0

我正在尝试从 AWS IoT(AWS IoT Embedded C SDK)运行本教程中的示例。

我的aws_iot_config.h文件具有以下配置:

#define AWS_IOT_MQTT_HOST              "XXXXXXX.iot.us-east-2.amazonaws.com" ///< Customer specific MQTT HOST. The same will be used for Thing Shadow
#define AWS_IOT_MQTT_PORT              8883 ///< default port for MQTT/S
#define AWS_IOT_MQTT_CLIENT_ID         "c-sdk-client-id" ///< MQTT client ID should be unique for every device
#define AWS_IOT_MY_THING_NAME          "SM1" ///< Thing Name of the Shadow this device is associated with
#define AWS_IOT_ROOT_CA_FILENAME       "iotRootCA.pem" ///< Root CA file name
#define AWS_IOT_CERTIFICATE_FILENAME   "deviceCert.crt" ///< device signed certificate file name
#define AWS_IOT_PRIVATE_KEY_FILENAME   "deviceCert.key" ///< Device private key filename

我的政策是这样的:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": "arn:aws:iot:us-east-2:338639570104:topic/sm1"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:us-east-2:338639570104:topic/sm1"
    }
  ]
}

当我运行subscribe_publish_sample示例时,我收到以下错误:

调试:iot_tls_connect L#236 ok
[协议是 TLSv1.2]
[密码套件是 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384]

调试:iot_tls_connect L#238 [记录扩展为 29]

调试:iot_tls_connect L#243。正在验证对等 X.509 证书...
调试:iot_tls_connect L#252 ok

调试:iot_tls_connect L#262。对等证书信息...

调试:iot_tls_connect L#264 证书。版本:3
序列号:3C:75:FE:30:01:DD:A3:B9:EF:72:DC:F6:7A:5C:A2:54
发行者名称:C=US, O=Symantec Corporation, OU =Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2 主题名称:C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.iot.us-east -2.amazonaws.com
发布于:2017-10-12 00:00:00
到期:2018-10-13 23:59:59
签名使用:具有 SHA256
EC 密钥大小的 ECDSA:256 位
基本约束:CA=false
主题替代名称:iot.us-east-2.amazonaws.com、*.iot.us-east-2.amazonaws.com
密钥用法:数字签名
ext key 用法:TLS Web 服务器身份验证、TLS Web 客户端身份验证

订阅...
错误:主要 L#206 订阅错误:-28

谁能告诉我发生了什么?我错过了什么吗?

4

2 回答 2

0

AWS IoT 核心策略操作位于https://docs.aws.amazon.com/iot/latest/developerguide/iot-policy-actions.html

示例客户端需要所有四个 MQTT 策略和需要iot:Publishiot:Receive、 和iot:SubscribesdkTest 主题。主题名称在示例中被硬编码为 sdkTest。所以这有效:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:us-east-2:338639570104:client/c-sdk-client-id"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": "arn:aws:iot:us-east-2:338639570104:client/c-sdk-client-id"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": "arn:aws:iot:us-east-2:338639570104:client/c-sdk-client-id"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:us-east-2:338639570104:client/c-sdk-client-id"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": "arn:aws:iot:us-east-2:338639570104:*sdkTest*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": "arn:aws:iot:us-east-2:338639570104:*sdkTest*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:us-east-2:338639570104:*sdkTest*"
    }
  ]
}
于 2020-06-18T14:22:55.080 回答
0

由于我没有找到与将数据从设备发送到 AWS IoT 的过程相关的完整教程,包括所需的所有步骤,因此我尝试将我使用的策略更改为:

{
  "Effect": "Allow",
  "Action": "iot:*",
  "Resource": "*"
}

虽然这个通配符Resource显然不太好,但这是我使用的方式,因为其他策略不起作用。

于 2018-03-19T18:29:00.347 回答