Choosing AWS service for MQTT broker - amazon-web-services

I need to build IOT MQTT broker that should work on secure MQTT protocol. I also need to manage users that connects to this service and manage subscription access control. Idon't need MQTT via web socket.
At first glance I was planning to use EC2 service in order to create Ubuntu virtual machine and install Mosquitto service in it. But later I found Internet of Things section that contains set of services.
Is it possible to construct MQTT service according my requirements by using Internet of Things. By choosing Internet of Things I hope to get more specialized functionality.

You can use AWS IoT for this instead, they have a managed MQTT endpoint that you can add 'things' to it.
https://docs.aws.amazon.com/iot/latest/developerguide/mqtt.html
You'll be able to easily connect the endpoint to other services as this is part of their cloud solutions.
https://docs.aws.amazon.com/iot/latest/developerguide/iot-gs.html

Related

SIM800 MQTT publish to Google IoT Core

I'm trying to publish some data to Google Cloud using the SIM800 module together with ESP32. Google IoT Core provides its documentation on connecting MQTT clients here. It says:
Associate the MQTT client with MQTT server certificates.
However, in the SIM800 manufacturer's documentation on AT commands usage (here), there is nothing about associating the tls certificate. Given information concern making simple connections providing only the host, username and the password.
How can I make a connection that would take the certificate into account?

Proxy in between device and Google IoT Core using MQTT?

I have a situation where I want to use Google IoT Core to support bi-directional communication between my devices and existing GCP stack. The trouble is, some of my devices cannot connect to GCP's MQTT bridge because they are blocked from reaching it directly. The communication must instead go through my own hosted server. In fact, some devices will not be allowed to trust traffic either inbound or outbound to anything but my own hosted server, and this is completely out of my control.
Basically all suggested solutions that I have found propose the use of MQTT over WebSockets. WebSockets consume too many system resources for the server I have available, and so MQTT proxy over WebSockets is extremely undesirable and likely is not even feasible for my use case. It also defeats the purpose of using a lightweight, low-bandwidth protocol like MQTT in the first place.
To make matters more complicated, Google IoT Core documentation explicitly says that it does not support bridging MQTT brokers with their MQTT bridge. So hosting my own MQTT server seems to be out of the question.
Is it even possible to create a proxy -- either forward or reverse -- for this use case that allows for native, encrypted, full-duplex MQTT traffic? If so, what would be the recommended way to achieve this?
If you have hybrid set-up, meaning you have on-premise servers and a cloud server and you want to bridge them using Google IoT by using MQTT.
You can try in this github link, upon checking this MQTT broker has been tested to Google IoT. Since Google IoT is not supporting 3rd paryt MQTT broker.

How can i setup my OpenThread device running MQTT-SN clients examples to connect to AWS IoT Cloud

I am currently building a open thread based application using nRF5 SDK for Thread and nRF52840 development kits. I have chosen MQTT-SN as my application level protocol to communicate with cloud.
All my thread devices are sending data to Eclipse Paho MQTT-SN gateway. This thread devices doesn't have there own Root CA certificate nor private keys etc as there are no such macro definitions provided in Nordic SDK for Thread. So how can this thread devices communicate with the AWS MQTT broker without authentication certificates.
I know i have to enable Authentication in paho mqttsn gateway config file and provide root CA certificates, private keys in configuration file. And if i enable authentication, my thread devices wont be able to communicate with MQTTSN gateway. There is something called client list but i don't actually know whats the use of it if i have to add my new device name all time in that client list.
So can anyone please guide me how could i transmit data from my thread devices acting as MQTT-SN clients to AWS broker via MQTT-SN Gateway. Or any way around that i am unable to see.
Thanks in advance.

how to connect device to AWS greengrass

I am using MOKOSMART_mkgw1 to collect data and send it to AWS IoT Core.
for that, I need to set the following configurations,
endpoint (aws iot endpoint)
topic (any)
device certificate and private key
root ca.
I was able to connect and send data to aws iot core.
now I want to connect it to aws greengrass device instead of iot core directly.
i have greengrass running, on ip 192.196.1.12 on port 8883 (windows machine).
i download Group CA using basic discovery api. so i used this mqtt settings for device:
broker endpoint (192.168.1.12:8883)
topic (same as registered in subscription in aws iot GG)
device certificate and private key (the device is registered in aws iot GG)
Group CA (downloaded by basic discovery sample application)
but i am still not able to connect to aws gg?
my understanding is aws GG also has a MQTT broker. so by providing a proper authentication and topic, i should be able to connect to it, whether or not I have aws device SDKs or not. am i wrong? what does "basic discovery example" do extra to be able to connect to aws gg ??
I am so sorry for wasting your time if you brainstorm on this question.
the issue was, I was passing a random clientID in MQTT.
instead, I passed "Device Name" as the client ID and it worked.
keep this question here if someone else falls in the same hole.

How to receive messages/events from public internet in Kafka/Nifi cluster hosted in the private subnet of AWS?

I am working on a project were lots of machines/sensors will be sending messages to Kafka/Nifi cluster directly. This machine/sensors will be pushing messages from public internet not from the corporate network. We are using a Hortonworks distribution on the AWS cloud.
My question is: what is the best architectural practice to setup Kafka /Nifi cluster for such use cases, I don't want to put my cluster in the public subnet in order to receive messages from the public internet.
Can you please help me with this?
Obviously you shouldn't expose your Kafka to the world. Therefore "sensor data directly to Kafka" is the wrong approach, IMO. At least, without using some SSL channel
You could allow a specific subnet of your external devices to reach the internal subnet, assuming you know that range, however I think your better option here is to use either Minifi or Streamsets SDC which are event collectors sitting on the sensors, which can encrypt traffic to an open Nifi or Streamsets cluster, which can then forward events to the internal Kafka cluster. You already have Nifi apparently, and therefore Minifi was built for this purpose
Another option could be the Kafka REST proxy, but you'll still need to setup authentication / security layers around it
Use AWS IoT to receive the devices communication, this option gives you a security layer and isolates you HDF sandbox from the internet.
AWS IoT Core provides mutual authentication and encryption at all points of connection, so that data is never exchanged between devices and AWS IoT Core without a proven identity.
Then import the information with a NiFi processor.