AWS IoT SDK - 主 L#206 订阅错误：-28（C 代码）

Question

我正在尝试运行来自 AWS IoT（AWS IoT 嵌入式 C SDK）的 this tutorial 中的示例。

我的 aws_iot_config.h 文件具有以下配置：

#define AWS_IOT_MQTT_HOST              "XXXXXXX.iot.us-east-2.amazonaws.com" ///< Customer specific MQTT HOST. The same will be used for Thing Shadow
#define AWS_IOT_MQTT_PORT              8883 ///< default port for MQTT/S
#define AWS_IOT_MQTT_CLIENT_ID         "c-sdk-client-id" ///< MQTT client ID should be unique for every device
#define AWS_IOT_MY_THING_NAME          "SM1" ///< Thing Name of the Shadow this device is associated with
#define AWS_IOT_ROOT_CA_FILENAME       "iotRootCA.pem" ///< Root CA file name
#define AWS_IOT_CERTIFICATE_FILENAME   "deviceCert.crt" ///< device signed certificate file name
#define AWS_IOT_PRIVATE_KEY_FILENAME   "deviceCert.key" ///< Device private key filename

我的政策是这样的：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": "arn:aws:iot:us-east-2:338639570104:topic/sm1"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:us-east-2:338639570104:topic/sm1"
    }
  ]
}

当我运行 subscribe_publish_sample 示例时，出现以下错误：

DEBUG: iot_tls_connect L#236 ok
[ Protocol is TLSv1.2 ]
[ Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 ]

DEBUG: iot_tls_connect L#238 [ Record expansion is 29 ]

DEBUG: iot_tls_connect L#243 . Verifying peer X.509 certificate...
DEBUG: iot_tls_connect L#252 ok

DEBUG: iot_tls_connect L#262 . Peer certificate information ...

DEBUG: iot_tls_connect L#264 cert. version : 3
serial number : 3C:75:FE:30:01:DD:A3:B9:EF:72:DC:F6:7A:5C:A2:54
issuer name : C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2 subject name : C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.iot.us-east-2.amazonaws.com
issued on : 2017-10-12 00:00:00
expires on : 2018-10-13 23:59:59
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=false
subject alt name : iot.us-east-2.amazonaws.com, *.iot.us-east-2.amazonaws.com
key usage : Digital Signature
ext key usage : TLS Web Server Authentication, TLS Web Client Authentication

Subscribing...
ERROR: main L#206 Error subscribing : -28

谁能告诉我发生了什么事？我错过了什么吗？

Answer 1

由于我没有找到与从设备向 AWS IoT 发送数据的过程相关的完整教程，包括所有需要的步骤，我尝试将我使用的策略更改为：

{
  "Effect": "Allow",
  "Action": "iot:*",
  "Resource": "*"
}

虽然 Resource 上的这个通配符显然不太好，但这是我使用的方式，因为其他策略不起作用。

Answer 2

AWS IoT 核心策略操作在 https://docs.aws.amazon.com/iot/latest/developerguide/iot-policy-actions.html

示例客户端需要所有四个 MQTT 策略，并且在 sdkTest 主题上需要 iot:Publish、iot:Receive 和 iot:Subscribe。主题名称在示例中被硬编码为 sdkTest。所以这有效：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:us-east-2:338639570104:client/c-sdk-client-id"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": "arn:aws:iot:us-east-2:338639570104:client/c-sdk-client-id"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": "arn:aws:iot:us-east-2:338639570104:client/c-sdk-client-id"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:us-east-2:338639570104:client/c-sdk-client-id"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": "arn:aws:iot:us-east-2:338639570104:*sdkTest*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": "arn:aws:iot:us-east-2:338639570104:*sdkTest*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:us-east-2:338639570104:*sdkTest*"
    }
  ]
}

AWS IoT SDK - 主 L#206 订阅错误：-28（C 代码）

AWS IoT SDK - main L#206 Error subscribing : -28 (C code)

policy

policies

iot

aws-sdk

aws-iot