Just a heads up –
I was running into the same issues as you both. After hours of research I eventually discovered that the AWS IoT security policy for your certificates must be properly configured…otherwise you’ll be hit with authorization issues when clients attempt to connect to the IoT thing for subscribing, publishing, connections, etc. Once i corrected this, I had no further issues with the installation.
The change I made to my policy in ‘AWS IoT>Secure>Policies’ is below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-east-1:543211234567:topic/sdk/test/java",
"arn:aws:iot:us-east-1:543211234567:topic/sdk/test/Python",
"arn:aws:iot:us-east-1:543211234567:topic/topic_1",
"arn:aws:iot:us-east-1:543211234567:topic/topic_2",
"arn:aws:iot:us-east-1:543211234567:topic/MagicMirror:new-text",
"arn:aws:iot:us-east-1:543211234567:topic/MagicMirror:new-images",
"arn:aws:iot:us-east-1:543211234567:topic/MagicMirror:change-module",
"arn:aws:iot:us-east-1:543211234567:topic/MagicMirror:new-video"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-east-1:543211234567:topicfilter/sdk/test/java",
"arn:aws:iot:us-east-1:543211234567:topicfilter/sdk/test/Python",
"arn:aws:iot:us-east-1:543211234567:topicfilter/topic_1",
"arn:aws:iot:us-east-1:543211234567:topicfilter/topic_2",
"arn:aws:iot:us-east-1:543211234567:topicfilter/MagicMirror:new-text",
"arn:aws:iot:us-east-1:543211234567:topicfilter/MagicMirror:new-images",
"arn:aws:iot:us-east-1:543211234567:topicfilter/MagicMirror:change-module",
"arn:aws:iot:us-east-1:543211234567:topicfilter/MagicMirror:new-video"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-east-1:543211234567:client/sdk-java",
"arn:aws:iot:us-east-1:543211234567:client/basicPubSub",
"arn:aws:iot:us-east-1:543211234567:client/sdk-nodejs-*",
"arn:aws:iot:us-east-1:543211234567:client/MagicMirror*"
]
}
]
}
Make sure your client id defined in MirrorMirror.js matches the wildcard (“MagicMirror” in this case) that was added to iot:Connect action of the policy. This needs to be modified locally in the module and also in the uploaded lambda function!
// Setup our AWS IoT device and receive messages
app.setup = function() {
app.device = awsIot.device({
keyPath: __dirname + "/certs/MagicMirror.private.key",
certPath: __dirname + "/certs/MagicMirror.cert.pem",
caPath: __dirname + "/certs/root-CA.crt",
clientId: "MagicMirror" + (new Date().getTime()),
region: "us-east-1",
host: "YOURID.iot.us-east-1.amazonaws.com",
});
Best of luck and happy new year!