AUTHORIZATION_FAILURE IoT Core

0

Hello,

I've tried to connect my SCADA system (WinCC OA) to AWS IoT Core, and I managed to connect my system and publish messages to IoT core after following WinCC OA documentation. I have a root-CA.crt certificate, and also the provided Client certificate and Client private key. However, the next day my logs show authorization failure, and now I cannot connect to IoT Core.

Why am I suddenly not authorized anymore? I have made policies for the pub/sub topics (kiv_vra/sms_data and kiv_vra_sms_read):

Any idea why I'm not authorized to connect from my SCADA system anymore? Thing name: WCCOA_SMS_Client ClientID used: basicPubSub

1 Resposta
2
Resposta aceita

The sudden authorization failure in your SCADA system's connection to AWS IoT Core could be due to a few potential reasons. The most common cause is that the client certificate and private key being used have expired. IoT Core credentials typically have a limited lifespan for security reasons, so you'll need to generate new credentials and update the configuration in your SCADA system accordingly.

Another possibility is that the credentials have been revoked by AWS IoT Core due to security concerns or if the credentials have been compromised. Additionally, if you've made any changes to the IoT Core policies associated with your "WCCOA_SMS_Client" thing, the new policies may not be granting the necessary permissions for your SCADA system to connect and publish/subscribe to the specified topics.

It's also worth considering if your SCADA system is exceeding the default throttling limits set by AWS IoT Core, which could lead to the authorization failure. You should check the CloudWatch logs or IoT Core metrics to see if your system is hitting any throttling limits, and adjust your connection patterns or consider increasing the throttling limits if necessary.

To troubleshoot this issue, you should start by verifying the expiration of the client certificate and private key, regenerating new credentials if needed, and double-checking the IoT Core policies to ensure they grant the required permissions. Additionally, you can enable extended logging in your SCADA system's IoT Core integration to review the logs for any more detailed error messages or clues about the authorization failure. If the issue persists, you may need to contact AWS Support for further assistance in investigating the problem.

respondido há 3 meses
profile picture
ESPECIALISTA
avaliado há 9 dias

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas