Closed ggorlim closed 2 years ago
OK guys we can close this issue problem was with polices, code work fine.
Our first IOT policy not have "iot:AttachPolicy","iot:AttachPrincipalPolicy", and that not work.
Then we make new policy where we added this actions but when we created new policy we paste action from browser and it add additional quotes (") to action that was not detected by us or AWS dash so we worked we bad policies(basically action had double quotes) until today when we found that extra quotes after we fixed it all work fine, sry..
Original IOT policies, THIS not work:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect", "iot:ListThing", "iot:GetThingSadow" ], "Resource": "*" } ] }
New IOT policies, this one work:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect", "iot:AttachPolicy", "iot:AttachThingPrincipal", "iot:AttachPrincipalPolicy", "iot:ListAttachedPolicies", "iot:GetThingShadow", "iot:ListThings" ], "Resource": "*" } ] }
IAM policies always had "iot:AttachPolicy", "iot:AttachThingPrincipal" so that is not problem..
I think it will be wise to add some check when polices are edited to warn user if action not exist( not standard action) if that is possible..
Glad you were able to solve the issue. Pease reach out if you need any other help.
Confirm by changing [ ] to [x] below:
Describe the question
This issue already existed but it was closed as staled: "Forbidden error: iotdata.getThingShadow with cognito credentials #1312", only difference is i have same problem with IOS mobile SDK.
In short, for those who don't have time to read original thread, when i used Cognito user pool for authorized use of AWS IOT services i get response(s) for any awsClient(AWSIot) request(s), but all AWSIotData requests fail with the same: ForbiddenException.. In this sample code we have awsClient.listThings(IotRequest) which will pass and then get 1st thing shadow iotData.getThingShadow(IotDataRequest) which will fail...
I know this big chunk of code but everything is in one method with comments in places which are strange to me, plus there is log below which this code will produced so..
And yes i did attempt to use solution with attaching polices from previous thread, and that request do return success which can be seen in log but no use, on end getThingShadow always finish with: thingShadowResponse response nil, error Optional(Error Domain=com.amazonaws.AWSIoTDataErrorDomain Code=0 "null" UserInfo={NSLocalizedDescription=null, NSLocalizedFailureReason=ForbiddenException:})
So question is what i doing wrong?
`func awsCognitoInit() { print("awsCognitoInit..")
Log:
aws_ios_iot_log.txt