Connecting to AWS with MQTT

General discussions and questions abound development of code with MicroPython that is not hardware specific.
Target audience: MicroPython Users.
sspaman
Posts: 16
Joined: Fri Nov 02, 2018 5:03 pm

Re: Connecting to AWS with MQTT

Post by sspaman » Fri Jan 31, 2020 8:22 pm

Hi Kevin,

No I have not.

kevinkk525
Posts: 969
Joined: Sat Feb 03, 2018 7:02 pm

Re: Connecting to AWS with MQTT

Post by kevinkk525 » Fri Jan 31, 2020 8:24 pm

Might want to try that to be sure the AWS IOT works as expected and doesn't need weird workarounds
Kevin Köck
Micropython Smarthome Firmware (with Home-Assistant integration): https://github.com/kevinkk525/pysmartnode

VicLuna
Posts: 11
Joined: Fri Sep 13, 2019 8:36 pm

Re: Connecting to AWS with MQTT

Post by VicLuna » Fri Apr 10, 2020 11:19 am

Hi

I followed all your instructions and I got a error that no body talks about i.
mbedtls_ssl_handshake error: -10

I post my code and you may find I'm missing something.

.....
certpem=open('/flash/cert').read()
privkey=open('/flash/key').read()
mqtt_server = 'a15azlxdxhvk5o-ats.iot.eu-west-1.amazonaws.com'
......
client = MQTTClient(client_id='esp32vroom', server=mqtt_server, port=8883, keepalive=10000, ssl=True, ssl_params={"key":privkey,"cert":certpem,"server_side":False})

I've checked that policies are ok:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Connect",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Publish",
"Resource": "*"
}
]
}

may you help me?

Thanks

sspaman
Posts: 16
Joined: Fri Nov 02, 2018 5:03 pm

Re: Connecting to AWS with MQTT

Post by sspaman » Fri Apr 10, 2020 3:39 pm

The error looks like it is related to AWS security. Check that your thing is activated on your IoT dashboard and the certs and keys are correct. The code looks like it should work.

VicLuna
Posts: 11
Joined: Fri Sep 13, 2019 8:36 pm

Re: Connecting to AWS with MQTT

Post by VicLuna » Sat Apr 11, 2020 8:43 am

Hi
thanks for your sooner reply.

I checked it with 2 different certifications and the result was the same I got error -10.

but on the other hand, when I used those certification key with other applications and enviroments works fine.
1.- Certification is a windows python SDK that provides AWS, and I executed .\start.ps1 and it works ok, because I see the message at the test console.
2.- Certification is general and I published and subscribed messages using pentaho-kettle, it's a open source platform.

just a simple question :
key = ESPDevice-private.pem.key
cert =ESPDevice-certificate.pem.key
is that correct?

and finally I'm using firmware:

Firmware built with ESP-IDF v3.x, with support for BLE, LAN and PPP:
GENERIC : esp32-idf3-20200411-v1.12-357-g740946736.bin

any clue just to try and unblock this situation?

Thanks

VicLuna
Posts: 11
Joined: Fri Sep 13, 2019 8:36 pm

Re: Connecting to AWS with MQTT

Post by VicLuna » Sat Apr 11, 2020 2:02 pm

I found the error.

I run the posted code with firmware:
esp32-idf3-20200410-v1.12-357-g740946736.bin
esp32-idf3-20200404-v1.12-331-ge97bb58f0.bin

both I got error reported

however with the firmware esp32-idf3-20190529-v1.11.bin works perfectly.

this post help you

Klabauterman
Posts: 1
Joined: Fri May 15, 2020 6:45 pm

Re: Connecting to AWS with MQTT

Post by Klabauterman » Fri May 15, 2020 6:53 pm

GUYS I FOUND THE SOLUTION!

Here are my learings:
In case you get the index out of bounds error message, it means your esp has no wifi connection.

If you get an error message like 'invalid key' (v1.12+) or your esp just reboots on the mqtt connect call (v1.11), you are most likely using the pem key and certificate that you downloaded from aws. I have seen this in so many examples, but IT JUST DOES NOT WORK! At least for me.

The solution (as mentioned earlier) is that you need to convert private key and certificate to a binary DER format like this (command line):

Code: Select all

openssl x509 -in asdf.cert.pem -out asdf.cert.der -outform DER
openssl rsa -in asdf.private.key -out asdf.key.der -outform DER
The rest is the same.

stanely
Posts: 55
Joined: Fri Jan 17, 2020 5:19 am
Location: Ohio, USA

Re: Connecting to AWS with MQTT

Post by stanely » Wed Apr 14, 2021 10:35 pm

Klabauterman wrote:
Fri May 15, 2020 6:53 pm
GUYS I FOUND THE SOLUTION!

Here are my learings:
In case you get the index out of bounds error message, it means your esp has no wifi connection.
...
I get an index out of range error message, but my esp has wifi. I can do urequests and get back the website or API content.

I can't get past the "index out of range" or the "memory allocation" error depending on which version of MicroPython I try. Does this really work on a generic ESP32 without spiram?

It may be something simple I'm doing, but I can't see it. I've used all these pieces of code before, and am able to interact with non-AWS MQTT brokers. But I don't even get to the part where AWS tells me I'm not authorized. My error is always a system error in "simple.py".

The ESP32 doesn't have to use the binary (DER) key/certificate. People say that text versions work fine. I've tried both with same results. I've tried many idf3 and idf4 versions. Is this really working with idf4 V1.14?

AJB2K3
Posts: 44
Joined: Wed Mar 06, 2019 5:20 pm
Location: @nd Star on the Right.
Contact:

Re: Connecting to AWS with MQTT

Post by AJB2K3 » Thu Apr 15, 2021 5:08 am

Hi all,
I have AWS running on my M5Stack Cores in Micropython.
After several weeks of failed connections i found I had not set up IAM and COGNITO profiles as well as the IOT profiles.
Plain text cert and keys are working fine for me.

stanely
Posts: 55
Joined: Fri Jan 17, 2020 5:19 am
Location: Ohio, USA

Re: Connecting to AWS with MQTT

Post by stanely » Thu Apr 15, 2021 11:40 am

Which version of MicroPython are you using? Or are you using the trick MicroPython that comes with their UIFlow? That's actually a very cool system with many interface drivers built in. Have you seen the Core 2 with the integrated touchscreen? They bundle a lot of drivers with it that makes is very easy to use.

In my current project I need to use a HUZZAH32, and looks like it doesn't get far enough to talk to AWS.

Post Reply