Skip to content

AWS IoT MQTT Broker Setup

3.7

This guide provides instructions for setting up an AWS IoT MQTT broker and configuring it to connect with NF (a device management or control platform).

Prerequisites

  1. AWS Account: Ensure you have access to an AWS account.

Setup AWS IoT

  1. Navigate to the AWS IoT Core Console.
  2. Go to All Devices > Things > Create thing.
  3. Enter a name for your IoT device (e.g., GoIoTDevice) and click Next.
  4. Choose Auto-generate a new certificate and click Next.
  5. Create a new policy by clicking the Create Policy link:
    • Set the policy name (e.g., GoIoTDevice).
    • Use the policy document example provided below, replacing {{REGION}} with your AWS Region and {{ACCOUNT_ID}} with your AWS Account ID.
  6. Download the following:
    • Device certificate
    • Public key file
    • Private key file
    • RSA 2048 bit key: Amazon Root CA 1

Setup NF

  1. Go to the NF Console.
  2. Navigate to Settings > Sparkplug.
  3. Select the AWS IoT tab.
  4. Enter the AWS IoT Core Domain and Thing Name configured in step #1. The domain name can be found under "Domain configurations" in the AWS IoT console.
  5. Upload the following files:
    • RSA 2048 bit key: Amazon Root CA 1 as the Mqtt Cafile
    • Device certificate as the Mqtt Certfile
    • Private key file as the Mqtt Keyfile
  6. Click Save to apply the changes.

AWS Policy Example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:{{REGION}}:{{ACCOUNT_ID}}:client/${iot:Connection.Thing.ThingName}"
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Receive",
        "iot:PublishRetain"
      ],
      "Resource": [
        "arn:aws:iot:{{REGION}}:{{ACCOUNT_ID}}:topic/spBv1.0/normalgw/*/${iot:Connection.Thing.ThingName}",
        "arn:aws:iot:{{REGION}}:{{ACCOUNT_ID}}:topic/spBv1.0/normalgw/*/${iot:Connection.Thing.ThingName}/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": [
        "arn:aws:iot:{{REGION}}:{{ACCOUNT_ID}}:topicfilter/spBv1.0/normalgw/*/${iot:Connection.Thing.ThingName}",
        "arn:aws:iot:{{REGION}}:{{ACCOUNT_ID}}:topicfilter/spBv1.0/normalgw/*/${iot:Connection.Thing.ThingName}/*"
      ]
    }
  ]
}