6

I am using an MQTT client in JavaScript (paho-mqtt-js) to connect to an AWS IoT endpoint and I am able to connect if I use my own AWS credentials.

However, if I use credentials generated by Cognito for a logged in user I am unable to do so. My Cognito authorised role in IAM has a policy of "AWSIoTFullAccess" attached to it so I am confused as to why these credentials return a 403 error each time.

Any help with regard to this would be greatly appreciated.

dillib
  • 359
  • 1
  • 2
  • 11
  • 1
    Can you share what your IAM role looks like? – Jeff Bailey Sep 03 '16 at 18:43
  • I have a similar problem. With a IAM User with the proper policy I can connect, but with Cognito credentials I can't. The IAM role policy is correct, but unlike yourself, AWS does not respond with 403, but connection is never finished. If I change my Cognito role to a restricted policy, then I get a 403. So is not a credentials error https://forums.aws.amazon.com/thread.jspa?threadID=241543 – nachoab Oct 27 '16 at 11:24

2 Answers2

0

Encountered similar problem when dealing with Federated identity. Some tips to resolve the problem:

Hope this helps!

Siva Karthikeyan
  • 544
  • 8
  • 25
0

Check your AWS IoT policies. You'll also need an AWS IoT policy for your Cognito identity in addition to the policy you've attached to the IAM Role. See the docs here:

https://docs.aws.amazon.com/iot/latest/developerguide/authorization.html

Excel r 8
  • 105
  • 6