Home

Awesome

AWS coreMQTT Mutual Authentication Demo

Open-CMSIS-Pack based software framework for AWS MQTT Mutual Authentication Demo.

This demo application connects to AWS MQTT broker using TLS with mutual authentication between the client and the server. It demonstrates the subscribe-publish workflow of MQTT.

Visit coreMQTT mutual authentication demo for further information.

Please note, that properly configured thing is required to successfully run the demo application.

Targets:

Configure

Configure AWS IoT Thing:

Configure WiFi Access Point (when connecting via WiFi):

Build

  1. Prerequisites:

    • CMSIS-Toolbox 1.4.0 or later
    • Arm Compiler 6.18 or later
    • CMSIS packs listed in Demo.csolution.yml
      Packs can be installed by executing the following csolution and cpackget commands:
      csolution list packs -s Demo.csolution.yml -m >packs.txt
      cpackget add -f packs.txt
      
  2. Create .cprj project using csolution:
    csolution convert -s Demo.csolution.yml -c Demo.<build-type>+<target-type>

    • <build-type>: Debug | Release
    • <target-type>: IP-Stack | WiFi | AVH
  3. Build .cprj project using cbuild:
    cbuild Demo.<build-type>+<target-type>.cprj

Program

Note: not required for Virtual Hardware.

Run

Note: click on Target links above for target specific information.

MQTT messages can be viewed in the AWS IoT console.

CI Testing

To build and run this application with a CI workflow on GitHub the following steps are required. For details refer to Run AMI with GitHub Actions.

  1. Amazon Web Service (AWS) account with:

    • Amazon EC2 (elastic cloud) access
    • Amazon S3 (storage) access
    • Registration to access AVH Amazon Machine Image AVH AMI
    • User role setup for scripted API access
  2. GitHub:

    • Fork this repository with at least Write access rights
    • Store the AWS account configuration (obtained in step 1) as GitHub Secrets - AWS Access values in the forked repository
  3. AWS IoT Thing:

    • Use the AWS IoT console to create a thing, download its certificates, create a policy, and attach the policy to the thing
    • Store this configuration as GitHub Secrets - IoT Cloud Access values in the forked repository

GitHub Secrets - Values

The following (secret) configuration values need to be added to the repositories Secret store:

Secret NameDescription
AWS AccessSettings and credentials to access AWS services for running Arm Virtual Hardware
AWS_IAM_PROFILEThe IAM Instance Profile associated with the AVH EC2 instance granting it access to required AWS resources.
AWS_ASSUME_ROLEThe AWS access role to be assumed for AWS access.
AWS_S3_BUCKET_NAMEThe name of the S3 storage bucket to be used for temporary data storage by Arm Virtual Hardware.
AWS_DEFAULT_REGIONThe data center region for running new AVH AMI. For example eu-west-1.
AWS_SECURITY_GROUP_IDThe id of the VPC security group to add the EC2 instance to. Shall have format sg-xxxxxxxx.
AWS_SUBNET_IDThe id of the VPC subnet to connect the EC2 instance to. Shall have format subnet-xxxxxxxx.
IoT Cloud AccessSettings and credentials required to connect an AWS IoT Thing
CLIENT_CERTIFICATE_PEMClient (device) certificate
CLIENT_PRIVATE_KEY_PEMClient (device) private key
IOT_THING_NAMEClient (device) name
MQTT_BROKER_ENDPOINTMQTT broker host name