Reputation: 1
Connecting to Amazon MQTT Broker with SSL
I am trying to publish/subscribe to AWS IoT MQTT broker from a client that does not support SigV4 or Client Certificates, it just has SSL with username and password. From what I can tell this won't be possible, so what is the best way to integrate this client?
Currently the client is publishing to a CloudMQTT broker which is working nicely, but I want to integrate Amazon Echo/Alexa into the solution to allow voice control so I need some way to connect it instead to the AWS IoT MQTT broker where I have Alexa publishing data (using Lambda and IoT Device Shadows).
What is the best approach, because as far as I can tell I can't connect the client to AWS MQTT using SSL, it insists on certificates. Should I try and bridge cloudMQTT to AWS MQTT? Or is there some way I could get the Echo to publish to a different MQTT broker than Amazons?
Upvotes: 0
Views: 1079
Answers (1)
Reputation: 1
Bridging the brokers is one possible solution as described at
https://aws.amazon.com/blogs/iot/how-to-bridge-mosquitto-mqtt-broker-to-aws-iot/
This did turn out to be quite a complicated process though. I bridged using a local mosquitto install, and it failed to connect with 'unknown error'. Having done some searching online it looks like this problem has just appeared in the latest release of mosquitto. Instead I tried bridging with a mosquitto broker running on an AWS Linux EC2 instance and I was successful in bridging using this.
The better solution I came up with is to modify my Lambda function to publish directly to the MQTT broker I was already using. To do this you need to include the node.js module 'mqtt.js' (or a similar library), which is not in the aws-sdk and so does require a bit of reading to figure out how to do it. I have just been using the AWS Lambda web interface inline editor to write code up till now, which unfortunately doesn't allow you to include external libraries. Instead you need to create your own deployment package.
Below are two useful links which help you get started with making your own deployment package, but they are missing a couple of crucial bits of info I have mentioned below:
https://aws.amazon.com/blogs/compute/nodejs-packages-in-lambda/
http://docs.aws.amazon.com/lambda/latest/dg/nodejs-create-deployment-pkg.html
You will need to write the code in a file on your hard drive, then use npm-install from the command line to put the required dependencies into the folder your code is in. You then need to zip the whole lot so that there is no top level folder containing it all. That is to say your code needs to be in the root of the zip, not in a folder in the root of the zip (which is what you get if you right click your code containing folder and send to zip).
What is also not mentioned is that if you are moving from working in the online editor you need to include a couple of lines at the top of your JavaScript so that paths resolve correctly. You need to add the following:
var child_process = require('child_process');
var path = require('path');
You can then upload this code in the lambda function web editor and build your function as normal. Unfortunately you can no longer use the inline web editor, so you need to re-zip and upload again to make changes.
Upvotes: 0
Related Questions
- “SSL: CERTIFICATE_VERIFY_FAILED” Error when publish MQTT, AWS IoT
- MQTT publishing to AWS IoT Core
- Connect to AWS MQTT broker using openssl intermediate certificate
- Can't connect to broker over SSL
- Use cognito login instead of certificates to authenticate and subscribe to aws IoT MQTT topics?
- How to call a SSL secured REST service within AWS Lambda
- SSML support in AWS Alexa V2
- How to turn an AWS lambda function into an own https endpoint?
- AWS IoT Mosquitto Certificate Error
- Socket error while connecting a bridge between aws iot and local mqtt broker