0

我正在尝试将 AWS IoT 配置为与 AWS Amplify 一起使用。我总是看到错误为“ AMQJS0008I Socket closed. ”,而 CloudWatch 显示“ AUTHORIZATION_FAILURE ”。这是我配置的

  1. 经过身份验证的 Cognito 身份池的 I AM 策略
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "cognito-identity:*",
                    "mobileanalytics:PutEvents",
                    "cognito-sync:*",
                    "iot:Connect",
                    "iot:Publish",
                    "iot:Subscribe",
                    "iot:Receive",
                    "iot:GetThingShadow",
                    "iot:UpdateThingShadow",
                    "iot:DeleteThingShadow",
                    "iot:AttachPolicy",
                    "iot:AttachPrincipalPolicy"
                ],
                "Resource": "*"
            }
        ]
    }
  1. Cognito Identity 的 IoT 策略
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:ap-south-1:XXXXXXX:client/${iot:ClientId}"
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Subscribe",
        "iot:Receive"
      ],
      "Resource": "arn:aws:iot:ap-south-1:XXXXXXX:topic/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:UpdateThingShadow",
        "iot:GetThingShadow",
        "iot:DeleteThingShadow"
      ],
      "Resource": "arn:aws:iot:ap-south-1:XXXXXXX:thing/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:AttachPrincipalPolicy”,
        "iot:AttachPolicy"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
  1. 使用 AWS CLI 附加个人认知身份
aws iot attach-policy --policy-name "hub-iot-policy" --target "ap-south-1:XXXX-USER_COGNITO_IDENTITY
  1. 使用包使用 AWS Amplify 连接和订阅
    “@aws-amplify/api": "^3.1.7",
    "@aws-amplify/auth": "^3.2.4",
    "@aws-amplify/core": "^3.2.4",
    "@aws-amplify/pubsub": "^3.0.8”,

代码是

PubSub.addPluggable(new AWSIoTProvider({
      aws_pubsub_region: config.pubsub.REGION,
      aws_pubsub_endpoint: `wss://${config.pubsub.MQTT_ID}.iot.${config.pubsub.REGION}.amazonaws.com/mqtt`,
    }));
PubSub.subscribe('hub31-iot-thing').subscribe({
      next: data => console.log('Message received', data),
      error: error => console.error(error),
      close: () => console.log('Done'),
    });
  }
  1. JS 控制台抛出错误为

{provider: AWSIoTProvider, error: {…}}error: {invocationContext: undefined, errorCode: 8, errorMessage: " AMQJS0008I Socket closed. "}provider: AWSIoTProvider {_config: {…}, _clientsQueue: ClientsQueue, _topicObservers: Map(1 ), _clientIdObservers: Map(1)}

  1. Cloudwatch 给出错误为AUTHORIZATION_FAILURE
{
    "timestamp": "2020-04-21 00:13:24.953",
    "logLevel": "ERROR",
    "traceId": “308de5a7-XXXX-d2d5-XXXX-7e24b6d6e0e6",
    "accountId": “XXXXXXXX",
    "status": "Failure",
    "eventType": "Connect",
    "protocol": "MQTT",
    "clientId": “f5e1abef-XXXX-44af-XXXX-4a327b45481c",
    "principalId": “XXXXX:CognitoIdentityCredentials",
    "sourceIp": “XXXX",
    "sourcePort": 59101,
    "reason": "AUTHORIZATION_FAILURE",
    "details": "Authorization Failure"
}
4

1 回答 1

4

得到了同样的错误,这就是我解决它的方法。

1.认知策略为

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iot:Receive",
                "cognito-identity:*",
                "iot:Subscribe",
                "iot:AttachPolicy",
                "iot:AttachPrincipalPolicy",
                "iot:Connect",
                "mobileanalytics:PutEvents",
                "iot:GetThingShadow",
                "iot:DeleteThingShadow",
                "iot:UpdateThingShadow",
                "iot:Publish",
                "cognito-sync:*"
            ],
            "Resource": "*"
        }
    ]
}

另请注意,不推荐使用 AttachPrincipalPolicy,但为了更安全,我将其包含在内

2. 物联网政策作为

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:*",
      "Resource": "*"
    }
  ]
}

3. 通过 lambda 或 AWS CLI 将 IoT 策略附加到个人认知身份。 使用 CLI 这个命令看起来像

aws iot attach-policy --policy-name "iot-policy" --target "ap-south-1:XXXX-USER-COGNITO-IDENTITY”

再次注意 AttachPrincipalPolicy 已弃用,请使用 AttachPolicy

使用 lambda:

export const main = async (event, context, callback) => {
    const principal = event.requestContext.identity.cognitoIdentityId;
    const policyName = 'iot-policy';

    const iot = new AWS.Iot();
    await iot.attachPrincipalPolicy({ principal, policyName }).promise();
    callback(null, "success");
};

4.测试 如果你的前端配置正确,应该可以解决 errorCode: 8, errorMessage: AMQJS0008I Socket closed错误。

5. 现在微调 根据您的要求微调 iot-policy 并立即检查更改是否有效

于 2020-04-22T08:01:39.453 回答