Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
IOT Security Credentials from EC2 Instance Metadata
See original GitHub issueSo, I’m running a service in an EC2 instance which publishes to iot using this device sdk. I have decided to use the websocket protocol for this. The websocket protocol requires a Access Key ID and a Secret Key, but I would rather specify a role in my EC2 instance profile.
According to many places in the docs, “the AWS SDKs… automatically get the credentials from the EC2 instance metadata service and use them.”
So, as long as a role is assigned to the EC2 instance, the sdk should grab the keys automatically. I don’t see that behavior from this code though. I get the following error.
{ Error: ENOENT: no such file or directory, open 'C:\Users\Administrator\.aws\credentials'
at Error (native)
at Object.fs.openSync (fs.js:641:18)
at Object.fs.readFileSync (fs.js:509:33)
at DeviceMQTT.DeviceClient (C:\Users\Administrator\Services\iot-service\node_modules\aws-iot-device-sdk\device\index.js:446:43)
at DeviceMQTT (C:\Users\Administrator\Services\iot-service\server.js:27:9)
at Request.awsIot.device.request [as _callback] (C:\Users\Administrator\Services\iot-service\server.js:86:20)
at Request.self.callback (C:\Users\Administrator\Services\iot-service\node_modules\request\request.js:188:22)
at emitTwo (events.js:106:13)
at Request.emit (events.js:191:7)
at Request.<anonymous> (C:\Users\Administrator\Services\iot-service\node_modules\request\request.js:1171:10)
errno: -4058,
code: 'ENOENT',
syscall: 'open',
path: 'C:\\Users\\Administrator\\.aws\\credentials' }
Failed to read credentials from C:\Users\Administrator\.aws\credentials
To connect via WebSocket/SigV4, AWS Access Key ID and AWS Secret Key must be passed either in options or as environment variables; see README.md
I would just provide the keys explicitly, but AWS swaps them out periodically.
const awsIot = require("aws-iot-device-sdk");
const aws = require("aws-sdk");
var aws_params = {
region: "us-west-2"
};
aws.config.update(aws_params);
var wsClient = new awsIot.device({
region: aws.config.region,
protocol: 'wss'
port: 443,
host: 'xxxxxxxxxxx.iot.us-west-2.amazonaws.com'
});
Issue Analytics
- State:
- Created 6 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@groteworld Thanks for that direction. I was not aware that such a thing existed. 😄
It might work for now, since I’m only publishing to the IoT topic right now, but I find it a bit concerning that it only has four methods,
deleteThingShadow,getThingShadow,publish, andupdateThingShadow. It’s very odd that it has no ability to subscribe to a topic. Seems like it’s made for applications that don’t have the ability to stay connected to a websocket/mqtt connection.However, I will need the ability to subscribe to topics in the future, so it’s not a permanent solution.
Hey @LeviDooley,
I’d suggest using the JavaScript
aws-sdk.IotDataAPI for this. This device SDK is more closely tied to the X.509 cert authentication, but I don’t know everything, so hopefully I find out something new for this too!