Security of connected devices is of paramount concern. There are several possible ways to make the devices secure. One of the most essential and widely used options is to use end to end encryption. The widely used Transport Layer Security (TLS) version 1.2 is the latest standard used on web for secure connections including banking. There are very few micro-controller based solutions that implement TLS 1.2 due to lack of resources. ESP32 is one of the most affordable options out there. So let’s look at securely connecting Hornbill ESP32 Dev board to Amazon web services (AWS) IOT.

We will start with configuring AWS account, setting up the thing, generating the security certificates, testing with a MQTT desktop client and then communicating with the hardware.


AWS User Account

For using the AWS services you need to have a user account and login using the AWS Login link

Existing users can directly login and directly jump to next. New users should register first and link the credit card for payments. Basic plan is free for first Year, other plans are chargeable. Check this link for available plans. AwsIOT Login page.JPG

Creating a new thing

After Login, click on Signin To Console to go to AWS dash board. Now type AWS IOT and Select the AWS IOT (Connect Devices to Cloud) from drop down as shown below. AwsIOT Start.png

Now the AWS GetStarted Window will open only for the first time. Click on GetStarted to go to dash board. AwsIOT GetStarted.jpg

Click on Register-->Things for registering a new Thing as shown below. AwsIOT registerThing.jpg

Click on Create to create a new Thing. AwsIOT ThingCreate.jpg

Provide a unique Thing name and click on Create to proceed. AwsIOT TestThingName.jpg

myTestThing is SuccessFul created as shown below. AwsIOT ThingCreatedSuccessfully.jpg

Get the MQTT HOST name and thing name from Interact menu. These will be used to connect with AWS MQTT and also to subscribe/publish the topics. AwsIOT ThingInteract.jpg

Generate certificates for new thing

Go to Security menu and click on Create Certificate to register the certificates. AwsIOT ThingCreateCertificate.jpg

Click on the activate button to activate the certificates and download the certificate,private key and root CA as name them as below.

 aws-root-ca.pem 
certificate.pem.crt
private.pem.key

AwsIOT ThingCertActivateSuccess.jpg

Define and Attach Policies

Go do AWS dash board and select the Security-->Policies and click on Create a Policy as shown below. AwsIOT ThingPolicyCreate.jpg

Define the policy for myTestThing as shown below AwsIOT ThingPolicyDefine.jpg

Now go back to Certificates and attach the policy that was defined above AwsIOT ThingPolicyAttach.jpg

Select the thing and attach the policies define above. AwsIOT ThingPolicyAttach 1.jpg


Verify the Attached Policies

Now verify whether the policies are attached to newly created thing as shown below. AwsIOT VerifyPolicy.jpg


Testing Using MQTT Fx tool

As we have a test thing and also the certificates assigned with required policies. We can test it using the MQTT Fx broker tool. Lets list all the info we had while creating the thing and it certificates.

Broker Address / HOST Name: a3jzsmkecjw9hn.iot.us-west-2.amazonaws.com
Broker Port : 8883

Certificates:
aws-root-ca.pem
certificate.pem.crt
private.pem.key
MqttFx Setup.jpg

After doing the above setting, connect to the AWS. Mqtt Connect.jpg

Subscribe to the thing that we created in the above tutorial. Mqtt Subscribe.JPG

Successfully subscribed to the myTestThing. Mqtt SubscribeSucess.JPG

Now select the myTestThing topic and publish a message. Mqtt Publish.JPG

The published message is successfully received. Mqtt SubscribeTopicRcvd.JPG


Have an opinion, suggestion , question or feedback about the article let it out here!