个人中心
gpt4 book ai didi

android - 在 AWS IOT 中调用 getShadow/updateShadow 时出现 ForbiddenError 403

转载 作者:行者123 更新时间:2023-11-29 23:51:31 28 4
gpt4 key购买 nike

我有经过身份验证的用户和联合 ID。但是当我尝试访问 AWS IOT 的东西时,我收到了这个让我发疯的错误。

我正在关注 iot sample code .所有相关凭证也都是正确的。

    `MQTTHelper`
    ....
        credentialsProvider = new CognitoCachingCredentialsProvider(
                        mContext.getApplicationContext(), // context
                        BuildConfig.COGNITO_POOL_ID, // Identity Pool ID
                        MY_REGION // Region
                );

                Region region = Region.getRegion(MY_REGION);

                mqttManager = new AWSIotMqttManager(clientId, BuildConfig.CUSTOMER_SPECIFIC_ENDPOINT);
                mqttManager.setKeepAlive(10);
mAwsIotDataClient = new AWSIotDataClient(credentialsProvider);
        String iotDataEndpoint = BuildConfig.CUSTOMER_SPECIFIC_ENDPOINT;
        mAwsIotDataClient.setEndpoint(iotDataEndpoint);
        mAwsIotDataClient.setRegion(region);

        // mqttManager.setMqttLastWillAndTestament(lwt);

        mIotAndroidClient = new AWSIotClient(credentialsProvider);
        mIotAndroidClient.setRegion(region);

        keystorePath = mContext.getFilesDir().getPath();
        keystoreName = BuildConfig.KEYSTORE_NAME;
        keystorePassword = BuildConfig.KEYSTORE_PASSWORD;
        certificateId = BuildConfig.CERTIFICATE_ID;

        // To load cert/key from keystore on filesystem
        try {
            if (AWSIotKeystoreHelper.isKeystorePresent(keystorePath, keystoreName)) {
                if (AWSIotKeystoreHelper.keystoreContainsAlias(certificateId, keystorePath,
                        keystoreName, keystorePassword)) {
                    Log.d(LOG_TAG, "Certificate " + certificateId
                            + " found in keystore - using for MQTT.");
                    // load keystore from file into memory to pass on connection
                    clientKeyStore = AWSIotKeystoreHelper.getIotKeystore(certificateId,
                            keystorePath, keystoreName, keystorePassword);
                    //btnConnect.setEnabled(true);
                    Log.i(LOG_TAG, "Connected....");
                    //CONNECTED_TO_DEVICE = true;
                } else {
                    Log.i(LOG_TAG, "Key/cert " + certificateId + " not found in keystore.");
                }
            } else {
                Log.i(LOG_TAG, "Keystore " + keystorePath + "/" + keystoreName + " not found.");
            }
        } catch (Exception e) {
            Log.e(LOG_TAG, "An error occurred retrieving cert/key from keystore.", e);
        }


        if (clientKeyStore == null) {

            IS_CERTIFICATE_GENERATED = false;

            Log.i(LOG_TAG, "Cert/key was not found in keystore - creating new key and certificate.");

            doGenerateNewCertificate();

        } else {

            IS_CERTIFICATE_GENERATED = true;
            doMqttConnect();
        }




    }

    private static void doMqttConnect() {

        Log.d(LOG_TAG, "clientId = " + clientId);

        try {
            mqttManager.connect(clientKeyStore, new AWSIotMqttClientStatusCallback() {
                @Override
                public void onStatusChanged(final AWSIotMqttClientStatus status,
                                            final Throwable throwable) {
                    Log.d(LOG_TAG, "Status = " + String.valueOf(status));

                    if (mqttManagerConnStatus != null) {
                        //Send Mqtt Manager Status Back
                        mqttManagerConnStatus.onStatusChanged(status, throwable);
                    }


                }

            });
        } catch (final Exception e) {
            Log.e(LOG_TAG, "Connection error.", e);

        }

和示例代码中提到的类似,我在另一个类中调用 GetShadow()

 GetThingShadowRequest getThingShadowRequest = new GetThingShadowRequest() .withThingName(thingName);

                GetThingShadowResult result = mDashboard.mqttHelper.doGetAwsIotDataClient()
                        .getThingShadow(getThingShadowRequest);

                byte[] bytes = new byte[result.getPayload().remaining()];
                result.getPayload().get(bytes);

                String resultString = new String(bytes);
                return new AsyncTaskResult<String>(resultString);

我能够使 KMS 正常工作,因此经过身份验证的(联合 ID)没有问题。我在 AWS IOT 上获得的唯一信息来源是 this从客户的角度来看,这没有帮助。是AWS IOT配置问题还是代码问题?我必须订阅事物组,我还需要做什么才能订阅该组吗?这是我需要订阅的事物组 ARNarn:aws:iot:us-east-1:XXXXXXXXXX:thinggroup/A_GROUP

堆栈跟踪

getShadowTask
    com.amazonaws.AmazonServiceException: null (Service: AWSIotData; Status Code: 403; Error Code: ForbiddenException; Request ID: f78eea4d-9053-4b19-1840-297dd67c2667)
        at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:730)
        at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:405)
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:212)
        at com.amazonaws.services.iotdata.AWSIotDataClient.invoke(AWSIotDataClient.java:571)
        at com.amazonaws.services.iotdata.AWSIotDataClient.getThingShadow(AWSIotDataClient.java:406)
        at com.lyrebird.abc.device.MyDevicesFragment_RV_Adapter$GetShadowTask.doInBackground(MyDevicesFragment_RV_Adapter.java:519)
        at com.lyrebird.abc.device.MyDevicesFragment_RV_Adapter$GetShadowTask.doInBackground(MyDevicesFragment_RV_Adapter.java:497)
        at android.os.AsyncTask$2.call(AsyncTask.java:295)
        at java.util.concurrent.FutureTask.run(FutureTask.java:237)
        at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
        at java.lang.Thread.run(Thread.java:818)
06-18 06:00:54.029 7489-7489/com.lyrebird.abc E/com.lyrebird.abc.device.MyDevicesFragment_RV_Adapter.GetShadowTask: getShadowTask
    com.amazonaws.AmazonServiceException: null (Service: AWSIotData; Status Code: 403; Error Code: ForbiddenException; Request ID: f78eea4d-9053-4b19-1840-297dd67c2667)
        at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:730)
        at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:405)
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:212)
        at com.amazonaws.services.iotdata.AWSIotDataClient.invoke(AWSIotDataClient.java:571)
        at com.amazonaws.services.iotdata.AWSIotDataClient.getThingShadow(AWSIotDataClient.java:406)
        at com.lyrebird.abc.device.MyDevicesFragment_RV_Adapter$GetShadowTask.doInBackground(MyDevicesFragment_RV_Adapter.java:519)
        at com.lyrebird.abc.device.MyDevicesFragment_RV_Adapter$GetShadowTask.doInBackground(MyDevicesFragment_RV_Adapter.java:497)
        at android.os.AsyncTask$2.call(AsyncTask.java:295)
        at java.util.concurrent.FutureTask.run(FutureTask.java:237)
        at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
        at java.lang.Thread.run(Thread.java:818)

政策

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:*",
        "lambda:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

最佳答案

以下是您可能遇到错误 403 的几个原因

  1. 在 Cognito 中,对于已验证和未验证的池,没有适当的更新/获取影子权限
  2. Cognito Pool id 的 ARN 和 IoT 不正确

  3. 为 Cognito 用户检查 IAM 策略和以下策略,同样对于 Cognito 用户,您必须附加 AttachPrincipalPolicy 策略以授予他们获取/更新影子的适当权限。以下政策应属于 Cognito Auth 和 UnAuth 角色。

    {

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iot:AttachPrincipalPolicy"
            ],
            "Resource": [
                "*"
            ]
        }
    ] }

关于android - 在 AWS IOT 中调用 getShadow/updateShadow 时出现 ForbiddenError 403,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50848195/

28 4 0
文章推荐: php - 如何将动态创建的文本框值插入到php中的数据库
文章推荐: javascript - 如何检测多个(组合)键盘按下?
文章推荐: android - ListView Kotlin 中的选定项位置
文章推荐: javascript - 如何在单击按钮时从数组中删除项目
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com