We Keep Coding

AWS App Sync Subscriptions over MQTT is not supported

While using AWS AppSync SDK to add subscription its returning this error, but I got the result in AWS console.
errorType: "BadRequestException"
message: "Subscriptions over MQTT is not supported."
I have seen this similar question and tried the answers that doesn't worked for me.
Is there any way to solve this error? looking forward to the suggestions
Thank you

This happens due to de deprecation of MQTT
So instead of configuring
createSubscriptionHandshakeLink as createSubscriptionHandshakeLink(url, httpLink)
you must use createSubscriptionHandshakeLink({ url, region, auth }) or it will result to using MQTT
ref:
https://github.com/awslabs/aws-mobile-appsync-sdk-js/issues/628

Cant connect to AWS IoT Core via MQTT using AWSIoTPythonSDK

I have followed the AWS tutorial step by step. https://aws.amazon.com/premiumsupport/knowledge-center/iot-core-publish-mqtt-messages-python/
I have created the open-ended policy with the *, registered a thing and attached it to the policy, generated, downloaded, and activated the certificates. I have tried to connect and publish to a subscription using both the AWS IoT SDK for Python v2 and the original sdk but neither work. The code I'm using is straight from AWS's demo example connection code but they just wont connect.
While using the AWS IoT SDK for Python v2 I get this error message:
RuntimeError: 1038 (AWS_IO_FILE_VALIDATION_FAILURE): A file was read and the input did not match the expected value
While using the original SDK I get this error message:
TimeoutError: [Errno 60] Operation timed out
The python code I'm using:
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
import time as t
import json
import AWSIoTPythonSDK.MQTTLib as AWSIoTPyMQTT
# Define ENDPOINT, CLIENT_ID, PATH_TO_CERT, PATH_TO_KEY, PATH_TO_ROOT, MESSAGE, TOPIC, and RANGE
ENDPOINT = "XXXXX-ats.iot.ap-southeast-2.amazonaws.com"
CLIENT_ID = "testDevice"
PATH_TO_CERT = "certs/XXXX-certificate.pem.crt"
PATH_TO_KEY = "certs/XXXX-private.pem.key"
PATH_TO_ROOT = "certs/root.pem"
MESSAGE = "Hello World"
TOPIC = "test/testing"
RANGE = 20
myAWSIoTMQTTClient = AWSIoTPyMQTT.AWSIoTMQTTClient(CLIENT_ID)
myAWSIoTMQTTClient.configureEndpoint(ENDPOINT, 8883)
myAWSIoTMQTTClient.configureCredentials(PATH_TO_ROOT, PATH_TO_KEY, PATH_TO_CERT)
myAWSIoTMQTTClient.connect()
print('Begin Publish')
for i in range (RANGE):
data = "{} [{}]".format(MESSAGE, i+1)
message = {"message" : data}
myAWSIoTMQTTClient.publish(TOPIC, json.dumps(message), 1)
print("Published: '" + json.dumps(message) + "' to the topic: " + "'test/testing'")
t.sleep(0.1)
print('Publish End')
myAWSIoTMQTTClient.disconnect()
(I censored the endpoint and the certificate ID)
(I'm using a macbook air and on a public school network)

I went home and tested it and it works perfectly. If you have this same problem, try troubleshooting your network. I think my school blocks MQTT or something.

MQTT works with the particular port number 8883 which you will configure in myAWSIoTMQTTClient.configureEndpoint(ENDPOINT, 8883).
In one of my AWS IOT course I learnt that some network administrators will block all ports which are not commonly used, to avoid unwanted traffic and MQTT is something which is specific to IOT industry. This could be the reason why it did not worked when you tried in school network and it worked when you tried in your home.

AWS DocumentDB connection problem with TLS

When TLS is disabled, I can connect successfully through my lambda function using the same code as shown here - https://docs.aws.amazon.com/documentdb/latest/developerguide/connect.html#w139aac29c11c13b5b7
However, when I enable TLS and use the TLS enabled code sample from above link, my lambda function times out. I've downloaded rds combined ca pem file through wget and I am deploying the pem file along with my code to the AWS lambda.
This is the code where my execution stops and times out:
caFilePath = "rds-combined-ca-bundle.pem"
var connectionStringTemplate = "mongodb://%s:%s#%s:27017/dbname?ssl=true&sslcertificateauthorityfile=%s"
var connectionURI = fmt.Sprintf(connectionStringTemplate, secret["username"], secret["password"], secret["host"], caFilePath)
fmt.Println("Connection String", connectionURI)
client, err := mongo.NewClient(options.Client().ApplyURI(connectionURI))
if err != nil {
log.Fatalf("Failed to create client: %v", err)
}
I don't see any errors in the cloudwatch logs after the "Connection string" print.

I suspect Its an issue with your VPC design
Connecting to an Amazon DocumentDB Cluster from Outside an Amazon VPC,
check the last paragraph
https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-from-outside-a-vpc.html
also, the below link is giving detailed instructions
https://blog.webiny.com/connecting-to-aws-documentdb-from-a-lambda-function-2b666c9e4402

Can you try creating lambda test function using python and see if your having the issue
import pymongo
import sys
##Create a MongoDB client, open a connection to Amazon DocumentDB as a replica set and specify the read preference as secondary preferred
client = pymongo.MongoClient('mongodb://<dbusername>:<dbpassword>#mycluster.node.us-east-1.docdb.amazonaws.com:27017/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred')
##Specify the database to be used
db = client.test
##Specify the collection to be used
col = db.myTestCollection
##Insert a single document
col.insert_one({'hello':'Amazon DocumentDB'})
##Find the document that was previously written
x = col.find_one({'hello':'Amazon DocumentDB'})
##Print the result to the screen
print(x)
##Close the connection
client.close()

AWS SES: Can't send emails from any one of the new regions

I have the problem that i can't send emails from the new aws ses environments, which were introduced a month ago.
All the old ones are working fine (e.g. us-east-1, us-west-2, eu-west-1).
But if I want to send a mail from one of the new environments, e.g. eu-central-1, I just get the error message:
The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
But this can't be the case, because all the old ones are working fine with the same keys.
Therefore I would really appreciate it if sb else could test the sample code with their account to check if they have the same issue.
The new environments are eu-central-1, ap-south-1 and ap-southeast-2. Endpoint Urls
Sample Code:
var ses = require('node-ses');
var client = ses.createClient({ key: '', secret: '', amazon: 'https://email.eu-central-1.amazonaws.com'});
async function sendMessage() {
let options = {};
options.from = "test#aol.com";
options.to = "test2#aol.com";
options.subject = "TestMail";
options.message = "Test";
console.log("Try to sendMessage");
client.sendEmail(options, function (err, data, res) {
console.log("Error: " + JSON.stringify(err));
console.log("Data: " + data);
console.log("res: " + res);
});
}
sendMessage();
The sample code uses the node-ses npm package and you just need to enter aws iam user credentials, which have ses access.
If you want to check different regions, you have to change url in the createClient constructor.
Dont worry, the sample code does not send an email!!!
If the region is working, it should throw an error message similar to this: Email address is not verified. The following identities failed the check in region EU-WEST-1: test#aol.com, test2#aol.com"
Otherwise the error will be the one described above.
I also have to mention that I am currently still in sandbox mode, so maybe the new regions are blocked for sandbox users?

It's because you must be creating the SES credentials from the IAM console . You should instead create the credentials using the SES interface/console.
Follow this article to create smtp credentials using SES interface:
http://docs.amazonwebservices.com/ses/latest/GettingStartedGuide/GetAccessIDs.html.

AWS SNSClient publish call could not reach endpoint

I am trying to publish a message to a topic using the AWS SNSClient from the c++ SDK.
Can someone help me to find a way to figure out what is wrong with my approach? The error message I am getting only says that the "endpoint could not be reached".
I am trying to figure out where my request hangs - in my point of view it could be one of the following:
the docker container the c++ app is running in is blocking the requests somehow (new to docker)
the client configuration is wrong (region, arn, creditials wrong?)
the request is malformed (some parameters not set? Message type maybe?)
Does someone know how I can debug my request and see what the issue is?
Thanks! My code looks something like this (api init and shutdown is omitted):
Aws::SNS::SNSClient client(credentials , config);
Aws::SNS::Model::PublishRequest pubReq;
pubReq.SetTopicArn("...");
pubReq.SetMessage("Test message");
pubOutcome = client.Publish(pubReq);
if(! pubOutcome.IsSuccess() ){
std::cout << "outcome: " << pubOutcome.GetError().GetMessage() << std::endl;
}

My guess without being able to see your code is that you have not specified the correct region. If your code hangs for a few seconds then this is most likely the problem.
Add a line of code like this before your create the SNS Client:
config.region = "us-west-2";
To enable debugging add this line before Aws::InitAPI(options)
options.loggingOptions.logLevel = Aws::Utils::Logging::LogLevel::Debug;
The headers for logging:
#include <aws/core/utils/logging/DefaultLogSystem.h>
#include <aws/core/utils/logging/AWSLogging.h>
Then you can review the logfile that is generated. It will start with "aws_sdk"
I use Visual Studio, so I prefer to step into the code to figure out what is wrong. Sometimes it is simpler to review the logfile.