I'm having trouble connecting my WebSocket client for MQTT and suspect it's failing the handshake due to missing permissions. I've been using the root user's credentials to sign with Signature V4, but I'm not entirely sure if the AWS Service name should be 'iot' or something else. If you could help shed some light on the necessary permissions and any specifics about the endpoint format, I would really appreciate it!
4 Answers
Also, where is your IoT certificate? If you're authenticating through an IAM account, ensure that the certificate associated with your Thing is properly configured.
If you're still having problems, check CloudTrail to see if there are any denied actions that might provide clues.
I see you’ve updated your policy to allow 'iot:Connect' on the MQTT client. Just make sure your client ID format matches what your policy allows. Have you checked that your endpoint looks good? Sometimes just a small typo can create issues.
It sounds like a common issue. You should use 'iot' as the service name, but double-check the format of your endpoint. Typically, for WebSocket handshakes, the IAM policy should explicitly allow 'iot:Connect', as that's often what blocks the connection.
Related Questions
Google Nest Doorbell Not Alerting Google Hub Or Google Mini
Can't Rename Google Nest Doorbell