AUTHORIZATION_FAILURE IoT Core

0

Hello,

I've tried to connect my SCADA system (WinCC OA) to AWS IoT Core, and I managed to connect my system and publish messages to IoT core after following WinCC OA documentation. I have a root-CA.crt certificate, and also the provided Client certificate and Client private key. However, the next day my logs show authorization failure, and now I cannot connect to IoT Core.

Why am I suddenly not authorized anymore? I have made policies for the pub/sub topics (kiv_vra/sms_data and kiv_vra_sms_read):

Any idea why I'm not authorized to connect from my SCADA system anymore? Thing name: WCCOA_SMS_Client ClientID used: basicPubSub

1 回答
2
已接受的回答

The sudden authorization failure in your SCADA system's connection to AWS IoT Core could be due to a few potential reasons. The most common cause is that the client certificate and private key being used have expired. IoT Core credentials typically have a limited lifespan for security reasons, so you'll need to generate new credentials and update the configuration in your SCADA system accordingly.

Another possibility is that the credentials have been revoked by AWS IoT Core due to security concerns or if the credentials have been compromised. Additionally, if you've made any changes to the IoT Core policies associated with your "WCCOA_SMS_Client" thing, the new policies may not be granting the necessary permissions for your SCADA system to connect and publish/subscribe to the specified topics.

It's also worth considering if your SCADA system is exceeding the default throttling limits set by AWS IoT Core, which could lead to the authorization failure. You should check the CloudWatch logs or IoT Core metrics to see if your system is hitting any throttling limits, and adjust your connection patterns or consider increasing the throttling limits if necessary.

To troubleshoot this issue, you should start by verifying the expiration of the client certificate and private key, regenerating new credentials if needed, and double-checking the IoT Core policies to ensure they grant the required permissions. Additionally, you can enable extended logging in your SCADA system's IoT Core integration to review the logs for any more detailed error messages or clues about the authorization failure. If the issue persists, you may need to contact AWS Support for further assistance in investigating the problem.

已回答 3 个月前
profile picture
专家
已审核 9 天前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则