Connecting to AWS IOT using Custom Authorizer and use MQTT Username Password
I want to connect to AWS IOT using username and password and send data on topic. I read about it on AWS IOT documentation that we can achieve this using Custom Authentication: https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html
I followed the documentation and :
- Created Custom Authentication Lambda
- Created Custom Authorizer in AWS IOT using Lambda ARN
- Added Custom Authorizer to invoke the lambda function.
- Tested Custom Authorizer using
aws iot test-invoke-authorizer
I was able to test the lambda with aws int test-invoke-authorizer for MQTT context.
But when I try to connect/publish to AWS IOT using username password It fails. I followed as per below documentation.
Here is the command which I use to connect AWS IOT using mosquito.org cli
mosquitto_pub -p 443 -i 'sample' -h XXXXXXXXXX.iot.ap-south-1.amazonaws.com -u "username?x-amz-customauthorizer-name=my-new-authorizer" -P "dGVzdA==" -t test/hello -m "Hello World" -d
The error which I received is following
Client sample sending CONNECT
Error: Unknown error.
NOTE: I am not passing token and signature as mentioned in the documentation as I have disabled it in lambda.
Any help really appreciated.
I got reply from AWS premium support and as per them we have to include APLN while issuing command. additionally we have to also provide AmazonRootCA1.pem
mosquitto_pub -p 443 -i 'sample' -h XXXX-ats.iot.ap-south-1.amazonaws.com -u "username?x-amz-customauthorizer-name=my-new-authorizer" -P "test" -t test/hello -m "Hello World" --tls-alpn mqtt --cafile AmazonRootCA1.pem -d
Note: they have suggested following options:
--cafile AmazonRootCA1.pem
--tls-alpn mqtt
You can download cert from this link:
- Get last modified object from S3 using AWS CLI
- "host not allowed" error when deploying a play framework application to Amazon AWS with Boxfuse
- Is there a way to use PyGithub on AWS Lambda
- Neptune throws Bad handshake error while connecting to a IAM Enabled Neptune Instance
- How to extract files from a zip archive in S3
- How do I use the aws cli to set permissions on files in an S3 bucket?
- Nextflow process running in AWS with docker container can't find program in $PATH, although program is there
- How do I setup and use Laravel Scheduling on AWS Elastic Beanstalk?
- Where does docker store it's temp files during extraction?
- Which is the best way on AWS to set up a CI/CD of a Django app from GitHub?
- Make VPC creation optional
- How to point ApiGateway to a specific Lambda alias
- AWS s3 V3 Javascript SDK stream file from bucket (GetObjectCommand)
- Can we setup third Party SSL certificate AWS lightsail loadbalancer
- A proper way to use AWS Redis Cluster with Celery
- How to rollback to previous version in Amazon S3 bucket?
- Why does S3.deleteObject not fail when the specified key doesn't exist?
- I can't delete AWS appconfig configuration and environment
- How to run Anaconda Python on sudo
- `aws ecs execute-command` results in `TargetNotConnectedException` `The execute command failed due to an internal error`
- AWS authorizer returns 500, message: null, with AuthorizerConfigurationException error in response
- Call S3 pre-signed URL with postman
- Terraform error when module has a count on the input that is not yet created
- Is there a way to point my machine's kubectl to a K8s cluster hosted on EC2 Instances?
- MWAA CLI - Stop Dags Execution
- Lambda@Edge not logging on cloudfront request
- User-data scripts is not running on my custom AMI, but working in standard Amazon linux
- Run docker commands in AWS Lambda Function
- Django ALLOWED_HOSTS for Amazon ELB
- CodeDeploy blue/green ECS fargate error: Invalid arn syntax