AWS boto3 code unable to connect to IoT endpoint

Question

I am trying to send a 'hello world' message to an AWS IoT endpoint. The Amazon documentation at

https://docs.aws.amazon.com/panorama/latest/dev/applications-awssdk.html

has this simple code sample:

import boto3
iot_client=boto3.client('iot-data')
topic = "panorama/panorama_my-appliance_Thing_a01e373b"
iot_client.publish(topic=topic, payload="my message")

This code works fine when I put it inside a Lambda function.

But When I try to run this code on my PC in a stand-alone Python application, I get the error message:

certificate verify failed: unable to get local issuer certificate (_ssl.c:1125)

I do have an .aws/credentials file with entries like

[default]
aws_access_key_id = xxxxxxxxxx
aws_secret_access_key = xxxxxxxxxx

I checked the endpoint is correct:

 aws iot describe-endpoint

command returns a valid -ats end point like:

"endpointAddress": "xxxxxxx-ats.iot.us-east-2.amazonaws.com"

If I specify this end point while creating the client:

iot_client=boto3.client('iot-data', 
                        region_name='us-east-2',
                        endpoint_url=xxxxxxx-ats.iot.us-east-2.amazonaws.com)

I get the error:

ValueError: Invalid endpoint: xxxxxx-ats.iot.us-east-2.amazonaws.com

What am I missing? Do I need to download any certificate files? If so, this code does not seem to use any certificates. The same setup is working with S3 or DynamoDB:

s3 = boto3.resource('s3')

and

dynamodb = boto3.resource('dynamodb')

are working fine on my PC.

Answer 1

I had this same issue and adding https:// fixed it for me.

iot_client=boto3.client('iot-data', 
                       region_name='us-east-2',
                       endpoint_url=https://xxxxxxx-ats.iot.us-east-2.amazonaws.com)