javascript - 无法使用工作证书使用适用于 JavaScript 的 aws-iot-device-sdk-v2 进行连接
问题描述
我能够使用旧版本的 JavaScript SDK 毫无问题地连接,但在运行pub_sub 示例时 v2 会产生以下错误:
events.js:353
throw er; // Unhandled 'error' event
^
CrtError: Failed to connect: libaws-c-mqtt: AWS_ERROR_MQTT_UNEXPECTED_HANGUP, The connection was closed unexpectedly.
at /Users/calebbrewer/dev/node-sandbox/node_modules/aws-iot-device-sdk-v2/node_modules/aws-crt/dist/native/mqtt.js:333:36
at processTicksAndRejections (internal/process/task_queues.js:77:11)
Emitted 'error' event on MqttClientConnection instance at:
at MqttClientConnection.emit (/Users/calebbrewer/dev/node-sandbox/node_modules/aws-iot-device-sdk-v2/node_modules/aws-crt/dist/common/event.js:75:22)
at /Users/calebbrewer/dev/node-sandbox/node_modules/aws-iot-device-sdk-v2/node_modules/aws-crt/dist/native/mqtt.js:333:22
at processTicksAndRejections (internal/process/task_queues.js:77:11) {
error: 'Failed to connect: libaws-c-mqtt: AWS_ERROR_MQTT_UNEXPECTED_HANGUP, The connection was closed unexpectedly.',
error_code: undefined,
error_name: undefined
}
我使用“创建事物”工作流程通过控制台手动配置了我的证书。
任何有关如何进一步调试此问题的想法都将不胜感激-我碰壁了!
编辑 我在 CloudWatch 日志中发现了以下错误,其中一些值被截断:
{
"timestamp": "2021-09-02 16:27:13.163",
"logLevel": "INFO",
"traceId": "93d42145-31af-ed6c-7f16-80031602970c",
"accountId": "$AWS_ACCOUNT_ID",
"status": "Success",
"eventType": "Subscribe",
"protocol": "MQTT",
"topicName": "topic_1",
"clientId": "caleb-test",
"principalId": "f....2",
"sourceIp": "7...2",
"sourcePort": 40494
}
复制我对这件事的政策,因为这会影响云计算,这让我想知道这是否会导致问题:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Receive",
"iot:RetainPublish"
],
"Resource": [
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topic/sdk/test/java",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topic/sdk/test/Python",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topic/topic_1",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topic/topic_2"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topicfilter/sdk/test/java",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topicfilter/sdk/test/Python",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topicfilter/topic_1",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topicfilter/topic_2"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:client/sdk-java",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:client/basicPubSub",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:client/sdk-nodejs-*"
]
}
]
}
解决方案
看起来iot:Connect政策声明中定义的资源应该受到指责:唯一需要的资源是实际的客户本身。以下政策为我解决了这个问题:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Receive",
"iot:RetainPublish"
],
"Resource": [
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topic/sdk/test/java",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topic/sdk/test/Python",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topic/topic_1",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topic/topic_2"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topicfilter/sdk/test/java",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topicfilter/sdk/test/Python",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topicfilter/topic_1",
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:topicfilter/topic_2"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-west-2:$AWS_ACCOUNT_ID:client/caleb-test"
]
}
]
}
推荐阅读
- python-3.x - 为什么python的文档生成器--sphinx搜索栏中没有cjk(chinese)词的搜索结果?
- sql-server - 如何从 SSIS 中的 DateTime 变量小时、分钟、秒和其他部分中删除
- vb.net - 将记录插入访问数据库的随机失败
- conemu - 闪烁关闭 - 光标仍在闪烁 - ConEmu 和 Cmder
- powershell - .Replace 适用于 powershell 但不适用于批处理脚本
- csv - 如何将数据从 Gmail 邮件附件复制到电子表格?
- c# - 如何在表格之间传输信息?
- php - 如何通过 PHP 从 OID 数据类型打印图像
- c# - 使用 using 语句获取 dbcontext 连接对象
- generics - Dart lang,多个扩展泛型