Client AuthN in IoT Core using client certificate with aws-sdk v3

Question

I'm trying to call IoT Data Plane from a browser (only from localhost) and I'm trying to authenticate the client using a certificate registered in IoT Core. I found some code examples where it's implemented by setting `requestHandler` in clientConfig:
```
        this.client = new IoTDataPlaneClient({
            region: 'us-east-1',
            endpoint: 'XXXXX.iot.us-east-1.amazonaws.com',
            requestHandler: new NodeHttpHandler({
                httpAgent: agent,
                httpsAgent: agent
            })
        })
```
`NodeHttpHandler` is for backend use and for browser there's `FetchHttpHandler` (from "@aws-sdk/fetch-http-handler"), which does not allow setting up the agent.
What's the best approach to implement certificate+key based authN in IoT from browser?

Accepted Answer

The AWS SDKs don't support connecting to AWS IoT using the MQTT/mTLS protocol, so don't support certificate based authentication. With the AWS SDKs you can only publish messages to AWS IoT using the HTTPS protocol and AWS credentials as explained in the JS SDK v3 doc here

If you want to use the MQTT protocol, you have several options

The PubSub component of the AWS amplify library support connecting to AWS IoT using MQTT over WebSocket from a browser using Amazon Cognito/AWS STS token for authentication.

If you want to connect to AWS IoT using MQTT and certificate based authentication, take a look at MQTT.js

If you want to use the MQTT protocol, you have several options
- The [PubSub](https://docs.amplify.aws/lib/pubsub/getting-started/q/platform/js/) component of the AWS amplify library support connecting to AWS IoT using MQTT over WebSocket  from a browser using Amazon Cognito/AWS STS token for authentication.

If you want to connect to AWS IoT using MQTT and certificate based authentication, take a look at [MQTT.js](https://github.com/mqttjs/MQTT.js)

Client AuthN in IoT Core using client certificate with aws-sdk v3

相關內容