AWS IoT - AMQJS0008I 套接字已关闭 - AUTHORIZATION_FAILURE

【问题标题】:AWS IoT - AMQJS0008I Socket closed - AUTHORIZATION_FAILUREAWS IoT - AMQJS0008I 套接字已关闭 - AUTHORIZATION_FAILURE
【发布时间】:2020-08-03 18:04:40
【问题描述】:

我正在尝试将 AWS IoT 配置为与 AWS Amplify 一起使用。我总是看到错误为“AMQJS0008I Socket closed.”,而 CloudWatch 显示“AUTHORIZATION_FAILURE”。这是我配置的

  1. 经过身份验证的 Cognito 身份池的 I AM 策略
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "cognito-identity:*",
                    "mobileanalytics:PutEvents",
                    "cognito-sync:*",
                    "iot:Connect",
                    "iot:Publish",
                    "iot:Subscribe",
                    "iot:Receive",
                    "iot:GetThingShadow",
                    "iot:UpdateThingShadow",
                    "iot:DeleteThingShadow",
                    "iot:AttachPolicy",
                    "iot:AttachPrincipalPolicy"
                ],
                "Resource": "*"
            }
        ]
    }
  1. Cognito Identity 的 IoT 策略
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:ap-south-1:XXXXXXX:client/${iot:ClientId}"
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Subscribe",
        "iot:Receive"
      ],
      "Resource": "arn:aws:iot:ap-south-1:XXXXXXX:topic/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:UpdateThingShadow",
        "iot:GetThingShadow",
        "iot:DeleteThingShadow"
      ],
      "Resource": "arn:aws:iot:ap-south-1:XXXXXXX:thing/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:AttachPrincipalPolicy”,
        "iot:AttachPolicy"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
  1. 使用 AWS CLI 附加个人认知身份
aws iot attach-policy --policy-name "hub-iot-policy" --target "ap-south-1:XXXX-USER_COGNITO_IDENTITY
  1. 使用 AWS Amplify 连接和订阅 使用包
    “@aws-amplify/api": "^3.1.7",
    "@aws-amplify/auth": "^3.2.4",
    "@aws-amplify/core": "^3.2.4",
    "@aws-amplify/pubsub": "^3.0.8”,

代码是

PubSub.addPluggable(new AWSIoTProvider({
      aws_pubsub_region: config.pubsub.REGION,
      aws_pubsub_endpoint: `wss://${config.pubsub.MQTT_ID}.iot.${config.pubsub.REGION}.amazonaws.com/mqtt`,
    }));
PubSub.subscribe('hub31-iot-thing').subscribe({
      next: data => console.log('Message received', data),
      error: error => console.error(error),
      close: () => console.log('Done'),
    });
  }
  1. JS 控制台抛出错误为

{provider: AWSIoTProvider, error: {…}}error: {invocationContext: 未定义,错误代码:8,错误消息:“AMQJS0008I 套接字 已关闭。"}提供者:AWSIoTProvider {_config: {…}, _clientsQueue: ClientsQueue, _topicObservers: Map(1), _clientIdObservers: Map(1)}

  1. Cloudwatch 给出错误 AUTHORIZATION_FAILURE 
{
    "timestamp": "2020-04-21 00:13:24.953",
    "logLevel": "ERROR",
    "traceId": “308de5a7-XXXX-d2d5-XXXX-7e24b6d6e0e6",
    "accountId": “XXXXXXXX",
    "status": "Failure",
    "eventType": "Connect",
    "protocol": "MQTT",
    "clientId": “f5e1abef-XXXX-44af-XXXX-4a327b45481c",
    "principalId": “XXXXX:CognitoIdentityCredentials",
    "sourceIp": “XXXX",
    "sourcePort": 59101,
    "reason": "AUTHORIZATION_FAILURE",
    "details": "Authorization Failure"
}

【问题讨论】:

    标签: amazon-web-services aws-cli aws-amplify aws-iot aws-policies


    【解决方案1】:

    遇到同样的错误,我就是这样解决的。

    1. Cognito 政策为

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iot:Receive",
                "cognito-identity:*",
                "iot:Subscribe",
                "iot:AttachPolicy",
                "iot:AttachPrincipalPolicy",
                "iot:Connect",
                "mobileanalytics:PutEvents",
                "iot:GetThingShadow",
                "iot:DeleteThingShadow",
                "iot:UpdateThingShadow",
                "iot:Publish",
                "cognito-sync:*"
            ],
            "Resource": "*"
        }
    ]
}

    还要注意 AttachPrincipalPolicy 已被弃用,但为了更安全,我将其包含在内

    2。物联网政策

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:*",
      "Resource": "*"
    }
  ]
}

    3.通过 lambda 或 AWS CLI 将 IoT 策略附加到个人认知身份。 使用 CLI 这个命令看起来像

    aws iot attach-policy --policy-name "iot-policy" --target "ap-south-1:XXXX-USER-COGNITO-IDENTITY”

    再次注意 AttachPrincipalPolicy 已弃用,请使用 AttachPolicy

    使用 lambda:

    export const main = async (event, context, callback) => {
    const principal = event.requestContext.identity.cognitoIdentityId;
    const policyName = 'iot-policy';

    const iot = new AWS.Iot();
    await iot.attachPrincipalPolicy({ principal, policyName }).promise();
    callback(null, "success");
};

    4.测试 如果您的前端配置正确,您应该能够解决 errorCode: 8, errorMessage: AMQJS0008I Socket closed 错误。

    5.微调 现在根据您的要求微调 iot-policy 并立即检查更改是否有效

    【讨论】:

    • 感谢您的回答。不使用 Cognito,但 IOT Policy 中的 Resource:"*" 也解决了我的问题。
    猜你喜欢
    • 2019-02-25
    • 2016-07-04
    • 2014-09-09
    • 2020-11-16
    • 1970-01-01
    • 2014-03-01
    • 2023-03-03
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode