We have an embedded Linux device using IoT Core and authenticating using the files created with the aws iot create-keys-and-certificate CLI command. Now, we need to read data from DynamoDB in the same program. Because we already have these certificates on board, I was trying to use them to authenticate for DynamoDB, but am not having much success. We cane stablish our IoT Core connection like this:
// Create the MQTT builder and populate it with connection parameters
auto clientConfigBuilder =
Aws::Iot::MqttClientConnectionConfigBuilder(connectionParameters.certificateFilepath.c_str(),
connectionParameters.privateKeyFilepath.c_str());
clientConfigBuilder.WithEndpoint(connectionParameters.endpoint);
clientConfigBuilder.WithCertificateAuthority(connectionParameters.rootCertificateFilepath.c_str());
// Create the MQTT connection from the MQTT builder
Aws::Iot::MqttClientConnectionConfig clientConfig = clientConfigBuilder.Build();
Aws::Iot::MqttClient client = Aws::Iot::MqttClient();
m_connection = client.NewConnection(clientConfig);
I was trying to do the same thing using
Aws::Client::ClientConfiguration clientConfig;
Aws::DynamoDB::DynamoDBClient dynamoClient(clientConfig);
but, the only related member that I see the ClientConfiguration class has is caPath/caFile.
What approach should I take here? I haven't found the documentation particularly helpful. We like how the IoT Core authentication works allowing us to easily provision devices with their own access and the ability to revoke access for any particular device. Is there a similar authentication method that will work for all services supported by the C++ SDK?
AWS OFFICIALUpdated 6 months ago
I believe this is what we are doing for IoT Core. So the question is- how can we do this for DynamoDB access. And if we can't, is there a single solution that works for authentication for both IoT Core and DynamoDB?
With AWS IoT Core, you are authenticating using the X.509 certificate. For DynamoDB access, you should use the IoT Core credential provider to obtain IAM credentials.
Thanks. I am previously missing the "non-" part of your first post. I am still having trouble figuring out how to use the IoT Core credential provider with the C++ SDK. I think I need to be using an
AWSCredentialProvider(https://sdk.amazonaws.com/cpp/api/LATEST/root/html/md_docs_2_credentials___providers.html), but cannot find any documentation or examples on using IoT Core's credential provider. Is it a subclass ofAWSCredentialProvider? Where is it defined?Edit: Or is it the
Aws::Crt::Auth::CredentialsProviderclass (https://aws.github.io/aws-iot-device-sdk-cpp-v2/class_aws_1_1_crt_1_1_auth_1_1_credentials_provider.html#abd5689beace90cc22bf5e6c22bef4538) which is part of a separate SDK that I need to be using?Yes that should be the one. CRT, or Common Runtime, is a library that all of the V2 IoT Device SDKs use. So it's part of the SDK.
Are you able to point to any examples or documentation that actually show how to implement this in C++ using the SDK?