MQTT with Amazon Web Services

1.0 Overview

This step by step guide will walk you through all the necessary steps required to be taken to successfully connect to Amazon Web Services with MQTT and a BG96.

IoT thing with MQTT and AWS

2.0 Requirements

To overcome any misalignment due to hardware and software differences the following listings provide the hardware and firmware version used. Please use at least the same firmware revision when following this guide.

2.1 Hardware

LTE OPEN EVB KIT v1.1
BG96 TE-A

2.2 Firmware

B96 Firmware Version: BG96MAR03A04M1GA

2.3 Amazon Web Services

You are free to use our test servers or register for free at: https://aws.amazon.com/. If you are using our test server then you can skip the next step.

3.0 Setup of Amazon Web Services

It’s important to setup the AWS IoT Core certificates, policies and rules correctly to establish a secure connection to your thing. Please follow the guide on how to setup AWS: aws-certificates-policies-rules

Please make sure that the certificate created on AWS is attached to your thing and to the policy. The settings on AWS regarding the policy shall be set to (when you add new policy it has versions; make sure it uses the latest one or delete the previous ones):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "*",
      "Resource": "*"
    }
  ]
}

Important

Please continue on to the next topic once you have followed the above guide and the certificates, policies and rules have been setup.

4.0 Load the certificates on the BG96

We can now load the certificates generated by AWS on to the file system using QCOM. We are going to load the following files:

  • private key – *.private.key
  • certificate – *.cert.pem
  • AWS IoT server signed certificate – AmazonRootCA1.crt

* is a wildcard

Generated and Downloaded AWS Certificates

It’s required to upload the certificates to UFS (user file system). You may use QCOM and the AT FILE commands to do so.

  1. Open QCOM and connect to the BG96.
  2. Click on Select File at the bottom of the program and it will load and prompts the file size in bytes.
  3. Send the AT+QFUPL=”AmazonRootCA1.crt”,1188
  4. When CONNECT is received then press Send File

Example Log

ATI

Quectel
BG96
Revision: BG96MAR03A04M1GA

OK
AT+QFLST="*"

+QFLST: "mcfg_sw.mbn",26812
+QFLST: "security/",2

OK
AT+QFUPL="AmazonRootCA1.crt",1188

CONNECT
+QFUPL: 1188,2d13

We are all set. Close the program and lets continue to the next step.

MQTT Client on BG96

We shall assume that after following the amazon guide you have created a thing named: BG96

SSL Connection

Open QCOM or any other terminal program and lets setup the MQTT client to use a secure connection.

AT+QSSLCFG="cacert",2,"AmazonRootCA1.crt"
OK
AT+QSSLCFG="clientcert",2,"bacefb2a6f-certificate.pem"
OK
AT+QSSLCFG="clientkey",2,"bacefb2a6f-private.pem"
OK
AT+QSSLCFG="ciphersuite",2,0XFFFF
OK
AT+QSSLCFG="sslversion",2,4
OK
AT+QSSLCFG="seclevel",2,2
OK
AT+QSSLCFG="ignorelocaltime",1
+QSSLCFG:"ignorelocaltime",1,1

OK

AT+QMTCFG="ssl",0,1,2

Set the MQTT Version

AWS uses MQTT version 3.1.1 so we need to set our client to use version 3.1.1 with the following command:

AT+QMTCFG="version",0,4
OK

Open a Connection

Our AWS URL is a3nv2orw0qbxmx-ats.iot.us-east-2.amazonaws.com. Please change this with your URL if not using our server.

AT+QMTOPEN=0,"a3nv2orw0qbxmx-ats.iot.us-east-2.amazonaws.com",8883
OK

+QMTOPEN: 0,0

Connect to thing BG96 

AT+QMTCONN=0,"BG96"
OK

+QMTCONN: 0,0,0

Publish to a Subject

For the shake of simplicity we publish to the shadow of BG96.

AT+QMTPUB=0,0,0,0,"$aws/things/quectel-iot-bg96/shadow/update"
>

Once the > character is prompted you can type in the message and terminate it with CTRL+Z or 0x1A form the console.

Conclusion

When connecting to AWS the setup process is tricky and the policies, rules and certificates need to be setup correctly in order to successfully connect to your thing.

If you aren’t able to connect to your this then please re-check the policies, rules and certificates on the modules and AWS.