By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS IoT Core basic information

0

Hi, im just learning IoT core with AWS and its been a pretty poor experience so far. The sample package i download will only work if i unzip it to my root directory, this isnt mentioned anywhere, and in any other case it just fails with "file not found" error. this behavior is the same on both nodejs and python.

but here is my real problem. I dont see any of this documented and I need to understand it. there is an example file pubsub example script which in its documentation states can be ran as such:

python3 pubsub.py --endpoint <endpoint> --cert <file> --key <file>

... but this fails with

awscrt.exceptions.AwsCrtError: AWS_ERROR_MQTT_UNEXPECTED_HANGUP: The connection was closed unexpectedly.

when using the examplestart.sh file from the connection bundle, it launches it with several other optional cli arguments:

python3 aws-iot-device-sdk-python-v2/samples/pubsub.py \
--endpoint endpoint-ats.iot.region.amazonaws.com \
--ca_file root-CA.crt \
--cert MyThing1.cert.pem \
--key MyThing1.private.key \
--client_id basicPubSub \
--topic sdk/test/python \
--count 0

but, it will not work at all if i change or omit the following paramaters: client_id, topic

for example, this fails (changing optional topic name):

python3 aws-iot-device-sdk-python-v2/samples/pubsub.py \
--endpoint endpoint-ats.iot.region.amazonaws.com \
--ca_file root-CA.crt \
--cert MyThing1.cert.pem \
--key MyThing1.private.key \
--client_id basicPubSub \
--topic sdk/test/python2 \
--count 0

Connecting toendpoint-ats.iot.region.amazonaws.com with client ID 'basicPubSub'...
Connected!
Subscribing to topic sdk/test/python2'...
Connection interrupted. error: AWS_ERROR_MQTT_UNEXPECTED_HANGUP: The connection was closed unexpectedly.
Connection resumed. return_code: 0 session_present: True

and this fails (removing optional client id):

python3 aws-iot-device-sdk-python-v2/samples/pubsub.py \
--endpoint endpoint-ats.iot.region.amazonaws.com \
--ca_file root-CA.crt \
--cert MyThing1.cert.pem \
--key MyThing1.private.key \
--topic sdk/test/python \
--count 0

Connecting to endpoint-ats.iot.region.amazonaws.com with client ID 'test-a74e2e39-2aba-4676-adfc-8dd0eeff11dd'...
Traceback (most recent call last):
  File "/home/user/aws-iot-device-sdk-python-v2/samples/pubsub.py", line 91, in <module>
    connect_future.result()
  File "/usr/lib/python3.9/concurrent/futures/_base.py", line 440, in result
    return self.__get_result()
  File "/usr/lib/python3.9/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
awscrt.exceptions.AwsCrtError: AWS_ERROR_MQTT_UNEXPECTED_HANGUP: The connection was closed unexpectedly.

where can i get this obviously required value of client_id from i dont see mention of getting this value anywhere.

where is this sort of stuff explained in the documentation? I read the "get started" documentation and none of this was discussed

Topics
Internet of Things (IoT)
Tags
AWS IoT Core
Language
English
rePost-User-5601237
asked a year ago366 views
3 Answers
0

Hi. This video might be a good one to help get you going: https://www.youtube.com/watch?v=z8T4hAERuOg

The sample package i download will only work if i unzip it to my root directory

I'm not sure what's going wrong, but this shouldn't be the case. As you can see in the video, it's not unzipped to the root directory. What operating system are you using?

but, it will not work at all if i change or omit the following paramaters: client_id, topic

When you do the "Connect one device" flow to create the device and the connection kit, the AWS IoT Core Policy that's created is restricted to only allow particular client IDs and particular topics. There's a copy of it in your connection kit. In the AWS IoT Core console, you can navigate to Manage->Security->Policies to see the policy. It should look like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Receive"
      ],
      "Resource": [
        "arn:aws:iot:us-east-1:001122334455:topic/sdk/test/java",
        "arn:aws:iot:us-east-1:001122334455:topic/sdk/test/python",
        "arn:aws:iot:us-east-1:001122334455:topic/sdk/test/js"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Subscribe"
      ],
      "Resource": [
        "arn:aws:iot:us-east-1:001122334455:topicfilter/sdk/test/java",
        "arn:aws:iot:us-east-1:001122334455:topicfilter/sdk/test/python",
        "arn:aws:iot:us-east-1:001122334455:topicfilter/sdk/test/js"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Connect"
      ],
      "Resource": [
        "arn:aws:iot:us-east-1:001122334455:client/sdk-java",
        "arn:aws:iot:us-east-1:001122334455:client/basicPubSub",
        "arn:aws:iot:us-east-1:001122334455:client/sdk-nodejs-*"
      ]
    }
  ]
}

So only a limited collection of client IDs and topics can work.

The pubsub example in the SDK doesn't inherently have this limitation which is why its documentation doesn't mention it.

profile pictureAWS
EXPERT
Greg_B
answered a year ago
0

Good morning rePost-User-5601237!

Really sorry about your underwhelming first experience with the IoT Core.

Regarding your first issue (The sample package i download will only work if i unzip it to my root directory), here is a tricky (python) detail that can give you unpleasant surprises: when you run the following command from your /myhome directory:

python3 aws-iot-device-sdk-python-v2/samples/pubsub.py \
--endpoint endpoint-ats.iot.region.amazonaws.com \
--ca_file root-CA.crt \
--cert MyThing1.cert.pem \
--key MyThing1.private.key \
--client_id basicPubSub \
--topic sdk/test/python \
--count 0

Python considers the directory from where you launch your script as the current working directory, So, in this example, your python script pubsub.py will be executed normally (because you specified the file relative path), but as for the ca, cert and key files, because you just gave file names, Python will look for them in your current working directory (which is /myhome, not /myhome/aws-iot-device-sdk-python-v2/samples/). This is why you have a 'file not found' error. So in reality, you can clone the samples to any specific location in your local environment and execute the code as is, but you just have to make sure that you

  • either copy your ca, cert and key files to the /samples directory and run pubsub.py script directly from there (cd aws-iot-device-sdk-python-v2/samples/ then python3 pubsub.py [arguments])
  • or copy your ca, cert and key files to the location from where you intend to launch the script (/myhome) and execute the pubsub.py script with a relative path (python3 aws-iot-device-sdk-python-v2/samples/pubsub.py [arguments] ), just like you did.

As for the other issues, I second @greg_B explanations in the answer thread. You have to check the policies attached to your certificate in the console. They usually restrict Pub/Sub operations to limited clientId ranges (related to your thingName) to avoid malicious use of compromised certificates by unknown 3rd party clients.

Have a great week!

profile pictureAWS
EXPERT
Charlyscott237
answered a year ago
0

Check out the AWS IoT training lab at https://mqttlab.iotsim.io/aws It has many examples to guide you, including videos, sample scripts, and if you pay the $10, an interactive lab to try things out. Good luck.

rePost-user-uwegambitcomm
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content