AWS IOT compatibility

implement compatibility with Amazon Web Services IOT through an MQTT connection with certificates. (#1099)

README.md

@@ -27,6 +27,16 @@ Upload OpenMQTTGateway directly from the [upload page](https://docs.openmqttgate
 
 * [List of compatible components to build your gateway](https://compatible.openmqttgateway.com/index.php/parts/), DHT, HM10, RF, IR emitters and receivers...
 
+## Compatible controllers, saas or software
+
+* [Home Assistant](https://docs.openmqttgateway.com/integrate/home_assistant.html)
+
+* [OpenHAB](https://docs.openmqttgateway.com/integrate/openhab2.html)
+
+* [NodeRed](https://docs.openmqttgateway.com/integrate/node_red.html)
+
+* [AWS-IOT](https://docs.openmqttgateway.com/upload/aws-iot.html)
+
 ## Contributors ✨
 
 Thanks goes to these wonderful [people](https://github.com/1technophile/OpenMQTTGateway/graphs/contributors) who helped OpenMQTTGateway on Github and to the users contributions into the [community](https://community.openmqttgateway.com/).

docs/.vuepress/config.js

@@ -95,7 +95,8 @@ module.exports = {
           children: [
             'integrate/openhab2',
             'integrate/home_assistant',
-            'integrate/node_red'
+            'integrate/node_red',
+            'integrate/aws_iot'
           ]
         },
         {

docs/integrate/aws_iot.md

@@ -0,0 +1,109 @@
+# Integrate AWS IOT
+## Create a thing
+
+* From AWS console, search for IOT core
+* Create a Thing and name it, this name will be used as the OpenMQTTGateway name.
+
+![](../img/Integrate_AWS_IOT_Create_Thing.png)
+
+![](../img/Integrate_AWS_IOT_Create_Thing2.png)
+
+![](../img/Integrate_AWS_IOT_Create_Thing3.png)
+
+![](../img/Integrate_AWS_IOT_Create_Thing4.png)
+
+## Create a policy
+
+![](../img/Integrate_AWS_IOT_Create_Policy.png)
+
+![](../img/Integrate_AWS_IOT_Create_Policy2.png)
+
+![](../img/Integrate_AWS_IOT_Create_Policy3.png)
+
+* Add this json code to the policy
+```json
+{
+  "Version": "2021-11-01",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iot:Connect",
+        "iot:Publish",
+        "iot:Subscribe",
+        "iot:Receive",
+        "greengrass:Discover"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+```
+
+## Create a certificate
+
+* Create a new certificate
+
+![](../img/Integrate_AWS_IOT_Create_Certificate.png)
+![](../img/Integrate_AWS_IOT_Create_Certificate2.png)
+
+* Download certificates and key
+
+![](../img/Integrate_AWS_IOT_Create_Certificate3.png)
+
+## Attach Policy with certificate
+
+![](../img/Integrate_AWS_IOT_Attach_Policy.png)
+![](../img/Integrate_AWS_IOT_Attach_Policy2.png)
+
+## Activate certificate and attach it to Thing
+
+![](../img/Integrate_AWS_IOT_Attach_Thing.png)
+![](../img/Integrate_AWS_IOT_Attach_Thing2.png)
+
+## Find AWS EndPoint
+
+![](../img/Integrate_AWS_IOT_Find_Endpoint.png)
+
+## Gather the information for OpenMQTTGateway configuration
+
+Now you should have the following information for the OpenMQTTGateway configuration:
+* Root certificate
+* Client certificate
+* Client key
+* End point url
+* Gateway name
+
+## Modify OpenMQTTGateway configuration
+
+With Arduino IDE, you can update the following field into User_config.h with the information gathered:
+* Gateway_Name
+* `MQTT_SERVER "xxxxxx.iot-eu-amazonaws.com"`
+* `MQTT_PORT "8883"`
+* `AWS_IOT true`
+* ss_server_cert with the root certificate
+* ss_client_cert with the client certificate
+* ss_client_key with the Client key
+* `MQTT_SECURE_SELF_SIGNED 1`
+* `MQTT_SECURE_DEFAULT true`
+
+With PlatformIO you can directly leverage the environment `esp32dev-ble-aws`
+
+## Build and upload
+
+## Connect to a wifi Access point [see portal](../upload/portal)
+Enter your credentials and verify that Secure connection is marked.
+
+## Verify that you receive data in AWS
+
+* Go to things
+* Click on the thing created
+* Go to Activity
+* Click on MQTT Test Client
+* Subscribe to `+/#`
+
+You should see messages coming.
+
+![](../img/Integrate_AWS_IOT_result_MQTT.png)

main/User_config.h

@@ -142,7 +142,7 @@ const byte mac[] = {0xDE, 0xED, 0xBA, 0xFE, 0x54, 0x95}; //W5100 ethernet shield
 /*-------------DEFINE YOUR MQTT PARAMETERS BELOW----------------*/
 //MQTT Parameters definition
 #if defined(ESP8266) || defined(ESP32) || defined(__AVR_ATmega2560__) || defined(__AVR_ATmega1280__)
-#  define parameters_size     30
+#  define parameters_size     60
 #  define mqtt_topic_max_size 100
 #  ifdef MQTT_HTTPS_FW_UPDATE
 #    define mqtt_max_packet_size 2048
@@ -150,7 +150,7 @@ const byte mac[] = {0xDE, 0xED, 0xBA, 0xFE, 0x54, 0x95}; //W5100 ethernet shield
 #    define mqtt_max_packet_size 1024
 #  endif
 #else
-#  define parameters_size      15
+#  define parameters_size      30
 #  define mqtt_topic_max_size  50
 #  define mqtt_max_packet_size 128
 #endif
@@ -188,6 +188,10 @@ const char* certificate PROGMEM = R"EOF("
 #    define MQTT_SECURE_DEFAULT false
 #  endif
 
+#  ifndef AWS_IOT
+#    define AWS_IOT false
+#  endif
+
 //#  define MQTT_HTTPS_FW_UPDATE //uncomment to enable updating via mqtt message.
 
 #  ifdef MQTT_HTTPS_FW_UPDATE

main/main.ino

@@ -161,11 +161,11 @@ void setupTLS(bool self_signed = false, uint8_t index = 0);
 void callback(char* topic, byte* payload, unsigned int length);
 
 char mqtt_user[parameters_size] = MQTT_USER; // not compulsory only if your broker needs authentication
-char mqtt_pass[parameters_size * 2] = MQTT_PASS; // not compulsory only if your broker needs authentication
+char mqtt_pass[parameters_size] = MQTT_PASS; // not compulsory only if your broker needs authentication
 char mqtt_server[parameters_size] = MQTT_SERVER;
 char mqtt_port[6] = MQTT_PORT;
 char mqtt_topic[mqtt_topic_max_size] = Base_Topic;
-char gateway_name[parameters_size * 2] = Gateway_Name;
+char gateway_name[parameters_size] = Gateway_Name;
 #ifdef USE_MAC_AS_GATEWAY_NAME
 #  undef WifiManager_ssid
 #  undef ota_hostname
@@ -398,7 +398,11 @@ void pubMQTT(const char* topic, const char* payload) {
 void pubMQTT(const char* topic, const char* payload, bool retainFlag) {
   if (client.connected()) {
     Log.trace(F("[ OMG->MQTT ] topic: %s msg: %s " CR), topic, payload);
+#if AWS_IOT
+    client.publish(topic, payload); // AWS IOT doesn't support retain flag for the moment
+#else
     client.publish(topic, payload, retainFlag);
+#endif
   } else {
     Log.warning(F("Client not connected, aborting thes publication" CR));
   }
@@ -507,7 +511,11 @@ void connectMQTT() {
   strcat(topic, gateway_name);
   strcat(topic, will_Topic);
   client.setBufferSize(mqtt_max_packet_size);
+#if AWS_IOT
+  if (client.connect(gateway_name, mqtt_user, mqtt_pass)) { // AWS doesn't support will topic for the moment
+#else
   if (client.connect(gateway_name, mqtt_user, mqtt_pass, topic, will_QoS, will_Retain, will_Message)) {
+#endif
 #if defined(ZboardM5STICKC) || defined(ZboardM5STICKCP) || defined(ZboardM5STACK)
     if (lowpowermode < 2)
       M5Display("MQTT connected", "", "");

platformio.ini

@@ -41,6 +41,7 @@ extra_configs =
 ;default_envs = esp32dev-gf-sun-inverter
 ;default_envs = esp32dev-ir
 ;default_envs = esp32dev-ble
+;default_envs = esp32dev-ble-aws
 ;default_envs = esp32dev-ble-cont
 ;default_envs = esp32feather-ble
 ;default_envs = esp32-lolin32lite-ble
@@ -368,6 +369,28 @@ build_flags =
   '-DLED_SEND_RECEIVE_ON=0'
   '-DGateway_Name="OpenMQTTGateway_ESP32_BLE"'
 
+[env:esp32dev-ble-aws]
+platform = ${com.esp32_platform}
+board = esp32dev
+board_build.partitions = min_spiffs.csv
+lib_deps =
+  ${com-esp.lib_deps}
+  ${libraries.ble}
+  ${libraries.decoder}
+build_flags =
+  ${com-esp.build_flags}
+  '-UZmqttDiscovery="HADiscovery"'
+  '-DZgatewayBT="BT"'
+  '-DLED_SEND_RECEIVE=2'
+  '-DLED_SEND_RECEIVE_ON=0'
+  '-DMQTT_SECURE_DEFAULT=true'
+  '-DMQTT_SECURE_SELF_SIGNED'
+  '-DMQTT_SERVER="xxxxxxxxxxxxx-ats.iot.eu-west-2.amazonaws.com"'
+  '-DMQTT_PORT="8883"'
+  '-DMQTT_USER=""'
+  '-DMQTT_PASS=""'
+  '-DAWS_IOT=true'
+
 [env:esp32dev-ble-cont]
 platform = ${com.esp32_platform}
 board = esp32dev