We are trying to use Amazon Web Services Internet of Things (AWS IoT) to send messages from/to a Web Browser (e.g: . Given that the AWS IoT supports JavaScript we expect that this is possible ...
We have searched at the AWS IoT Documentation but only found server-side examples (which expose AWS secrets/keys...)
Are there any good working examples or tutorials for using AWS IoT to send/receive messages via WebSockets/MQTT in the browser (e.g: authenticating with AWS Cognito)? Thanks!
Here's a sample that uses a cognito identity pool in JS to connect, publish and react to a subscription.
// Configure Cognito identity pool
AWS.config.region = 'us-east-1';
var credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'us-east-1:your identity pool guid',
});
// Getting AWS creds from Cognito is async, so we need to drive the rest of the mqtt client initialization in a callback
credentials.get(function(err) {
if(err) {
console.log(err);
return;
}
var requestUrl = SigV4Utils.getSignedUrl('wss', 'data.iot.us-east-1.amazonaws.com', '/mqtt',
'iotdevicegateway', 'us-east-1',
credentials.accessKeyId, credentials.secretAccessKey, credentials.sessionToken);
initClient(requestUrl);
});
function init() {
// do setup stuff
}
// Connect the client, subscribe to the drawing topic, and publish a "hey I connected" message
function initClient(requestUrl) {
var clientId = String(Math.random()).replace('.', '');
var client = new Paho.MQTT.Client(requestUrl, clientId);
var connectOptions = {
onSuccess: function () {
console.log('connected');
// subscribe to the drawing
client.subscribe("your/mqtt/topic");
// publish a lifecycle event
message = new Paho.MQTT.Message('{"id":"' + credentials.identityId + '"}');
message.destinationName = 'your/mqtt/topic';
console.log(message);
client.send(message);
},
useSSL: true,
timeout: 3,
mqttVersion: 4,
onFailure: function () {
console.error('connect failed');
}
};
client.connect(connectOptions);
client.onMessageArrived = function (message) {
try {
console.log("msg arrived: " + message.payloadString);
} catch (e) {
console.log("error! " + e);
}
};
}
Documentation for the credentials.get
call, here
Remember to authorize your IAM role for subscribing / publishing as well. Here's a sample:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Receive",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Subscribe",
"Resource": [
"arn:aws:iot:us-east-1::your/mqtt/topic"
]
},
{
"Effect": "Allow",
"Action": "iot:Publish",
"Resource": [
"arn:aws:iot:us-east-1::your/mqtt/topic"
]
}
]
}