aws-iot-device-client: Secure Tunelling is not working

Describe the bug

When I launch a basic aws iot device client with every feature at false, there are no problem but when I set secure tunelling to true, the connection resets non stop.

But then, I’m trying to activate secure tunneling to create an AWS IoT tunnel and it seems that the device is connecting and deconnecting non stop to my MQTT broker. Here is the error message I’m getting :

To Reproduce

Steps to reproduce the behavior:

  1. Reproduce all the basic steps. In setup.sh script, say no to everything except Secure Tunneling
  2. Launch the client : ./aws-iot-device-client

Expected behavior In logs : Subscribed to tunnel notification topic

Actual behavior

A clear and concise description of what actually happened.

Logs

The last 2 lines of logs are repeating non stop.

2022-03-02T17:26:45.922Z [INFO]  {SharedCrtResourceManager.cpp}: Starting Device Client features.
2022-03-02T17:26:45.922Z [INFO]  {SecureTunnelingFeature.cpp}: Running Secure Tunneling!
2022-03-02T17:26:45.922Z [INFO]  {Main.cpp}: Client base has been notified that Secure Tunneling has started
2022-03-02T17:26:45.925Z [ERROR] {SharedCrtResourceManager.cpp}: MQTT Connection interrupted with error: `libaws-c-mqtt: AWS_ERROR_MQTT_UNEXPECTED_HANGUP, The connection was closed unexpectedly.`. Device Client will retry connection until it is successfully connected to the core. 
2022-03-02T17:26:46.086Z [INFO]  {SharedCrtResourceManager.cpp}: MQTT connection resumed with return code: 0
2022-03-02T17:26:46.089Z [ERROR] {SharedCrtResourceManager.cpp}: MQTT Connection interrupted with error: `libaws-c-mqtt: AWS_ERROR_MQTT_UNEXPECTED_HANGUP, The connection was closed unexpectedly.`. Device Client will retry connection until it is successfully connected to the core. 
2022-03-02T17:26:46.237Z [INFO]  {SharedCrtResourceManager.cpp}: MQTT connection resumed with return code: 0
2022-03-02T17:26:46.240Z [ERROR] {SharedCrtResourceManager.cpp}: MQTT Connection interrupted with error: `libaws-c-mqtt: AWS_ERROR_MQTT_UNEXPECTED_HANGUP, The connection was closed unexpectedly.`. Device Client will retry connection until it is successfully connected to the core.

Environment (please complete the following information):

  • OS: Ubuntu
  • Version 20
  • Architecture: x86-64

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 1
  • Comments: 22 (13 by maintainers)

Most upvoted comments

Hi Anthony,

Thank you for taking the time to meet with us! We really appreciate it.

So, as you know we figured out that this was a permissions issue and that the resources were scoped too narrowly. We have a least privilege policy for a device using the Device Client with the Secure Tunneling feature enabled below:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:<region>:<accountId>:client/<thingName>"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:<region>:<accountId>:topicfilter/$aws/things/<thingName>/tunnels/notify"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": "arn:aws:iot:<region>:<accountId>:topic/$aws/things/<thingName>/tunnels/notify"
    }
  ]
}
+1
shangabl on Mar 24, 2022
Read more comments on GitHub
← aws-iot-device-client: greengrassv2 SecureTunnel component no longer compatible with Debian Stretch on armv7l
aws-lambda-cpp: LAMBDA_RUNTIME Failed to get next invocation. No Response from endpoint →