和iot:subscribe定义资源的方式有所不同。