Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
clientId not sent, or sent differently ?
See original GitHub issueHi, I suspect the ClientId is not sent properly.
I use clientid mobile_001
then I can subscribe to the topic:
device.subscribe(`$aws/things/mobile_001/shadow/update`);
Because the attached policy is defined with mobile_001 hardcoded:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [ "iot:Connect","iot:Receive", "iot:GetThingShadow"],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Subscribe",
"Resource":[
"arn:aws:iot:eu-west-1:xxxxxxxxxxxx:topicfilter/$aws/things/mobile_001/shadow/update"
]
}
]
}
But not when using ${iot:ClientId} instead of hardcoded mobile_001
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [ "iot:Connect","iot:Receive", "iot:GetThingShadow"],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Subscribe",
"Resource":[
"arn:aws:iot:eu-west-1:xxxxxxxxxxxx:topicfilter/$aws/things/${iot:ClientId}/shadow/update"
]
}
]
}
Where the only difference is the use of the variable ${iot:ClientId} The variable should be replaced with the client id when AWS checks credentials but apparently is not, or the client id doesn’t match ‘mobile_001’
The debug information shows the ClientID correctly though
{ clientId: 'mobile_001',
region: 'eu-west-1',
debug: true,
host: 'xxxxxxxxx.iot.eu-west-1.amazonaws.com',
protocol: 'wss',
sessionToken: '',
accessKeyId: '',
secretKey: '',
reconnectPeriod: 1000,
fastDisconnectDetection: true,
port: 443,
websocketOptions: { protocol: 'mqttv3.1' } }
Any ideas ?
Issue Analytics
- State:
- Created 7 years ago
- Comments:13 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thanks for providing detailed information. We were able to reproduce the same error on our end. What we also found was this issue only affects one use case, which is when the clientId variable is used in a policy attached to authorized Cognito identities. For non-Cognito based principals and non-authorized Cognito roles, the clientId variable can be correctly evaluated.
Since this is a backend bug, we have forwarded it to the relevant team, who has acknowledged this issue and already started working on a fix for it.
We apologize any inconveniences caused. Please feel free to let us know if there’s anything else we could help. Thank you.
I guess you were referring to Cognito Identity Id that you want to use instead of client Id? If that’s the case, you can use this variable in your policy ${cognito-identity.amazonaws.com:sub}. You can find more details here http://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html in the Cognito documentation.