AWS Mosquitto Broker
Docker Image for AWS IOT connected Mosquitto broker.
Step 1: Setup AWS Account
Navigate to AWS and setup the account.
Navigate to User
-> My Security Credentials
, and obtain Access Key ID and Access Key.
Step 2: Clone the Repository
Clone this repository to a location in your drive.
Step 3: Install and Setup AWS CLI
Install AWS CLI from here.
Run aws configure
in terminal and type in your Region, your Access ID and Keys, as followed:
aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: eu-central-1
Default output format [None]: json
Step 3: Create an IAM policy for the bridge
Run the following command to create policy for the bridge:
aws iot create-policy --policy-name bridge --policy-document '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "iot:*","Resource": "*"}]}'
Step 4: Create Certificates
Go into the aws_mosquitto_broker/config/certs
directory and run the following to create certificates:
cd aws_mosquitto_broker/config/certs
sudo aws iot create-keys-and-certificate --set-as-active --certificate-pem-outfile cert.crt --private-key-outfile private.key --public-key-outfile public.key --region eu-central-1
Then you can run the aws iot list-certificates
to check the created certificates. Copy the ARN in the form of arn:aws:iot:eu-central-1:0123456789:cert/xyzxyz
:
aws iot list-certificates
Attach the policy to your certificate. Replace the {REPLACE_ARN_CERT}
with your copied ARN arn:aws:iot:eu-central-1:0123456789:cert/xyzxyz
:
aws iot attach-principal-policy --policy-name bridge --principal {REPLACE_ARN_CERT}
Add read permissions to private key, public key and client cert (inside certs
folder):
sudo chmod 644 private.key && sudo chmod 644 public.key && sudo chmod 644 cert.crt
Download the root Amazon CA certificate also in the certs
directory:
sudo curl https://www.websecurity.digicert.com/content/dam/websitesecurity/digitalassets/desktop/pdfs/roots/VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem -o rootCA.pem
Step 5: Edit mosquitto custom config file
Rename awsbridge.conf.sample
to awsbridge.conf
:
mv awsbridge.conf.sample awsbridge.conf
Edit config/conf.d/awsbridge.conf
and follow the awsbridge.conf instructions:
nano config/conf.d/awsbridge.conf
Note: Run aws iot describe-endpoint
to get the AWS IoT endpoint.
Step 6: Build Docker File
Go back to the root location aws_mosquitto_broker
and run the following:
docker build -t aws_mqtt_broker .
Note: Make sure you have installed docker on your PC first.
Step 7: Run Docker Image
docker run -ti -p 1883:1883 -p 9001:9001 --name mqtt aws_mqtt_broker
Console / Log output:
1592301141: mosquitto version 1.4.15 (build date 2018-03-04 15:19:39+0000) starting
1592301141: Config loaded from /mosquitto/config/mosquitto.conf.
1592301141: Opening ipv4 listen socket on port 1883.
1592301141: Opening ipv6 listen socket on port 1883.
1592301141: Bridge local.bridgeawsiot doing local SUBSCRIBE on topic localgateway_to_awsiot
1592301141: Bridge local.bridgeawsiot doing local SUBSCRIBE on topic both_directions
1592301141: Connecting bridge awsiot (aq53tian3vbby.iot.eu-central-1.amazonaws.com:8883)
1592301141: Bridge bridgeawsiot sending CONNECT
1592301144: Received CONNACK on connection local.bridgeawsiot.
1592301144: Bridge local.bridgeawsiot sending SUBSCRIBE (Mid: 1, Topic: awsiot_to_localgateway, QoS: 1)
1592301144: Bridge local.bridgeawsiot sending UNSUBSCRIBE (Mid: 2, Topic: localgateway_to_awsiot)
1592301144: Bridge local.bridgeawsiot sending SUBSCRIBE (Mid: 3, Topic: both_directions, QoS: 1)
1592301144: Received SUBACK from local.bridgeawsiot
1592301144: Received UNSUBACK from local.bridgeawsiot
1592301145: Received SUBACK from local.bridgeawsiot
Step 8: Testing the Local Broker
Publish from AWS IoT console
1.- From AWS Management Console go to AWS IoT Services
-> Test
2.- Subscribe to topics mentioned in our config file awsiot_to_localgateway
, localgateway_to_awsiot
and both_directions
.
3.- Publish to awsiot_to_localgateway
topic (hello world).
4.- Review log or console output in our local broker for something like this:
1493564128: Received PUBLISH from local.bridgeawsiot (d0, q0, r0, m0, 'awsiot_to_localgateway', ... (45 bytes))
Note: Make sure that it is selected the eu-central-1
as the region.
Publish from Host
Workflow: Local Broker(Host PC)
-> Docker Gateway
-> AWS IoT
.
Run the following in terminal to publish from host to AWS IoT:
mosquitto_pub -h localhost -p 1883 -q 1 -d -t localgateway_to_awsiot -i clientid1 -m "{\"key\": \"helloFromLocalGateway\"}"
Note: Make sure that you have mosquitto installed on your PC.