RainMaker Generic issues

Why doesn't Claiming work with our deployment?

Here are the primary reasons why claiming is not available:

• Self Claiming requires a separate authentication service with information of secret keys programmed in the efuse of all Espressif series chips during chip manufacturing. Replicating the service in private instances isn't straightforward.
• Host driven or assisted claiming gives admin rights to the user claiming the node, which is undesirable in commercial deployments.

In the private instance, instead of claiming (which happens in the field), the credentials will be pre-flashed on the modules and the public certificates will be registered with the cloud backend service using the RainMaker Admin CLI. There are multiple options for generating and flashing the credentials.

1. Buy pre-provisioned modules from Espressif and register the certificates' file with the admin CLI.
2. Use the admin CLI to generate the unique binaries and register the certificates. Flash the binaries on the modules one by one using esptool or multiple at once using a programmer jig.

Please get in touch with your Espressif Sales contact for more information on this.

Where do I find the Client ID and Callback URLs for Alexa and GVA?

If you have not configured Cognito callback URLs, please configure with the steps given here: Configure Cognito Callback URL.

1. Log in to the RainMaker dashboard using Superadmin credentials.

2. From the left-hand menu, select Deployment Settings.

   

3. Open the Cognito Configurations tab.

   

4. Note down the Client ID for the following clients:

• esp-rainmaker-alexa-skill

• esp-rainmaker-google-action

  

Where can I find the Client ID and callback URLs for Third-party Integrations and mobile apps?

The Client ID and callback URLs are required for configuring mobile apps and enabling third-party login.

If you have not configured Cognito callback URLs, please follow these steps: Configure Cognito Callback URL.

For third-party login in Android app, please refer to: Setup Redirect URI.

For third-party login in iOS app, please refer to: Add URL Scheme.

Steps to find callback URLs in the RainMaker dashboard:

1. Log in to the RainMaker dashboard using Superadmin credentials.

2. From the left-hand menu, select Deployment Settings.

   

3. Open the Cognito Configurations tab.

   

4. In the Cognito App Client Configurations section, you will find the Client ID and callback URLs assigned to each app client.

Standard RainMaker

Check the client with the name rainmaker-user-email-mobile-pool-client.

OAuth-only RainMaker:

Check the client with the name rainmaker-client.

Where can I find the custom message template in Cognito?

The configured custom message template is available in the AWS Cognito Console. Follow these steps to locate it:

1. Log in to AWS console.

2. In the AWS console, search for Cognito Service (AWS Console > Service > Cognito).

   

3. Click Manage User Pools.

   

4. Search for rainmaker-user-email-mobile-pool and select it.

   

5. Click Messaging option and scroll down to Message templates.

   

6. The message customization page displays details about the configured custom message, including: SES region, FROM email address ARN, Email subject, Email message, etc.

   

   

When linking my Amazon Alexa account with my RainMaker account via the RainMaker mobile app, why do I need to log in again using the hosted UI?

During the account linking process, RainMaker needs to obtain an authentication code from AWS Cognito.

To retrieve the Auth code, you must log in again using the hosted UI.

When unlinking my Alexa account and trying to link the skill with a different account, the hosted UI automatically logs in using cached browser data. How can I switch accounts?

To log in with a different account on the hosted UI, follow these steps:

For iOS:

• Open iPhone Settings
• Go to Safari
• Go to Advanced
• Go to Website Data
• Search for the domain name of the OAuth URL (e.g. auth.rainmaker.espressif.com)
• Swipe right and press Delete

For Android:

• Open the Chrome browser app (the browser app which you are using)
• Click the options menu (three-dot icon)
• Go to History
• Click Clear browsing data
• Click Clear data

After clearing the browsing data, the next time you go through the account linking process, the hosted UI login screen will appear, allowing you to sign in with a different account.

I haven't started using Rainmaker yet, but I'm receiving emails from AWS stating that my free tier limit has been exceeded for certain services like SQS. What should I do?

RainMaker uses AWS SQS queues and Lambda functions to process messages. Lambda periodically checks for new messages in the queue. Since you haven't started using the system yet, there are no messages in the queue. However, Lambda polling still triggers empty message retrievals, which AWS counts as ReceiveMessage requests, even if no messages are returned. These empty receives are billed according to Amazon SQS pricing, regardless of whether actual messages are sent or received.

Once you begin using RainMaker, these empty message retrievals will naturally decrease.

For more details, refer to AWS Knowledge Center: https://aws.amazon.com/premiumsupport/knowledge-center/sqs-high-charges/.

The RainMaker support team from Espressif has requested read-only access to the AWS console. How do I create an IAM user with read-only access to all resources?

AWS Identity and Access Management (IAM) allows you to securely managing access to AWS services and resources. To create an IAM user with read-only access, follow these steps:

1. Log in to AWS Console and search for IAM in the search bar.

2. In the IAM dashboard from the left-hand menu, navigate to Users and click Add User.

3. Enter a user name and select the AWS Management Console access checkbox, as the user needs console access. Click Next: Permissions.

4. On the Permissions page, select Attach existing policies directly and search for ReadOnlyAccess. Locate the ReadOnlyAccess policy and enable it by checking the box. Click Next: Tags.

   

5. You can skip the Tags page and proceed by clicking Next: Review.

6. Review the user details to ensure they are correct, then click Create User.

7. Once the user is created, you will have access to their credentials. Click Download .CSV to save the credentials securely. Keep in mind that the Secret Access Key and Password cannot be recovered if lost. You would need to reset the account in such a scenario.

8. Finally, share the user's credentials along with the URL provided under Users with AWS Management Console access can sign-in at link.

How to change the RainMaker Superadmin email ID?

It is not recommended to use a personal email ID for the Superadmin user. Instead, please use a generic email ID. Access to this email should be restricted to a small group of authorized personnel, as the Superadmin has the highest level of privileges in the RainMaker deployment.
e.g. service@<company_domain_name>

To change the RainMaker Superadmin email, you need to use the change_super_admin swagger API via postman.

Steps to change the Superadmin email ID:

1. Log in to RainMaker using the current Superadmin credentials in Postman.

   

2. Create a new API request in Postman:

   PUT - {{url}}/v1/admin/change_super_admin

   Header -

   Key	Value
   Authorization	{{access_token}}

   Body -

     {
   
         "new_super_admin": "user@domain.com"
   
     }

   

3. Verify the Superadmin email change request:

   • Once the request is initiated, both the current and the new Superadmin will receive a verification code via email.
   • Enter and confirm the verification codes to complete the change request.
     

   You can use the same API to confirm the change request.

   

How to check if a CloudWatch log group exists?

1. Log in to your AWS console and search for CloudWatch.

2. Go to the Amazon CloudWatch service > Log groups.

3. Enter the log group name to be searched for.

   

4. The log group will show up if it exists.

How to create a CloudWatch log group?

1. Log in to your AWS console and search for CloudWatch.

2. Go to the Amazon CloudWatch service > Log groups.

3. Click Create log group.

   

4. The log group is now successfully created.

End-users are receiving emails from no-reply@verificationemail.com despite configuring a verified SES mail ID. How can this issue be resolved?

Here are the steps to correctly configure the SES email provider for your Cognito user pool:

1. Access Amazon Cognito.

   • Open Amazon Cognito in the AWS console.
   • Select your user pool (e.g., rainmaker-user-email-mobile-pool).
   • Click Messaging in the menu list.

   

2. Check Email provider settings.

   • In the Email provider section, review the current configuration and the email address used to send emails.
   • Ensure that Send email with Amazon SES is selected as the email provider.

3. Configure the SES Email Address.

   • Select an email address from the verified list in Amazon SES.
   • Click Save Changes to apply the new configuration.

   

By completing these steps, emails should be sent from the specified SES email address instead of the default no-reply@verificationemail.com.

End-users do not receiving sign-up/login OTP on phone after the rainmaker upgrade. How can this issue be resolved?

You need to verify the below setting if your end-users registered using mobile numbers.

1. Check Sign-up experience settings.

   • Open Amazon Cognito in the AWS Console.
   • Select your user pool (e.g., rainmaker-user-email-mobile-pool).
   • Click Sign-up experience from the menu.

2. Ensure that the following settings are properly configured:

   

3. Verify Messaging Preferences

   • Check if the Send SMS message if phone number is available, otherwise send email message option is enabled under Messaging settings.
   • If it is incorrectly set, update it accordingly.
   • Click Save Changes to apply the updates.

   

Where can I find the Authentication URL?

Standard RainMaker vs OAuth-only RainMaker

Standard RainMaker:

The Authentication URL is required for third-party sign-in and Alexa app-to-app account linking. To generate the Authentication URL, you must configure the Cognito domain.

If you have not configured the Cognito Domain, please follow these steps: Configure Cognito Domain.

You can get the configured domain name from RainMaker Dashboard with the following steps below:

• Login to RainMaker Dashboard with superadmin credentials.

• Go to Deployment Settings tab

• Go to Identity Configurations tab.

• You will be able to see your Cognito Domain name.

reminder

The Authentication URL is your Cognito Domain Prefix with /oauth2 appended at the end.
Please note that the domain URL is a complete HTTPS URL, not just your domain name.

Authentication URL := https://<your_company_domain_name>.auth.<aws_region>.amazoncognito.com/OAuth2

---

OAuth-only RainMaker:

1. Obtain the HTTP Base URL by following these steps

2. Retrieve the ProviderName that you configured here.

Authentication URL := {HTTP API Endpoint}/authorize?identity_provider=ProviderName (Note: Just one identity provider supported for now.)

Where to check the current rainmaker backend & frontend version?

To check the RainMaker backend version follow the below steps.

1. Login to RainMaker Dashboard using superadmin credentials.
2. CLick on Deployment Settings option.
3. Select Deployment Details option.
4. Here you can see the current rainmaker backend version.

You can check the RainMaker frontend version at the bottom of the RainMaker Dashborad.