Cannot edit `Desired configuration` on a device integrated into AWS IoT

I’m using the mender hosted server and register a device. I found a device entry into AWS IoT core.

But I have a error like this when I try to edit Desired configuration from the Mender’s device information.

There was an error updating the device shadow for device XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX. operation error IoT Data Plane: UpdateThingShadow, https response error StatusCode: 403, RequestID: XXXXXXXX-XXXX-XXXX-XXXX-X... [Request ID: XXXXXX]

Now, I attached the permission below to the user of the AWS IoT core.

                "iot:AttachPolicy",
                "iot:AttachThingPrincipal",
                "iot:CreateCertificateFromCsr",
                "iot:CreatePolicy",
                "iot:CreateThing",
                "iot:DeleteCertificate",
                "iot:DeletePolicy",
                "iot:DeleteThing",
                "iot:DescribeAccountAuditConfiguration",
                "iot:DescribeCertificate",
                "iot:DescribeEndpoint",
                "iot:DescribeThing",
                "iot:DetachThingPrincipal",
                "iot:GetIndexingConfiguration",
                "iot:ListBillingGroups",
                "iot:ListScheduledAudits",
                "iot:ListThingGroups",
                "iot:ListThingGroupsForThing",
                "iot:ListThingPrincipals",
                "iot:ListThingTypes",
                "iot:ListThings",
                "iot:UpdateCertificate",
                "iot:UpdateThingShadow" 

Am I missing something?

I found a solution.

I should set the iot:UpdateThingShadow into the policy attach to the IAM user not device policy.

1 Like

Hi @piste-jp,

Great, thanks a lot for sharing!

Greetz,
Josef