Tranformation in Manufacturing

 Do you want to know how CPG industry  is undergoing transformation using IoT technology, read the blogs on how AWS partners are using AWS technologies to build solutions for CPG industry

https://aws.amazon.com/blogs/industries/how-to-build-a-smart-production-solution-with-dxcs-spark-platform/

Developing Custom web portal for the AWS SiteWise Service

 Are you looking to develop a custom application to show the data from AWS SiteWise?

Check out the AWS IoT Application Kit

AWSIoTPythonSDK.exception.AWSIoTExceptions.connectTimeoutException

Are you getting the below error when sening data to IoT Core using the "AWSIoTPythonSDK." ?

Here is my error :

  File "/usr/local/lib/python3.6/site-packages/AWSIoTPythonSDK/MQTTLib.py", line 520, in connect
    return self._mqtt_core.connect(keepAliveIntervalSecond)
  File "/usr/local/lib/python3.6/site-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 199, in connect
    raise connectTimeoutException()
AWSIoTPythonSDK.exception.AWSIoTExceptions.connectTimeoutException

The below can be reason for  this issue

1- You have not defined policy to allow the sending message to the IoT Core topic. If that is the case create a policy for the "Thing"

You need to define

  Publish/Subscribe policy 

Connect and Publish Policy

 

If the policies are defined than check the active version of policy, In my case old policy was active

 

2- Make the latest one active  

 Check this  under your "Thing" policy settings:

 

 

 Hopefully one of it works. Leave comment if it does help

Thanks

 

Temporary IAM credential for non AWS deployed application/ service - IAM Roles Anywhere

 Tired of managing long term IAM credential for connecting to AWS service from external application? Challenged with managing client ID and secret? Your security team not comfortable  you managing an credential for critical features?

 

Wait no more. 

Check out the new feature IAM roles anywhere which i have been missing all these years as managing long term IAM credential has always been an hassle and not secure.

https://aws.amazon.com/blogs/security/extend-aws-iam-roles-to-workloads-outside-of-aws-with-iam-roles-anywhere/

AWS Amplify : Failed to pull sandbox app, reason: unable to get local issuer certificate

Here is the scenario: 

You are trying to pull Sandbox app from Amplify and complete data model using the command:

amplify pull --sandboxId "AppGUID."

and you get the error message :

"Failed to pull sandbox app: request to https://production.us-east-1.appstate.amplifyapp.com/AppState/"AppGUID" failed, reason: unable to get local issuer certificate"

The solution which generally works:

Log off company VPN if you are connecting to your organization's VPN. You will find this solution when you google the error. Well, problem solved, RIGHT?  

It worked for me, and I was able to pull the application to local with the complete data model.

Curious and Open Question  :

But the question is why it even happened ????? Please read if you are curious and not just looking for an easy solution without knowing the actual cause. 

Rationale:

I performed a few tests using OpenSSL to understand the complete communication between client and server. One of the simpler commands you can use is the -connect command:

openssl s_client -connect production.us-east-1.appstate.amplifyapp.com:443 

After reading the article below, I learned that the proxy servers don't perform automatic checks for certificate chaining like browsers do by using the AIA (Authority Information Access) field in the certificate. 

refer to this article for intermediate certificate :https://blogs.cisco.com/security/where-is-my-intermediate-tls-certificate

The leading cause seems to missing intermediate certificates in the proxy server, hence the error "unable to get local issuer certificate." In the case of proxy servers, one solution is to import the missing certificates to the device certificate store to get it working.

Hope this explains the root cause of the issue, which is generic and not specific to only this scenario.