Thales IoT Developer Community
AWS MQTT connection via ThreadX demo app
Showcase, December 21, 2021 - 10:14pm, 1427 views
Here is a ThreadX app to demonstrate how we take advantage of embedded processing feature on Thales EXSx2 module to connect AWS and exchange MQTT message.
The app consists of below functionalities:
- TLS certificate management in ThreadX
- DNS resolution from AWS EndPoint to actual IP address
- MQTT operations
For security concern we will not allow using intermediate CA for server certs verification. So it's necessary to load RootCA of the entire AWS server certificate chain so that module will be able to verify AWS server certs. As far as we know, AWS uses Starfield Class 2 Certification Authority as RootCA, refer to attached starfield.pem.
AWS usually allocates dynamic IP address for client access, unless you’re sure about your IP address, otherwise it’s recommended to connect via Endpoint URL, and in the demo app we will resolve DNS to get IP then proceed AWS MQTT connection.
We support cert conversions for different file formats including PEM/DER/CRT/KEY… So you just ***** to make sure the right certificate files have been placed into FFS before starting this app.
For demo purpose, the certificates will be loaded into module's NVM every time when app gets started.
But it's absolutely not necessary in real use case. Once customer verifies the AWS connection works, the whole certificate operation procedure can be skipped.
Here I also attached the app source and a corresponding log for your reference.