awsiot | ESP8266 / ESP32 examples with Amazon AWS IoT

I am pretty sure the problem lies within

Resolved this problem.

In case anyone else was having this issues: the problem I was having was the Cognito User did not have a necessary certificate associated with it in order to access the resource.

After messing around with things for a while, I managed to figure out the issue. For whatever reason, expo/React did not like the import import Aws from 'aws-sdk/dist/aws-sdk-react-native';, so I instead changed it to import Aws from 'aws-sdk'. Even with the changed import, I could still call Aws.config, so nothing needed to change drastically with the code. I also moved the following codeblock into the IoTConnect function:

EXACTLY_ONCE (MQTT QOS level 2) is not currently supported by the AWS IoT Core server. This is mentioned in the source:

yes you can't able to subscribe dynamic topic you have to change the policy "arn:aws:iot:ap-south-1:453533943651:topic/${iot:Connection.Thing.ThingName}/*" to *..for allow all device.then you can subscribe.topic/${iot:Connection.Thing.ThingName} this denotes the thingname should be come end of the topic. change to allow all you will able to subscribe.

I am posting the correct final version of my code in case anyone is facing similar issue. Three things were wrong in my original code.

• X_AMZ_DATE (YYYYMMDDTHHMMSSZ) didn't use it in HEADERS and STRING_TO_SIGN. Hence, was getting Signature expired error.
• SERVICE I thought would be iot but it is iotdata. Credential should be scoped to correct service error was resolved.
• CANONICAL_URI should only contain part after the domain and before query parameters. Eg. If request URI is https://foo.bar.baz.com/foo1/foo2/foo3?bar1=baz1&bar2=baz2 then CANONICAL_URI = "/foo1/foo2/foo3"

The certificates and private key are used to resolve three questions:

1. As a client, am I talking to the real AWS IoT server and not an imposter?
2. As the AWS IoT server, am I talking to a registered client and not an imposter?
3. Can the client and server communicate securely without someone listening in?

The certificates and private key are used to implement mutual TLS to resolve these questions. This allows the client to authenticate the AWS IoT server (question 1) as well as the server to authenticate the client (question 2). The certificates also enable a secure TLS communication channel between the client and server (problem 3)

For the client authenticating the AWS IoT server (from https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html):

When your device or other client attempts to connect to AWS IoT Core, the AWS IoT Core server will send an X.509 certificate that your device uses to authenticate the server. Authentication takes place at the TLS layer through validation of the X.509 certificate chain This is the same method used by your browser when you visit an HTTPS URL.

The client uses the certificate referenced by the caPath to validate the certificate that it receives from the server that it connects to.

For the AWS IoT server to authenticate the client (from https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html#x509-client-cert-basics):

AWS IoT authenticates client certificates using the TLS protocol's client authentication mode.

In TLS client authentication, AWS IoT requests an X.509 client certificate and validates the certificate's status and AWS account against a registry of certificates. It then challenges the client for proof of ownership of the private key that corresponds to the public key contained in the certificate.

The server authenticates the client by receiving the registered certificate referenced by certPath and by the client using the private key referenced by keyPath to sign a message that proves that the client holds the private key.

The doc implies you should be passing paths to the files for the TLS certificate's and key.

e.g.

Ok, I have no idea of what I did, I just know it fixed the problem.

At first I did a clean install of mosquitto on a Ubuntu VM I have and everything worked correctly.

Then I uninstalled Mosquitto from my raspberry pi and installed it again. Configured it just the way I configured the Ubuntu VM and still no luck. I started to think the problem was my raspbian image... but after fiddling a little bit on the configurations, moving the certificates files from one directory to another, changing their permissions, changing the bridge.conf file directory and stuff... It started working and now it's ok.

So if youre having this problem in the future: maybe is just the permissions of the files or directories.

EDIT (one day later): as I tried to replicate the same thing on another broker, I did everything the same but as soon as my local broker stablished the connection with AWS IoT bridge the connection was lost (message below. No certificate error this time):