NuMaker connection with AWS IoT thru MQTT/HTTPS

Dependencies:   MQTT_ON_AWS

Committer:
ccli8
Date:
Mon Apr 29 14:21:58 2019 +0800
Revision:
27:b12add202b88
Parent:
26:e5cfc2628e84
Support NUMAKER_PFM_M2351

1. Rebuild secure lib/exec which has the following memory partition:
(1) Flash (512KiB in total): 128KiB for secure and 384KiB for nonsecure.
(2) SRAM (96KiB in total): 16KiB for secure and 80KiB for nonsecure.
2. Disable default secure lib/exec (.mbedignore) to use the custom one above.
3. Update README.md

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ccli8 1:5ffad9f24d63 1 # Example for Connection with AWS IoT thru MQTT/HTTPS on Mbed OS
ccli8 1:5ffad9f24d63 2
ccli8 1:5ffad9f24d63 3 This is an example to demonstrate connection with [AWS IoT](https://aws.amazon.com/iot)
ccli8 1:5ffad9f24d63 4 on Nuvoton Mbed-enabled boards.
ccli8 1:5ffad9f24d63 5
ccli8 1:5ffad9f24d63 6 ## Supported platforms
ccli8 1:5ffad9f24d63 7 On Mbed OS, connection with AWS IoT requires Mbed TLS. It requires more than 64 KB RAM.
ccli8 1:5ffad9f24d63 8 Currently, the following Nuvoton Mbed-enalbed boards can afford such memory footprint:
ccli8 1:5ffad9f24d63 9 - [NuMaker-PFM-NUC472](https://developer.mbed.org/platforms/Nuvoton-NUC472/)
ccli8 1:5ffad9f24d63 10 - [NuMaker-PFM-M487](https://developer.mbed.org/platforms/NUMAKER-PFM-M487/)
ccli8 27:b12add202b88 11 - [NuMaker-IoT-M487](https://os.mbed.com/platforms/NUMAKER-IOT-M487/)
ccli8 27:b12add202b88 12 - [NuMaker-PFM-M2351](https://os.mbed.com/platforms/NUMAKER-PFM-M2351/)
ccli8 27:b12add202b88 13
ccli8 27:b12add202b88 14 ### NuMaker-PFM-M2351
ccli8 27:b12add202b88 15 NuMaker-PFM-M2351 is a Cortex-M23 based target which supports TrustZone.
ccli8 27:b12add202b88 16 To develop on this target, user needs to build two codes: secure and non-secure.
ccli8 27:b12add202b88 17 For secure code, there has been pre-built one in mbed-os tree.
ccli8 27:b12add202b88 18 But its memory partition doesn't meet this example.
ccli8 27:b12add202b88 19 This example excludes the pre-built secure code in mbed-os tree (see **.mbedignore**) and provides
ccli8 27:b12add202b88 20 another one in **targets/TARGET_NUVOTON/TARGET_M2351/TARGET_NUMAKER_PFM_M2351**.
ccli8 27:b12add202b88 21 To provide your own secure code, please follow the instructions in [NuMaker-mbed-TZ-secure-example](https://github.com/OpenNuvoton/NuMaker-mbed-TZ-secure-example).
ccli8 27:b12add202b88 22
ccli8 27:b12add202b88 23 To build non-secure code for this example, run:
ccli8 27:b12add202b88 24 ```
ccli8 27:b12add202b88 25 mbed compile -m NUMAKER_PFM_M2351 -t ARMC6
ccli8 27:b12add202b88 26 ```
ccli8 27:b12add202b88 27 And you would get **NuMaker-mbed-AWS-IoT-example.hex**.
ccli8 27:b12add202b88 28
ccli8 27:b12add202b88 29 To run this example, user needs to flash secure code like **NuMaker-mbed-TZ-secure-example.hex** first and then non-secure code **NuMaker-mbed-AWS-IoT-example.hex**.
ccli8 1:5ffad9f24d63 30
ccli8 1:5ffad9f24d63 31 ## Access and manage AWS IoT Service
ccli8 1:5ffad9f24d63 32 To run the example, you need to register one [AWS account](https://aws.amazon.com/)
ccli8 1:5ffad9f24d63 33 to access and manage AWS IoT Service for your device to connect with.
ccli8 1:5ffad9f24d63 34 This [link](https://docs.aws.amazon.com/iot/latest/developerguide/what-is-aws-iot.html) gives detailed
ccli8 1:5ffad9f24d63 35 information about it.
ccli8 1:5ffad9f24d63 36
ccli8 1:5ffad9f24d63 37 1. Sign in to [AWS Management Console](https://aws.amazon.com/console/).
ccli8 1:5ffad9f24d63 38 1. Enter AWS IoT Service.
ccli8 1:5ffad9f24d63 39 1. In AWS IoT Service, create a thing.
ccli8 1:5ffad9f24d63 40 The Console may prompt you to also create a certificate and a policy. Skip for creating them later.
ccli8 1:5ffad9f24d63 41 1. In AWS IoT Service, create a policy. A workable example would be below.
ccli8 1:5ffad9f24d63 42 Note that you need to replace **REGION** and **ACCOUNT** to match your case.
ccli8 1:5ffad9f24d63 43
ccli8 1:5ffad9f24d63 44 <pre>
ccli8 1:5ffad9f24d63 45 {
ccli8 1:5ffad9f24d63 46 "Version": "2012-10-17",
ccli8 1:5ffad9f24d63 47 "Statement": [
ccli8 1:5ffad9f24d63 48 {
ccli8 1:5ffad9f24d63 49 "Effect": "Allow",
ccli8 1:5ffad9f24d63 50 "Action": "iot:Connect",
ccli8 1:5ffad9f24d63 51 "Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:client/*"
ccli8 1:5ffad9f24d63 52 },
ccli8 1:5ffad9f24d63 53 {
ccli8 1:5ffad9f24d63 54 "Effect": "Allow",
ccli8 1:5ffad9f24d63 55 "Action": "iot:Subscribe",
ccli8 1:5ffad9f24d63 56 "Resource": ["arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:topicfilter/*"]
ccli8 1:5ffad9f24d63 57 },
ccli8 1:5ffad9f24d63 58 {
ccli8 1:5ffad9f24d63 59 "Effect": "Allow",
ccli8 1:5ffad9f24d63 60 "Action": ["iot:Publish", "iot:Receive"],
ccli8 1:5ffad9f24d63 61 "Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:topic/*"
ccli8 1:5ffad9f24d63 62 },
ccli8 1:5ffad9f24d63 63 {
ccli8 1:5ffad9f24d63 64 "Effect": "Allow",
ccli8 1:5ffad9f24d63 65 "Action": ["iot:UpdateThingShadow", "iot:GetThingShadow", "iot:DeleteThingShadow"],
ccli8 1:5ffad9f24d63 66 "Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:thing/*"
ccli8 1:5ffad9f24d63 67 }
ccli8 1:5ffad9f24d63 68 ]
ccli8 1:5ffad9f24d63 69 }
ccli8 1:5ffad9f24d63 70 </pre>
ccli8 1:5ffad9f24d63 71
ccli8 1:5ffad9f24d63 72 1. In AWS IoT Service, create a certificate. You would get 4 security credential files from it.
ccli8 1:5ffad9f24d63 73 Download them for later use.
ccli8 1:5ffad9f24d63 74 - AWS IoT's CA certificate
ccli8 1:5ffad9f24d63 75 - User certificate
ccli8 1:5ffad9f24d63 76 - User private key
ccli8 1:5ffad9f24d63 77 - User public key
ccli8 1:5ffad9f24d63 78
ccli8 1:5ffad9f24d63 79 After creating the certificate, do:
ccli8 1:5ffad9f24d63 80 1. Activate the certificate
ccli8 1:5ffad9f24d63 81 1. Attach the thing created above to the certificate
ccli8 1:5ffad9f24d63 82 1. Attach the policy created above to the certificate
ccli8 1:5ffad9f24d63 83
ccli8 1:5ffad9f24d63 84 ## Configure your device with AWS IoT
ccli8 1:5ffad9f24d63 85 Before connecting your device with AWS IoT, you need to configure security credential and
ccli8 1:5ffad9f24d63 86 protocol dependent parameters into your device. These configurations are all centralized in `main.cpp`.
ccli8 1:5ffad9f24d63 87
ccli8 1:5ffad9f24d63 88 ### Configure certificate into your device
ccli8 1:5ffad9f24d63 89 From above, you've got 4 security credential files: CA certificate and user certificate/private key/public key.
ccli8 1:5ffad9f24d63 90 Configure CA certificate, user certificate, and user private key into your device.
ccli8 1:5ffad9f24d63 91 User public key has been included in user certificate and is not used here.
ccli8 1:5ffad9f24d63 92 1. Replace CA certificate with downloaded from the Console.
ccli8 1:5ffad9f24d63 93 ```
ccli8 1:5ffad9f24d63 94 const char SSL_CA_CERT_PEM[] = "-----BEGIN CERTIFICATE-----\n"
ccli8 1:5ffad9f24d63 95 "MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB\n"
ccli8 1:5ffad9f24d63 96 "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
ccli8 1:5ffad9f24d63 97 ```
ccli8 1:5ffad9f24d63 98
ccli8 1:5ffad9f24d63 99 1. Replace user certificate with downloaded from the Console.
ccli8 1:5ffad9f24d63 100 ```
ccli8 1:5ffad9f24d63 101 const char SSL_USER_CERT_PEM[] = "-----BEGIN CERTIFICATE-----\n"
ccli8 1:5ffad9f24d63 102 "MIIDWjCCAkKgAwIBAgIVALN/H7tr8cgpl2zwg0JjEE106XilMA0GCSqGSIb3DQEB\n"
ccli8 1:5ffad9f24d63 103 "CwUAME0xSzBJBgNVBAsMQkFtYXpvbiBXZWIgU2VydmljZXMgTz1BbWF6b24uY29t\n"
ccli8 1:5ffad9f24d63 104 ```
ccli8 1:5ffad9f24d63 105
ccli8 1:5ffad9f24d63 106 1. Replace user private key with downloaded from the Console.
ccli8 1:5ffad9f24d63 107 ```
ccli8 1:5ffad9f24d63 108 const char SSL_USER_PRIV_KEY_PEM[] = "-----BEGIN RSA PRIVATE KEY-----\n"
ccli8 1:5ffad9f24d63 109 ```
ccli8 1:5ffad9f24d63 110
ccli8 4:dc23eeba885a 111 **NOTE:** The credential hard-coded in source code is deactivated or deleted.
ccli8 4:dc23eeba885a 112 Use your own credential for connection with AWS IoT.
ccli8 4:dc23eeba885a 113
ccli8 1:5ffad9f24d63 114 ### Connect through MQTT
ccli8 1:5ffad9f24d63 115 To connect your device with AWS IoT through MQTT, you need to configure the following parameters.
ccli8 1:5ffad9f24d63 116
ccli8 1:5ffad9f24d63 117 1. Enable connection through MQTT.
ccli8 1:5ffad9f24d63 118 ```
ccli8 1:5ffad9f24d63 119 #define AWS_IOT_MQTT_TEST 1
ccli8 1:5ffad9f24d63 120 ```
ccli8 1:5ffad9f24d63 121
ccli8 1:5ffad9f24d63 122 1. Replace server name (endpoint). **Endpoint** has the following format and you just
ccli8 1:5ffad9f24d63 123 need to modify **IDENTIFIER** and **REGION** to match your case.
ccli8 1:5ffad9f24d63 124 <pre>
ccli8 1:5ffad9f24d63 125 #define AWS_IOT_MQTT_SERVER_NAME "<b>IDENTIFIER</b>.iot.<b>REGION</b>.amazonaws.com"
ccli8 1:5ffad9f24d63 126 </pre>
ccli8 1:5ffad9f24d63 127
ccli8 1:5ffad9f24d63 128 1. Server port number is fixed. Don't change it.
ccli8 1:5ffad9f24d63 129 ```
ccli8 1:5ffad9f24d63 130 #define AWS_IOT_MQTT_SERVER_PORT 8883
ccli8 1:5ffad9f24d63 131 ```
ccli8 1:5ffad9f24d63 132
ccli8 1:5ffad9f24d63 133 1. Replace **THINGNAME** to match your case. The **THINGNAME** is just the name of the thing you've created above.
ccli8 1:5ffad9f24d63 134 <pre>
ccli8 1:5ffad9f24d63 135 #define AWS_IOT_MQTT_THINGNAME "<b>THINGNAME</b>"
ccli8 1:5ffad9f24d63 136 </pre>
ccli8 1:5ffad9f24d63 137
ccli8 1:5ffad9f24d63 138 1. Replace **CLIENTNAME** to match your case. If you adopt the example policy above,
ccli8 1:5ffad9f24d63 139 you can modify it arbitrarily because the policy permits any client name bound to your account.
ccli8 1:5ffad9f24d63 140 <pre>
ccli8 1:5ffad9f24d63 141 #define AWS_IOT_MQTT_CLIENTNAME "<b>CLIENTNAME</b>"
ccli8 1:5ffad9f24d63 142 </pre>
ccli8 1:5ffad9f24d63 143
ccli8 1:5ffad9f24d63 144 AWS IoT MQTT protocol supports topic subscribe/publish. The example demonstrates:
ccli8 1:5ffad9f24d63 145 - Subscribe/publish with user topic
ccli8 1:5ffad9f24d63 146 - Subscribe/publish with reserved topic (starting with $) to:
ccli8 1:5ffad9f24d63 147 - Update thing shadow
ccli8 1:5ffad9f24d63 148 - Get thing shadow
ccli8 1:5ffad9f24d63 149 - Delete thing shadow
ccli8 1:5ffad9f24d63 150
ccli8 1:5ffad9f24d63 151 ### Connect through HTTPS
ccli8 1:5ffad9f24d63 152 To connect your device with AWS IoT through HTTPS, you need to configure the following parameters.
ccli8 1:5ffad9f24d63 153
ccli8 1:5ffad9f24d63 154 1. Enable connection through HTTPS.
ccli8 1:5ffad9f24d63 155 ```
ccli8 1:5ffad9f24d63 156 #define AWS_IOT_HTTPS_TEST 1
ccli8 1:5ffad9f24d63 157 ```
ccli8 1:5ffad9f24d63 158
ccli8 1:5ffad9f24d63 159 1. Replace server name (endpoint). **Endpoint** has the following format and you just
ccli8 1:5ffad9f24d63 160 need to modify **IDENTIFIER** and **REGION** to match your case.
ccli8 1:5ffad9f24d63 161 <pre>
ccli8 1:5ffad9f24d63 162 #define AWS_IOT_HTTPS_SERVER_NAME "<b>IDENTIFIER</b>.iot.<b>REGION</b>.amazonaws.com"
ccli8 1:5ffad9f24d63 163 </pre>
ccli8 1:5ffad9f24d63 164
ccli8 1:5ffad9f24d63 165 1. Server port number is fixed. Don't change it.
ccli8 1:5ffad9f24d63 166 ```
ccli8 1:5ffad9f24d63 167 #define AWS_IOT_HTTPS_SERVER_PORT 8443
ccli8 1:5ffad9f24d63 168 ```
ccli8 1:5ffad9f24d63 169
ccli8 1:5ffad9f24d63 170 1. Replace **THINGNAME** to match your case. The **THINGNAME** is just the name of the thing you've created above.
ccli8 1:5ffad9f24d63 171 <pre>
ccli8 1:5ffad9f24d63 172 #define AWS_IOT_HTTPS_THINGNAME "<b>THINGNAME</b>"
ccli8 1:5ffad9f24d63 173 </pre>
ccli8 1:5ffad9f24d63 174
ccli8 1:5ffad9f24d63 175 AWS IoT HTTPS protocol supports topic publish-only and RESTful API. The example demonstrates:
ccli8 1:5ffad9f24d63 176 - Publish to user topic
ccli8 1:5ffad9f24d63 177 - Publish to reserved topic (starting with $) to:
ccli8 1:5ffad9f24d63 178 - Update thing shadow
ccli8 1:5ffad9f24d63 179 - Get thing shadow
ccli8 1:5ffad9f24d63 180 - Delete thing shadow
ccli8 1:5ffad9f24d63 181 - RESTful API to:
ccli8 1:5ffad9f24d63 182 - Update thing shadow RESTfully through HTTPS/POST method
ccli8 1:5ffad9f24d63 183 - Get thing shadow RESTfully through HTTPS/GET method
ccli8 1:5ffad9f24d63 184 - Delete thing shadow RESTfully through HTTPS/DELETE method
ccli8 1:5ffad9f24d63 185
ccli8 1:5ffad9f24d63 186 ## Monitor the application
ccli8 1:5ffad9f24d63 187 If you configure your terminal program with **9600/8-N-1**, you would see output similar to:
ccli8 1:5ffad9f24d63 188
ccli8 1:5ffad9f24d63 189 **NOTE:** Make sure that the network is functional before running the application.
ccli8 1:5ffad9f24d63 190
ccli8 1:5ffad9f24d63 191 <pre>
ccli8 1:5ffad9f24d63 192 Starting AWS IoT test
ccli8 1:5ffad9f24d63 193 Using Mbed OS 5.7.1
ccli8 1:5ffad9f24d63 194 [EasyConnect] IPv4 mode
ccli8 1:5ffad9f24d63 195 Connecting with a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883
ccli8 1:5ffad9f24d63 196 Connecting to a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883
ccli8 1:5ffad9f24d63 197 </pre>
ccli8 1:5ffad9f24d63 198
ccli8 1:5ffad9f24d63 199 If you get here successfully, it means configurations with security credential are correct.
ccli8 1:5ffad9f24d63 200 <pre>
ccli8 1:5ffad9f24d63 201 Starting the TLS handshake...
ccli8 1:5ffad9f24d63 202 TLS connection to a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883 established
ccli8 1:5ffad9f24d63 203 Server certificate:
ccli8 1:5ffad9f24d63 204 cert. version : 3
ccli8 1:5ffad9f24d63 205 serial number : 3C:AC:B3:D3:3E:D8:6A:C9:2B:EF:D2:C5:B1:DC:BF:66
ccli8 1:5ffad9f24d63 206 issuer name : C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2
ccli8 1:5ffad9f24d63 207 subject name : C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.iot.us-east-1.amazonaws.com
ccli8 1:5ffad9f24d63 208 issued on : 2017-03-07 00:00:00
ccli8 1:5ffad9f24d63 209 expires on : 2018-03-08 23:59:59
ccli8 1:5ffad9f24d63 210 signed using : ECDSA with SHA256
ccli8 1:5ffad9f24d63 211 EC key size : 256 bits
ccli8 1:5ffad9f24d63 212 basic constraints : CA=false
ccli8 1:5ffad9f24d63 213 subject alt name : iot.us-east-1.amazonaws.com, *.iot.us-east-1.amazonaws.com
ccli8 1:5ffad9f24d63 214 key usage : Digital Signature
ccli8 1:5ffad9f24d63 215 ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
ccli8 1:5ffad9f24d63 216 Certificate verification passed
ccli8 1:5ffad9f24d63 217
ccli8 1:5ffad9f24d63 218 Connects with a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883 OK
ccli8 1:5ffad9f24d63 219 </pre>
ccli8 1:5ffad9f24d63 220
ccli8 1:5ffad9f24d63 221 MQTT handshake goes:
ccli8 1:5ffad9f24d63 222 <pre>
ccli8 1:5ffad9f24d63 223 MQTT connects OK
ccli8 1:5ffad9f24d63 224
ccli8 1:5ffad9f24d63 225 Subscribing/publishing user topic
ccli8 1:5ffad9f24d63 226 MQTT subscribes to Nuvoton/Mbed/+ OK
ccli8 1:5ffad9f24d63 227 Message to publish:
ccli8 1:5ffad9f24d63 228 { "message": "Hello from Nuvoton Mbed device" }
ccli8 1:5ffad9f24d63 229 MQTT publishes message to Nuvoton/Mbed/D001 OK
ccli8 1:5ffad9f24d63 230 Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8 1:5ffad9f24d63 231 Payload:
ccli8 1:5ffad9f24d63 232 { "message": "Hello from Nuvoton Mbed device" }
ccli8 1:5ffad9f24d63 233
ccli8 1:5ffad9f24d63 234 MQTT unsubscribes from Nuvoton/Mbed/+ OK
ccli8 1:5ffad9f24d63 235 Subscribes/publishes user topic OK
ccli8 1:5ffad9f24d63 236
ccli8 1:5ffad9f24d63 237 Subscribing/publishing UpdateThingShadow topic
ccli8 1:5ffad9f24d63 238 MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/update/accepted OK
ccli8 1:5ffad9f24d63 239 MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/update/rejected OK
ccli8 1:5ffad9f24d63 240 Message to publish:
ccli8 1:5ffad9f24d63 241 { "state": { "reported": { "attribute1": 3, "attribute2": "1" } } }
ccli8 1:5ffad9f24d63 242 MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/update OK
ccli8 1:5ffad9f24d63 243 Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8 1:5ffad9f24d63 244 Payload:
ccli8 1:5ffad9f24d63 245 {"state":{"reported":{"attribute1":3,"attribute2":"1"}},"metadata":{"reported":{"attribute1":{"timestamp":1514962195},"attribute2":{"timestamp":1514962195}}},"version":77,"timestamp":1514962195}
ccli8 1:5ffad9f24d63 246
ccli8 1:5ffad9f24d63 247 MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/update/accepted OK
ccli8 1:5ffad9f24d63 248 MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/update/rejected OK
ccli8 1:5ffad9f24d63 249 Subscribes/publishes UpdateThingShadow topic OK
ccli8 1:5ffad9f24d63 250
ccli8 1:5ffad9f24d63 251 Subscribing/publishing GetThingShadow topic
ccli8 1:5ffad9f24d63 252 MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/get/accepted OK
ccli8 1:5ffad9f24d63 253 MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/get/rejected OK
ccli8 1:5ffad9f24d63 254 Message to publish:
ccli8 1:5ffad9f24d63 255
ccli8 1:5ffad9f24d63 256 MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/get OK
ccli8 1:5ffad9f24d63 257 Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8 1:5ffad9f24d63 258 Payload:
ccli8 1:5ffad9f24d63 259 {"state":{"reported":{"attribute1":3,"attribute2":"1"}},"metadata":{"reported":{"attribute1":{"timestamp":1514962195},"attribute2":{"timestamp":1514962195}}},"version":77,"timestamp":1514962198}
ccli8 1:5ffad9f24d63 260
ccli8 1:5ffad9f24d63 261 MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/get/accepted OK
ccli8 1:5ffad9f24d63 262 MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/get/rejected OK
ccli8 1:5ffad9f24d63 263 Subscribes/publishes GetThingShadow topic OK
ccli8 1:5ffad9f24d63 264
ccli8 1:5ffad9f24d63 265 Subscribing/publishing DeleteThingShadow topic
ccli8 1:5ffad9f24d63 266 MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/delete/accepted OK
ccli8 1:5ffad9f24d63 267 MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/delete/rejected OK
ccli8 1:5ffad9f24d63 268 Message to publish:
ccli8 1:5ffad9f24d63 269
ccli8 1:5ffad9f24d63 270 MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/delete OK
ccli8 1:5ffad9f24d63 271 Message arrived: qos 1, retained 0, dup 0, packetid 1
ccli8 1:5ffad9f24d63 272 Payload:
ccli8 1:5ffad9f24d63 273 {"version":77,"timestamp":1514962202}
ccli8 1:5ffad9f24d63 274
ccli8 1:5ffad9f24d63 275 MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/delete/accepted OK
ccli8 1:5ffad9f24d63 276 MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/delete/rejected OK
ccli8 1:5ffad9f24d63 277 Subscribes/publishes DeleteThingShadow topic OK
ccli8 1:5ffad9f24d63 278
ccli8 1:5ffad9f24d63 279 MQTT disconnects OK
ccli8 1:5ffad9f24d63 280 </pre>
ccli8 1:5ffad9f24d63 281
ccli8 1:5ffad9f24d63 282 Dynamic memory footprint (heap) is output below.
ccli8 1:5ffad9f24d63 283 Static memory footprint (global/stack) could be obtained by inspecting MAP file.
ccli8 1:5ffad9f24d63 284 You could get total memory footprint by adding these two together.
ccli8 1:5ffad9f24d63 285 <pre>
ccli8 1:5ffad9f24d63 286 Current heap size: 1351
ccli8 1:5ffad9f24d63 287 Max heap size: 63022
ccli8 1:5ffad9f24d63 288 </pre>
ccli8 5:2a70e217325f 289
ccli8 5:2a70e217325f 290 ## Trouble-shooting
ccli8 5:2a70e217325f 291 - Over ESP8266 WiFi,
ccli8 5:2a70e217325f 292 if you make a loop test like below (`main.cpp`), you may always meet errors in the following loops
ccli8 5:2a70e217325f 293 after some network error has happened in the previous one.
ccli8 5:2a70e217325f 294 <pre>
ccli8 5:2a70e217325f 295 <b>while (true) {</b>
ccli8 5:2a70e217325f 296 #if AWS_IOT_MQTT_TEST
ccli8 5:2a70e217325f 297 AWS_IoT_MQTT_Test *mqtt_test = new AWS_IoT_MQTT_Test(AWS_IOT_MQTT_SERVER_NAME, AWS_IOT_MQTT_SERVER_PORT, network);
ccli8 5:2a70e217325f 298 mqtt_test->start_test();
ccli8 5:2a70e217325f 299 delete mqtt_test;
ccli8 5:2a70e217325f 300 #endif // End of AWS_IOT_MQTT_TEST
ccli8 5:2a70e217325f 301
ccli8 5:2a70e217325f 302 #if AWS_IOT_HTTPS_TEST
ccli8 5:2a70e217325f 303 AWS_IoT_HTTPS_Test *https_test = new AWS_IoT_HTTPS_Test(AWS_IOT_HTTPS_SERVER_NAME, AWS_IOT_HTTPS_SERVER_PORT, network);
ccli8 5:2a70e217325f 304 https_test->start_test();
ccli8 5:2a70e217325f 305 delete https_test;
ccli8 5:2a70e217325f 306 #endif // End of AWS_IOT_HTTPS_TEST
ccli8 5:2a70e217325f 307 <b>}</b>
ccli8 5:2a70e217325f 308 </pre>
ccli8 5:2a70e217325f 309 This issue would be caused by failure of ESP8266 AT commands **CLOSE**/**DISCONNECT**
ccli8 5:2a70e217325f 310 because ESP8266 F/W is still busy in handling previous unfinished network transfer
ccli8 5:2a70e217325f 311 due to bad network status and fails these commands.
ccli8 5:2a70e217325f 312 These commands must be OK for ESP8266 F/W to reset connection state correctly.
ccli8 5:2a70e217325f 313 If that happens, try enlarging [ESP8266 driver's](https://github.com/ARMmbed/esp8266-driver) timeout configuration.
ccli8 6:7ef096085ca7 314 For example, enlarge `ESP8266_SEND_TIMEOUT`/`ESP8266_RECV_TIMEOUT`/`ESP8266_MISC_TIMEOUT` (defined in
ccli8 6:7ef096085ca7 315 [ESP8266Interface.cpp](https://github.com/ARMmbed/esp8266-driver/blob/master/ESP8266Interface.cpp))
ccli8 6:7ef096085ca7 316 to 5000/5000/5000 ms respectively (through `mbed_app.json`).
ccli8 5:2a70e217325f 317 <pre>
ccli8 5:2a70e217325f 318 {
ccli8 5:2a70e217325f 319 "macros": [
ccli8 5:2a70e217325f 320 "MBED_CONF_APP_MAIN_STACK_SIZE=4096",
ccli8 5:2a70e217325f 321 "MBEDTLS_USER_CONFIG_FILE=\"mbedtls_user_config.h\"",
ccli8 5:2a70e217325f 322 "MBED_HEAP_STATS_ENABLED=1",
ccli8 5:2a70e217325f 323 "MBED_MEM_TRACING_ENABLED=1",
ccli8 6:7ef096085ca7 324 <b>"ESP8266_SEND_TIMEOUT=5000",</b>
ccli8 6:7ef096085ca7 325 <b>"ESP8266_RECV_TIMEOUT=5000",</b>
ccli8 5:2a70e217325f 326 <b>"ESP8266_MISC_TIMEOUT=5000"</b>
ccli8 5:2a70e217325f 327 ],
ccli8 5:2a70e217325f 328 "config": {
ccli8 26:e5cfc2628e84 329 </pre>
ccli8 26:e5cfc2628e84 330
ccli8 26:e5cfc2628e84 331 - Reduce memory footprint according to RFC 6066 TLS extension
ccli8 26:e5cfc2628e84 332 `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` determine the sizes of incoming/outgoing TLS I/O buffers.
ccli8 26:e5cfc2628e84 333 We reduce the sizes by default according to RFC 6066:
ccli8 26:e5cfc2628e84 334 1. Enable RFC 6066 max_fragment_length extension.
ccli8 26:e5cfc2628e84 335 1. Reduce `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` to 4KiB/4KiB from 16KiB/16KiB.
ccli8 26:e5cfc2628e84 336
ccli8 26:e5cfc2628e84 337 But this approach is risky because:
ccli8 26:e5cfc2628e84 338 1. AWS IoT doesn't support RFC 6066 TLS extension yet.
ccli8 26:e5cfc2628e84 339 1. TLS handshake may need larger I/O buffers than configured 4KiB/4KiB.
ccli8 26:e5cfc2628e84 340
ccli8 26:e5cfc2628e84 341 If you doubt your trouble is caused by this configuration, disable it by:
ccli8 26:e5cfc2628e84 342 1. Remove the line `my-tlssocket.tls-max-frag-len` in `mbed_app.json`.
ccli8 26:e5cfc2628e84 343 ```json
ccli8 26:e5cfc2628e84 344 "NUMAKER_PFM_NUC472": {
ccli8 26:e5cfc2628e84 345 "target.network-default-interface-type" : "ETHERNET",
ccli8 26:e5cfc2628e84 346 "target.macros_add": [
ccli8 26:e5cfc2628e84 347 "ESP8266_AT_SEL=ESP8266_AT_EXTERN"
ccli8 26:e5cfc2628e84 348 ]
ccli8 26:e5cfc2628e84 349 },
ccli8 26:e5cfc2628e84 350 ```
ccli8 26:e5cfc2628e84 351 1. Comment out `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` in `mbedtls_user_config.h`.
ccli8 26:e5cfc2628e84 352 This will change back to 16KiB/16KiB.