- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
It is possible the IoT rule does not have the proper permissions to send to DynamoDB. See this documentation page on Granting an AWS IoT rule the access it requires.
The user also requires the iam:PassRole
permission to pass the role to the rules engine. You can see directions on how to create the permissions in the documentation page on Pass role permissions.
Here is how I did it.
- Create a role with a policy to allow writting to DyanamoDB.
const role = new aws_iam.Role( this, 'RoleForIoTCoreToAccessDDB, { roleName: 'RoleForIoTCoreToAccessDDB', assumedBy: new aws_iam.ServicePrincipal('iot.amazonaws.com') } )
attach an inline policy
role.attachInlinePolicy(
new aws_iam.Policy(
this,
'PolicyForIoTcoreToAccessDDB',
{
policyName: 'PolicyForIoTcoreToAccessDDB',
statements: [
new aws_iam.PolicyStatement(
{
actions: ['dynamodb:*'],
resources: ['*']
}
)
]
}
)
)
- Attach the role to an IoT topic rule
const topicRule = new aws_iot.CfnTopicRule( this, 'TopicRuleDemo', { ruleName: 'TopicRuleDemo', topicRulePayload: { actions: [ { dynamoDb: { hashKeyField: 'id', hashKeyValue: 'device01', hashKeyType: 'STRING', rangeKeyField: 'timestamp', rangeKeyValue: '${timestamp()}', rangeKeyType: 'STRING', roleArn: role.roleArn, tableName: table.tableName } } ], sql: `SELECT *, cast(timestamp() as STRING) AS timestamp FROM 'topic/subtopic'` } } )
Thank you for the feedback. Would you be able to provide some more information on where you add the " const role..." code? Thanks
I needed to add the "AWSIoTRuleAction" permission to the role. It is working properly now. Thanks for everyone's help
Can you tell me where/how you did this? I am teaching a class and all student following this example are running into this issue. I need a way to explain this to them so they (and I) understand :)
If you haven't, enable logging for AWS IoT Core. When the rule execution fails you will find the reason in CloudWatch logs.
BTW: the region name u-west-1 is not valid, it is us-west-1.
KR, Philipp
Thank you for the feedback. I enabled logging, but am not seeing any errors when publishing the MQTT message
You can use CloudWatch insights to search for different topics. You can search for your rule name to find out if the rule is called and if it is called what the result is. You can also look for logging levels like ERROR or look to which topics your client is publishing to to follow the whole chain of publish->call rule->rule result.
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 3 anni fa
Thank you for the feedback. Would you be able to provide some greater detail about the proper permissions. I went the documentation page and when I attempted to create a trust policy, the JSON code gave an error using what was on the documentation page. Also where it says "use the create role command" where would I use that command? Sorry I am new to AWS IoT