7041c014bb
* Added a MQTT pub/sub example of using AWS IoT (via ECC based TLS1.2 connection). * Fixed a buffer overflow issue when receiving large MQTT packet. * Reset TLS connection on read/write errors. |
||
---|---|---|
.. | ||
mbedtls | ||
aws_iot.c | ||
ca_cert.c | ||
client_config.c | ||
Makefile | ||
README.md | ||
ssl_connection.c | ||
ssl_connection.h |
Please follow the steps below to build and run the example on your ESP8266.
- Modify client_config.c to provide your own account-specific AWS IoT endpoint, ECC-based client certificate, and private key.
Your endpoint is in the form of <prefix>.iot.<region>.amazonaws.com
.
It can be retrieved using the following command:
$ aws iot describe-endpoint
Your ECC-based certificate and private key can be generated by using the following commands:
$ openssl ecparam -out ecckey.key -name prime256v1 -genkey
$ openssl req -new -sha256 -key ecckey.key -nodes -out eccCsr.csr
$ aws iot create-certificate-from-csr --certificate-signing-request file://eccCsr.csr --certificate-pem-outfile eccCert.crt --set-as-active
To convert the certificate or key file into C string, you could try the following example:
$ cat ecckey.key | sed -e 's/^/"/g' | sed -e 's/$/\\r\\n"/g'
Note, more information about using ECC-based certificate with AWS IoT can be found in the following blog
- Create and attach AWS IoT access policy to the certificate
$ aws iot create-policy --policy-name test-thing-policy --policy-document '{ "Version": "2012-10-17", "Statement": [{"Action": ["iot:*"], "Resource": ["*"], "Effect": "Allow" }] }'
$ aws iot attach-principal-policy --policy-name test-thing-policy --principal "arn:aws:iot:eu-west-1:892804553548:cert/2d9c2da32a95b5e95a277c3b8f7af40869727f5259dc2e907fc8aba916c857e"
Note, the 'principal' argument is the certificate ARN generated from the pervious command 'aws iot create-certificate-from-csr'.
-
Modify include/ssid_config.h with your Wifi access Id and credential.
-
Build and flash the example firmware to the device using the command below:
$ make flash -C examples/aws_iot ESPPORT=/dev/ttyUSB0
Note, it assumes your ESP8266 is connected through USB and exposed under your Linux host as /dev/ttyUSB0.
- Once the ESP8266 is connected to AWS IoT, you can use the MQTT client on the AWS IoT console to receive the messages published by the ESP8266 to topic 'esp8266/status'. You could also publish 'on' or 'off' message to topic 'esp8266/control' to toggle the GPIO/LED (GPIO2 is used by the example).