By using AWS re:Post, you agree to the Terms of Use

Client AuthN in IoT Core using client certificate with aws-sdk v3


I'm trying to call IoT Data Plane from a browser (only from localhost) and I'm trying to authenticate the client using a certificate registered in IoT Core. I found some code examples where it's implemented by setting requestHandler in clientConfig:

        this.client = new IoTDataPlaneClient({
            region: 'us-east-1',
            endpoint: '',
            requestHandler: new NodeHttpHandler({
                httpAgent: agent,
                httpsAgent: agent

NodeHttpHandler is for backend use and for browser there's FetchHttpHandler (from "@aws-sdk/fetch-http-handler"), which does not allow setting up the agent. What's the best approach to implement certificate+key based authN in IoT from browser?

1 Answer

The AWS SDKs don't support connecting to AWS IoT using the MQTT/mTLS protocol, so don't support certificate based authentication. With the AWS SDKs you can only publish messages to AWS IoT using the HTTPS protocol and AWS credentials as explained in the JS SDK v3 doc here

If you want to use the MQTT protocol, you have several options

  • The PubSub component of the AWS amplify library support connecting to AWS IoT using MQTT over WebSocket from a browser using Amazon Cognito/AWS STS token for authentication.

If you want to connect to AWS IoT using MQTT and certificate based authentication, take a look at MQTT.js

profile picture
answered 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions