By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AmazonMQ MQTT quickstart "forbidden" error

0

I have created an MQTT broker following the getting started steps https://us-east-1.console.aws.amazon.com/amazon-mq/home?region=us-east-1#/brokers/new, with: Apache ActiveMQ, single-instance, mq.t3.micro. Inbound rules allow public access for the console (:8162) and mqtt (:8883) connections, and I've successfully logged into the console.

But when I try to connect to the broker and publish using a Python paho mqtt client, I get a "connected with result code 5" error, meaning "forbidden".

I tried editing the broker configuration file to add a <simpleAuthenticationPlugin> to configure client usernames and passwords, but the editor stripped it out:

Your XML has been sanitized. Invalid and unsupported XML elements and attributes have been removed.Info Element: simpleAuthenticationPlugin Reason: Unsupported element.

EDIT: Messages can be published and received using the web console admin username/password. But the "Getting Started" provided no information on how to configure and authenticate individual clients. What is the easiest way to allow a few individual clients to connect to a micro broker?

Topics
Application Integration
Tags
Amazon MQ
Language
English
Ron Pace
asked a year ago115 views
1 Answer
0

Hi Ron, I realize you asked this question a long time ago, but wanted to provide an answer here in case others also have the same questions.
1/ I would guess that your connection error is either caused by the client not supporting / using TLS (which is why the port is 8883 instead of the non-TLS 1883), or the wrong username/password being provided by the client.

2/ For adding additional users, you use the AmazonMQ console for ActiveMQ. You can add additional users towards the bottom of the configuration page. This is not done within the broker config file as you would do on a self-hosted ActiveMQ instance, and as you saw if you try to edit the config the XML will be stripped out. More info here on permitted configuration elements: https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/permitted-elements.html

BR, Chris

AWS
Chris C
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content