NuMaker connection with AWS IoT thru MQTT/HTTPS (Mbed OS 6)
Dependencies: MQTT
README.md@49:ccbacce17f7a, 19 months ago (annotated)
- Committer:
- cyliang
- Date:
- Wed Mar 01 03:54:59 2023 +0000
- Revision:
- 49:ccbacce17f7a
- Parent:
- 48:ffe503ce537d
Update os v6.17.0 for M467 target
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
ccli8 |
1:5ffad9f24d63 | 1 | # Example for Connection with AWS IoT thru MQTT/HTTPS on Mbed OS |
ccli8 |
1:5ffad9f24d63 | 2 | |
ccli8 |
1:5ffad9f24d63 | 3 | This is an example to demonstrate connection with [AWS IoT](https://aws.amazon.com/iot) |
ccli8 |
1:5ffad9f24d63 | 4 | on Nuvoton Mbed-enabled boards. |
ccli8 |
1:5ffad9f24d63 | 5 | |
ccli8 |
1:5ffad9f24d63 | 6 | ## Supported platforms |
ccli8 |
1:5ffad9f24d63 | 7 | On Mbed OS, connection with AWS IoT requires Mbed TLS. It requires more than 64 KB RAM. |
ccli8 |
1:5ffad9f24d63 | 8 | Currently, the following Nuvoton Mbed-enalbed boards can afford such memory footprint: |
ccli8 |
1:5ffad9f24d63 | 9 | - [NuMaker-PFM-NUC472](https://developer.mbed.org/platforms/Nuvoton-NUC472/) |
ccli8 |
1:5ffad9f24d63 | 10 | - [NuMaker-PFM-M487](https://developer.mbed.org/platforms/NUMAKER-PFM-M487/) |
ccli8 |
27:b12add202b88 | 11 | - [NuMaker-IoT-M487](https://os.mbed.com/platforms/NUMAKER-IOT-M487/) |
ccli8 |
46:871e0ad86526 | 12 | - [NuMaker-M2354](https://os.mbed.com/platforms/NUMAKER-M2354/) |
cyliang | 48:ffe503ce537d | 13 | - [NuMaker-IoT-M467](https://os.mbed.com/platforms/NUMAKER-IOT-M467/) |
ccli8 |
1:5ffad9f24d63 | 14 | |
ccli8 |
1:5ffad9f24d63 | 15 | ## Access and manage AWS IoT Service |
ccli8 |
1:5ffad9f24d63 | 16 | To run the example, you need to register one [AWS account](https://aws.amazon.com/) |
ccli8 |
1:5ffad9f24d63 | 17 | to access and manage AWS IoT Service for your device to connect with. |
ccli8 |
1:5ffad9f24d63 | 18 | This [link](https://docs.aws.amazon.com/iot/latest/developerguide/what-is-aws-iot.html) gives detailed |
ccli8 |
1:5ffad9f24d63 | 19 | information about it. |
ccli8 |
1:5ffad9f24d63 | 20 | |
ccli8 |
1:5ffad9f24d63 | 21 | 1. Sign in to [AWS Management Console](https://aws.amazon.com/console/). |
ccli8 |
1:5ffad9f24d63 | 22 | 1. Enter AWS IoT Service. |
ccli8 |
1:5ffad9f24d63 | 23 | 1. In AWS IoT Service, create a thing. |
ccli8 |
1:5ffad9f24d63 | 24 | The Console may prompt you to also create a certificate and a policy. Skip for creating them later. |
ccli8 |
1:5ffad9f24d63 | 25 | 1. In AWS IoT Service, create a policy. A workable example would be below. |
ccli8 |
1:5ffad9f24d63 | 26 | Note that you need to replace **REGION** and **ACCOUNT** to match your case. |
ccli8 |
1:5ffad9f24d63 | 27 | |
ccli8 |
1:5ffad9f24d63 | 28 | <pre> |
ccli8 |
1:5ffad9f24d63 | 29 | { |
ccli8 |
1:5ffad9f24d63 | 30 | "Version": "2012-10-17", |
ccli8 |
1:5ffad9f24d63 | 31 | "Statement": [ |
ccli8 |
1:5ffad9f24d63 | 32 | { |
ccli8 |
1:5ffad9f24d63 | 33 | "Effect": "Allow", |
ccli8 |
1:5ffad9f24d63 | 34 | "Action": "iot:Connect", |
ccli8 |
1:5ffad9f24d63 | 35 | "Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:client/*" |
ccli8 |
1:5ffad9f24d63 | 36 | }, |
ccli8 |
1:5ffad9f24d63 | 37 | { |
ccli8 |
1:5ffad9f24d63 | 38 | "Effect": "Allow", |
ccli8 |
1:5ffad9f24d63 | 39 | "Action": "iot:Subscribe", |
ccli8 |
1:5ffad9f24d63 | 40 | "Resource": ["arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:topicfilter/*"] |
ccli8 |
1:5ffad9f24d63 | 41 | }, |
ccli8 |
1:5ffad9f24d63 | 42 | { |
ccli8 |
1:5ffad9f24d63 | 43 | "Effect": "Allow", |
ccli8 |
1:5ffad9f24d63 | 44 | "Action": ["iot:Publish", "iot:Receive"], |
ccli8 |
1:5ffad9f24d63 | 45 | "Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:topic/*" |
ccli8 |
1:5ffad9f24d63 | 46 | }, |
ccli8 |
1:5ffad9f24d63 | 47 | { |
ccli8 |
1:5ffad9f24d63 | 48 | "Effect": "Allow", |
ccli8 |
1:5ffad9f24d63 | 49 | "Action": ["iot:UpdateThingShadow", "iot:GetThingShadow", "iot:DeleteThingShadow"], |
ccli8 |
1:5ffad9f24d63 | 50 | "Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:thing/*" |
ccli8 |
1:5ffad9f24d63 | 51 | } |
ccli8 |
1:5ffad9f24d63 | 52 | ] |
ccli8 |
1:5ffad9f24d63 | 53 | } |
ccli8 |
1:5ffad9f24d63 | 54 | </pre> |
ccli8 |
1:5ffad9f24d63 | 55 | |
ccli8 |
1:5ffad9f24d63 | 56 | 1. In AWS IoT Service, create a certificate. You would get 4 security credential files from it. |
ccli8 |
1:5ffad9f24d63 | 57 | Download them for later use. |
ccli8 |
1:5ffad9f24d63 | 58 | - AWS IoT's CA certificate |
ccli8 |
1:5ffad9f24d63 | 59 | - User certificate |
ccli8 |
1:5ffad9f24d63 | 60 | - User private key |
ccli8 |
1:5ffad9f24d63 | 61 | - User public key |
ccli8 |
1:5ffad9f24d63 | 62 | |
ccli8 |
1:5ffad9f24d63 | 63 | After creating the certificate, do: |
ccli8 |
1:5ffad9f24d63 | 64 | 1. Activate the certificate |
ccli8 |
1:5ffad9f24d63 | 65 | 1. Attach the thing created above to the certificate |
ccli8 |
1:5ffad9f24d63 | 66 | 1. Attach the policy created above to the certificate |
ccli8 |
1:5ffad9f24d63 | 67 | |
ccli8 |
1:5ffad9f24d63 | 68 | ## Configure your device with AWS IoT |
ccli8 |
1:5ffad9f24d63 | 69 | Before connecting your device with AWS IoT, you need to configure security credential and |
ccli8 |
1:5ffad9f24d63 | 70 | protocol dependent parameters into your device. These configurations are all centralized in `main.cpp`. |
ccli8 |
1:5ffad9f24d63 | 71 | |
ccli8 |
1:5ffad9f24d63 | 72 | ### Configure certificate into your device |
ccli8 |
1:5ffad9f24d63 | 73 | From above, you've got 4 security credential files: CA certificate and user certificate/private key/public key. |
ccli8 |
1:5ffad9f24d63 | 74 | Configure CA certificate, user certificate, and user private key into your device. |
ccli8 |
1:5ffad9f24d63 | 75 | User public key has been included in user certificate and is not used here. |
ccli8 |
1:5ffad9f24d63 | 76 | 1. Replace CA certificate with downloaded from the Console. |
ccli8 |
1:5ffad9f24d63 | 77 | ``` |
ccli8 |
1:5ffad9f24d63 | 78 | const char SSL_CA_CERT_PEM[] = "-----BEGIN CERTIFICATE-----\n" |
ccli8 |
46:871e0ad86526 | 79 | "Replace Me" |
ccli8 |
1:5ffad9f24d63 | 80 | ``` |
ccli8 |
1:5ffad9f24d63 | 81 | |
ccli8 |
1:5ffad9f24d63 | 82 | 1. Replace user certificate with downloaded from the Console. |
ccli8 |
1:5ffad9f24d63 | 83 | ``` |
ccli8 |
1:5ffad9f24d63 | 84 | const char SSL_USER_CERT_PEM[] = "-----BEGIN CERTIFICATE-----\n" |
ccli8 |
46:871e0ad86526 | 85 | "Replace Me" |
ccli8 |
1:5ffad9f24d63 | 86 | ``` |
ccli8 |
1:5ffad9f24d63 | 87 | |
ccli8 |
1:5ffad9f24d63 | 88 | 1. Replace user private key with downloaded from the Console. |
ccli8 |
1:5ffad9f24d63 | 89 | ``` |
ccli8 |
1:5ffad9f24d63 | 90 | const char SSL_USER_PRIV_KEY_PEM[] = "-----BEGIN RSA PRIVATE KEY-----\n" |
ccli8 |
46:871e0ad86526 | 91 | "Replace Me" |
ccli8 |
1:5ffad9f24d63 | 92 | ``` |
ccli8 |
1:5ffad9f24d63 | 93 | |
ccli8 |
46:871e0ad86526 | 94 | **NOTE:** The credential hard-coded in source code may get deactivated or deleted. |
ccli8 |
4:dc23eeba885a | 95 | Use your own credential for connection with AWS IoT. |
ccli8 |
4:dc23eeba885a | 96 | |
ccli8 |
1:5ffad9f24d63 | 97 | ### Connect through MQTT |
ccli8 |
1:5ffad9f24d63 | 98 | To connect your device with AWS IoT through MQTT, you need to configure the following parameters. |
ccli8 |
1:5ffad9f24d63 | 99 | |
ccli8 |
1:5ffad9f24d63 | 100 | 1. Enable connection through MQTT. |
ccli8 |
1:5ffad9f24d63 | 101 | ``` |
ccli8 |
1:5ffad9f24d63 | 102 | #define AWS_IOT_MQTT_TEST 1 |
ccli8 |
1:5ffad9f24d63 | 103 | ``` |
ccli8 |
1:5ffad9f24d63 | 104 | |
ccli8 |
1:5ffad9f24d63 | 105 | 1. Replace server name (endpoint). **Endpoint** has the following format and you just |
ccli8 |
1:5ffad9f24d63 | 106 | need to modify **IDENTIFIER** and **REGION** to match your case. |
ccli8 |
1:5ffad9f24d63 | 107 | <pre> |
ccli8 |
1:5ffad9f24d63 | 108 | #define AWS_IOT_MQTT_SERVER_NAME "<b>IDENTIFIER</b>.iot.<b>REGION</b>.amazonaws.com" |
ccli8 |
1:5ffad9f24d63 | 109 | </pre> |
ccli8 |
1:5ffad9f24d63 | 110 | |
ccli8 |
1:5ffad9f24d63 | 111 | 1. Server port number is fixed. Don't change it. |
ccli8 |
1:5ffad9f24d63 | 112 | ``` |
ccli8 |
1:5ffad9f24d63 | 113 | #define AWS_IOT_MQTT_SERVER_PORT 8883 |
ccli8 |
1:5ffad9f24d63 | 114 | ``` |
ccli8 |
1:5ffad9f24d63 | 115 | |
ccli8 |
1:5ffad9f24d63 | 116 | 1. Replace **THINGNAME** to match your case. The **THINGNAME** is just the name of the thing you've created above. |
ccli8 |
1:5ffad9f24d63 | 117 | <pre> |
ccli8 |
1:5ffad9f24d63 | 118 | #define AWS_IOT_MQTT_THINGNAME "<b>THINGNAME</b>" |
ccli8 |
1:5ffad9f24d63 | 119 | </pre> |
ccli8 |
1:5ffad9f24d63 | 120 | |
ccli8 |
1:5ffad9f24d63 | 121 | 1. Replace **CLIENTNAME** to match your case. If you adopt the example policy above, |
ccli8 |
1:5ffad9f24d63 | 122 | you can modify it arbitrarily because the policy permits any client name bound to your account. |
ccli8 |
1:5ffad9f24d63 | 123 | <pre> |
ccli8 |
1:5ffad9f24d63 | 124 | #define AWS_IOT_MQTT_CLIENTNAME "<b>CLIENTNAME</b>" |
ccli8 |
1:5ffad9f24d63 | 125 | </pre> |
ccli8 |
1:5ffad9f24d63 | 126 | |
ccli8 |
1:5ffad9f24d63 | 127 | AWS IoT MQTT protocol supports topic subscribe/publish. The example demonstrates: |
ccli8 |
1:5ffad9f24d63 | 128 | - Subscribe/publish with user topic |
ccli8 |
1:5ffad9f24d63 | 129 | - Subscribe/publish with reserved topic (starting with $) to: |
ccli8 |
1:5ffad9f24d63 | 130 | - Update thing shadow |
ccli8 |
1:5ffad9f24d63 | 131 | - Get thing shadow |
ccli8 |
1:5ffad9f24d63 | 132 | - Delete thing shadow |
ccli8 |
1:5ffad9f24d63 | 133 | |
ccli8 |
1:5ffad9f24d63 | 134 | ### Connect through HTTPS |
ccli8 |
1:5ffad9f24d63 | 135 | To connect your device with AWS IoT through HTTPS, you need to configure the following parameters. |
ccli8 |
1:5ffad9f24d63 | 136 | |
ccli8 |
1:5ffad9f24d63 | 137 | 1. Enable connection through HTTPS. |
ccli8 |
1:5ffad9f24d63 | 138 | ``` |
ccli8 |
1:5ffad9f24d63 | 139 | #define AWS_IOT_HTTPS_TEST 1 |
ccli8 |
1:5ffad9f24d63 | 140 | ``` |
ccli8 |
1:5ffad9f24d63 | 141 | |
ccli8 |
1:5ffad9f24d63 | 142 | 1. Replace server name (endpoint). **Endpoint** has the following format and you just |
ccli8 |
1:5ffad9f24d63 | 143 | need to modify **IDENTIFIER** and **REGION** to match your case. |
ccli8 |
1:5ffad9f24d63 | 144 | <pre> |
ccli8 |
1:5ffad9f24d63 | 145 | #define AWS_IOT_HTTPS_SERVER_NAME "<b>IDENTIFIER</b>.iot.<b>REGION</b>.amazonaws.com" |
ccli8 |
1:5ffad9f24d63 | 146 | </pre> |
ccli8 |
1:5ffad9f24d63 | 147 | |
ccli8 |
1:5ffad9f24d63 | 148 | 1. Server port number is fixed. Don't change it. |
ccli8 |
1:5ffad9f24d63 | 149 | ``` |
ccli8 |
1:5ffad9f24d63 | 150 | #define AWS_IOT_HTTPS_SERVER_PORT 8443 |
ccli8 |
1:5ffad9f24d63 | 151 | ``` |
ccli8 |
1:5ffad9f24d63 | 152 | |
ccli8 |
1:5ffad9f24d63 | 153 | 1. Replace **THINGNAME** to match your case. The **THINGNAME** is just the name of the thing you've created above. |
ccli8 |
1:5ffad9f24d63 | 154 | <pre> |
ccli8 |
1:5ffad9f24d63 | 155 | #define AWS_IOT_HTTPS_THINGNAME "<b>THINGNAME</b>" |
ccli8 |
1:5ffad9f24d63 | 156 | </pre> |
ccli8 |
1:5ffad9f24d63 | 157 | |
ccli8 |
1:5ffad9f24d63 | 158 | AWS IoT HTTPS protocol supports topic publish-only and RESTful API. The example demonstrates: |
ccli8 |
1:5ffad9f24d63 | 159 | - Publish to user topic |
ccli8 |
1:5ffad9f24d63 | 160 | - Publish to reserved topic (starting with $) to: |
ccli8 |
1:5ffad9f24d63 | 161 | - Update thing shadow |
ccli8 |
1:5ffad9f24d63 | 162 | - Get thing shadow |
ccli8 |
1:5ffad9f24d63 | 163 | - Delete thing shadow |
ccli8 |
1:5ffad9f24d63 | 164 | - RESTful API to: |
ccli8 |
1:5ffad9f24d63 | 165 | - Update thing shadow RESTfully through HTTPS/POST method |
ccli8 |
1:5ffad9f24d63 | 166 | - Get thing shadow RESTfully through HTTPS/GET method |
ccli8 |
1:5ffad9f24d63 | 167 | - Delete thing shadow RESTfully through HTTPS/DELETE method |
ccli8 |
1:5ffad9f24d63 | 168 | |
ccli8 |
1:5ffad9f24d63 | 169 | ## Monitor the application |
ccli8 |
46:871e0ad86526 | 170 | If you configure your terminal program with **115200/8-N-1**, you would see output similar to: |
ccli8 |
1:5ffad9f24d63 | 171 | |
ccli8 |
1:5ffad9f24d63 | 172 | **NOTE:** Make sure that the network is functional before running the application. |
ccli8 |
1:5ffad9f24d63 | 173 | |
ccli8 |
1:5ffad9f24d63 | 174 | <pre> |
ccli8 |
1:5ffad9f24d63 | 175 | Starting AWS IoT test |
ccli8 |
46:871e0ad86526 | 176 | Using Mbed OS 6.14.0 |
ccli8 |
46:871e0ad86526 | 177 | Connected to the network successfully. IP address: 192.168.8.105 |
ccli8 |
46:871e0ad86526 | 178 | Opening network socket on network stack |
ccli8 |
46:871e0ad86526 | 179 | Opens network socket on network stack OK |
ccli8 |
46:871e0ad86526 | 180 | DNS resolution for a1fljoeglhtf61-ats.iot.us-east-2.amazonaws.com... |
ccli8 |
46:871e0ad86526 | 181 | DNS resolution for a1fljoeglhtf61-ats.iot.us-east-2.amazonaws.com: 3.129.252.104:8883 |
ccli8 |
1:5ffad9f24d63 | 182 | </pre> |
ccli8 |
1:5ffad9f24d63 | 183 | |
ccli8 |
1:5ffad9f24d63 | 184 | If you get here successfully, it means configurations with security credential are correct. |
ccli8 |
1:5ffad9f24d63 | 185 | <pre> |
ccli8 |
46:871e0ad86526 | 186 | Connecting with a1fljoeglhtf61-ats.iot.us-east-2.amazonaws.com:8883 |
ccli8 |
46:871e0ad86526 | 187 | Connects with a1fljoeglhtf61-ats.iot.us-east-2.amazonaws.com:8883 OK |
ccli8 |
46:871e0ad86526 | 188 | Resolved MQTT client ID: 002E0051-013B87F3-00000021 |
ccli8 |
46:871e0ad86526 | 189 | MQTT connects OK |
ccli8 |
1:5ffad9f24d63 | 190 | </pre> |
ccli8 |
1:5ffad9f24d63 | 191 | |
ccli8 |
1:5ffad9f24d63 | 192 | MQTT handshake goes: |
ccli8 |
1:5ffad9f24d63 | 193 | <pre> |
ccli8 |
1:5ffad9f24d63 | 194 | MQTT connects OK |
ccli8 |
1:5ffad9f24d63 | 195 | |
ccli8 |
1:5ffad9f24d63 | 196 | Subscribing/publishing user topic |
ccli8 |
1:5ffad9f24d63 | 197 | MQTT subscribes to Nuvoton/Mbed/+ OK |
ccli8 |
1:5ffad9f24d63 | 198 | Message to publish: |
ccli8 |
1:5ffad9f24d63 | 199 | { "message": "Hello from Nuvoton Mbed device" } |
ccli8 |
1:5ffad9f24d63 | 200 | MQTT publishes message to Nuvoton/Mbed/D001 OK |
ccli8 |
46:871e0ad86526 | 201 | MQTT receives message with subscribed Nuvoton/Mbed/D001... |
ccli8 |
1:5ffad9f24d63 | 202 | Message arrived: qos 1, retained 0, dup 0, packetid 1 |
ccli8 |
1:5ffad9f24d63 | 203 | Payload: |
ccli8 |
1:5ffad9f24d63 | 204 | { "message": "Hello from Nuvoton Mbed device" } |
ccli8 |
46:871e0ad86526 | 205 | MQTT receives message with subscribed Nuvoton/Mbed/D001 OK |
ccli8 |
1:5ffad9f24d63 | 206 | |
ccli8 |
1:5ffad9f24d63 | 207 | MQTT unsubscribes from Nuvoton/Mbed/+ OK |
ccli8 |
1:5ffad9f24d63 | 208 | Subscribes/publishes user topic OK |
ccli8 |
1:5ffad9f24d63 | 209 | |
ccli8 |
1:5ffad9f24d63 | 210 | Subscribing/publishing UpdateThingShadow topic |
ccli8 |
1:5ffad9f24d63 | 211 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/update/accepted OK |
ccli8 |
1:5ffad9f24d63 | 212 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/update/rejected OK |
ccli8 |
1:5ffad9f24d63 | 213 | Message to publish: |
ccli8 |
1:5ffad9f24d63 | 214 | { "state": { "reported": { "attribute1": 3, "attribute2": "1" } } } |
ccli8 |
1:5ffad9f24d63 | 215 | MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/update OK |
ccli8 |
46:871e0ad86526 | 216 | MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/update... |
ccli8 |
1:5ffad9f24d63 | 217 | Message arrived: qos 1, retained 0, dup 0, packetid 1 |
ccli8 |
1:5ffad9f24d63 | 218 | Payload: |
ccli8 |
46:871e0ad86526 | 219 | {"state":{"reported":{"attribute1":3,"attribute2":"1"}},"metadata":{"reported":{"attribute1":{"timestamp":1630637720},"attribute2":{"timestamp":1630637720}}},"version":229,"timestamp":1630637720} |
ccli8 |
46:871e0ad86526 | 220 | MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/update OK |
ccli8 |
1:5ffad9f24d63 | 221 | |
ccli8 |
1:5ffad9f24d63 | 222 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/update/accepted OK |
ccli8 |
1:5ffad9f24d63 | 223 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/update/rejected OK |
ccli8 |
1:5ffad9f24d63 | 224 | Subscribes/publishes UpdateThingShadow topic OK |
ccli8 |
1:5ffad9f24d63 | 225 | |
ccli8 |
1:5ffad9f24d63 | 226 | Subscribing/publishing GetThingShadow topic |
ccli8 |
1:5ffad9f24d63 | 227 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/get/accepted OK |
ccli8 |
1:5ffad9f24d63 | 228 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/get/rejected OK |
ccli8 |
1:5ffad9f24d63 | 229 | Message to publish: |
ccli8 |
1:5ffad9f24d63 | 230 | |
ccli8 |
1:5ffad9f24d63 | 231 | MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/get OK |
ccli8 |
46:871e0ad86526 | 232 | MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/get... |
ccli8 |
1:5ffad9f24d63 | 233 | Message arrived: qos 1, retained 0, dup 0, packetid 1 |
ccli8 |
1:5ffad9f24d63 | 234 | Payload: |
ccli8 |
46:871e0ad86526 | 235 | {"state":{"reported":{"attribute1":3,"attribute2":"1"}},"metadata":{"reported":{"attribute1":{"timestamp":1630637720},"attribute2":{"timestamp":1630637720}}},"version":229,"timestamp":1630637722} |
ccli8 |
46:871e0ad86526 | 236 | MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/get OK |
ccli8 |
1:5ffad9f24d63 | 237 | |
ccli8 |
1:5ffad9f24d63 | 238 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/get/accepted OK |
ccli8 |
1:5ffad9f24d63 | 239 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/get/rejected OK |
ccli8 |
1:5ffad9f24d63 | 240 | Subscribes/publishes GetThingShadow topic OK |
ccli8 |
1:5ffad9f24d63 | 241 | |
ccli8 |
1:5ffad9f24d63 | 242 | Subscribing/publishing DeleteThingShadow topic |
ccli8 |
1:5ffad9f24d63 | 243 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/delete/accepted OK |
ccli8 |
1:5ffad9f24d63 | 244 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/delete/rejected OK |
ccli8 |
1:5ffad9f24d63 | 245 | Message to publish: |
ccli8 |
1:5ffad9f24d63 | 246 | |
ccli8 |
1:5ffad9f24d63 | 247 | MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/delete OK |
ccli8 |
46:871e0ad86526 | 248 | MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/delete... |
ccli8 |
1:5ffad9f24d63 | 249 | Message arrived: qos 1, retained 0, dup 0, packetid 1 |
ccli8 |
1:5ffad9f24d63 | 250 | Payload: |
ccli8 |
46:871e0ad86526 | 251 | {"version":229,"timestamp":1630637724} |
ccli8 |
46:871e0ad86526 | 252 | MQTT receives message with subscribed $aws/things/Nuvoton-Mbed-D001/shadow/delete OK |
ccli8 |
1:5ffad9f24d63 | 253 | |
ccli8 |
1:5ffad9f24d63 | 254 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/delete/accepted OK |
ccli8 |
1:5ffad9f24d63 | 255 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/delete/rejected OK |
ccli8 |
1:5ffad9f24d63 | 256 | Subscribes/publishes DeleteThingShadow topic OK |
ccli8 |
1:5ffad9f24d63 | 257 | |
ccli8 |
1:5ffad9f24d63 | 258 | MQTT disconnects OK |
ccli8 |
1:5ffad9f24d63 | 259 | </pre> |
ccli8 |
1:5ffad9f24d63 | 260 | |
ccli8 |
46:871e0ad86526 | 261 | ## Trouble-shooting |
ccli8 |
46:871e0ad86526 | 262 | - Reduce memory footprint according to RFC 6066 TLS extension. |
ccli8 |
46:871e0ad86526 | 263 | We reduce memory footprint by: |
ccli8 |
46:871e0ad86526 | 264 | 1. Enabling RFC 6066 max_fragment_length extension by configuing `my-tlssocket.tls-max-frag-len` to 4. |
ccli8 |
46:871e0ad86526 | 265 | |
ccli8 |
46:871e0ad86526 | 266 | `my-tlssocket/mbed_lib.json`: |
ccli8 |
46:871e0ad86526 | 267 | ```json |
ccli8 |
46:871e0ad86526 | 268 | { |
ccli8 |
46:871e0ad86526 | 269 | "name": "my-tlssocket", |
ccli8 |
46:871e0ad86526 | 270 | "config": { |
ccli8 |
46:871e0ad86526 | 271 | "tls-max-frag-len": { |
ccli8 |
46:871e0ad86526 | 272 | "help": "Maximum fragment length value for the payload in one packet, doesn't include TLS header and encryption overhead. Is needed for constrained devices having low MTU sizes, Value 0 = disabled, 1 = MBEDTLS_SSL_MAX_FRAG_LEN_512, 2= MBEDTLS_SSL_MAX_FRAG_LEN_1024, 3 = MBEDTLS_SSL_MAX_FRAG_LEN_2048, 4 = MBEDTLS_SSL_MAX_FRAG_LEN_4096", |
ccli8 |
46:871e0ad86526 | 273 | "value": 0 |
ccli8 |
46:871e0ad86526 | 274 | }, |
ccli8 |
46:871e0ad86526 | 275 | } |
ccli8 |
46:871e0ad86526 | 276 | } |
ccli8 |
46:871e0ad86526 | 277 | ``` |
ccli8 |
5:2a70e217325f | 278 | |
ccli8 |
46:871e0ad86526 | 279 | `mbed_app.json`: |
ccli8 |
46:871e0ad86526 | 280 | ```json |
ccli8 |
46:871e0ad86526 | 281 | "SOME_TARGET": { |
ccli8 |
46:871e0ad86526 | 282 | "my-tlssocket.tls-max-frag-len" : 4, |
ccli8 |
46:871e0ad86526 | 283 | }, |
ccli8 |
46:871e0ad86526 | 284 | ``` |
ccli8 |
46:871e0ad86526 | 285 | |
ccli8 |
46:871e0ad86526 | 286 | 1. Consistent with above, allocating these buffers with `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` being larger than 4KiB/4KiB. |
ccli8 |
46:871e0ad86526 | 287 | |
ccli8 |
46:871e0ad86526 | 288 | `mbedtls_user_config.h`: |
ccli8 |
46:871e0ad86526 | 289 | ```C++ |
ccli8 |
46:871e0ad86526 | 290 | /* Maximum length (in bytes) of incoming plaintext fragments */ |
ccli8 |
46:871e0ad86526 | 291 | #define MBEDTLS_SSL_IN_CONTENT_LEN 8192 |
ccli8 |
46:871e0ad86526 | 292 | |
ccli8 |
46:871e0ad86526 | 293 | /* Maximum length (in bytes) of outgoing plaintext fragments */ |
ccli8 |
46:871e0ad86526 | 294 | #define MBEDTLS_SSL_OUT_CONTENT_LEN 8192 |
ccli8 |
46:871e0ad86526 | 295 | ``` |
ccli8 |
46:871e0ad86526 | 296 | |
ccli8 |
46:871e0ad86526 | 297 | **NOTE:**: With `my-tlssocket.tls-max-frag-len` being 4, `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` must be larger than 4KiB/4KiB. |
ccli8 |
46:871e0ad86526 | 298 | We enlarge them to 8KiB/8KiB because TLS handshake also uses these buffers and may require larger. |
ccli8 |
26:e5cfc2628e84 | 299 | |
ccli8 |
26:e5cfc2628e84 | 300 | But this approach is risky because: |
ccli8 |
26:e5cfc2628e84 | 301 | 1. AWS IoT doesn't support RFC 6066 TLS extension yet. |
ccli8 |
46:871e0ad86526 | 302 | 1. TLS handshake may need larger I/O buffers than configured. |
ccli8 |
26:e5cfc2628e84 | 303 | |
ccli8 |
26:e5cfc2628e84 | 304 | If you doubt your trouble is caused by this configuration, disable it by: |
ccli8 |
46:871e0ad86526 | 305 | 1. Removing the line `my-tlssocket.tls-max-frag-len` in `mbed_app.json`. |
ccli8 |
46:871e0ad86526 | 306 | 1. Commenting out `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` in `mbedtls_user_config.h`. |
ccli8 |
26:e5cfc2628e84 | 307 | This will change back to 16KiB/16KiB. |