Sunday, May 7, 2017

Bridge Unencrypted Mosquitto MQTT Broker to AWS IoT

Background:

  The AWS IoT implementation is very secure, which is protected by X.509 certificates. This makes testing with generic smartphone clients impossible because most of the generic MQTT clients supports user and password authentication with SSL only. I am not going to provide step by step guide on how to setup the Mosquitto server as well as connecting to AWS IoT device, please refer to the reference links (#1 and #2) to understand the procedures and use this guideline as a supplementary note.

Mosquitto server:

- I use AWS EC2 platform with Ubuntu AMI for installation of Mosquitto server, but it requires an authentication key pair to access the console by putty and uploading files. If you are not familiar with using EC2 platform, you may use other VPS services or your own infrastructure (requires inbound ports 1883 and 8883). Also I did not follow the steps in Reference #1, and refer to #2 for installation in the Ubuntu AMI.

- In my case the latest repository is required to use mosquitto_passwd command to create password for the user, simply run the two commands before installation Mosquitto as instructed in #2.
sudo add-apt-repository ppa:mosquitto-dev/mosquitto-ppa
sudo apt-get update

- I skipped all the encryption steps in reference #2 as I only want to have a quick try. In fact I only follow Step 1 and Step 5 in the link.

Configuring the bridge:

- I follow #1 with minor changes to the suggested configuration file:
In the suggested config:
topic awsiot_to_localgateway in 1
topic localgateway_to_awsiot out 1
topic both_directions both 1
In my version, only one topic is forwarded and in both directions for easier troubleshooting:
topic test both 1
topic test/+ both 1

- I use FileZilla to transfer the certificates including the root CA cert. to the Mosquitto server, the key pair for EC2 instance access is required here.

- During the first run, I suggest to take out the "-d" switch because it is easier to troubleshoot.
Suggested command:
sudo mosquitto -c /etc/mosquitto/conf.d/bridge.conf –d
In my version:
sudo mosquitto -c /etc/mosquitto/conf.d/bridge.conf

Results:

Tested Android MQTT client
MQTT IoT Client: This is a simple client but will get the job done for the testing of the bridge.
Mqtt IoT: In case you want to play around with more controls.

Disclaimer: I have no connection with the developers of above apps and just randomly picked them for my testing. Other MQTT clients should work as long as they support user / password authentication to the Mosquitto server

Reference links:
Reference #1:https://aws.amazon.com/blogs/iot/how-to-bridge-mosquitto-mqtt-broker-to-aws-iot/
Reference #2:https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-the-mosquitto-mqtt-messaging-broker-on-ubuntu-16-04
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)