Internet of Things (IoT)

There are billions of devices in homes, factories, oil wells, hospitals, cars, and thousands of other places. With the proliferation of devices, you increasingly need solutions to connect them, and collect, store, and analyze device data.

Recent questions

see all
1/18

mutual TLS authentication for Amazon API Gateway - With my existing public key infrastructure (PKI) standard.

Hello Team, I am trying to enable mTLS for Amazon API Gateway for my endpoint, and I have my existing public key (PKI) for my domain (.crt & .key)..While using to upload my existing root CA public key in S3 bucket, I am getting some error like "API Gateway couldn’t build a unique path from the given certificate to a root certificate". I am following the setup using this link, Ref : https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/ Note : I am not using the openssl to generate the RootCA.pem & RootCA.key. Step 1: (SKIP) Create the private certificate authority (CA) private and public keys: openssl genrsa -out RootCA.key 4096 openssl req -new -x509 -days 3650 -key RootCA.key -out RootCA.pem Step 2: Create client certificate private key and certificate signing request (CSR): openssl genrsa -out my_client.key 2048 openssl req -new -key my_client.key -out my_client.csr Step 3: Sign the newly created client cert by using your certificate authority you previously created: openssl x509 -req -in my_client.csr -CA RootCA.pem -CAkey RootCA.key -set_serial 01 -out my_client.pem -days 3650 -sha256 Step 4: I have a minimum of five files in my directory RootCA.key (root CA private key) RootCA.pem (root CA public key) my_client.csr (client certificate signing request) my_client.key (client certificate private key) my_client.pem (client certificate public key) Step 5: Prepare a PEM-encoded trust store file for all certificate authority public keys you want to use with mutual TLS: cp RootCA.pem truststore.pem Step 6: Upload the trust store file to an Amazon S3 bucket in the same AWS account as our API Gateway API. aws s3 mb s3://your-name-ca-truststore --region us-east-1 #creates a new S3 bucket – skip if using existing bucket aws s3api put-bucket-versioning --bucket your-name-ca-truststore --versioning-configuration Status=Enabled #enables versioning on S3 bucket aws s3 cp truststore.pem s3://your-name-ca-truststore/truststore.pem #uploads object to S3 bucket Step 7: Enabling mutual TLS on a custom domain name I have in AWS API gateway console, While I upload my existing root CA public key in S3 bucket, I am getting some error like Error : "API Gateway couldn’t build a unique path from the given certificate to a root certificate". Error : "There is an invalid certificate in your truststore bundle Mutual TLS is still enabled, but some clients might not be able to access your API. Upload a new truststore bundle version to S3, and then update your domain name to use the new version."
1
answers
0
votes
10
views
asked a day ago

Send JSON documents with the pubsub.py sample app - MQTT Test Client displays string not json

Hi, I am new to AWS IoT and working through the SDK tutorials. Using RPi3B and python. https://docs.aws.amazon.com/iot/latest/developerguide/sdk-tutorials.html - I am @ "publish JSON documents in the message payload". I created pubsub3.py & changed the line of code: ...message = "{}".format(message_string). Tutorial says to 'change this line of code' to... message = "{}".format(args.message) BUT my pubsub.py has .format(message_string) var instead. The MQTT Test client is displaying as string literal and not interpreting/formatting correctly in json format. I have tried all sorts of combinations of quotes and breaks and brackets (" \ ' { ] ). From what I see it should be sending the payload as a json string... Command line: pi3@raspberrypi:~ $ python3 aws-iot-device-sdk-python-v2/samples/pubsub3.py --message '{"temperature":40}' --count 1 --topic pi3/battery1/data --endpoint... _______________ pubsub3.py: message = "{}".format(message_string) print("Publishing message to topic '{}': {}".format(message_topic, message)) message_json = json.dumps(message) mqtt_connection.publish( topic=message_topic, payload=message_json, qos=mqtt.QoS.AT_LEAST_ONCE) time.sleep(1) __________________ Terminal: Sending 1 message(s) Publishing message to topic 'pi3/battery1/data': {"temperature":40} Received message from topic 'pi3/battery1/data': b'"{\\"temperature\\":40}"' ____________________ MQTT Test Client: pi3/battery1/data December 01, 2022, 11:59:52 (UTC-0500) "{temperature: 40}" If someone could offer me some assistance I would be very grateful!
1
answers
0
votes
15
views
asked a day ago

Greegrass V2 Component Deployment Issue.

Hi Team, I have created one ReactJS application and deployed in Greengrass V2 using component recipe with following details. "Lifecycle": { "Install": { "RequiresPrivilege": true, "Script": "yarn install --cwd {artifacts:decompressedPath}/softacuity-code", "Timeout": 6000 }, "Run": { "Script": "chmod 777 {artifacts:decompressedPath}/softacuity-code/node_modules \n npm start --prefix {artifacts:decompressedPath}/softacuity-code" } }, "Artifacts": [ { "Uri": "s3://elsa-component-artifacts/FrontEndManager/customer_board/softacuity-code.zip", "Digest": "iPUASOImWCUL/IsSPJdO1MMVHF9XfKH52GdtafoExtU=", "Algorithm": "SHA-256", "Unarchive": "ZIP", "Permission": { "Read": "ALL", "Execute": "ALL" } } I am successfully able to deploy this component on greengrass v2. But second time if i try to deploy any other component in revise deployment I am getting following error. **unable to access attributes of symbolic link** **Caused by: java.nio.file.FileSystemException: /greengrass/v2/packages/artifacts-unarchived/CSTBOARDFrontEndManager/3.0.0/softacuity-code/node_modules/@eslint/eslintrc/node_modules/.bin/js-yaml: Too many levels of symbolic links or unable to access attributes of symbolic link at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:96) at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ** Could you guys please help me with this. Is there anything required to be updated in recipe file ?? Regards, Nalay Patel
1
answers
0
votes
12
views
asked 2 days ago

Lambda component with IPC permissions in Greengrass V2

We have migrated a lambda from AWS Greengrass v1 to AWS Greengrass v2. This lambda needs to extract and decrypt a secret from Greengrass Core. How can we authorize the component to perform IPC permissions to the lambda for that? Regular components recipes have the option `ComponentConfiguration/DefaultConfiguration/accessControl`. However when we build the component out of a lambda using AWS CLI [create-component-version](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/greengrassv2/create-component-version.html) and option `--lambda-function`, there is no option to assign authorization policies. One way we tried to make it work is by using a *merge update* in our deployment (as documented [here](https://docs.aws.amazon.com/greengrass/v2/developerguide/ipc-secret-manager.html)). ``` "accessControl": { "aws.greengrass.SecretManager": { "<my-component>:secrets:1": { "policyDescription": "Credentials for server running on edge.", "operations": [ "aws.greengrass#GetSecretValue" ], "resources": [ "arn:aws:secretsmanager:us-east-1:<account-id>:secret:xxxxxxxxxx" ] } } } ``` However the end recipe of the component (in the deployment) does not display the `accessControl` (AWS Greengrass Console), so we assume it has not been *merge updated.* ``` ... "ComponentConfiguration": { "DefaultConfiguration": { "lambdaExecutionParameters": { "EnvironmentVariables": { "LOG_LEVEL": "DEBUG" } }, "containerParams": { "memorySize": 16384, "mountROSysfs": false, "volumes": {}, "devices": {} }, "containerMode": "NoContainer", "timeoutInSeconds": 30, "maxInstancesCount": 10, "inputPayloadEncodingType": "json", "maxQueueSize": 200, "pinned": false, "maxIdleTimeInSeconds": 30, "statusTimeoutInSeconds": 30, "pubsubTopics": { "0": { "topic": "dt/app/+/status/update", "type": "PUB_SUB" } } } }, ``` Any guidance here would be greatly appreciated! Thanks
1
answers
0
votes
9
views
profile picture
rodmaz
asked 2 days ago

Setting up a raspberry pi and PreTestValidation is failing

When I run the test it fails saying it cannot make the directory /temp/idt. I am not sure where exactly it is trying to make this directory though. I am running the test from terminal on my Mac but I have the latest MacOS installed and you cannot create a folder in the root anymore. I can modify a file that will create something like a shortcut there that the system perceives to be a folder but it's just an alias. Is there a way to bypass this test or change the directory location so it won't bottleneck here? the command is using a "-p" switch so in theory if I know exactly where this is being created I can just create it manually and it should overlook after that. I just can't seem to see where it should go. The details, output, and logs are below. I appreciate any input here. So simply put, I have all the prelims done, the environment: I'm running AWS CLI on my MacBook Air M2 (2022) running MacOS Ventura and the edge device is a Raspberry Pi 4 model B running 11.8. Testing suite: devicetester_greengrass_v2_4.5.11_testsuite_2.4.1_mac when I run ./devicetester_mac_x86-64 run-suite --userdata userdata.json the output is: davidosullivan@Davids-MacBook-Air bin % ./devicetester_mac_x86-64 run-suite --userdata userdata.json [INFO] [2022-11-28 05:39:34]: Running pool=pool1 idt=4.5.11 suite=GGV2Q_2.4.1 [WARNING] [2022-11-28 05:39:34]: IDT is accessing to Device Under Test with an insecure SSH method, to make it more secure you can provide publicKeyPath to device.json or resource.json file. More details can be found on AWS IoT Device Tester documentation Configure IDT settings section. [INFO] [2022-11-28 05:39:35]: Automatic updates are supported for this release of IDT, checking for updates. [INFO] [2022-11-28 05:39:35]: executionId=a8751a98-6ed6-11ed-b7fb-f293db416e41 suiteId=GGV2Q [WARNING] [2022-11-28 05:39:35]: Failed to get version of Greengrass with error exit status 1 [WARNING] [2022-11-28 05:39:35]: Device Tester is not able to check for any latest IDT test suites [INFO] [2022-11-28 05:39:35]: Using test suite "GGV2Q_2.4.1" for execution [WARNING] [2022-11-28 05:39:35]: IDT is accessing to Device Under Test with an insecure SSH method, to make it more secure you can provide publicKeyPath to device.json or resource.json file. More details can be found on AWS IoT Device Tester documentation Configure IDT settings section. time="2022-11-28T05:39:35+01:00" level=info msg="GGV2 Suite Info" hostArch=amd64 hostName=Davids-Air.home hostOs=darwin groupId=pretestvalidation testCaseId=pretestvalidation deviceId=raspberrypi time="2022-11-28T05:39:35+01:00" level=info msg="Running test case" time="2022-11-28T05:39:35+01:00" level=info msg="Setting up device for testing" time="2022-11-28T05:39:36+01:00" level=info msg="Device architecture: armv7l" time="2022-11-28T05:39:36+01:00" level=info msg="Cleaning up test resources..." time="2022-11-28T05:39:36+01:00" level=info msg="Temporary resources on DUT are successfully removed" time="2022-11-28T05:39:36+01:00" level=info msg="Cleaning up dut resources..." time="2022-11-28T05:39:36+01:00" level=info msg="Cleaning up AWS resources... This may take a while..." [ERROR] [2022-11-28 05:39:36]: Test exited unsuccessfully executionId=a8751a98-6ed6-11ed-b7fb-f293db416e41 testCaseId=pretestvalidation error=exit status 1 [INFO] [2022-11-28 05:39:36]: All tests finished. executionId=a8751a98-6ed6-11ed-b7fb-f293db416e41 [INFO] [2022-11-28 05:39:36]: ========== Test Summary ========== Execution Time: 1s Tests Completed: 1 Tests Passed: 0 Tests Failed: 1 Tests Skipped: 0 ---------------------------------- Test Groups: pretestvalidation: FAILED ---------------------------------- Failed Tests: Group Name: pretestvalidation Test Name: pretestvalidation Reason: Command '{mkdir -p /temp/idt map[] 0s}' exited with code 1. Error output: mkdir: cannot create directory ‘/temp/idt’: Permission denied . ---------------------------------- Path to AWS IoT Device Tester Report: /Users/davidosullivan/projects/idt/devicetester_greengrass_v2_mac/results/a8751a98-6ed6-11ed-b7fb-f293db416e41/awsiotdevicetester_report.xml Path to Test Execution Logs: /Users/davidosullivan/projects/idt/devicetester_greengrass_v2_mac/results/a8751a98-6ed6-11ed-b7fb-f293db416e41/logs Path to Aggregated JUnit Report: /Users/davidosullivan/projects/idt/devicetester_greengrass_v2_mac/results/a8751a98-6ed6-11ed-b7fb-f293db416e41/GGV2Q_Report.xml ================================== Note: davidosullivan@Davids-MacBook-Air bin % The Logs <testsuites name="GGV2Q results" time="1" tests="1" failures="0" skipped="0" errors="1" disabled="0"> <testsuite name="pretestvalidation" package="" tests="1" failures="0" time="1" disabled="0" errors="1" skipped="0"> <testcase classname="GGV2Q pretestvalidation" name="pretestvalidation"> <error>Command &#39;{mkdir -p /temp/idt map[] 0s}&#39; exited with code 1. Error output: mkdir: cannot create directory ‘/temp/idt’: Permission denied&#xA;.</error> </testcase> </testsuite> </testsuites> <apnreport> <awsiotdevicetesterversion>4.5.11</awsiotdevicetesterversion> <testsuiteversion>2.4.1</testsuiteversion> <signature>283938a8376e684465e29efa2a88e61c1543dfd58dff21451248d707d73403a4bd81f766e97977ca46a986384b863a4698bdbc39c58d9f6d8edc3d26d49348a7</signature> <keyname>65d77318-3995-4993-9dd5-01b329742307</keyname> <session> <testsession>958c70de-6ed6-11ed-b139-f293db416e41</testsession> <starttime>2022-11-28T05:39:04.549453+01:00</starttime> <endtime>2022-11-28T05:39:05.584253+01:00</endtime> </session> <awsproduct> <name>AWS Greengrass</name> <version></version> <features> <feature name="aws-iot-greengrass-v2-core" value="not-supported" type="required"></feature> <feature name="aws-iot-greengrass-v2-ml-component" value="not-supported" type="optional"></feature> <feature name="aws-iot-greengrass-v2-docker-application-manager" value="not-supported" type="optional"></feature> <feature name="aws-iot-greengrass-v2-stream-management-component" value="not-supported" type="optional"></feature> <feature name="aws-iot-greengrass-v2-hsi" value="not-supported" type="optional"></feature> </features> </awsproduct> <device> <sku>hbshub</sku> <name>pool1</name> <features> <feature name="arch" value="armv7l"></feature> <feature name="ml" value="no"></feature> <feature name="docker" value="no"></feature> <feature name="streamManagement" value="no"></feature> <feature name="hsi" value="hsm | no"></feature> <feature name="platform.operatingSystem" value="Linux"></feature> </features> <executionMethod>ssh</executionMethod> </device> <devenvironment> <os name="darwin"></os> </devenvironment> <qualificationsuite> <checksumkeyname>GGV2Q_mac_2.4.1</checksumkeyname> <checksum>ca8c0331d16637835af8dc2f403ffcf217a70022e6c89e119f9be53d6ec2bb7f4ca30f21984d49a3a10634b0077a2a36</checksum> </qualificationsuite> <report> <testsuites name="GGV2Q results" time="1" tests="1" failures="0" skipped="0" errors="1" disabled="0"> <testsuite name="pretestvalidation" package="" tests="1" failures="0" time="1" disabled="0" errors="1" skipped="0"> <testcase classname="GGV2Q pretestvalidation" name="pretestvalidation"> <error>Command &#39;{mkdir -p /temp/idt map[] 0s}&#39; exited with code 1. Error output: mkdir: cannot create directory ‘/temp/idt’: Permission denied&#xA;.</error> </testcase> </testsuite> </testsuites> </report> </apnreport>
1
answers
0
votes
19
views
asked 5 days ago

Recent articles

see all
1/7

Popular users

see all
1/18