- Create a Cloud9 environment (any region but eu-south-1).
- Platform:
Ubuntu Server 18.04 LTS
. - Leave everything else as default.
sudo apt-add-repository ppa:mosquitto-dev/mosquitto-ppa
sudo apt-get update
sudo apt-get install mosquitto-clients
We will be running a few CLI commands and jq helps to parse the response from them.
sudo apt-get install jq
aws iot create-keys-and-certificate --set-as-active \
--public-key-outfile public.key \
--private-key-outfile private.key \
--certificate-pem-outfile certificate.pem > /tmp/create_cert_and_keys_response
If you want to look at the output from the previous command:
cat /tmp/create_cert_and_keys_response
Saved values from the previous call in env var:
CERTIFICATE_ARN=$(jq -r ".certificateArn" /tmp/create_cert_and_keys_response)
CERTIFICATE_ID=$(jq -r ".certificateId" /tmp/create_cert_and_keys_response)
echo $CERTIFICATE_ARN
echo $CERTIFICATE_ID
POLICY_NAME=policy
aws iot create-policy --policy-name $POLICY_NAME \
--policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action": "iot:*","Resource":"*"}]}'
Note that for testing purposes we are allowing everything.
aws iot attach-policy --policy-name $POLICY_NAME \
--target $CERTIFICATE_ARN
aws iot describe-endpoint --endpoint-type iot:Data-ATS > /tmp/describe_endpoint_response
IOT_ENDPOINT=$(jq -r ".endpointAddress" /tmp/describe_endpoint_response)
echo $IOT_ENDPOINT
We will be using this endpoint to connect to AWS IoT.
wget https://www.amazontrust.com/repository/AmazonRootCA1.pem
mosquitto_sub \
--cafile AmazonRootCA1.pem \
--cert certificate.pem \
--key private.key \
-h $IOT_ENDPOINT -p 8883 \
-q 0 -t iot/training -i sub --tls-version tlsv1.2 -d
IOT_ENDPOINT=$(jq -r ".endpointAddress" /tmp/describe_endpoint_response)
mosquitto_pub \
--cafile AmazonRootCA1.pem \
--cert certificate.pem \
--key private.key \
-h $IOT_ENDPOINT -p 8883 \
-q 0 -t iot/training -i pub --tls-version tlsv1.2 \
-m "{\"date\": \"$(date)\"}" -d
What happens if you publish with QoS 1 or QoS 2?
- Change the flag "-q 1"
- Change the flag "-q 2"
Publish on 443? Yes with ALPN:
- Change the flag "-p 443" and add the flag "--tls-alpn x-amzn-mqtt-ca"
Publish with HTTP, TLS mutual auth and port 8443:
curl --tlsv1.2 \
--cacert AmazonRootCA1.pem \
--cert certificate.pem \
--key private.key \
--request POST \
--data "{\"date\": \"$(date)\"}" \
"https://${IOT_ENDPOINT}:8443/topics/iot/training?qos=0" \
; echo