Open-CMSIS-Pack based software framework for AWS MQTT Mutual Authentication Demo.
This demo application connects to AWS MQTT broker using TLS with mutual authentication between the client and the server. It demonstrates the subscribe-publish workflow of MQTT.
Visit coreMQTT mutual authentication demo for further information.
Please note, that properly configured thing is required to successfully run the demo application.
- NXP IMXRT1050-EVKB Board (
target-type: IP-Stack, using FreeRTOS+TCP over Ethernet) - STMicroelectronics B-U585I-IOT02A Board (
target-type: WiFi, using on-board WiFi module) - Arm Virtual Hardware for Corstone-300 (
target-type: AVH, using VSocket)
Configure AWS IoT Thing:
- Modify the following definitions in aws_clientcredential.h:
clientcredentialMQTT_BROKER_ENDPOINT: Remote Host Address (AWS IoT->Settings in AWS IoT console)clientcredentialIOT_THING_NAME: Thing Name (AWS IoT->Manage->Things->Name in AWS IoT console)
- Modify the following definitions in aws_clientcredential_keys.h:
keyCLIENT_CERTIFICATE_PEM: Client CertificatekeyCLIENT_PRIVATE_KEY_PEM: Client Private Key
Configure WiFi Access Point (when connecting via WiFi):
- Modify the following definitions in socket_startup.c:
SSID: WiFi Access Point SSIDPASSWORD: WiFi Access Point PasswordSECURITY_TYPE: WiFi Access Point Security
- Prerequisites:
- CMSIS-Toolbox 1.2.0 or later
- Arm Compiler 6.18 or later
- CMSIS packs listed in Demo.csolution.yml
- Create
.cprjproject usingcsolution:
csolution convert -s Demo.csolution.yml -c Demo.<build-type>+<target-type><build-type>: Debug | Release<target-type>: IP-Stack | WiFi | AVH
- Build
.cprjproject usingcbuild:
cbuild Demo.<build-type>+<target-type>.cprj
- Connect and configure the debugger.
- Run the application and view messages in a debug printf or terminal window.
Note: click on Target links above for target specific information.
MQTT messages can be viewed in the AWS IoT console.
To build and run this application with a CI workflow on GitHub the following steps are required. For details refer to Run AMI with GitHub Actions.
-
Amazon Web Service (AWS) account with:
- Amazon EC2 (elastic cloud) access
- Amazon S3 (storage) access
- Registration to access AVH Amazon Machine Image AVH AMI
- User role setup for scripted API access
-
GitHub:
- Fork this repository with at least Write access rights
- Store the AWS account configuration (obtained in step 1) as GitHub Secrets - AWS Access values in the forked repository
-
AWS IoT Thing:
- Use the AWS IoT console to create a thing, download its certificates, create a policy, and attach the policy to the thing
- Store this configuration as GitHub Secrets - IoT Cloud Access values in the forked repository
GitHub Secrets - Values
The following (secret) configuration values need to be added to the repositories Secret store:
| Secret Name | Description |
|---|---|
| AWS Access | Settings and credentials to access AWS services for running Arm Virtual Hardware |
AWS_IAM_PROFILE |
The IAM Instance Profile associated with the AVH EC2 instance granting it access to required AWS resources. |
AWS_ASSUME_ROLE |
The AWS access role to be assumed for AWS access. |
AWS_S3_BUCKET_NAME |
The name of the S3 storage bucket to be used for temporary data storage by Arm Virtual Hardware. |
AWS_DEFAULT_REGION |
The data center region for running new AVH AMI. For example eu-west-1. |
AWS_SECURITY_GROUP_ID |
The id of the VPC security group to add the EC2 instance to. Shall have format sg-xxxxxxxx. |
AWS_SUBNET_ID |
The id of the VPC subnet to connect the EC2 instance to. Shall have format subnet-xxxxxxxx. |
| IoT Cloud Access | Settings and credentials required to connect an AWS IoT Thing |
CLIENT_CERTIFICATE_PEM |
Client (device) certificate |
CLIENT_PRIVATE_KEY_PEM |
Client (device) private key |
IOT_THING_NAME |
Client (device) name |
MQTT_BROKER_ENDPOINT |
MQTT broker host name |