By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Client AuthN in IoT Core using client certificate with aws-sdk v3

0

I'm trying to call IoT Data Plane from a browser (only from localhost) and I'm trying to authenticate the client using a certificate registered in IoT Core. I found some code examples where it's implemented by setting requestHandler in clientConfig:

        this.client = new IoTDataPlaneClient({
            region: 'us-east-1',
            endpoint: 'XXXXX.iot.us-east-1.amazonaws.com',
            requestHandler: new NodeHttpHandler({
                httpAgent: agent,
                httpsAgent: agent
            })
        })

NodeHttpHandler is for backend use and for browser there's FetchHttpHandler (from "@aws-sdk/fetch-http-handler"), which does not allow setting up the agent. What's the best approach to implement certificate+key based authN in IoT from browser?

Topics
Internet of Things (IoT)
Tags
AWS IoT CoreTransport Layer Security (TLS)
Language
English
micro-jumbo
asked 2 years ago435 views
1 Answer
0
Accepted Answer

The AWS SDKs don't support connecting to AWS IoT using the MQTT/mTLS protocol, so don't support certificate based authentication. With the AWS SDKs you can only publish messages to AWS IoT using the HTTPS protocol and AWS credentials as explained in the JS SDK v3 doc here

If you want to use the MQTT protocol, you have several options

  • The PubSub component of the AWS amplify library support connecting to AWS IoT using MQTT over WebSocket from a browser using Amazon Cognito/AWS STS token for authentication.

If you want to connect to AWS IoT using MQTT and certificate based authentication, take a look at MQTT.js

profile pictureAWS
EXPERT
Jan_B
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content