MichaelTeeuw.nl

Connecting an ESP8266 to AWS IoT

May 4th, 2019 4 min read

Github

The source code or files in this post are available on GitHub.

Tags

# amazon# aws# iot# esp8266# mqtt# platformio# ssl# tls# thing# example

Ads via Carbon

During my day job I make a lot of use of Amazon Web Services. And because of this, I recently attended the AWS Summit in Amsterdam. Of course, a day like that can’t end without some tinkering …

image

Although most of the talks I attended weren’t particularly inspiring, one of the talks sparked my interest. They demonstrated AWS IoT: “IoT services for industrial, consumer, and commercial solutions”. Of course I’m familiar with the technology. And I had played around with it before. But during the talk it started to annoy me that I had never managed to to connect an ESP8266 to their MQTT servers.

This needed to change. Now, the issue is that AWS IoT only works with secure connections using SSL. And even thought the ESP8266 is pretty powerful compared to an Arduino, it isn’t really powerful enough to handle the TLS 1.2 encryption used by Amazon. In previous attempts, this was the reason I stopped trying. But this time I wouldn’t give up.

If you Google this issue, you find *A LOT* of example on how to connect an ESP8266 to AWS IoT. But none of the examples seem to work for me. Luckily, after a few nights of banging my head against the wall, I found a workaround which worked for me.

It turns out, the WiFiClientSecure class (which is necessary to setup secure connections) is able to disable the validation of the key chain using the setInsecure() method. Of course this is a huge security risk, but since I will only use my ESP8266’s to send some temperature and humidity data of my toilet visits, I don’t think this is a major threat to the entire nation.

And with that in place I had a working example sketch.

image

Although I disable the ssl chain validation, I still need to send the SSL certificate and key to Amazon to authenticate our ESP8266. So I need to make these available to the ESP8266.

When creating the “Thing” using the AWS console, it will ask you to create a certificate as well and allows you to download the private key and certificate files.

A lot of the examples I found online made a huge deal of using the files, forcing me to convert the files I downloaded from Amazon before I could use them. The code I created simply reads the unmodified files from the ESP’s file system (SPIFFS). Much easier!

Uploading these files to the ESP8266 isn’t very difficult when you use Platform.io as your development environment. Simply put the certificate and the private key in the data folder of your project, and run the following terminal command: platformio run --target uploadfs. Platform.io will instantly create a SPIFFS image and upload it to your ESP8266.

image

After defining the correct filenames of your certificate and private key, the aws endpoint (which you can find in the AWS console) and the WiFi credentials in the sketch, all you need to do is to upload the sketch to the ESP8266. If all goes well, your ESP8266 will connect to Amazon, and starts publishing data to outTopic.

image

The AWS console allows you to test your MQTT data. Simply subscribe to the outTopic topic, and see your messages come in.

If you are having issues publishing messages to AWS IoT make sure your created Thing has a policy that allows you to publish. Since we are already ignoring all security rules anyway, let’s just make things even worse by using the most permissive policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:*",
      "Resource": "*"
    }
  ]
}

Is it worth the hassle?

Well, that depends what you need. The upside is that the MQTT broker is fully managed by AWS and is unlikely to ever go down. Which saves you the hassle of managing a server or Raspberry Pi which runs Mosquitto. And as long as you aren’t planning to connect your whole village, it is free as well.

Unfortunately AWS IoT has a few downsides:

  • There is no support for retained messages.
  • There is no support for QoS 2 messages.

If those two issues aren’t a big deal for you and you can live with the risks of an insecure SSL connection, AWS IoT definitely is the way to go. If you do want to feel secure, just skip the hassle and use an ESP32.

Yeah yeah, whatever. Give me the code!

Interested in my code, and want to give it a try yourself? Download the Platform.io project on Github.

Have a great and connected weekend!

Loading comments …
©2021 - MichaelTeeuw.nl