Good evening everyone ๐,
I have a question that has been bugging me for a couple of hours at this point.
I'm trying to set up a local MQTT communication between a Lambda and a Native component. However, I keep running into authorization issues when I try to publish a message from the Lambda function.
I realized that in for Native components, such authorizations can be granted through accessControl parameters in the configuration of the component, such as:
"ComponentConfiguration": {
"DefaultConfiguration": {
"accessControl": {
"aws.greengrass.ipc.mqttproxy": {
"com.iotcommunication:mqttproxy:1": {
"policyDescription": "Allow IoT Core MQTT communication to component",
"operations": [
"aws.greengrass#SubscribeToIoTCore"
],
"resources": [
"thesis/start"
]
}
},
"aws.greengrass.ipc.pubsub": {
"com.localcommunication:pubsub:1": {
"policyDescription": "Allows Local MQTT communication to component",
"operations": [
"aws.greengrass#PublishToTopic",
"aws.greengrass#SubscribeToTopic"
],
"resources": [
"*"
]
}
}
}
}
},
However, this is not the case in a Lambda function component, where only Event Sources can be configured. These sources are just there for subscribing to topics, but not for publishing.
"componentLambdaParameters": {
"eventSources": [
{
"topic": "local/nocontainer/nopinned",
"type": "PUB_SUB"
}
],
}
Therefore, when a message is published by the Lambda function to the topic, the following error is given in the execution:
2023-11-02T15:51:44.247Z [ERROR] (pool-2-thread-62) lambda_nocontainer_nopinned: lambda_function.py:118,Unauthorized error while publishing to topic: thesis/gateway. {serviceInstance=1, serviceName=lambda_nocontainer_nopinned, currentState=RUNNING}
I'm assuming that this error is given due to insufficient access control. So my question is, how do I make this setup work where my Lambda function can just publish messages to a Local MQTT topic.
I appreciate it a lot ๐