Friday, April 7, 2017
Setting up AWS CLI for IoT
I've been wanting to get my ESP8266 to talk MQTT to AWS.
steverino on twitter provided this link:
But first the AWS Command Line Interface needs to be installed (no sense in making things EASY, eh, takes away all the fun).
So first Amazon has some online instructions:
simply, really: in a git bash shell:
pip install --upgrade --user awscli
then add the path:
which in my case was this: %USERPROFILE%\AppData\Roaming\Python\Scripts
next, after restarting the git bash shell to have the new path available, a simple command:
There was some confusion as to what, exactly to enter for the prompt: AWS Access Key ID [None]:
As this page (from [your name] - Security Credentials):
will indicate that you should ensure to have deleted all the (root) Access Keys.
There's also an option to "Get Started with IAM Users"... that's what we want:
...and use the Access key and Secret access key for the first two aws config prompts.
next is to figure out the region (a name without spaces!). In my case, that's us-west-2.
Moving on to the security configuration, I spent hours fussing with the "aws iot create-certificate-from-csr" before before submitting an AWS CLI issue here:
The problem there - was apparently when copy/pasting the aws command, one or more of the dashes were converted to evil dashes (some sort of character that looks and acts like a dash, but is not!)
the corrected command is:
aws iot create-certificate-from-csr --certificate-signing-request file://eccCsr.csr --certificate-pem-outfile eccCert.crt --set-as-active
The MQTT is available for Windows and Linux. The Windows version gives this additional install message:
But I chose the Raspberry Pi version since it is in the main repository (and I was getting an error in Windows):
Install on RPi with this command:
sudo apt-get install mosquitto
but alas, that's not enough ... and there's nothing on the Mosquitto web site to indicate that. But I found this helpful site:
that shows the install command with a few options:
sudo apt-get install mosquitto mosquitto-clients python-mosquitto
OpenSSL also needs to be installed:
sudo apt-get install openssl
and so I'm trying the sample test at:
Specifically this command:
mosquitto_pub --cafile AWSIoTCACert.crt --cert eccCert.crt --key ecckey.key -h a2s48sx7uszy0k.iot.us-west-2.amazonaws.com -d -p 8883 -q 1 -t foo/bar -i test --tls-version tlsv1.2 -m "HelloWorld" --ciphers ECDHE-ECDSA-AES128-GCM-SHA256
but alas I don't have a "AWSIoTCACert.crt " file,
So I found this link:
That said to "click here" to download this CA:
I saved mine as AWS-root-ca-pem.crt and tried this command:
mosquitto_pub --cafile AWS-root-ca-pem.crt --cert eccCert.crt --key ecckey.key -h a2s48sx7uszy0k.iot.us-west-2.amazonaws.com -d -p 8883 -q 1 -t foo/bar -i test --tls-version tlsv1.2 -m "HelloWorld" --ciphers ECDHE-ECDSA-AES128-GCM-SHA256
AAARRGH. Got this error:
Client test sending CONNECT OpenSSL Error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
(gotta really love the "Error: Success", eh?)
So far I've spent the better part of the day fussing with this. This is way more difficult than it should be.
The state of Internet of Things (IoT) Security is a disaster. Hardly a day goes by without news that some new product is discovered to also ...
Notes and information on JTAG Debugging the ESP32 WROOM-32 (aka DevKitC, aka ESP32_Core_Board_V2) I started off my day thinking I'd ta...
Once again, I found an awesome project via twitter, this time from Johan Kanflo via this article from hackaday folks: http://hackaday.co...
(last edited June 2, 2017 - added WSL/Ubuntu info, but not working: JTAG device not recognized in WSL "Error: libusb_init() failed with...