- Newest
- Most votes
- Most comments
Hi Albogd,
How did you configure Greengrass when installing? Is the certificate that Greengrass is using associated with the correct IoT thing?
Greengrass does not use the credentials from the .aws folder. We do not recommend that you store credentials on the device itself. Instead, Greengrass uses the an IoT role alias (which is associated to an IAM role ARN) for accessing AWS services. When Greengrass makes a call to an AWS service (such as S3), it gets credentials from the AWS IoT Credential Provider. Greengrass adds the HTTP header
x-amzn-iot-thingname
to the request and uses the ThingName from the Greengrass configuration.
You can check your
/greengrass/v2/config/effectiveConfig.yaml
to see what ThingName is being used by Greengrass or look for a log line like:
com.aws.greengrass.deployment.IotJobsHelper: Connection established to IoT cloud. {ThingName=<YOUR_THING_NAME>}
The AWS IoT documentation on authorizing access to AWS (https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html#authorizing-direct-aws.walkthrough) mentions the following:
The ThingName that you provide in x-amzn-iot-thingname must match the name of the AWS IoT Thing resource assigned to a cert. If it doesn't match, a 403 error is returned.
This appears to be the error that you are seeing - which can indicate that the certificate and ThingName in the request do not match.
Relevant content
- Accepted Answerasked a year ago
- asked 3 years ago
- asked 4 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago