search

thomasnordquist / MQTT-Explorer

An all-round MQTT client that provides a structured topic overview
https://mqtt-explorer.com
Other
3.1k stars 295 forks source link

AWS iot core + custom authorizer #670

Open dhaveman opened 2 years ago

dhaveman commented 2 years ago

Is there any way to use this to connect via the custom authorizer lambda function you can setup? when i put in the details, i only ever get "disconnected from server" and the lambda authorizer logs are empty :(

Thanks!

sborsay commented 2 years ago

You are mixing apples and oranges. You need to use the AWS message broker on AWS IoT Core with MQTT. You cant go through API Gateway like you can with postman via HTTP.

You need your AWS IoT endpoint and your three AWS security certificates to connect. Port 8883 is correct. From IoT Core you can send your IoT payload to Lambda through a Rule/Action.

Sent from my iPhone

On Sep 13, 2022, at 10:51 PM, Dave @.***> wrote:

 Is there any way to use this to connect via the custom authorizer lambda function you can setup? when i put in the details, i only ever get "disconnected from server" and the lambda authorizer logs are empty :(

I'm using the "-ats.iot.us-east-2.amazonaws.com" version of the end point, i've tried it without hte -ats as well.. port 8883 ( and tried 443 ) attempting to use username/password with the x-amz-customauthorizer-name attribute as well, but not sure where to put it ( from here removed all the default subscriptions. have used the aws iot test-invoke-authorizer and have gotten Postman to work with the authorizer. Thanks!

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

sborsay commented 2 years ago

Also in Azure IoT you would use a username and Password to connect. For AWS you do not, you use your three certificates instead

Sent from my iPhone

On Sep 14, 2022, at 8:49 AM, Steve B @.***> wrote:

You are mixing apples and oranges. You need to use the AWS message broker on AWS IoT Core with MQTT. You cant go through API Gateway like you can with postman via HTTP.

You need your AWS IoT endpoint and your three AWS security certificates to connect. Port 8883 is correct. From IoT Core you can send your IoT payload to Lambda through a Rule/Action.

Sent from my iPhone

On Sep 13, 2022, at 10:51 PM, Dave @.***> wrote:

 Is there any way to use this to connect via the custom authorizer lambda function you can setup? when i put in the details, i only ever get "disconnected from server" and the lambda authorizer logs are empty :(

I'm using the "-ats.iot.us-east-2.amazonaws.com" version of the end point, i've tried it without hte -ats as well.. port 8883 ( and tried 443 ) attempting to use username/password with the x-amz-customauthorizer-name attribute as well, but not sure where to put it ( from here removed all the default subscriptions. have used the aws iot test-invoke-authorizer and have gotten Postman to work with the authorizer. Thanks!

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

dhaveman commented 2 years ago

is the -ats.iot.us-east-2.amazonaws.com endpoint from API Gateway? I got that from running aws iot describe-endpoint.

You need your AWS IoT endpoint and your three AWS security certificates to connect. Port 8883 is correct. From IoT Core you can send your IoT payload to Lambda through a Rule/Action.

AWS IoT Core supports authorizers natively now: image This is a screenshot from the address: /iot/home?region=us-east-2#/create/authorizer

sborsay commented 2 years ago

aws iot describe-endpoint

Provides an IoT endpoint for AWS IoT Core. Use the ‘#’ topic on the ‘MQTT test client’ to view the incoming payload from MQTT explorer

Sent from my iPhone

On Sep 14, 2022, at 9:04 AM, Dave @.***> wrote:

aws iot describe-endpoint

dhaveman commented 2 years ago

If i attempt to listen to that topic on the AWS console i just get the red banner reading: "An error occurred when subscribing to *: Connection closed"

jancoow commented 6 months ago

There are two options:

When connection, you can simply use username?x-amz-customauthorizer-name=my-authorizer-name . Other then that you need to enable encryption and the amazon root (CA) certificate

Both options are still not supported in mqtt explorer.. We are unable to select secure websocket and we are unable to set ALPN settings. Is there any track on when this will be added?