- 最新
- 最多得票
- 最多評論
The log show that the StreamManager component, while trying to write data to Kinesis, fails temporarily to obtain valid credentials. An AWS SDK client tries all provider in a credential provider chain with a given priority, and the Token Exchange Server is tried last as indicated by: com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@... : Failed to connect to service endpoint:
. TES exposes the credential via a Container Credential Provider endpoint.
This might be due to connectivity issues, for example TES not being able to connect to the AWS IoT Core credentials provider. If this issue disappears after a short time and is not impacting your solution, you can ignore it. If it persists I would check the logs in greengrass.log
to see if there are any errors related to obtaining the credentials.
It seems from error message that AWS credentials provider chain is looking for credentials in the order printed. AWS IoT Greengrass core devices use the AWS IoT Core credentials provider to authorize calls to AWS services. The AWS IoT Core credentials provider enables devices to use their X.509 certificates as the unique device identity to authenticate AWS requests. This eliminates the need to store an AWS access key ID and secret access key on your AWS IoT Greengrass core devices. When you run the AWS IoT Greengrass Core software, you can choose to provision the AWS resources that the core device requires. This includes the AWS Identity and Access Management (IAM) role that your core device assumes through the AWS IoT Core credentials provider.
Reference : https://docs.aws.amazon.com/greengrass/v2/developerguide/device-service-role.html
Thanks for the explanation. I understand that the Greengrass Core uses X.509 certificate to authenticate it requests. I used fleet provisioning method and provided a Role that has permission to write to Kinesis. I'm adding screenshots of my provisioning config file and the Kinesis related policy to the original post.
相關內容
- AWS 官方已更新 2 年前
I think this is likely the case, thanks for the explanation!