- Newest
- Most votes
- Most comments
Hello again,
I looked into the issue and it seems that device shadow is not the root cause.
FleetStatusService (FSS) is responsible for creating a new core device in cloud. If fleet provisioning is not finished when FSS starts, FSS goes offline during fleet provisioning and is not notified to restart, which fails to create a greengrass core in cloud and leads to the shadow error message you see in cloudwatch.
It is a recently discovered bug of FSS and we are working on a fix. In the meantime, you shouldn't have needed to create the shadow topic manually. Restarting greengrass nucleus alone after provisioning will restart of FSS and create a greengrass core in cloud, which is run the greengrass core software installation again
as you mentioned.
Could you confirm that restart nucleus alone can fix your issue? If yes, then it's this known issue we are fixing right now.
Let me know if you have any other questions.
Junfu
Hello,
By default, fleet provisioning does not require creating the shadow manually; classic shadows are created automatically. Could you share with me your configuration of IoT policy and shadow manager to help me reproduce your issue?
You mentioned that you found this error in Cloudwatch log. Could you also share which service is logging this error and some context around this log?
Thanks,
Junfu
Hey, Thanks for reaching out. I updated the question with the logs and the IoT Policy.
I have no shadow manager in use. I just install the greengrass core software on the edge device and then supposedely I need to get the greengrass core device in the console management but I do not. Instead, the core device is created as a thing and I need to go there and manually create a named device shadow with the name of the thing, then run the greengrass core software installation again and that would create greengrass core thing and show it in the AWS console management. I hope that gives you more details.
You can set up an IoT topic rule that listens to thing events and execute a Lambda function when a thing is created.
Here's an example CloudFormation template with the IoT rule and Lambda function.
AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Resources: ThingEventRule: Type: AWS::IoT::TopicRule Properties: RuleName: !Sub "ThingEvent" TopicRulePayload: RuleDisabled: false Sql: SELECT * FROM '$aws/events/thing/#' Actions: - Lambda: FunctionArn: !GetAtt ProvisioningFunction.Arn ProvisioningFunctionRole: Type: AWS::IAM::Role Properties: RoleName: !Sub "${AWS::StackName}-provisioning" AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: sts:AssumeRole Principal: Service: - lambda.amazonaws.com ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole ProvisioningFunction: Type: AWS::Serverless::Function Properties: FunctionName: !Sub "${AWS::StackName}-provisioning" Role: !GetAtt ProvisioningFunctionRole.Arn Timeout: 5 Handler: index.handler Runtime: python3.9 MemorySize: 512 CodeUri: ./thing-event-function ProvisioningFunctionPermission: Type: AWS::Lambda::Permission Properties: FunctionName: !GetAtt ProvisioningFunction.Arn Action: lambda:InvokeFunction Principal: iot.amazonaws.com SourceAccount: !Ref AWS::AccountId SourceArn: !GetAtt ThingEventRule.Arn
Here's the code for the Lambda function.
import boto3 import json import logging iotdata = boto3.client('iot-data') def handler(event, context): if 'operation' not in event or event['operation'] != 'CREATED': logging.warn('Ignoring non CREATED event') return # Add your properties here properties = {} # And finally update the thing's shadow iotdata.update_thing_shadow( thingName=event['thingName'], payload=json.dumps({'state': {'desired': properties}}) ) logging.info("Wrote shadow to thing")
Make sure to enable thing events in your AWS account as documented here https://docs.aws.amazon.com/iot/latest/developerguide/iot-events.html#iot-events-enable
Relevant content
- Accepted Answerasked 2 years ago
- asked 3 years ago
- Accepted Answerasked 8 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
Hey, Thank you again. Sadly, for some reason I cannot reach the AWS IoT section of the AWS management console. I get a black half circle on the screen and nothing is accessible thus I cannot test and confirm what you said. It is very weird that I have this and it is only for IoT, all other AWS services are accessible. Do you have any idea why is that?
Do you see any javascript errors in your browser console? if so could you paste the errors here and also a screenshot of the page? if not then it might be a server-side rendering issue but highly unlikely.
Hey, Just managed to fix that issue and now tried what you advised me to but I got an
authorization failure
error without literally changing anything. Very strange. Do you have any idea why that would be?{ "timestamp": "2021-12-21 20:59:22.486", "logLevel": "ERROR", "traceId": "0cdb55f5-2d44-7057-e224-a28735791", "accountId": "accound_id", "status": "Failure", "eventType": "Connect", "protocol": "MQTT", "clientId": "b99f2af6-4195-4145-86c4-", "principalId": "d4ef80aa40cbed0388db1b682198e9879fd009b8f89cf2037a9853fe", "sourceIp": "80.57.107.22", "sourcePort": 52891, "reason": "AUTHORIZATION_FAILURE", "details": "Authorization Failure" }
I just ran the command for installing greengrass just like I did before but instead of the Device Shadow error I got this one now.