Connecting to AWS with MQTT

General discussions and questions abound development of code with MicroPython that is not hardware specific.
Target audience: MicroPython Users.
sspaman
Posts: 16
Joined: Fri Nov 02, 2018 5:03 pm

Re: Connecting to AWS with MQTT

Post by sspaman » Fri Jan 31, 2020 8:22 pm

Hi Kevin,

No I have not.

kevinkk525
Posts: 754
Joined: Sat Feb 03, 2018 7:02 pm

Re: Connecting to AWS with MQTT

Post by kevinkk525 » Fri Jan 31, 2020 8:24 pm

Might want to try that to be sure the AWS IOT works as expected and doesn't need weird workarounds
Kevin Köck
Micropython Smarthome Firmware (with Home-Assistant integration): https://github.com/kevinkk525/pysmartnode

VicLuna
Posts: 8
Joined: Fri Sep 13, 2019 8:36 pm

Re: Connecting to AWS with MQTT

Post by VicLuna » Fri Apr 10, 2020 11:19 am

Hi

I followed all your instructions and I got a error that no body talks about i.
mbedtls_ssl_handshake error: -10

I post my code and you may find I'm missing something.

.....
certpem=open('/flash/cert').read()
privkey=open('/flash/key').read()
mqtt_server = 'a15azlxdxhvk5o-ats.iot.eu-west-1.amazonaws.com'
......
client = MQTTClient(client_id='esp32vroom', server=mqtt_server, port=8883, keepalive=10000, ssl=True, ssl_params={"key":privkey,"cert":certpem,"server_side":False})

I've checked that policies are ok:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Connect",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Publish",
"Resource": "*"
}
]
}

may you help me?

Thanks

sspaman
Posts: 16
Joined: Fri Nov 02, 2018 5:03 pm

Re: Connecting to AWS with MQTT

Post by sspaman » Fri Apr 10, 2020 3:39 pm

The error looks like it is related to AWS security. Check that your thing is activated on your IoT dashboard and the certs and keys are correct. The code looks like it should work.

VicLuna
Posts: 8
Joined: Fri Sep 13, 2019 8:36 pm

Re: Connecting to AWS with MQTT

Post by VicLuna » Sat Apr 11, 2020 8:43 am

Hi
thanks for your sooner reply.

I checked it with 2 different certifications and the result was the same I got error -10.

but on the other hand, when I used those certification key with other applications and enviroments works fine.
1.- Certification is a windows python SDK that provides AWS, and I executed .\start.ps1 and it works ok, because I see the message at the test console.
2.- Certification is general and I published and subscribed messages using pentaho-kettle, it's a open source platform.

just a simple question :
key = ESPDevice-private.pem.key
cert =ESPDevice-certificate.pem.key
is that correct?

and finally I'm using firmware:

Firmware built with ESP-IDF v3.x, with support for BLE, LAN and PPP:
GENERIC : esp32-idf3-20200411-v1.12-357-g740946736.bin

any clue just to try and unblock this situation?

Thanks

VicLuna
Posts: 8
Joined: Fri Sep 13, 2019 8:36 pm

Re: Connecting to AWS with MQTT

Post by VicLuna » Sat Apr 11, 2020 2:02 pm

I found the error.

I run the posted code with firmware:
esp32-idf3-20200410-v1.12-357-g740946736.bin
esp32-idf3-20200404-v1.12-331-ge97bb58f0.bin

both I got error reported

however with the firmware esp32-idf3-20190529-v1.11.bin works perfectly.

this post help you

Klabauterman
Posts: 1
Joined: Fri May 15, 2020 6:45 pm

Re: Connecting to AWS with MQTT

Post by Klabauterman » Fri May 15, 2020 6:53 pm

GUYS I FOUND THE SOLUTION!

Here are my learings:
In case you get the index out of bounds error message, it means your esp has no wifi connection.

If you get an error message like 'invalid key' (v1.12+) or your esp just reboots on the mqtt connect call (v1.11), you are most likely using the pem key and certificate that you downloaded from aws. I have seen this in so many examples, but IT JUST DOES NOT WORK! At least for me.

The solution (as mentioned earlier) is that you need to convert private key and certificate to a binary DER format like this (command line):

Code: Select all

openssl x509 -in asdf.cert.pem -out asdf.cert.der -outform DER
openssl rsa -in asdf.private.key -out asdf.key.der -outform DER
The rest is the same.

Post Reply