1 Answer
- Newest
- Most votes
- Most comments
2
Hello,
Please make sure the access control is properly formed. What you posted excludes the service which must be aws.greengrass.ipc.pubsub
. See the examples provided in https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-publish-subscribe.html#ipc-publish-subscribe-authorization.
Ex:
"aws.greengrass.ipc.pubsub": {
"com.component.test:pubsub:1": {
"policyDescription": "test policy",
"operations": [
"aws.greengrass#SubscribeToTopic"
],
"resources": [
"test/things/+/topic"
]
}
}
If you are changing the default configuration in your component, then make sure that you deploy the new default configuration values by using reset: [""]
in the deployment configuration update.
Also ensure that the policy name is unique within the device.
Cheers,
Michael
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
I excluded the top level part of the object, let me update. It includes what you mentioned above. The policy name is unique. Again, everything works when we don't use wildcards.
Using the greengrass local CLI or local debug console, please look at the active configuration for this component and post it.
I was just able to verify myself using Nucleus 2.11.3 (which has no changes relevant to this compared to 2.11.2). I am able to subscribe to
test/things/+/topic
when authorized only for subscribe to topic withtest/things/+/topic
as the resource.Yep, the active configuration was not updated correctly. IoT Core showed the correct default settings, but when we looked at the local config via the CLI is was showing the old version. This appears to be a problem in our deployment pipeline.
Thank you for your help! Marking as resolved.