MQTT-Explorer icon indicating copy to clipboard operation
MQTT-Explorer copied to clipboard

Published 20 hours ago verified publisher icon thomasnordquist

AWS iot core + custom authorizer

Open dhaveman opened this issue 2 years ago • 6 comments

Is there any way to use this to connect via the custom authorizer lambda function you can setup? when i put in the details, i only ever get "disconnected from server" and the lambda authorizer logs are empty :(

  • I'm using the "-ats.iot.us-east-2.amazonaws.com" version of the end point, i've tried it without hte -ats as well..
  • port 8883 ( and tried 443 )
  • attempting to use username/password with the x-amz-customauthorizer-name attribute as well, but not sure where to put it ( from here
  • removed all the default subscriptions.
  • have used the aws iot test-invoke-authorizer and have gotten Postman to work with the authorizer.

Thanks!

dhaveman avatar Sep 14 '22 05:09 dhaveman

You are mixing apples and oranges. You need to use the AWS message broker on AWS IoT Core with MQTT. You cant go through API Gateway like you can with postman via HTTP.

You need your AWS IoT endpoint and your three AWS security certificates to connect. Port 8883 is correct. From IoT Core you can send your IoT payload to Lambda through a Rule/Action.

Sent from my iPhone

On Sep 13, 2022, at 10:51 PM, Dave @.***> wrote:

 Is there any way to use this to connect via the custom authorizer lambda function you can setup? when i put in the details, i only ever get "disconnected from server" and the lambda authorizer logs are empty :(

I'm using the "-ats.iot.us-east-2.amazonaws.com" version of the end point, i've tried it without hte -ats as well.. port 8883 ( and tried 443 ) attempting to use username/password with the x-amz-customauthorizer-name attribute as well, but not sure where to put it ( from here removed all the default subscriptions. have used the aws iot test-invoke-authorizer and have gotten Postman to work with the authorizer. Thanks!

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

sborsay avatar Sep 14 '22 15:09 sborsay

Also in Azure IoT you would use a username and Password to connect. For AWS you do not, you use your three certificates instead

Sent from my iPhone

On Sep 14, 2022, at 8:49 AM, Steve B @.***> wrote:

You are mixing apples and oranges. You need to use the AWS message broker on AWS IoT Core with MQTT. You cant go through API Gateway like you can with postman via HTTP.

You need your AWS IoT endpoint and your three AWS security certificates to connect. Port 8883 is correct. From IoT Core you can send your IoT payload to Lambda through a Rule/Action.

Sent from my iPhone

On Sep 13, 2022, at 10:51 PM, Dave @.***> wrote:

 Is there any way to use this to connect via the custom authorizer lambda function you can setup? when i put in the details, i only ever get "disconnected from server" and the lambda authorizer logs are empty :(

I'm using the "-ats.iot.us-east-2.amazonaws.com" version of the end point, i've tried it without hte -ats as well.. port 8883 ( and tried 443 ) attempting to use username/password with the x-amz-customauthorizer-name attribute as well, but not sure where to put it ( from here removed all the default subscriptions. have used the aws iot test-invoke-authorizer and have gotten Postman to work with the authorizer. Thanks!

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

sborsay avatar Sep 14 '22 15:09 sborsay

is the -ats.iot.us-east-2.amazonaws.com endpoint from API Gateway? I got that from running aws iot describe-endpoint.

You need your AWS IoT endpoint and your three AWS security certificates to connect. Port 8883 is correct. From IoT Core you can send your IoT payload to Lambda through a Rule/Action.

AWS IoT Core supports authorizers natively now: image This is a screenshot from the address: /iot/home?region=us-east-2#/create/authorizer

dhaveman avatar Sep 14 '22 16:09 dhaveman

aws iot describe-endpoint

Provides an IoT endpoint for AWS IoT Core. Use the ‘#’ topic on the ‘MQTT test client’ to view the incoming payload from MQTT explorer

Sent from my iPhone

On Sep 14, 2022, at 9:04 AM, Dave @.***> wrote:

aws iot describe-endpoint

sborsay avatar Sep 14 '22 16:09 sborsay

If i attempt to listen to that topic on the AWS console i just get the red banner reading: "An error occurred when subscribing to *: Connection closed"

dhaveman avatar Sep 14 '22 16:09 dhaveman

There are two options:

  • Add ALPN setting support so we can use MQTT protocol on port 443
  • Add support for secure websocket wss://

When connection, you can simply use username?x-amz-customauthorizer-name=my-authorizer-name . Other then that you need to enable encryption and the amazon root (CA) certificate

Both options are still not supported in mqtt explorer.. We are unable to select secure websocket and we are unable to set ALPN settings. Is there any track on when this will be added?

jancoow avatar May 16 '24 12:05 jancoow