yh Tang
/
NuMaker-mbed-AWS-IoT-example
NuMaker connection with AWS IoT thru MQTT/HTTPS
README.md@27:b12add202b88, 2019-04-29 (annotated)
- Committer:
- ccli8
- Date:
- Mon Apr 29 14:21:58 2019 +0800
- Revision:
- 27:b12add202b88
- Parent:
- 26:e5cfc2628e84
Support NUMAKER_PFM_M2351
1. Rebuild secure lib/exec which has the following memory partition:
(1) Flash (512KiB in total): 128KiB for secure and 384KiB for nonsecure.
(2) SRAM (96KiB in total): 16KiB for secure and 80KiB for nonsecure.
2. Disable default secure lib/exec (.mbedignore) to use the custom one above.
3. Update README.md
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
ccli8 |
1:5ffad9f24d63 | 1 | # Example for Connection with AWS IoT thru MQTT/HTTPS on Mbed OS |
ccli8 |
1:5ffad9f24d63 | 2 | |
ccli8 |
1:5ffad9f24d63 | 3 | This is an example to demonstrate connection with [AWS IoT](https://aws.amazon.com/iot) |
ccli8 |
1:5ffad9f24d63 | 4 | on Nuvoton Mbed-enabled boards. |
ccli8 |
1:5ffad9f24d63 | 5 | |
ccli8 |
1:5ffad9f24d63 | 6 | ## Supported platforms |
ccli8 |
1:5ffad9f24d63 | 7 | On Mbed OS, connection with AWS IoT requires Mbed TLS. It requires more than 64 KB RAM. |
ccli8 |
1:5ffad9f24d63 | 8 | Currently, the following Nuvoton Mbed-enalbed boards can afford such memory footprint: |
ccli8 |
1:5ffad9f24d63 | 9 | - [NuMaker-PFM-NUC472](https://developer.mbed.org/platforms/Nuvoton-NUC472/) |
ccli8 |
1:5ffad9f24d63 | 10 | - [NuMaker-PFM-M487](https://developer.mbed.org/platforms/NUMAKER-PFM-M487/) |
ccli8 |
27:b12add202b88 | 11 | - [NuMaker-IoT-M487](https://os.mbed.com/platforms/NUMAKER-IOT-M487/) |
ccli8 |
27:b12add202b88 | 12 | - [NuMaker-PFM-M2351](https://os.mbed.com/platforms/NUMAKER-PFM-M2351/) |
ccli8 |
27:b12add202b88 | 13 | |
ccli8 |
27:b12add202b88 | 14 | ### NuMaker-PFM-M2351 |
ccli8 |
27:b12add202b88 | 15 | NuMaker-PFM-M2351 is a Cortex-M23 based target which supports TrustZone. |
ccli8 |
27:b12add202b88 | 16 | To develop on this target, user needs to build two codes: secure and non-secure. |
ccli8 |
27:b12add202b88 | 17 | For secure code, there has been pre-built one in mbed-os tree. |
ccli8 |
27:b12add202b88 | 18 | But its memory partition doesn't meet this example. |
ccli8 |
27:b12add202b88 | 19 | This example excludes the pre-built secure code in mbed-os tree (see **.mbedignore**) and provides |
ccli8 |
27:b12add202b88 | 20 | another one in **targets/TARGET_NUVOTON/TARGET_M2351/TARGET_NUMAKER_PFM_M2351**. |
ccli8 |
27:b12add202b88 | 21 | To provide your own secure code, please follow the instructions in [NuMaker-mbed-TZ-secure-example](https://github.com/OpenNuvoton/NuMaker-mbed-TZ-secure-example). |
ccli8 |
27:b12add202b88 | 22 | |
ccli8 |
27:b12add202b88 | 23 | To build non-secure code for this example, run: |
ccli8 |
27:b12add202b88 | 24 | ``` |
ccli8 |
27:b12add202b88 | 25 | mbed compile -m NUMAKER_PFM_M2351 -t ARMC6 |
ccli8 |
27:b12add202b88 | 26 | ``` |
ccli8 |
27:b12add202b88 | 27 | And you would get **NuMaker-mbed-AWS-IoT-example.hex**. |
ccli8 |
27:b12add202b88 | 28 | |
ccli8 |
27:b12add202b88 | 29 | To run this example, user needs to flash secure code like **NuMaker-mbed-TZ-secure-example.hex** first and then non-secure code **NuMaker-mbed-AWS-IoT-example.hex**. |
ccli8 |
1:5ffad9f24d63 | 30 | |
ccli8 |
1:5ffad9f24d63 | 31 | ## Access and manage AWS IoT Service |
ccli8 |
1:5ffad9f24d63 | 32 | To run the example, you need to register one [AWS account](https://aws.amazon.com/) |
ccli8 |
1:5ffad9f24d63 | 33 | to access and manage AWS IoT Service for your device to connect with. |
ccli8 |
1:5ffad9f24d63 | 34 | This [link](https://docs.aws.amazon.com/iot/latest/developerguide/what-is-aws-iot.html) gives detailed |
ccli8 |
1:5ffad9f24d63 | 35 | information about it. |
ccli8 |
1:5ffad9f24d63 | 36 | |
ccli8 |
1:5ffad9f24d63 | 37 | 1. Sign in to [AWS Management Console](https://aws.amazon.com/console/). |
ccli8 |
1:5ffad9f24d63 | 38 | 1. Enter AWS IoT Service. |
ccli8 |
1:5ffad9f24d63 | 39 | 1. In AWS IoT Service, create a thing. |
ccli8 |
1:5ffad9f24d63 | 40 | The Console may prompt you to also create a certificate and a policy. Skip for creating them later. |
ccli8 |
1:5ffad9f24d63 | 41 | 1. In AWS IoT Service, create a policy. A workable example would be below. |
ccli8 |
1:5ffad9f24d63 | 42 | Note that you need to replace **REGION** and **ACCOUNT** to match your case. |
ccli8 |
1:5ffad9f24d63 | 43 | |
ccli8 |
1:5ffad9f24d63 | 44 | <pre> |
ccli8 |
1:5ffad9f24d63 | 45 | { |
ccli8 |
1:5ffad9f24d63 | 46 | "Version": "2012-10-17", |
ccli8 |
1:5ffad9f24d63 | 47 | "Statement": [ |
ccli8 |
1:5ffad9f24d63 | 48 | { |
ccli8 |
1:5ffad9f24d63 | 49 | "Effect": "Allow", |
ccli8 |
1:5ffad9f24d63 | 50 | "Action": "iot:Connect", |
ccli8 |
1:5ffad9f24d63 | 51 | "Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:client/*" |
ccli8 |
1:5ffad9f24d63 | 52 | }, |
ccli8 |
1:5ffad9f24d63 | 53 | { |
ccli8 |
1:5ffad9f24d63 | 54 | "Effect": "Allow", |
ccli8 |
1:5ffad9f24d63 | 55 | "Action": "iot:Subscribe", |
ccli8 |
1:5ffad9f24d63 | 56 | "Resource": ["arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:topicfilter/*"] |
ccli8 |
1:5ffad9f24d63 | 57 | }, |
ccli8 |
1:5ffad9f24d63 | 58 | { |
ccli8 |
1:5ffad9f24d63 | 59 | "Effect": "Allow", |
ccli8 |
1:5ffad9f24d63 | 60 | "Action": ["iot:Publish", "iot:Receive"], |
ccli8 |
1:5ffad9f24d63 | 61 | "Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:topic/*" |
ccli8 |
1:5ffad9f24d63 | 62 | }, |
ccli8 |
1:5ffad9f24d63 | 63 | { |
ccli8 |
1:5ffad9f24d63 | 64 | "Effect": "Allow", |
ccli8 |
1:5ffad9f24d63 | 65 | "Action": ["iot:UpdateThingShadow", "iot:GetThingShadow", "iot:DeleteThingShadow"], |
ccli8 |
1:5ffad9f24d63 | 66 | "Resource": "arn:aws:iot:<b>REGION</b>:<b>ACCOUNT</b>:thing/*" |
ccli8 |
1:5ffad9f24d63 | 67 | } |
ccli8 |
1:5ffad9f24d63 | 68 | ] |
ccli8 |
1:5ffad9f24d63 | 69 | } |
ccli8 |
1:5ffad9f24d63 | 70 | </pre> |
ccli8 |
1:5ffad9f24d63 | 71 | |
ccli8 |
1:5ffad9f24d63 | 72 | 1. In AWS IoT Service, create a certificate. You would get 4 security credential files from it. |
ccli8 |
1:5ffad9f24d63 | 73 | Download them for later use. |
ccli8 |
1:5ffad9f24d63 | 74 | - AWS IoT's CA certificate |
ccli8 |
1:5ffad9f24d63 | 75 | - User certificate |
ccli8 |
1:5ffad9f24d63 | 76 | - User private key |
ccli8 |
1:5ffad9f24d63 | 77 | - User public key |
ccli8 |
1:5ffad9f24d63 | 78 | |
ccli8 |
1:5ffad9f24d63 | 79 | After creating the certificate, do: |
ccli8 |
1:5ffad9f24d63 | 80 | 1. Activate the certificate |
ccli8 |
1:5ffad9f24d63 | 81 | 1. Attach the thing created above to the certificate |
ccli8 |
1:5ffad9f24d63 | 82 | 1. Attach the policy created above to the certificate |
ccli8 |
1:5ffad9f24d63 | 83 | |
ccli8 |
1:5ffad9f24d63 | 84 | ## Configure your device with AWS IoT |
ccli8 |
1:5ffad9f24d63 | 85 | Before connecting your device with AWS IoT, you need to configure security credential and |
ccli8 |
1:5ffad9f24d63 | 86 | protocol dependent parameters into your device. These configurations are all centralized in `main.cpp`. |
ccli8 |
1:5ffad9f24d63 | 87 | |
ccli8 |
1:5ffad9f24d63 | 88 | ### Configure certificate into your device |
ccli8 |
1:5ffad9f24d63 | 89 | From above, you've got 4 security credential files: CA certificate and user certificate/private key/public key. |
ccli8 |
1:5ffad9f24d63 | 90 | Configure CA certificate, user certificate, and user private key into your device. |
ccli8 |
1:5ffad9f24d63 | 91 | User public key has been included in user certificate and is not used here. |
ccli8 |
1:5ffad9f24d63 | 92 | 1. Replace CA certificate with downloaded from the Console. |
ccli8 |
1:5ffad9f24d63 | 93 | ``` |
ccli8 |
1:5ffad9f24d63 | 94 | const char SSL_CA_CERT_PEM[] = "-----BEGIN CERTIFICATE-----\n" |
ccli8 |
1:5ffad9f24d63 | 95 | "MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB\n" |
ccli8 |
1:5ffad9f24d63 | 96 | "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" |
ccli8 |
1:5ffad9f24d63 | 97 | ``` |
ccli8 |
1:5ffad9f24d63 | 98 | |
ccli8 |
1:5ffad9f24d63 | 99 | 1. Replace user certificate with downloaded from the Console. |
ccli8 |
1:5ffad9f24d63 | 100 | ``` |
ccli8 |
1:5ffad9f24d63 | 101 | const char SSL_USER_CERT_PEM[] = "-----BEGIN CERTIFICATE-----\n" |
ccli8 |
1:5ffad9f24d63 | 102 | "MIIDWjCCAkKgAwIBAgIVALN/H7tr8cgpl2zwg0JjEE106XilMA0GCSqGSIb3DQEB\n" |
ccli8 |
1:5ffad9f24d63 | 103 | "CwUAME0xSzBJBgNVBAsMQkFtYXpvbiBXZWIgU2VydmljZXMgTz1BbWF6b24uY29t\n" |
ccli8 |
1:5ffad9f24d63 | 104 | ``` |
ccli8 |
1:5ffad9f24d63 | 105 | |
ccli8 |
1:5ffad9f24d63 | 106 | 1. Replace user private key with downloaded from the Console. |
ccli8 |
1:5ffad9f24d63 | 107 | ``` |
ccli8 |
1:5ffad9f24d63 | 108 | const char SSL_USER_PRIV_KEY_PEM[] = "-----BEGIN RSA PRIVATE KEY-----\n" |
ccli8 |
1:5ffad9f24d63 | 109 | ``` |
ccli8 |
1:5ffad9f24d63 | 110 | |
ccli8 |
4:dc23eeba885a | 111 | **NOTE:** The credential hard-coded in source code is deactivated or deleted. |
ccli8 |
4:dc23eeba885a | 112 | Use your own credential for connection with AWS IoT. |
ccli8 |
4:dc23eeba885a | 113 | |
ccli8 |
1:5ffad9f24d63 | 114 | ### Connect through MQTT |
ccli8 |
1:5ffad9f24d63 | 115 | To connect your device with AWS IoT through MQTT, you need to configure the following parameters. |
ccli8 |
1:5ffad9f24d63 | 116 | |
ccli8 |
1:5ffad9f24d63 | 117 | 1. Enable connection through MQTT. |
ccli8 |
1:5ffad9f24d63 | 118 | ``` |
ccli8 |
1:5ffad9f24d63 | 119 | #define AWS_IOT_MQTT_TEST 1 |
ccli8 |
1:5ffad9f24d63 | 120 | ``` |
ccli8 |
1:5ffad9f24d63 | 121 | |
ccli8 |
1:5ffad9f24d63 | 122 | 1. Replace server name (endpoint). **Endpoint** has the following format and you just |
ccli8 |
1:5ffad9f24d63 | 123 | need to modify **IDENTIFIER** and **REGION** to match your case. |
ccli8 |
1:5ffad9f24d63 | 124 | <pre> |
ccli8 |
1:5ffad9f24d63 | 125 | #define AWS_IOT_MQTT_SERVER_NAME "<b>IDENTIFIER</b>.iot.<b>REGION</b>.amazonaws.com" |
ccli8 |
1:5ffad9f24d63 | 126 | </pre> |
ccli8 |
1:5ffad9f24d63 | 127 | |
ccli8 |
1:5ffad9f24d63 | 128 | 1. Server port number is fixed. Don't change it. |
ccli8 |
1:5ffad9f24d63 | 129 | ``` |
ccli8 |
1:5ffad9f24d63 | 130 | #define AWS_IOT_MQTT_SERVER_PORT 8883 |
ccli8 |
1:5ffad9f24d63 | 131 | ``` |
ccli8 |
1:5ffad9f24d63 | 132 | |
ccli8 |
1:5ffad9f24d63 | 133 | 1. Replace **THINGNAME** to match your case. The **THINGNAME** is just the name of the thing you've created above. |
ccli8 |
1:5ffad9f24d63 | 134 | <pre> |
ccli8 |
1:5ffad9f24d63 | 135 | #define AWS_IOT_MQTT_THINGNAME "<b>THINGNAME</b>" |
ccli8 |
1:5ffad9f24d63 | 136 | </pre> |
ccli8 |
1:5ffad9f24d63 | 137 | |
ccli8 |
1:5ffad9f24d63 | 138 | 1. Replace **CLIENTNAME** to match your case. If you adopt the example policy above, |
ccli8 |
1:5ffad9f24d63 | 139 | you can modify it arbitrarily because the policy permits any client name bound to your account. |
ccli8 |
1:5ffad9f24d63 | 140 | <pre> |
ccli8 |
1:5ffad9f24d63 | 141 | #define AWS_IOT_MQTT_CLIENTNAME "<b>CLIENTNAME</b>" |
ccli8 |
1:5ffad9f24d63 | 142 | </pre> |
ccli8 |
1:5ffad9f24d63 | 143 | |
ccli8 |
1:5ffad9f24d63 | 144 | AWS IoT MQTT protocol supports topic subscribe/publish. The example demonstrates: |
ccli8 |
1:5ffad9f24d63 | 145 | - Subscribe/publish with user topic |
ccli8 |
1:5ffad9f24d63 | 146 | - Subscribe/publish with reserved topic (starting with $) to: |
ccli8 |
1:5ffad9f24d63 | 147 | - Update thing shadow |
ccli8 |
1:5ffad9f24d63 | 148 | - Get thing shadow |
ccli8 |
1:5ffad9f24d63 | 149 | - Delete thing shadow |
ccli8 |
1:5ffad9f24d63 | 150 | |
ccli8 |
1:5ffad9f24d63 | 151 | ### Connect through HTTPS |
ccli8 |
1:5ffad9f24d63 | 152 | To connect your device with AWS IoT through HTTPS, you need to configure the following parameters. |
ccli8 |
1:5ffad9f24d63 | 153 | |
ccli8 |
1:5ffad9f24d63 | 154 | 1. Enable connection through HTTPS. |
ccli8 |
1:5ffad9f24d63 | 155 | ``` |
ccli8 |
1:5ffad9f24d63 | 156 | #define AWS_IOT_HTTPS_TEST 1 |
ccli8 |
1:5ffad9f24d63 | 157 | ``` |
ccli8 |
1:5ffad9f24d63 | 158 | |
ccli8 |
1:5ffad9f24d63 | 159 | 1. Replace server name (endpoint). **Endpoint** has the following format and you just |
ccli8 |
1:5ffad9f24d63 | 160 | need to modify **IDENTIFIER** and **REGION** to match your case. |
ccli8 |
1:5ffad9f24d63 | 161 | <pre> |
ccli8 |
1:5ffad9f24d63 | 162 | #define AWS_IOT_HTTPS_SERVER_NAME "<b>IDENTIFIER</b>.iot.<b>REGION</b>.amazonaws.com" |
ccli8 |
1:5ffad9f24d63 | 163 | </pre> |
ccli8 |
1:5ffad9f24d63 | 164 | |
ccli8 |
1:5ffad9f24d63 | 165 | 1. Server port number is fixed. Don't change it. |
ccli8 |
1:5ffad9f24d63 | 166 | ``` |
ccli8 |
1:5ffad9f24d63 | 167 | #define AWS_IOT_HTTPS_SERVER_PORT 8443 |
ccli8 |
1:5ffad9f24d63 | 168 | ``` |
ccli8 |
1:5ffad9f24d63 | 169 | |
ccli8 |
1:5ffad9f24d63 | 170 | 1. Replace **THINGNAME** to match your case. The **THINGNAME** is just the name of the thing you've created above. |
ccli8 |
1:5ffad9f24d63 | 171 | <pre> |
ccli8 |
1:5ffad9f24d63 | 172 | #define AWS_IOT_HTTPS_THINGNAME "<b>THINGNAME</b>" |
ccli8 |
1:5ffad9f24d63 | 173 | </pre> |
ccli8 |
1:5ffad9f24d63 | 174 | |
ccli8 |
1:5ffad9f24d63 | 175 | AWS IoT HTTPS protocol supports topic publish-only and RESTful API. The example demonstrates: |
ccli8 |
1:5ffad9f24d63 | 176 | - Publish to user topic |
ccli8 |
1:5ffad9f24d63 | 177 | - Publish to reserved topic (starting with $) to: |
ccli8 |
1:5ffad9f24d63 | 178 | - Update thing shadow |
ccli8 |
1:5ffad9f24d63 | 179 | - Get thing shadow |
ccli8 |
1:5ffad9f24d63 | 180 | - Delete thing shadow |
ccli8 |
1:5ffad9f24d63 | 181 | - RESTful API to: |
ccli8 |
1:5ffad9f24d63 | 182 | - Update thing shadow RESTfully through HTTPS/POST method |
ccli8 |
1:5ffad9f24d63 | 183 | - Get thing shadow RESTfully through HTTPS/GET method |
ccli8 |
1:5ffad9f24d63 | 184 | - Delete thing shadow RESTfully through HTTPS/DELETE method |
ccli8 |
1:5ffad9f24d63 | 185 | |
ccli8 |
1:5ffad9f24d63 | 186 | ## Monitor the application |
ccli8 |
1:5ffad9f24d63 | 187 | If you configure your terminal program with **9600/8-N-1**, you would see output similar to: |
ccli8 |
1:5ffad9f24d63 | 188 | |
ccli8 |
1:5ffad9f24d63 | 189 | **NOTE:** Make sure that the network is functional before running the application. |
ccli8 |
1:5ffad9f24d63 | 190 | |
ccli8 |
1:5ffad9f24d63 | 191 | <pre> |
ccli8 |
1:5ffad9f24d63 | 192 | Starting AWS IoT test |
ccli8 |
1:5ffad9f24d63 | 193 | Using Mbed OS 5.7.1 |
ccli8 |
1:5ffad9f24d63 | 194 | [EasyConnect] IPv4 mode |
ccli8 |
1:5ffad9f24d63 | 195 | Connecting with a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883 |
ccli8 |
1:5ffad9f24d63 | 196 | Connecting to a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883 |
ccli8 |
1:5ffad9f24d63 | 197 | </pre> |
ccli8 |
1:5ffad9f24d63 | 198 | |
ccli8 |
1:5ffad9f24d63 | 199 | If you get here successfully, it means configurations with security credential are correct. |
ccli8 |
1:5ffad9f24d63 | 200 | <pre> |
ccli8 |
1:5ffad9f24d63 | 201 | Starting the TLS handshake... |
ccli8 |
1:5ffad9f24d63 | 202 | TLS connection to a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883 established |
ccli8 |
1:5ffad9f24d63 | 203 | Server certificate: |
ccli8 |
1:5ffad9f24d63 | 204 | cert. version : 3 |
ccli8 |
1:5ffad9f24d63 | 205 | serial number : 3C:AC:B3:D3:3E:D8:6A:C9:2B:EF:D2:C5:B1:DC:BF:66 |
ccli8 |
1:5ffad9f24d63 | 206 | issuer name : C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2 |
ccli8 |
1:5ffad9f24d63 | 207 | subject name : C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.iot.us-east-1.amazonaws.com |
ccli8 |
1:5ffad9f24d63 | 208 | issued on : 2017-03-07 00:00:00 |
ccli8 |
1:5ffad9f24d63 | 209 | expires on : 2018-03-08 23:59:59 |
ccli8 |
1:5ffad9f24d63 | 210 | signed using : ECDSA with SHA256 |
ccli8 |
1:5ffad9f24d63 | 211 | EC key size : 256 bits |
ccli8 |
1:5ffad9f24d63 | 212 | basic constraints : CA=false |
ccli8 |
1:5ffad9f24d63 | 213 | subject alt name : iot.us-east-1.amazonaws.com, *.iot.us-east-1.amazonaws.com |
ccli8 |
1:5ffad9f24d63 | 214 | key usage : Digital Signature |
ccli8 |
1:5ffad9f24d63 | 215 | ext key usage : TLS Web Server Authentication, TLS Web Client Authentication |
ccli8 |
1:5ffad9f24d63 | 216 | Certificate verification passed |
ccli8 |
1:5ffad9f24d63 | 217 | |
ccli8 |
1:5ffad9f24d63 | 218 | Connects with a1fbcwaqfqeozo.iot.us-east-1.amazonaws.com:8883 OK |
ccli8 |
1:5ffad9f24d63 | 219 | </pre> |
ccli8 |
1:5ffad9f24d63 | 220 | |
ccli8 |
1:5ffad9f24d63 | 221 | MQTT handshake goes: |
ccli8 |
1:5ffad9f24d63 | 222 | <pre> |
ccli8 |
1:5ffad9f24d63 | 223 | MQTT connects OK |
ccli8 |
1:5ffad9f24d63 | 224 | |
ccli8 |
1:5ffad9f24d63 | 225 | Subscribing/publishing user topic |
ccli8 |
1:5ffad9f24d63 | 226 | MQTT subscribes to Nuvoton/Mbed/+ OK |
ccli8 |
1:5ffad9f24d63 | 227 | Message to publish: |
ccli8 |
1:5ffad9f24d63 | 228 | { "message": "Hello from Nuvoton Mbed device" } |
ccli8 |
1:5ffad9f24d63 | 229 | MQTT publishes message to Nuvoton/Mbed/D001 OK |
ccli8 |
1:5ffad9f24d63 | 230 | Message arrived: qos 1, retained 0, dup 0, packetid 1 |
ccli8 |
1:5ffad9f24d63 | 231 | Payload: |
ccli8 |
1:5ffad9f24d63 | 232 | { "message": "Hello from Nuvoton Mbed device" } |
ccli8 |
1:5ffad9f24d63 | 233 | |
ccli8 |
1:5ffad9f24d63 | 234 | MQTT unsubscribes from Nuvoton/Mbed/+ OK |
ccli8 |
1:5ffad9f24d63 | 235 | Subscribes/publishes user topic OK |
ccli8 |
1:5ffad9f24d63 | 236 | |
ccli8 |
1:5ffad9f24d63 | 237 | Subscribing/publishing UpdateThingShadow topic |
ccli8 |
1:5ffad9f24d63 | 238 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/update/accepted OK |
ccli8 |
1:5ffad9f24d63 | 239 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/update/rejected OK |
ccli8 |
1:5ffad9f24d63 | 240 | Message to publish: |
ccli8 |
1:5ffad9f24d63 | 241 | { "state": { "reported": { "attribute1": 3, "attribute2": "1" } } } |
ccli8 |
1:5ffad9f24d63 | 242 | MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/update OK |
ccli8 |
1:5ffad9f24d63 | 243 | Message arrived: qos 1, retained 0, dup 0, packetid 1 |
ccli8 |
1:5ffad9f24d63 | 244 | Payload: |
ccli8 |
1:5ffad9f24d63 | 245 | {"state":{"reported":{"attribute1":3,"attribute2":"1"}},"metadata":{"reported":{"attribute1":{"timestamp":1514962195},"attribute2":{"timestamp":1514962195}}},"version":77,"timestamp":1514962195} |
ccli8 |
1:5ffad9f24d63 | 246 | |
ccli8 |
1:5ffad9f24d63 | 247 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/update/accepted OK |
ccli8 |
1:5ffad9f24d63 | 248 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/update/rejected OK |
ccli8 |
1:5ffad9f24d63 | 249 | Subscribes/publishes UpdateThingShadow topic OK |
ccli8 |
1:5ffad9f24d63 | 250 | |
ccli8 |
1:5ffad9f24d63 | 251 | Subscribing/publishing GetThingShadow topic |
ccli8 |
1:5ffad9f24d63 | 252 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/get/accepted OK |
ccli8 |
1:5ffad9f24d63 | 253 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/get/rejected OK |
ccli8 |
1:5ffad9f24d63 | 254 | Message to publish: |
ccli8 |
1:5ffad9f24d63 | 255 | |
ccli8 |
1:5ffad9f24d63 | 256 | MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/get OK |
ccli8 |
1:5ffad9f24d63 | 257 | Message arrived: qos 1, retained 0, dup 0, packetid 1 |
ccli8 |
1:5ffad9f24d63 | 258 | Payload: |
ccli8 |
1:5ffad9f24d63 | 259 | {"state":{"reported":{"attribute1":3,"attribute2":"1"}},"metadata":{"reported":{"attribute1":{"timestamp":1514962195},"attribute2":{"timestamp":1514962195}}},"version":77,"timestamp":1514962198} |
ccli8 |
1:5ffad9f24d63 | 260 | |
ccli8 |
1:5ffad9f24d63 | 261 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/get/accepted OK |
ccli8 |
1:5ffad9f24d63 | 262 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/get/rejected OK |
ccli8 |
1:5ffad9f24d63 | 263 | Subscribes/publishes GetThingShadow topic OK |
ccli8 |
1:5ffad9f24d63 | 264 | |
ccli8 |
1:5ffad9f24d63 | 265 | Subscribing/publishing DeleteThingShadow topic |
ccli8 |
1:5ffad9f24d63 | 266 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/delete/accepted OK |
ccli8 |
1:5ffad9f24d63 | 267 | MQTT subscribes to $aws/things/Nuvoton-Mbed-D001/shadow/delete/rejected OK |
ccli8 |
1:5ffad9f24d63 | 268 | Message to publish: |
ccli8 |
1:5ffad9f24d63 | 269 | |
ccli8 |
1:5ffad9f24d63 | 270 | MQTT publishes message to $aws/things/Nuvoton-Mbed-D001/shadow/delete OK |
ccli8 |
1:5ffad9f24d63 | 271 | Message arrived: qos 1, retained 0, dup 0, packetid 1 |
ccli8 |
1:5ffad9f24d63 | 272 | Payload: |
ccli8 |
1:5ffad9f24d63 | 273 | {"version":77,"timestamp":1514962202} |
ccli8 |
1:5ffad9f24d63 | 274 | |
ccli8 |
1:5ffad9f24d63 | 275 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/delete/accepted OK |
ccli8 |
1:5ffad9f24d63 | 276 | MQTT unsubscribes from $aws/things/Nuvoton-Mbed-D001/shadow/delete/rejected OK |
ccli8 |
1:5ffad9f24d63 | 277 | Subscribes/publishes DeleteThingShadow topic OK |
ccli8 |
1:5ffad9f24d63 | 278 | |
ccli8 |
1:5ffad9f24d63 | 279 | MQTT disconnects OK |
ccli8 |
1:5ffad9f24d63 | 280 | </pre> |
ccli8 |
1:5ffad9f24d63 | 281 | |
ccli8 |
1:5ffad9f24d63 | 282 | Dynamic memory footprint (heap) is output below. |
ccli8 |
1:5ffad9f24d63 | 283 | Static memory footprint (global/stack) could be obtained by inspecting MAP file. |
ccli8 |
1:5ffad9f24d63 | 284 | You could get total memory footprint by adding these two together. |
ccli8 |
1:5ffad9f24d63 | 285 | <pre> |
ccli8 |
1:5ffad9f24d63 | 286 | Current heap size: 1351 |
ccli8 |
1:5ffad9f24d63 | 287 | Max heap size: 63022 |
ccli8 |
1:5ffad9f24d63 | 288 | </pre> |
ccli8 |
5:2a70e217325f | 289 | |
ccli8 |
5:2a70e217325f | 290 | ## Trouble-shooting |
ccli8 |
5:2a70e217325f | 291 | - Over ESP8266 WiFi, |
ccli8 |
5:2a70e217325f | 292 | if you make a loop test like below (`main.cpp`), you may always meet errors in the following loops |
ccli8 |
5:2a70e217325f | 293 | after some network error has happened in the previous one. |
ccli8 |
5:2a70e217325f | 294 | <pre> |
ccli8 |
5:2a70e217325f | 295 | <b>while (true) {</b> |
ccli8 |
5:2a70e217325f | 296 | #if AWS_IOT_MQTT_TEST |
ccli8 |
5:2a70e217325f | 297 | AWS_IoT_MQTT_Test *mqtt_test = new AWS_IoT_MQTT_Test(AWS_IOT_MQTT_SERVER_NAME, AWS_IOT_MQTT_SERVER_PORT, network); |
ccli8 |
5:2a70e217325f | 298 | mqtt_test->start_test(); |
ccli8 |
5:2a70e217325f | 299 | delete mqtt_test; |
ccli8 |
5:2a70e217325f | 300 | #endif // End of AWS_IOT_MQTT_TEST |
ccli8 |
5:2a70e217325f | 301 | |
ccli8 |
5:2a70e217325f | 302 | #if AWS_IOT_HTTPS_TEST |
ccli8 |
5:2a70e217325f | 303 | AWS_IoT_HTTPS_Test *https_test = new AWS_IoT_HTTPS_Test(AWS_IOT_HTTPS_SERVER_NAME, AWS_IOT_HTTPS_SERVER_PORT, network); |
ccli8 |
5:2a70e217325f | 304 | https_test->start_test(); |
ccli8 |
5:2a70e217325f | 305 | delete https_test; |
ccli8 |
5:2a70e217325f | 306 | #endif // End of AWS_IOT_HTTPS_TEST |
ccli8 |
5:2a70e217325f | 307 | <b>}</b> |
ccli8 |
5:2a70e217325f | 308 | </pre> |
ccli8 |
5:2a70e217325f | 309 | This issue would be caused by failure of ESP8266 AT commands **CLOSE**/**DISCONNECT** |
ccli8 |
5:2a70e217325f | 310 | because ESP8266 F/W is still busy in handling previous unfinished network transfer |
ccli8 |
5:2a70e217325f | 311 | due to bad network status and fails these commands. |
ccli8 |
5:2a70e217325f | 312 | These commands must be OK for ESP8266 F/W to reset connection state correctly. |
ccli8 |
5:2a70e217325f | 313 | If that happens, try enlarging [ESP8266 driver's](https://github.com/ARMmbed/esp8266-driver) timeout configuration. |
ccli8 |
6:7ef096085ca7 | 314 | For example, enlarge `ESP8266_SEND_TIMEOUT`/`ESP8266_RECV_TIMEOUT`/`ESP8266_MISC_TIMEOUT` (defined in |
ccli8 |
6:7ef096085ca7 | 315 | [ESP8266Interface.cpp](https://github.com/ARMmbed/esp8266-driver/blob/master/ESP8266Interface.cpp)) |
ccli8 |
6:7ef096085ca7 | 316 | to 5000/5000/5000 ms respectively (through `mbed_app.json`). |
ccli8 |
5:2a70e217325f | 317 | <pre> |
ccli8 |
5:2a70e217325f | 318 | { |
ccli8 |
5:2a70e217325f | 319 | "macros": [ |
ccli8 |
5:2a70e217325f | 320 | "MBED_CONF_APP_MAIN_STACK_SIZE=4096", |
ccli8 |
5:2a70e217325f | 321 | "MBEDTLS_USER_CONFIG_FILE=\"mbedtls_user_config.h\"", |
ccli8 |
5:2a70e217325f | 322 | "MBED_HEAP_STATS_ENABLED=1", |
ccli8 |
5:2a70e217325f | 323 | "MBED_MEM_TRACING_ENABLED=1", |
ccli8 |
6:7ef096085ca7 | 324 | <b>"ESP8266_SEND_TIMEOUT=5000",</b> |
ccli8 |
6:7ef096085ca7 | 325 | <b>"ESP8266_RECV_TIMEOUT=5000",</b> |
ccli8 |
5:2a70e217325f | 326 | <b>"ESP8266_MISC_TIMEOUT=5000"</b> |
ccli8 |
5:2a70e217325f | 327 | ], |
ccli8 |
5:2a70e217325f | 328 | "config": { |
ccli8 |
26:e5cfc2628e84 | 329 | </pre> |
ccli8 |
26:e5cfc2628e84 | 330 | |
ccli8 |
26:e5cfc2628e84 | 331 | - Reduce memory footprint according to RFC 6066 TLS extension |
ccli8 |
26:e5cfc2628e84 | 332 | `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` determine the sizes of incoming/outgoing TLS I/O buffers. |
ccli8 |
26:e5cfc2628e84 | 333 | We reduce the sizes by default according to RFC 6066: |
ccli8 |
26:e5cfc2628e84 | 334 | 1. Enable RFC 6066 max_fragment_length extension. |
ccli8 |
26:e5cfc2628e84 | 335 | 1. Reduce `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` to 4KiB/4KiB from 16KiB/16KiB. |
ccli8 |
26:e5cfc2628e84 | 336 | |
ccli8 |
26:e5cfc2628e84 | 337 | But this approach is risky because: |
ccli8 |
26:e5cfc2628e84 | 338 | 1. AWS IoT doesn't support RFC 6066 TLS extension yet. |
ccli8 |
26:e5cfc2628e84 | 339 | 1. TLS handshake may need larger I/O buffers than configured 4KiB/4KiB. |
ccli8 |
26:e5cfc2628e84 | 340 | |
ccli8 |
26:e5cfc2628e84 | 341 | If you doubt your trouble is caused by this configuration, disable it by: |
ccli8 |
26:e5cfc2628e84 | 342 | 1. Remove the line `my-tlssocket.tls-max-frag-len` in `mbed_app.json`. |
ccli8 |
26:e5cfc2628e84 | 343 | ```json |
ccli8 |
26:e5cfc2628e84 | 344 | "NUMAKER_PFM_NUC472": { |
ccli8 |
26:e5cfc2628e84 | 345 | "target.network-default-interface-type" : "ETHERNET", |
ccli8 |
26:e5cfc2628e84 | 346 | "target.macros_add": [ |
ccli8 |
26:e5cfc2628e84 | 347 | "ESP8266_AT_SEL=ESP8266_AT_EXTERN" |
ccli8 |
26:e5cfc2628e84 | 348 | ] |
ccli8 |
26:e5cfc2628e84 | 349 | }, |
ccli8 |
26:e5cfc2628e84 | 350 | ``` |
ccli8 |
26:e5cfc2628e84 | 351 | 1. Comment out `MBEDTLS_SSL_IN_CONTENT_LEN`/`MBEDTLS_SSL_OUT_CONTENT_LEN` in `mbedtls_user_config.h`. |
ccli8 |
26:e5cfc2628e84 | 352 | This will change back to 16KiB/16KiB. |