UnauthorizedError when trying to publish data to local MQTT topic using AWS IoT Greengrass V2 IPC

Question

Hi, I'm playing around with Greengrass on a Raspberry Pi and I develop a simple component trying to get IPC working. I assume that is a permissions error but I see no differences between the examples and my code.

Here's the relevant bit of the recipe:

```
ComponentConfiguration:
  DefaultConfiguration:
    accessControl:
      aws.greengrass.ipc.pubsub:
        "example.greengrass.CpuTemperature:pubsub:1":
          policyDescription: Allows access to publish to all topics.
          operations:
            - aws.greengrass#PublishToTopic
          resources:
            - "*"
```

The code:

```
import time
import json

import awsiot.greengrasscoreipc.clientv2 as clientV2

TOPIC = "CPU/info"

def get_cpu_temp():
    temp_file = open("/sys/class/thermal/thermal_zone0/temp")
    cpu_temp = temp_file.read()
    temp_file.close()
    return float(cpu_temp) / 1000

def main():
    # Create an IPC client.
    ipc_client = clientV2.GreengrassCoreIPCClientV2()

while True:
        cpu_temp = get_cpu_temp()
        print("CPU temperature: {:.2f} C".format(cpu_temp))

# Create a payload.
        payload = json.dumps({"temperature": cpu_temp})

# Publish the payload to AWS IoT Core.
        resp = ipc_client.publish_to_iot_core(
            topic_name=TOPIC, qos="1", payload=payload
        )

print("successfully published message:", resp)

time.sleep(1)  # sleep for 1 second

if __name__ == "__main__":
    main()
```

And the error:

```
2024-04-12T17:14:51.551Z [WARN] (Copier) example.greengrass.CpuTemperature: stderr. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^. {scriptName=services.example.greengrass.CpuTemperature.lifecycle.Run, serviceName=example.greengrass.CpuTemperature, currentState=RUNNING}
2024-04-12T17:14:51.551Z [WARN] (Copier) example.greengrass.CpuTemperature: stderr. File "/usr/lib/python3.11/concurrent/futures/_base.py", line 456, in result. {scriptName=services.example.greengrass.CpuTemperature.lifecycle.Run, serviceName=example.greengrass.CpuTemperature, currentState=RUNNING}
2024-04-12T17:14:51.551Z [WARN] (Copier) example.greengrass.CpuTemperature: stderr. return self.__get_result(). {scriptName=services.example.greengrass.CpuTemperature.lifecycle.Run, serviceName=example.greengrass.CpuTemperature, currentState=RUNNING}
2024-04-12T17:14:51.551Z [WARN] (Copier) example.greengrass.CpuTemperature: stderr. ^^^^^^^^^^^^^^^^^^^. {scriptName=services.example.greengrass.CpuTemperature.lifecycle.Run, serviceName=example.greengrass.CpuTemperature, currentState=RUNNING}
2024-04-12T17:14:51.551Z [WARN] (Copier) example.greengrass.CpuTemperature: stderr. File "/usr/lib/python3.11/concurrent/futures/_base.py", line 401, in __get_result. {scriptName=services.example.greengrass.CpuTemperature.lifecycle.Run, serviceName=example.greengrass.CpuTemperature, currentState=RUNNING}
2024-04-12T17:14:51.551Z [WARN] (Copier) example.greengrass.CpuTemperature: stderr. raise self._exception. {scriptName=services.example.greengrass.CpuTemperature.lifecycle.Run, serviceName=example.greengrass.CpuTemperature, currentState=RUNNING}
2024-04-12T17:14:51.551Z [WARN] (Copier) example.greengrass.CpuTemperature: stderr. File "/usr/local/lib/python3.11/dist-packages/awsiot/eventstreamrpc.py", line 723, in _on_continuation_message. {scriptName=services.example.greengrass.CpuTemperature.lifecycle.Run, serviceName=example.greengrass.CpuTemperature, currentState=RUNNING}
2024-04-12T17:14:51.551Z [WARN] (Copier) example.greengrass.CpuTemperature: stderr. raise shape. {scriptName=services.example.greengrass.CpuTemperature.lifecycle.Run, serviceName=example.greengrass.CpuTemperature, currentState=RUNNING}
2024-04-12T17:14:51.551Z [WARN] (Copier) example.greengrass.CpuTemperature: stderr. awsiot.greengrasscoreipc.model.UnauthorizedError. {scriptName=services.example.greengrass.CpuTemperature.lifecycle.Run, serviceName=example.greengrass.CpuTemperature, currentState=RUNNING}
2024-04-12T17:14:51.613Z [INFO] (Copier) example.greengrass.CpuTemperature: Run script exited. {exitCode=1, serviceName=example.greengrass.CpuTemperature, currentState=RUNNING}
```

In my research I found https://repost.aws/questions/QU-jdWszoHRByDe5g4esM8RQ/unauthorizederror-when-publishing-to-local-mqtt but it didn't work , maybe I did something wrong. What I did is: create a new revision of my deployment,  modify the example.greengrass.CpuTemperature config and in the "Reset paths" I used [ "" ]

Accepted Answer

Hello,

The problem is that you're calling `publish_to_iot_core`, but you've allowed `publish_to_topic`. These are different APIs that do different things and need different permissions. If you want to publish to iot core, then you must allow that API. If instead you want to publish to a local topic, then you need to use `publish_to_topic` API.

See: 
- Local publish subscribe: https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-publish-subscribe.html
- IoT Core: https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-iot-core-mqtt.html

Cheers,

Michael

UnauthorizedError when trying to publish data to local MQTT topic using AWS IoT Greengrass V2 IPC

Relevanter Inhalt