Connecting to AWS IoT core with username and password

I’m having trouble to connect to an MQTT end point hosted in AWS IoT Core with a custom authorizer, and I would appreciate any help.

AWS IoT Core Setup
I create a simple Domain in AWS with secure policy IoTSecurityPolicy_TLS13_1_2_2022_10 and a custom authorizer which check for username and passowrd.

I tested the custom authorizer with an https and point and postman and it works correctly.

Postman setup
I’m simply using the MQTT request with my AWS endpoint and the mqtts protocols (since AWS uses TLS), as follow:

Screen Shot 2024-11-21 at 8.24.07 AM1782×1328 469 KB

Result
I’m seeing the following:

• Postman after 30 seconds, report. that it is disconnected to the broker.
• The authorizer is not invoked. Which confirms that the connection was not accepted

Question

• I see from the documentation that AWS for TLS requires the ALPN protocol to mqtt. Is this the issue ? how can I check it ?
• Does anyone know how I can get this to work correctly ? please note that I need to use old devices with AWS IoT and I can not change the behaviour on the device.

Hey @vittorioa could you confirm the port that you’re trying to connect to? I know that was it core exposes different ports for different auth and ALPN. I see that you’re using custom auth so based on this I’m assuming port 443, but am not seeing that in your screenshot?

Thank you Jonathan for your reply. I tested with port 443 and 8883 and the result is the same. Here is the configuration of the AWS Domain, which determines the protocol:

image710×454 43.8 KB

image1686×1364 84.7 KB

image1742×1032 82.8 KB

It appears to me that it doesn’t connect at all, because I know for sure that the authorizer is not invoked.

Any suggestion is welcome !

@docking-module-admin here is more information regarding the port:

• when I use port 443 as in the picture above the postman times out and reports the error Disconnected from Broker
• when I used port 8443 as follow mqtts://.......-ats.iot.us-east-1.amazonaws.com:8443 postman return immediately with an error An error occurred: Client network socket disconnected before secure TLS connection was established
• when I used port 8883 as follow mqtts://.......-ats.iot.us-east-1.amazonaws.com:8883 postman return immediately with an error An error occurred: Client network socket disconnected before secure TLS connection was established

I’m not able to get any log on the AWS side. It appears to me that the TLS connection is rejected. Do you understand why ?

@vittorioa thanks for the update! Can you confirm if your domain configuration looks like this?

image835×550 42.2 KB

Yes, correct. It is enabled.

For anyone getting to this topic: I was not able to use with postman, however this simple nodejs application was able to talk to the AWS IoT endpoint with a custom authorizer using username and password on TLS MQTT:

const mqtt = require("mqtt");

const endPoint= "*******-ats.iot.REGION.amazonaws.com"; 
const topic = 'test';
const options =     {
    protocolId: 'MQTT',
    protocolVersion: 5,
    username: "*******",
    password: "*******"
}

console.log('building client');
const client = mqtt.connect(
    'mqtts://' +endPoint+ ':8883',
    options
);

client.on('connect', function () {
    console.log("connected !");
    client.subscribe(topic, function (err) {
    console.log('subscribe to: ' + topic );
        if (err) {
            console.log('subscribe error: ' + err);
        };
    });
});


client.on('message', (topic, message) => {
    console.log('message received: subscription topic: ' + topic + ' topic: ' + topic + ' message: ' + message.toString());
  });

setInterval(function () {
    var message = `{ "time":${(new Date()).getTime()}}`
    console.log('publish: topic: ' + topic + ' message: ' + message);
    client.publish(topic, message);
}, 5000);

@vittorioa based on the configuration, if you haven’t already would you be able to upload certificates for this endpoint? Thank you for sharing the alternative solution!