MQTT for AWS IoT Core

Summary

AWS IoT Core

Overview

AWS IoT Core is a managed cloud service that enables communication between Internet of Things (IoT) devices and AWS cloud applications or services using the MQTT protocol, HTTPS, and WebSockets. It provides secure, bi-directional message exchange between connected devices and the AWS infrastructure.

System Requirements 

The requirements for a successful configuration of MQTT and Azure are listed below:

• Have an AWS Account - see here.

AWS IoT Core settings

First, register a Thing in AWS IoT Core.
To do this, use an AWS account with all required registration information completed. Access the AWS Management Console and go to Internet of Things > IoT Core.

Expand the Security section and select Policies. Create a new security policy according to your requirements.

For testing purposes, you can create a security policy using * in both the Policy action and Policy resource fields. However, for production use, these fields must be defined more specifically according to application requirements.
Once the policy is properly configured, click Create.

Next, proceed to create the Thing.
To do this, expand the Manage section, then navigate to All Devices > Things.

Create a new Thing.
Select the option to create a single Thing.

Specify the name of the Thing.

Specify the name of the Thing and select Auto-generate a new certificate.

Select the previously created security policy and click Create Thing.
After the Thing is created, download all certificates generated for it.

Creating a .pfx with password

After downloading the certificates for the Thing, use the CertificateConverter.exe utility located in the software installation directory:
"\Program Files (x86)\<Company>\<Product>\Utilities".

This utility converts the certificates generated for the Thing into a single .pfx file with a password.

To perform the conversion, execute CertificateConverter.exe from the command line with the following four parameters:

• /certificate - Path to the downloaded certificate file with the extension -certificate.pem.crt;
• /key - Path to the downloaded private key file with the extension -private.pem.key;
• /rootca - Path to the downloaded Amazon Root CA file, typically named AmazonRootCA1.pem;
• /password - New password to protect the .pfx file that will be generated.

With this setup, open a command prompt in the directory where CertificateConverter.exe is located.
Run a command similar to the following:

CertificateConverter.exe /certificate:"C:\my_folder\3e4...0e4-certificate.pem.crt" /key:"C:\my_folder\3e4...0e4-private.pem.key" /rootca:"C:\my_folder\AmazonRootCA1.pem" /password:"12345"

After executing the command, the .pfx certificate file will be generated in the same folder as the source certificate files, such as C:\my_folder in the example above.

Channels Configuration

Protocol Options

Not used in this driver.

Nodes Configuration

Station Configuration

Station syntax: <URL> ; <Port> ; <ClientID> ; <Username> ; <Password> ; <SslProtocol> ; <DeviceCertificate> ; <CertPassword> ; <PayloadFormat>

Where:

• <URL>: MQTT Broker (Server) name. It must be the domain name of your created 'thing' in AWS IoT Core.
• <Port>: MQTT Broker port. It must be the same port configured in the Broker to be listening. Default value is 8883.
• <ClientID>: Client ID used as the root identifier in MQTT topic structures.
• <Username>: If applicable, is the username defined on MQTT Broker. This field is typically not required when using a .pfx certificate with a password.
• <Password>: Password defined on MQTT Broker. This field is typically not required when using a .pfx certificate with a password.
• <SslProtocols>: AWS IoT Core uses Transport Layer Security (TLS) to secure connections from IoT devices. The supported version for secure MQTT communication is TLS 1.2. This is the recommended and commonly used version when connecting to AWS IoT Core.
• <DeviceCertificate>: Path of .pfx certificate created with CertificateConverter.exe.
• <CertPassword>: Password created in certicate convert step with CertificateConverter.exe.
• <PayloadFormat>: Format of the message sent to the Broker. By default, the payload is set to follow JSON/SparkplugB format.

Station Examples

URL = agehf6lt8nnf1v-ats.iot.us-east-1.amazonaws.com

Port = 8883

Client ID = MQTT_Device

Username = <Blank>

Password = <Blank>

Ssl Protocol = Tls12

Device Certificate = < Certificate path (.pfx) >

Certificate Password = < Password of Certificate path >

Payload Format = JSON/SparkplugB

Points Configuration

The MQTT for AWS IoT Core protocol supports Subcribe and Publish to AWS Topics.

Address

 The Address syntax is: [Payload] : <Group> ; <Node> ; <Device>

 Where:

• [Payload]  = A fixed parameter that assists the user in understanding that the address configuration (Group ID, Edge Node ID and Device ID) are the user-defined parameters in the Payload structure (similar to MQTT + SparkplugB protocol).
• <Group>: Provides a logical grouping of Edge Nodes.
• <Node>: Identifies ID of Edge Node.
• <Device>: Identifies ID of Device from Edge Node. This field can be empty when accessing the main Egde Node.

E.g.: Payload:GroupID;NodeID;DeviceID

Payload:AWSGroup;Factory1;Motor

Assuming the ClientID difined in node PrimaryStation as MyClientID

For this example device, the correct topic of published messages from the platform to AWS is:

MyClientID/AWSGroup/Factory1/Motor/messages

And the AWS topic which will be subscribed by the platform is:

MyClientID/AWSGroup/Factory1/Motor/#

Troubleshoot

This section details some errors you might see in your connection to AWS IoT Core via MQTT protocol and its possible causes.

Driver Revision History