MQTT connection error for AWS Example Project

Hi everyone,

I’m very new to the Mbed OS, so I’ve been trying out some example projects to learn some basic principles.

One of these projects is connecting my STM B-L475E-IOT01A board to my AWS account using this guide: GitHub - ARMmbed/mbed-os-example-for-aws: Mbed OS example to connect to AWS IoT Core

For reasons I don’t really understand, my AWS credentials and subsequent handshake protocol are working fine, but my MQTT connection is failing:

image

The MQTT parameters for this example project are set in a JSON file. These MQTT parameters are related to both the publication topic that my AWS account is subscribed to, and the wi-fi connection. I’m not sure if the error is tied to the wi-fi or the MQTT topic.

So far I haven’t been able to track down which part of the example code calls out the error messaging for the MQTT connection. The way I see it, I probably did something wrong in the JSON file, but I don’t know enough about mbed (and makefiles) to have seen it yet.

Has anyone come across a similar problem and been able to resolve it?

Thank you in advance for your time

Hi and welcome to the Mbed community.

First of all, please update the mbed-client-for-aws library to the latest commit in the master branch, it contains a fix which shows the correct error code when connect fails. It would be easier to debug the situation with the correct return code.

As the TLS connection succeeds, your Wi-Fi connection seems to be OK. I believe this is a policy issue in AWS, which results in your device being rejected by the server, please check your AWS IoT logs for more information and make sure you have your policies set up correctly. If you post the logs here, we could investigate the issue further.

Hi Bora,

Thank you for your reply. I have now uploaded the newest version of this library (from 2021).

I’ve been doing a bit more digging on this problem. I went back to look at the github page for the AWSClient for mbed:

I have been able to see that the message that pops up in the terminal is linked to this section of the code (part of the AWSClient::connect function):

image

image

You were right, using the newest version of the library outputted a different error code (7) than the original version. I’m not actually sure what this means though.

Additionally, I’ve also gone back to see if the “Thing Name” I created in AWS matches up with what I wrote on the JSON file:

image

This left me confused, as it looks like the “aws-client-identifier” value in the mbed_app.json is exactly the same as the Thing Name in AWS. All security certificates for this “Thing” are active (as shown in the previous post).

I’m even using the wildcard option for the AWS Test MQTT topic (after trying to subscribe to a specific topic). So I still don’t know what could be going wrong:

image

The return codes are of the type MQTTStatus_t. Code 7 means MQTTNoDataAvailable, which is usually the case if the server has closed the connection. This supports my diagnosis.

The client ID does not have to be the same as the thing name, although this is usually the convention. This restriction can be implemented using the policies.

You still did not show your policies or the AWS IoT logs. Please check your policies and enable+check the logs for more information.

Hi Bora,

I think you’re right, somewhere down the line I screwed up my policies.

I checked the one I created for this board, all four basic IoT actions are Allowed.

The Policy is attached to the certificate I created for my IoT “Thing”, as well as the “Thing Group” which my B-L475E-IOT01A Thing is a part of:

I tried to extract some connectivity info through the AWS Cli. No matter what I seem to do, I can’t find any indication that my AWS Thing has any attached policies:

I also wanted to let you know I tried setting up AWS CloudWatch Logging, without success. I keep trying to reconnect to the AWS IoT console via my board, but I can’t tell if any useful info is actually being displayed in CloudWatch:

At this point, I’m not sure how to begin fixing my AWS Policy Issues, any advice you have is greatly appreciated, as always :grinning:

I would suggest using a desktop MQTT client such as the AWS IoT python SDK to test the policies first. Use the same credentials and the same parameters to see if you can connect from another client. This would help to rule out device related problems and isolate your issue. There are plenty of resources which can guide you through the AWS related issues. If you can connect with another client, try again with the Mbed client and post the results here, maybe we can help afterwards.

For cloudwatch logs, follow these guides: Configure AWS IoT logging - AWS IoT Core and Monitor AWS IoT using CloudWatch Logs - AWS IoT Core

Hi Bora,

I managed to solve this issue, thank you so much for your support.

Your suggestion to use the AWS IoT Python SDK was very helpful, as that’s what I kept using to realize what my issue was with regards to my policies:

It turns out my issues got fixed once I changed my policies to allow everything (which isn’t ideal but I’m a hobbyist so I’m not fussed):

Everything seems to be working fine now:

Thank you so much for your support.

1 Like