Controlled publish period


#1

Hi there,

I’m trying to connect to the Amazon AWS platform with my ESP32 devkitC. So what I did was creating a “thing” in the AWS console (not within the command line interface), created the policy as shown in the instruction video, generated the certificates and linked and activated them, renamed them to private.pem.key and certificate.pem.crt. Also I entered the right cert_arn, endpoint, mqttid, policy_name and thingname in thing.conf.json.

But my thing (DevkitC ESP32) isn’t able to establish a connection to the AWS cloud… all I see in the serial console is: “connecting to mqtt broker…”, no messages are being published.

What can be wrong?


Thing.mqtt.connect() is generating exception - IOError at line 393 of mqtt.mqtt.connect
#2

Do I need to do something with CA certificates? Not necessary right?

If I create the certifiates via the CLI I get the same result as decribed before. I followed these instructions: https://www.youtube.com/watch?v=IZzZF3DGWkY

Please help


#3

Hi Marcel,

the CA is automatically handled by the library, what policy are you using? It is attached to your certificate?


#4

Hi LorenzoR,

I’m using this policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
      "iot:Publish",
      "iot:Subscribe",
      "iot:Connect",
      "iot:Receive",
      "iot:GetThingShadow",
      "iot:UpdateThingShadow"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

The policy is attached to the certificate as well the thing is attached to the certificate.


#5

I followed all of the steps described here: https://docs.zerynth.com/latest/official/core.zerynth.toolchain/docs/official_core.zerynth.toolchain_aws_awscmd.html

  • Installed AWS cli
  • configured AWS cli, also with IAM user
  • I’m able to add-things
  • created a policy as described above
  • attached the policy and thing to the certificate
  • filled in the endpoint and all information needed in thing.conf.json
  • entered my Wi-Fi settings

I don’t understand why it doesn’t work.


#6

Hello Marcel,

it’s really strange, we currently use the ESP32 connected to AWS in several projects running with the latest VM updates.

One thing that I would try is to connect with that configuration (endpoint, certificate, private key) using a desktop client or a desktop Python script to achieve a running starting point and being sure of prepared configuration.

Let me know


#7

Hi, thanks for your support!

Please have a look at my MQTT-SPY:

This just works fine?

With “with the latest VM updates” you mean “patch 01”?


#8

Hi Marcel,

could you try to use the legacy certificate as CA certificate file? This is the default one used by the Zerynth AWS IoT library, it has always worked for us, but maybe it is not valid for some endpoints.

If this CA does not work with MQTT-SPY you could try to pass AmazonRootCA1.pem to the Zerynth AWS IoT MQTT Client like this:

amazon_root_ca1 = '''-----BEGIN CERTIFICATE-----
MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
rqXRfboQnoZsG4q5WTP468SQvvG5
-----END CERTIFICATE-----
\x00'''

# ...
thing = iot.Thing(thing_conf['endpoint'], thing_conf['mqttid'], clicert, pkey, thingname=thing_conf['thingname'], cacert=amazon_root_ca1)
# ...

Yes, I mean r2.1.2p01 :slight_smile:


#9

Hi,

The legacy certificate as in your first proposal works! Thanks for sorting this out. :grinning:

BR


#10

One additional question: is it also possible to subscribe to a topic instead of only publishing messages?


#11

Hi @Marcel,

of course it is possible to subscribe to topics :slight_smile:
The thing.mqtt variable represents a full mqtt client, take a look at our doc for available methods.