Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

connection lost - will attempt reconnection in 8 seconds...

See original GitHub issue

Hello, I am using cognito to authenticate users and then creating a thing for each user and attaching the identity as principal to this newly created thing. This flow works great with temperature monitor example but if we delete cognito user and re signup with same credentials then identityId is different now and hence connection isn’t establishing properly because this new Identity is not attached to thing. I am just getting connect lost message. Please see below console logs:

` canonical request: GET /mqtt X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=credentials%2F20171221%2Fus-east-1%2Fiotdata%2Faws4_request&X-Amz-Date=20171221T062241Z&X-Amz-SignedHeaders=host host:xxxxxxxxxxxxxx.iot.us-east-1.amazonaws.com

hashed canonical request: dcb90b2e32d2d672d49837d88a67a404de076275d0c4659f1ba0f20cd6bdbc60

string to sign: AWS4-HMAC-SHA256 20171221T062241Z 20171221/us-east-1/iotdata/aws4_request dcb90b2e32d2d672d49837d88a67a404de076275d0c4659f1ba0f20cd6bdbc60

signing key: <key>

signature: <signature>

url: wss://xxxxxxxxxxxxx.iot.us-east-1.amazonaws.com/mqtt?X-Amz-Algorithm=AWS4-…lVdkb2EeJzsxnCtMZF2EDd4NEyZKJ%2BTaOSjsN%2FqILRt%2FYEmmUv8IGFHUwq6bt0QU%3D

using websockets, will connect to 'wss://xxxxxxxxxxxxx.iot.us-east-1.amazonaws.com/mqtt?X-Amz-Algorithm=AWS4-…

connection lost - will attempt reconnection in 4 seconds…

reconnecting… request: GET /mqtt X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=credentials%2F20171221%2Fus-east-1%2Fiotdata%2Faws4_request&X-Amz-Date=20171221T062247Z&X-Amz-SignedHeaders=host host:xxxxxxxxxxxxx.iot.us-east-1.amazonaws.com

hashed canonical request: 09a54e3c77937628ddcd19c2c08a94aafd13fea50af1fbf24094b4a9a793e00e

string to sign: AWS4-HMAC-SHA256 20171221T062247Z 20171221/us-east-1/iotdata/aws4_request 09a54e3c77937628ddcd19c2c08a94aafd13fea50af1fbf24094b4a9a793e00e

signing key: <key>

signature: <signature>

url: wss://xxxxxxxxxxxxx.iot.us-east-1.amazonaws.com/mqtt?X-Amz-Algorithm=AWS4-…lVdkb2EeJzsxnCtMZF2EDd4NEyZKJ%2BTaOSjsN%2FqILRt%2FYEmmbUv8IGFHUwq6bt0QU%3D

using websockets, will connect to 'wss://xxxxxxxxxxxxx.iot.us-east-1.amazonaws.com/mqtt?X-Amz-Algorithm=AWS4-…

connection lost - will attempt reconnection in 8 seconds… `

Issue Analytics

State:
Created 6 years ago
Comments:15 (5 by maintainers)

Top GitHub Comments

5reactions

gpcrawfordcommented, Jan 6, 2018

@juhamust - this thread was very helpful in pointing me in the right direction: https://github.com/aws/aws-iot-device-sdk-js/issues/155

The key ingredient is attaching the policy defined in the IoT console for your thing to your authenticated identity. This is pretty straightforward and is done with the AWS.iot.attachPolicy method ( https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Iot.html#attachPolicy-property )

For development purposes, my IoT policy is defined as:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:*"
      ],
      "Resource": "*"
    }
  ]
}

(Note that this policy is defined in AWS IoT - I used the AWS IoT console to do so.)

For example if your policy is named “MyIoTPolicy” and in your code you have your credentials in AWS.config.credentials and your MQTT client is setup as mqttClient you could use the following:

var iot = new AWS.iot();

var policyParams = {
  policyName: "MyIoTPolicy",
  target: AWS.config.credentials.identityId
};

iot.attachPolicy(policyParams, (err, data) => {
  if (err) {
    console.log("ERR - Attaching policy: "+err)
  }
  else {
    console.log("Policy successfully attached.");

    //Now that policy is attached, set credentials for MQTT client
    this.mqttClient.updateWebSocketCredentials(
      AWS.config.credentials.accessKeyId, 
      AWS.config.credentials.secretAccessKey,
      AWS.config.credentials.sessionToken
    );

  }
})

I am using typescript and Angular…

Originally, I tried the full ARN for the IoT policy name but it turns out that you only need the name (MyIoTPolicy in this case).

Note that I think you also need that the IAM role for the authenticated identity have access to IoT (For dev purposes I am using the AWSIoTFullAccess policy attached to the IAM role)

I can provide more details if needed.

1reaction

gpcrawfordcommented, Jan 4, 2018

I too am seeing this issue when trying to implement the browser/mqtt-explorer example. I am authenticating from the browser using Cognito user pools and identities and I know the authentication works because I can access a dynamodb table from browser code after authenticating (the cognito role allows dynamodb access). The cognito auth role includes full AWS Iot Access permissions. I have enabled unauthenticated login. However, I am seeing debug output in the console exactly as described by the original post above.

Top Results From Across the Web

React & AWS IoT MQTT over WSS - "connection lost

Show activity on this post. I am unable to successfully connect to an AWS IoT device via MQTT using websockets with authenticated cognito...

MQTT reconnection problem - FreeRTOS Community Forums

i set keep alive time to 30 seconds, now controller has connected to mqtt and subscribed to one topic. suppose it lost the...

MQTT/PubSubClient problem with timers & reconnect - Ubidots

Typical reconnect times are around 2.5 seconds, but can go as high as 4.5 seconds. If it exceeds 8 seconds the watchdog timer...

Reconnect a Python socket after it has lost its connection

Learn how to automatically attempt to reconnect a Python client socket once it has lost its connection to the server socket.

ESP32 Reconnect to Wi-Fi After Lost Connection network

To reconnect to Wi-Fi after a connection is lost, you can use WiFi.reconnect() to ... try reconnecting every CHECK_WIFI_TIME seconds if ((WiFi.status() !=...