AWS IOT Struggling with getting thing shodow

Question

I know I'm missing something basic here but I'm really stuck trying to access a thing shadow on AWS IOT's platform.

I'm using the following code to create a new thing:

use Aws\Iot\IotClient;
$thingName = '<string uuid>';
$awsIoTClient = new IotClient([
    'version' => 'latest',
    'region' => <region>,
    'credentials' => [
      'key'    => <aws_access_key>,
      'secret' => <aws_secret_key>,
    ]
]);
$policyName = 'Global_Hub_Policy';
// # !---------------------------
// # !- Implementation
// # !---------------------------
$result = $awsIoTClient->createThing([
    'thingName' => $thingName,
]);
$result = $awsIoTClient->createKeysAndCertificate([
    'setAsActive' => TRUE,
]);
$certArn = $result['certificateArn'];
$certId = $result['certificateId'];

$certPem = $result['certificatePem'];
$privateKey = $result['keyPair']['PrivateKey'];
$awsIoTClient->attachPrincipalPolicy([
        'policyName' => $policyName,
        'principal' => $certArn
]);
$awsIoTClient->attachThingPrincipal([
        'principal' => $certArn,
        'thingName' => $thingName
]);

The above code is successful in creating a thing. I can see the thing created when I run:

$awsIoTClient->listThings();

Then when I try and access the thing's shadow with the following code:

Use Aws\IotDataPlane\IotDataPlaneClient;
$client = new IotDataPlaneClient([
    'version' => 'latest',
    'region' => <region>,
    'credentials' => [
      'key'    => <aws_access_key>,
      'secret' => <aws_secret_key>,
    ]
]);
$result = $client->getThingShadow([
  'thingName' => '<string uuid>', // REQUIRED
]);

I get the following error:

Aws\IotDataPlane\Exception\IotDataPlaneException: Error executing "GetThingShadow" on "https://data.iot.us-east-1.amazonaws.com/things/<string uuid>/shadow"; AWS HTTP error: Client error: 404 ResourceNotFoundException (client): No shadow exists with name: '<string uuid>' - {"message":"No shadow exists with name: '<string uuid>'","traceId":"<traceId>"} in Aws\WrappedHttpHandler->parseError() (line 152 of /<docroot>/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php).

Couple things to note: The user whose access and secret keys are being used to create this thing has the following AWS policies (we're gonna lock these down once we get this working):

- AWSIoTLogging
- AWSIoTConfigAccess
- AWSIoTRuleActions
- AWSIoTConfigReadOnlyAccess
- AWSIoTDataAccess
- AWSIoTFullAccess

Answer 1

Turns out the answer is you need to update the shadow before you can Read it.

$json = json_encode(['state' => ['desired' => ['test_updated' => "date updated " . date('r')]]]);
$result = $client->getThingShadow([
  'thingName' => $thingname,
  'payload' => $json,
]);

After that this will return a Shadow:

$result = $client->getThingShadow([
  'thingName' => '<string uuid>', // REQUIRED
]);