SIM800 MQTT publish to Google IoT Core - google-cloud-platform

I'm trying to publish some data to Google Cloud using the SIM800 module together with ESP32. Google IoT Core provides its documentation on connecting MQTT clients here. It says:
Associate the MQTT client with MQTT server certificates.
However, in the SIM800 manufacturer's documentation on AT commands usage (here), there is nothing about associating the tls certificate. Given information concern making simple connections providing only the host, username and the password.
How can I make a connection that would take the certificate into account?

Related

Retrieve AWS Greengrass v2 "Core device CA certificate" without using cloud discovery?

For Greengrass v2, I cannot find any way to retrieve the Core Device CA certificate. Can't find any method in Console, SDK or API to retreive Core Device CA Certificate either.
I am aware that the client devices receive the specific certificate in response to the cloud discovery however, I am trying to find a way where client devices do not require internet connection.
In case I'll have the certificate, the client devices can use that certificate along with already known Greengrass Core endpoint to authenticate and connect to Greengrass Core device without the need of internet connection.
So the question is, if there is any way to retrieve/download the Core Device CA certificate?
While this is not yet documented in the docs, Greengrass Core device CA certificate can be found at following path in core device:
/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem
Using this certificate, ip address of core device & port, client device can connect and authenticate with core device.

Proxy in between device and Google IoT Core using MQTT?

I have a situation where I want to use Google IoT Core to support bi-directional communication between my devices and existing GCP stack. The trouble is, some of my devices cannot connect to GCP's MQTT bridge because they are blocked from reaching it directly. The communication must instead go through my own hosted server. In fact, some devices will not be allowed to trust traffic either inbound or outbound to anything but my own hosted server, and this is completely out of my control.
Basically all suggested solutions that I have found propose the use of MQTT over WebSockets. WebSockets consume too many system resources for the server I have available, and so MQTT proxy over WebSockets is extremely undesirable and likely is not even feasible for my use case. It also defeats the purpose of using a lightweight, low-bandwidth protocol like MQTT in the first place.
To make matters more complicated, Google IoT Core documentation explicitly says that it does not support bridging MQTT brokers with their MQTT bridge. So hosting my own MQTT server seems to be out of the question.
Is it even possible to create a proxy -- either forward or reverse -- for this use case that allows for native, encrypted, full-duplex MQTT traffic? If so, what would be the recommended way to achieve this?
If you have hybrid set-up, meaning you have on-premise servers and a cloud server and you want to bridge them using Google IoT by using MQTT.
You can try in this github link, upon checking this MQTT broker has been tested to Google IoT. Since Google IoT is not supporting 3rd paryt MQTT broker.

MQTT to Google Cloud PubSub republishing solution design approach / pattern

Context
I am designing a solution where I need to ingest sensor data from different types of constrained devices into Google Cloud PubSub.
Pre-Conditions
These constrained devices only MQTT and only support MQTT over TCP. They do not support MQTT over TLS and can not do any sort of certificate based connection.
I do have the flexibility of picking the MQTT broker, however.
Given the context, pre-conditions, kindly suggest an approach where I can republish messages from MQTT to Google PubSub.
Thanks in advance!
Pretty much all MQTT brokers support bridging to other brokers.
So the devices would connect to your broker using raw MQTT, it would then create a single TLS authenticated connection to the Google IoT Broker using MQTT over TLS and forward all messages over that connection.
This means there is no need for a separate client to connect to both brokers and forward the messages.

Choosing AWS service for MQTT broker

I need to build IOT MQTT broker that should work on secure MQTT protocol. I also need to manage users that connects to this service and manage subscription access control. Idon't need MQTT via web socket.
At first glance I was planning to use EC2 service in order to create Ubuntu virtual machine and install Mosquitto service in it. But later I found Internet of Things section that contains set of services.
Is it possible to construct MQTT service according my requirements by using Internet of Things. By choosing Internet of Things I hope to get more specialized functionality.
You can use AWS IoT for this instead, they have a managed MQTT endpoint that you can add 'things' to it.
https://docs.aws.amazon.com/iot/latest/developerguide/mqtt.html
You'll be able to easily connect the endpoint to other services as this is part of their cloud solutions.
https://docs.aws.amazon.com/iot/latest/developerguide/iot-gs.html

how to connect device to AWS greengrass

I am using MOKOSMART_mkgw1 to collect data and send it to AWS IoT Core.
for that, I need to set the following configurations,
endpoint (aws iot endpoint)
topic (any)
device certificate and private key
root ca.
I was able to connect and send data to aws iot core.
now I want to connect it to aws greengrass device instead of iot core directly.
i have greengrass running, on ip 192.196.1.12 on port 8883 (windows machine).
i download Group CA using basic discovery api. so i used this mqtt settings for device:
broker endpoint (192.168.1.12:8883)
topic (same as registered in subscription in aws iot GG)
device certificate and private key (the device is registered in aws iot GG)
Group CA (downloaded by basic discovery sample application)
but i am still not able to connect to aws gg?
my understanding is aws GG also has a MQTT broker. so by providing a proper authentication and topic, i should be able to connect to it, whether or not I have aws device SDKs or not. am i wrong? what does "basic discovery example" do extra to be able to connect to aws gg ??
I am so sorry for wasting your time if you brainstorm on this question.
the issue was, I was passing a random clientID in MQTT.
instead, I passed "Device Name" as the client ID and it worked.
keep this question here if someone else falls in the same hole.