Implementation of a middleware to use AWS MQTT service through websockets. Aiming the esp8266 platform
- 1.3.0 - update lib and pubsubclient example to use the newest versions of arduino/esp (2.7.3), arduinoWebSocket (2.2.0) and pubsubclient (2.8.0) - now you need to use a certificate to connect to AWS - you can use the certificate alternatives in the pubsubclient example that should be valid up to 2036/2037
- 1.2.0 - using pubsubclient there isn't the "many reconnection issue" (see pubsubclient example to migrate from paho) - get time from pool.ntp.org - tested with arduinoWebSockets v.2.1.0, arduino/esp sdk 2.4.1 and pubsubclient version v2.6.0
- 1.1.0 - can use AWS STS temporary credentials - change some dynamic to static memory allocation to avoid memory fragmentation
- 1.0.1 - works with arduinoWebSockets v.2.0.5 and arduino/esp sdk 2.3.0
- 1.0.alpha - stable - works with arduinoWebSockets v.2.0.2 and arduino/esp sdk 2.1.0
- 0.3 - own impl of circular buffer
- 0.2 - auto reconnection
- 0.1 - has known limitation and it was not extensively tested
As we cannot use AWS MQTT service directly because of the lack of support for TLS 1.2*, we need to use the websocket communication as a transport layer for MQTT through SSL (supported by esp8266)
This way we can change the state of your esp8266 devices in realtime, without using the AWS Restful API and busy-waiting inefficient approach.
- now you can use TLS 1.2 and use the certificates generated by amazon. Here is it an example https://github.com/copercini/esp8266-aws_iot if you wanna try
if you fell like thank me, you can buy me a coffe (or a beer) https://www.buymeacoffee.com/odelot cheers!
Library | Link | Use |
---|---|---|
aws-sdk-arduino | https://github.com/odelot/aws-sdk-arduino | aws signing functions |
arduinoWebSockets | https://github.com/Links2004/arduinoWebSockets | websocket comm impl |
Works with these MQTT clients - Use one or another - see examples
Library | Link | Use |
---|---|---|
PubSubClient (recommended) | https://github.com/knolleary/pubsubclient | mqtt comm impl |
Paho MQTT for Arduino | https://projects.eclipse.org/projects/technology.paho/downloads | mqtt comm impl |
- Configure your arduino ide to compile and upload programs to ESP8266 (Arduino core for ESP8266 - details https://github.com/esp8266/Arduino )**
- Install all the dependencies as Arduino Libraries
- Install aws-mqtt-websockets as Arduino Library as well
- Configure the example file with your AWS credencials and endpoints (remember to grant iot permissions for your user)
- Compile, upload and run!
** The library was tested with 2.7.3 version of Arduino core for ESP8266
It is transparent. It is the same as the usage of Paho. There is just some changes in the connection step. See the example for details. Things you should edit in the example:
- ssid and password to connect to wifi
- domain/endpoint for your aws iot service
- region of your aws iot service
- aws user key **
- aws user secret key
** It is a good practice creating a new user (and grant just iot services permission). Avoid use the key/secret key of your main aws console user
//AWS IOT config, change these:
char wifi_ssid[] = "your-ssid";
char wifi_password[] = "your-password";
char aws_endpoint[] = "your-endpoint.iot.eu-west-1.amazonaws.com";
char aws_key[] = "your-iam-key";
char aws_secret[] = "your-iam-secret-key";
char aws_region[] = "eu-west-1";
const char* aws_topic = "$aws/things/your-device/shadow/update";
int port = 443;
//MQTT config
const int maxMQTTpackageSize = 128;
const int maxMQTTMessageHandlers = 1;
- Go to https://console.aws.amazon.com/
- Then click IAM
- Then click policy. find your policy or create a new policy
- set service to IOT
- set action to iot:*
- set resouce to all resources
To avoid having a long term credential hardcoded in our device, you can create temporary credentials that will last up to 36 hours using the AWS STS service (learn more here http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html).
Using STS you will get a AWS key, AWS secret and AWS token. To inform the AWS token, use the following method
//it is just an example. As the credential last up to 36 hours, you will need to get temporary credential every 36 hours
//you won't use it hard coded
char token[] = 'FQoDYXdzEHgaDN7ZQSxqszH+LgBTXCKsAeU5dsW/g3BK01wyYoBk0vnCfz+D19w2kslSC5drDXyN9Nxx14WcgrOOWNxHsLRDPkcrYhw6DIkW1Nvv1mKu3i86riq19qhBose7v1XngRLBQwgfU/HnlIzJegNEEGgeMAkX0ErF77WfV2pxCzF6ZMRv7kn+a6yE2LURLg/M8eq3lYoyQcJFq55JfVPVUIpx/avEsjgCR/MvlHXlhtJqviClB3mRlvwBcz4vpq4ogpKnzAU=';
awsWSclient.setAWSToken (token);