Closed mikerharris closed 2 years ago
johnrhen
commented
2 years ago Hello Mike,
I've updated the your issue to remove the credentials. The secrets were already expired, but you should be careful to not post them again.
We're looking into your situation. Have you investigated the S3 Upload demo? It utilizes pre-signed URLs for device authentication.
johnrhen
commented
2 years ago Closing due to inactivity. Please re-open if you have any further questions.
mikerharris
commented
1 year ago Hello John,
Thanks for your email.
Can you please explain what I have done by including my credentials, as I am not sure what I have done and to make sure I don’t make the same mistake again?
I will take a look at the S3 Upload demo you mentioned.
Thanks, Mike
From: johnrhen @.> Sent: 29 April 2022 21:11 To: aws/aws-iot-device-sdk-embedded-C @.> Cc: Michael Harris @.>; Author @.> Subject: Re: [aws/aws-iot-device-sdk-embedded-C] Device authentication for S3 bucket upload (Issue #1801)
Hello Mike,
I've updated the your issue to remove the credentials. The secrets were already expired, but you should be careful to not post them again.
We're looking into your situation. Have you investigated the S3 Upload demohttps://github.com/aws/aws-iot-device-sdk-embedded-C/tree/main/demos/http/http_demo_s3_upload? It utilizes pre-signed URLs for device authentication.
— Reply to this email directly, view it on GitHubhttps://github.com/aws/aws-iot-device-sdk-embedded-C/issues/1801#issuecomment-1113682083, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AC7PR6W6FMLK5O6VPA3QVRTVHQ64LANCNFSM5UWIT62A. You are receiving this because you authored the thread.Message ID: @.**@.>>
johnrhen
commented
1 year ago Your original post contained a secretAccessKey, as well as several other credentials. You can see it in the body of your original message wherever there's a comment such as [xyz Removed].
Hello,
I recently had some help from AWS support for an issue where my device is trying to upload a file to an S3 bucket. For my device to upload a file it needs to authenticate itself with the IoT Core to be able to send a file to an S3 bucket.
My device uses a Role Alias to allow permission to access an S3 bucket. I was informed that it was only possible to do this by implementing the authentication/authorization workflow as indicated below:
https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html
As I understand it my device code should follow the workflow from the above article.
There is also a blog post that is listed below:
https://aws.amazon.com/blogs/security/how-to-eliminate-the-need-for-hardcoded-aws-credentials-in-devices-by-using-the-aws-iot-credentials-provider/
The process that my device should follow is list below:
curl --cert my-device-cert-eff01e7-certificate.pem.crt --key my-device-key-ce6c4c8992e56a241deff01e7-private.pem.key -H "x-amzn-iot-thingname: MyHomeThermostat" [AWS IoT Endpoint Removed]/role-aliases/Thermostat-dynamodb-access-role-alias/credentials -v
{"credentials":{"accessKeyId":"[AccessKeyID removed]","secretAccessKey":"[SecretAccessKeyRemoved]","sessionToken":"[Session Token Removed]","expiration":"[Expiration time removed]"}}
Further information:- Making requests - Temporary security credentials: https://docs.aws.amazon.com/AmazonS3/latest/userguide/MakingRequests.html#requestsUsingTempCred
My device is using the STM32L476RGT6 microcontroller, and I have used the AWS SDK for embedded C within the firmware code. After reviewing the information above, I am still unsure as to how I should implement these process steps within my device with embedded C code.
Do you have any thoughts as to the best way I should implement the above within embedded C code (STM32CubeIDE) to authenticate with IoT Core to uploading files to S3 bucket?
Kind Regards, Mike.