我有一个iOS应用程序,可以从iPhone传感器收集加速度计数据。我想从我的ios应用程序通过WSS使用MQTT连接到AWS物联网核心。
问题->如果我使用Cognito,是否必须持有AWS物联网证书?
我使用链接中提到的AWS SDK AWSMobileClient尝试了以下代码,但运气不佳。经过身份验证的角色具有AWSIoTFullAccess,IoT策略附加到身份ID,并使用CLI命令附加策略
https://docs.amplify.aws/sdk/pubsub/working-api/q/platform/ios#aws-基于凭据的身份验证
import Foundation
import UIKit
import AWSMobileClient
import AWSIoT
import AWSCore
class bulbViewController: UIViewController {
override func viewDidLoad() {
super.viewDidLoad()
AWSMobileClient.default().initialize { (userState, error) in
if let error = error{
print(error.localizedDescription)
}
if let userState = userState{
print("User state: (userState.rawValue)");
}
}
//getting JWT ID and ACCESS tokens
AWSMobileClient.sharedInstance().getTokens { (tokens, error) in
if let error = error {
print("Error getting token (error.localizedDescription)")
} else if let tokens = tokens {
print("========= Access Token ========")
print(tokens.accessToken!.tokenString!)
print("========= ID Token ========")
print(tokens.idToken!.tokenString)
}
}
//Create Logins map with the ID Token to generate identity ID.
AWSMobileClient.sharedInstance().getIdentityId().continueWith { task in
if let error = task.error {
print("error: (error.localizedDescription) ((error as NSError).userInfo)")
print(error)
}
if let result = task.result {
print("identity id: (result)")
}
return nil
}
// Initialize the AWSIoTDataManager with the configuration
let iotEndPoint = AWSEndpoint(
urlString: "wss://axxxxxxxazy1-ats.iot.us-west-2.amazonaws.com/mqtt")
let iotDataConfiguration = AWSServiceConfiguration(
region: AWSRegionType.USWest2,
endpoint: iotEndPoint,
credentialsProvider: AWSMobileClient.default()
)
AWSIoTDataManager.register(with: iotDataConfiguration!, forKey: "MyAWSIoTDataManager")
let iotDataManager = AWSIoTDataManager(forKey: "MyAWSIoTDataManager")
func mqttEventCallback(_ status: AWSIoTMQTTStatus ) {
print("connection status = (status.rawValue)")
}
iotDataManager.connectUsingWebSocket(withClientId: "iospubsubthing",
cleanSession: true,
statusCallback: mqttEventCallback)
iotDataManager.publishString(
"Hello to all subscribers!",
onTopic: "myTopic",
qoS:.messageDeliveryAttemptedAtMostOnce)
}
}
输出
User state: signedIn
identity id: us-west-2:878a197f-2dd9-4604-ae17-beXXXXX2747
connection status = 1
connection status = 5
connection status = 5
connection status = 1
connection status = 1
connection status = 5
connection status = 5
connection status = 5
connection status = 1
对应以下内容。
typedef NS_ENUM(NSInteger, AWSIoTMQTTStatus) {
AWSIoTMQTTStatusUnknown,
AWSIoTMQTTStatusConnecting,
AWSIoTMQTTStatusConnected,
AWSIoTMQTTStatusDisconnected,
AWSIoTMQTTStatusConnectionRefused,
AWSIoTMQTTStatusConnectionError,
AWSIoTMQTTStatusProtocolError
};
---------AWS CW IoT日志------------------
{
"timestamp": "2021-05-17 06:56:33.660",
"logLevel": "ERROR",
"traceId": "ada53b6c-b019-64c4-c074-66fe4XXX1d",
"accountId": "635XXXXXX",
"status": "Failure",
"eventType": "Connect",
"protocol": "MQTT",
"clientId": "iospubsubthing",
"principalId": "AROXXXXIICG6AYBSVWS:CognitoIdentityCredentials",
"sourceIp": "103.XX1.1X0.20X",
"sourcePort": 54036,
"reason": "AUTHORIZATION_FAILURE",
"details": "Authorization Failure"
}
你能告诉我们我这里有没有遗漏什么吗?
调试:您可以尝试首先使用未经身份验证的Congito访问,赋予未经身份认证的假定Cognito角色与经过身份验证的角色相同的权限。如果它工作正常,这意味着你在将物联网政策附加到Cognito身份ID时遇到了问题。要解决这个问题,请关注我最近关于如何将物联网策略附加到Cognoto身份的帖子。
事实上,您不需要将物联网策略附加到未经身份验证的用户。它可以帮助您调试!