AWS Signature v4 for HTTP request to AWS IoT

Question

I have an IoTs project related to AWS. In my project, my device will transfer raw data to a cloud and then the cloud will send information decrypted in JSON format to AWS IoT. The cloud supports HTTP protocol using a REST API for both uplink/downlink so I think it will work with AWS IoT as the [link]: https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html#http

I wanna send a HTTP request using AWS Sig v4 with the Authentication as the form below:

AWS4-HMAC-SHA256 Credential={1}/{2}/{3}/{4}/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature={5}

However, I don't know how to generate the signature {5}. I can't use scripts to generate because my cloud doesn't support running scripts. It only has some boxes of headers & values which I can leave Authorization etc in it (see the screenshot here https://i.sstatic.net/qaOAr.jpg) Any advice? Thanks in advance,

Answer 1

Access to the AWS IoT message broker via HTTP does not use AWS Sig v4 for authentication. Instead it uses mutual TLS authentication which requires configuring certificates and keys for the authentication to the message broker.

Assuming that your non-AWS cloud provider does not support mutual TLS authentication (or the alternative of MQTT over websockets) then you are left with adding a layer of indirection that sends the JSON to AWS IoT.

One way to do this is to implement a Lambda in AWS that takes your JSON and sends this to the AWS IoT broker. The Lambda would take care of the authentication with AWS IoT. The AWS SDK typically handles this authentication for you.

The Lambda would need to implement authentication that your non-AWS cloud provider supports (e.g. it could use basic authentication).