Greengrass v2 gateway management alerts not forwarding to AWS IoT Core cloud endpoints

IOT AWS IoT
, , , , , , , ,
1

We have edge gateways running Greengrass v2 that generate local alerts for device connectivity issues and sensor failures. These alerts are published to local MQTT topics, but they’re not being forwarded to AWS IoT Core for centralized monitoring.

Greengrass subscription configuration:

{
  "source": "component/AlertManager",
  "subject": "local/alerts/#",
  "target": "cloud"
}

The AlertManager component is publishing messages to local/alerts/connectivity and local/alerts/sensors, and I can verify these messages exist locally using the Greengrass CLI. However, when I subscribe to these topics in the AWS IoT Core test client, nothing appears. The gateway shows as connected in IoT Core, and other telemetry data is flowing correctly to the cloud. I suspect either the MQTT bridge configuration has an issue or the IAM publish permissions aren’t set up properly for alert topics. Has anyone successfully configured Greengrass subscription setup to forward local alerts to AWS IoT Core?

2

I found part of the problem. The token exchange role has iot:Publish but only for topics starting with telemetry/*. Our alerts use local/alerts/* which isn’t covered. I’m going to update the IAM policy to include a broader topic pattern. But I’m still confused about the MQTT bridge configuration-where exactly in nucleus config do I verify the topic routing?

3

Check your Greengrass token exchange role. Even though the gateway is connected, the role might not have iot:Publish permission for the specific topic pattern you’re using. The subscription looks correct, but if the IAM role doesn’t explicitly allow publishing to local/alerts/# or a broader pattern, the messages will be dropped silently at the cloud bridge.

4

The nucleus component doesn’t have explicit topic routing configuration in v2 like v1 had. Instead, the subscriptions you define (like the one in your original post) control what gets bridged. However, there’s a gotcha: the subscription source must match exactly how your component is publishing. If AlertManager publishes to local/alerts/connectivity but your subscription source is component/AlertManager, Greengrass won’t match them. Try changing source to match the actual publish topic pattern.