search

aws-iot-builder-tools / iot-provisioning-secretfree

This solution enables you to define a process to decouple manufacturing from the provisioning process while assuring that private secrets do not have the opportunity to be exposed at any point throughout supply chain, manufacturing, and on-boarding.
MIT No Attribution
35 stars 6 forks source link

Unable to connect, TLS handshake failed due to thing policy #11

Closed plentyofbytes closed 1 year ago

plentyofbytes commented 2 years ago

I discovered my inability to connect to MQTT service was because my Thing policy was incorrect. I am not knowledgeable enough to give it a proper fix, but I just added this to the Connection Allows:

"arn:aws:iot:::client/*"

Essentially, I am being given permission to connect to various services(or topics?, or something else?), but not the right one. Again, I'm not sure what I actually need to put here, but putting a wildcard resolved it for me. I am using the iot-core lambda to provision.

My policy looks more like this now: { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:::client/sdk-java", "arn:aws:iot:::client/basicPubSub", "arn:aws:iot:::client/sdk-nodejs-", "arn:aws:iot:::client/" }

rpcme commented 1 year ago

Apologize for the late response. Policies are very much application specific. I would encourage you to read the section on policies in the AWS IoT Core documentation. https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html