Connecting to AWS IOT using Custom Authorizer and use MQTT Username Password
I want to connect to AWS IOT using username and password and send data on topic. I read about it on AWS IOT documentation that we can achieve this using Custom Authentication: https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html
I followed the documentation and :
- Created Custom Authentication Lambda
- Created Custom Authorizer in AWS IOT using Lambda ARN
- Added Custom Authorizer to invoke the lambda function.
- Tested Custom Authorizer using
aws iot test-invoke-authorizer
I was able to test the lambda with aws int test-invoke-authorizer for MQTT context.
But when I try to connect/publish to AWS IOT using username password It fails. I followed as per below documentation.
Here is the command which I use to connect AWS IOT using mosquito.org cli
mosquitto_pub -p 443 -i 'sample' -h XXXXXXXXXX.iot.ap-south-1.amazonaws.com -u "username?x-amz-customauthorizer-name=my-new-authorizer" -P "dGVzdA==" -t test/hello -m "Hello World" -d
The error which I received is following
Client sample sending CONNECT
Error: Unknown error.
NOTE: I am not passing token and signature as mentioned in the documentation as I have disabled it in lambda.
Any help really appreciated.
I got reply from AWS premium support and as per them we have to include APLN while issuing command. additionally we have to also provide AmazonRootCA1.pem
mosquitto_pub -p 443 -i 'sample' -h XXXX-ats.iot.ap-south-1.amazonaws.com -u "username?x-amz-customauthorizer-name=my-new-authorizer" -P "test" -t test/hello -m "Hello World" --tls-alpn mqtt --cafile AmazonRootCA1.pem -d
Note: they have suggested following options:
--cafile AmazonRootCA1.pem
--tls-alpn mqtt
You can download cert from this link:
- Amazon SES cannot find DNS Records for "custom MAIL FROM domain" (after some time)
- How to make inference to a keras model hosted on AWS SageMaker via AWS Lambda function?
- How to deploy a Pre-Trained model using AWS SageMaker Notebook Instance?
- AWS sts assume role in one command
- How to connect AWS Elasticache Redis cluster to Spring Boot app?
- AWS elastic Beanstalk / nginx : connect() failed (111: Connection refused
- AWS ECS exec /usr/local/bin/docker-entrypoint.sh: exec format error
- How can I delete folder on S3 with Node.js?
- Enable caching for url query parameters in aws api gateway with terraform
- AWS IAM role principal vs role session principal
- Setting directory owner and permission with appspec.yml through Amazon Web Service CodeDeploy
- How to update multiple items in a DynamoDB table at once
- https on S3 WITHOUT cloudfront possible?
- How to query Views in Athena in a AWS Glue ETL job
- AWS glue to extract json referenced by id
- Unable to delete AWS VPC Endpoint
- Amazon textextract I can't find trp module
- Can't find AWS Lightsail permissions policy for my IAM user
- How to query dynamoDB based on key + attribute?
- AWS Bedrock RAG - Unable to sync data source in a knowledge base
- How to duplicate a Redshift table schema?
- SpringBoot + AWS cognito, can't resolve issuerUri
- image failed to show when Upload from Lambda
- How to use dynamoose in AWS AppSync JS resolver?
- How message from AWS DLQ gets deleted?
- Template format error: unsupported structure seen in AWS CloudFormation
- AWS InvalidSignatureException, Signature expired when running from docker container
- AWS Glue - o109.pyWriteDynamicFrame. ERROR: relation "xyz" already exists
- AWS - NoCredentialsError: Unable to locate credentials
- Amazon Athena CREATE EXTERNAL TABLE mismatched input 'external' invalidrequestexception