Android - Can no longer connect to AWS IoT Core service after upgrading to 2.44.0

[ndming]

Describe the bug
Can no longer connect to AWS IoT Core service after upgrading from com.amazonaws:aws-android-sdk-mqtt:2.42.0 to com.amazonaws:aws-android-sdk-iot:2.44.0 in android.

To Reproduce
After having obtained the userSession through Cognito login, I create a caching CredentialsProvider:

val logins = HashMap<String, String>()
logins[CognitoConfig.PROVIDER_NAME] = userSession.idToken.jwtToken
val credentialsProvider = CognitoCachingCredentialsProvider(context, CognitoConfig.IDENTITY_POOL_ID, CognitoConfig.IDENTITY_POOL_REGION)
credentialsProvider.logins = logins

In the next step I attach the IoT policy to the identity id of this user in the identity pool. To do this, I first query the identity id as follow:

val getIdRequest = GetIdRequest()
getIdRequest.logins = credentialsProvider.logins
getIdRequest.identityPoolId = CognitoConfig.IDENTITY_POOL_ID
val identityId = AmazonCognitoIdentityClient(credentialsProvider).getId(getIdRequest).identityId

Then I attach the desired IoT policy to this identity id

val attachedPoliciesRequest = AttachPolicyRequest()
attachedPoliciesRequest.policyName = MqttBrokerConfig.DOCTOR_POLICY  // my desired policy, including the Connect permission
attachedPoliciesRequest.target = identityId
AWSIotClient(credentialsProvider).attachPolicy(attachedPoliciesRequest)

When done, I create an AWSIotMqttManager to do the IoT stuff

val clientId = identityId // use the identity id for client id
val mqttManager = AWSIotMqttManager(clientId, endpoint)
mqttManager.connect(credentialsProvider, callback)   // fails constantly, no clear message of any reason

The IoT policy I use for attaching to client's identity id:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:us-east-1:804302811952:client/*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": "arn:aws:iot:us-east-1:804302811952:topic/rpm/sos/RPMSOS????"
    },
    {
      "Effect": "Allow",
      "Action": "iot:GetRetainedMessage",
      "Resource": "arn:aws:iot:us-east-1:804302811952:topic/rpm/sos/RPMSOS????"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:us-east-1:804302811952:topicfilter/rpm/sos/RPMSOS????"
    }
  ]
}

The Cognito Identity pool role has already been attached the AWSIoTConfigAccess and AWSIoTDataAccess policy

The error shown in the debug window in Android Studio

D/AWSIotMqttManager: ready to do mqtt connect
I/AWSIotMqttManager: metrics collection is enabled, username: ?SDK=Android&Version=2.22.6
I/AWSIotMqttManager: resetting reconnect attempt and retry time
D/AWSIotMqttManager: Setting up Callback for MqttClient
D/mqtt: connection: status<Connecting>
W/AWSIotMqttManager: onFailure: connection failed.
D/mqtt: connection: status<Reconnecting>

Which AWS service(s) are affected?
The issue involves AWS Cognito Identity Pool and AWS IoT core

Expected behavior
Prior to upgrading, I was able to make the connection to the AWS IoT service.

Environment Information (please complete the following information):

• AWS Android SDK Version: 2.44.0
• Device: Pixel XL API 31 (emulator) and Samsung J7 Prime (physical device)
• Android Version: O and Pie
• Specific to simulators: Yes

[tonytonchev]

This issue still exists.... why it's closed without a resolution?

[tylerjroach]

@tonytonchev The ticket creator closed this issue 2 days after its creation. I would assume the OP figured out the issue.

[ndming]

Hi, I used this service two years ago for my university coursework. I cannot remember how I solved this problem, nor access credentials to the AWS management console since we signed up to AWS using our university email which has now been erased. The only thing left now is my project's GitHub repo which was not properly documented either.

To my best, I recall facing this issue for several days and debugging it by tweaking the policy. You will have to set the right policy not only for IoT core but also for Cognito authentication if you have it involved. I'd suggest setting the biggest access scope possible and progressively narrowing it down to your needs.