{"id":16623698,"url":"https://github.com/jandelgado/esp32-aws-iot","last_synced_at":"2025-10-29T22:31:50.414Z","repository":{"id":56185444,"uuid":"158078959","full_name":"jandelgado/esp32-aws-iot","owner":"jandelgado","description":"Use AWS IoT with the ESP32","archived":false,"fork":false,"pushed_at":"2020-11-21T23:24:12.000Z","size":120,"stargazers_count":25,"open_issues_count":1,"forks_count":16,"subscribers_count":3,"default_branch":"master","last_synced_at":"2023-02-26T23:22:48.394Z","etag":null,"topics":["aws","esp32","iot"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jandelgado.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-18T11:58:05.000Z","updated_at":"2022-12-27T11:33:11.000Z","dependencies_parsed_at":"2022-08-15T14:20:15.040Z","dependency_job_id":null,"html_url":"https://github.com/jandelgado/esp32-aws-iot","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jandelgado%2Fesp32-aws-iot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jandelgado%2Fesp32-aws-iot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jandelgado%2Fesp32-aws-iot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jandelgado%2Fesp32-aws-iot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jandelgado","download_url":"https://codeload.github.com/jandelgado/esp32-aws-iot/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219857107,"owners_count":16556074,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","esp32","iot"],"created_at":"2024-10-12T03:24:40.366Z","updated_at":"2025-10-29T22:31:45.093Z","avatar_url":"https://github.com/jandelgado.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ESP32 AWS IoT example using Arduino SDK\n\n![Build Status](https://github.com/jandelgado/esp32-aws-iot/workflows/run%20tests/badge.svg)\n\nThis is a fork of https://github.com/ExploreEmbedded/Hornbill-Examples\nfocusing on the AWS_IOT library and removing everything else. The code was\nalso upgraded to AWS IoT Device SDK v3.0.1.\n\nThe library was modified so that the TLS configuration (i.e. certificates and\nstuff) is _no longer_ included in the library code self, but is now passed to\nthe `AWS_IOT` class from the client code. This makes the library easier usable.\n\n* original repository: https://github.com/ExploreEmbedded/Hornbill-Examples\n\nAdditionally, I added a tutorial on using the AWS cli to create everything\nneeded to set your thing up. \n\nAlso I added [all-in-one thing creator\nscript](#all-in-one-thing-creator-script) which uses the AWS API (python/boto3)\nto create a thing, certificates and attach certificates and policies. In\naddition the script outputs ready-to-include C++ code to be included in your\nsketch.\n\n## Contents\n\n\u003c!-- vim-markdown-toc GFM --\u003e\n\n* [Examples](#examples)\n * [pubSubTest Example/Quickstart](#pubsubtest-examplequickstart)\n * [Build](#build)\n* [AWS IoT core notes](#aws-iot-core-notes)\n * [Create thing group and thing](#create-thing-group-and-thing)\n * [Create keys and certificates](#create-keys-and-certificates)\n * [Attach policy to your thing](#attach-policy-to-your-thing)\n * [All-in-one thing creator script](#all-in-one-thing-creator-script)\n * [MQTT endpoint](#mqtt-endpoint)\n* [Troubleshooting](#troubleshooting)\n * [Error -0x2780](#error--0x2780)\n * [Error -0x2700](#error--0x2700)\n* [Author](#author)\n\n\u003c!-- vim-markdown-toc --\u003e\n\n## Examples\n\n### pubSubTest Example/Quickstart\n\nUnder [examples/pubSubTest](examples/pubSubTest) the original PubSub example of\nthe hornbill repository is included, with the configuration externalized to a\nseparate file [config.h-dist](examples/pubSubTest/config.h-dist). To build the\nexample, copy the `config.h-dist` file to a file called `config.h` and modify\nto fit your configuration:\n\n* add your WiFi configuration\n* add AWS thing private key (see below)\n* add AWS thing certificate (see below)\n* add [AWS MQTT endpoint address](#mqtt-endpoint)\n\nThe easisiet way to obtain the certificates and create the things is to use\nthe [all-in-one thing creator script](#all-in-one-thing-creator-script). Don't\nforget to create a IAM policy first (see below).\n\n#### Build\n\nA plattformio [project](platformio.ini) and [Makefile](Makefile) is provided.\n\nRun `make upload monitor` to build and upload the example to the ESP32 and\nstart the serial monitor afterwards to see what is going on.\n\nIf everything works, you should see something like this on your console:\n```\nAttempting to connect to SSID: MYSSID\nConnected to wifi\nConnected to AWS\nSubscribe Successfull\nPublish Message:Hello from hornbill ESP32 : 0\nReceived Message:Hello from hornbill ESP32 : 0\nPublish Message:Hello from hornbill ESP32 : 1\nReceived Message:Hello from hornbill ESP32 : 1\n...\n```\n\n## AWS IoT core notes\n\n**Work in progress**\n\nThis chapter describes how to use the AWS cli to\n\n* create a thing type and thing\n* create keys and certificates for a thing\n* attach a certificate to a thing\n* create and attach a policy to a thing\n\n### Create thing group and thing\n\nWe use the AWS cli to create a thing type called `ESP32` and a thing with the\nname `ESP32_SENSOR`. For convenience and later reference, we store the things\nname in the environment variable `THING`.\n\n```bash\n$ export THING=\"ESP32_SENSOR\"\n$ aws iot create-thing-type --thing-type-name \"ESP32\"\n$ aws iot list-thing-types\n{\n \"thingTypes\": [\n {\n \"thingTypeName\": \"ESP32\",\n \"thingTypeProperties\": {\n \"thingTypeDescription\": \"ESP32 devices\"\n },\n \"thingTypeMetadata\": {\n \"deprecated\": false,\n \"creationDate\": 1530358342.86\n },\n \"thingTypeArn\": \"arn:aws:iot:eu-central-1:*****:thingtype/ESP32\"\n }\n ]\n}\n$ aws iot create-thing --thing-name \"$THING\" --thing-type-name \"ESP32\"\n$ aws iot list-things\n{\n \"things\": [\n {\n \"thingTypeName\": \"ESP32\",\n \"thingArn\": \"arn:aws:iot:eu-central-1:*****:thing/ESP32_SENSOR\",\n \"version\": 1,\n \"thingName\": \"ESP32_SENSOR\",\n \"attributes\": {}\n }\n ]\n}\n```\n\n### Create keys and certificates\n\n```bash\n$ aws iot create-keys-and-certificate --set-as-active \\\n --certificate-pem-outfile=\"${THING}_cert.pem\" \\\n --private-key-outfile=\"${THING}_key.pem\"\n{\n \"certificateArn\": \"arn:aws:iot:eu-central-1:*****:cert/7bb8fd75139186deef4c054a73d15ea9e2a5f603a29025e453057bbe70c767fe\",\n \"certificatePem\": \"-----BEGIN CERTIFICATE-----\\n ... \\n-----END CERTIFICATE-----\\n\",\n \"keyPair\": {\n \"PublicKey\": \"-----BEGIN PUBLIC KEY-----\\n ... \\n-----END PUBLIC KEY-----\\n\",\n \"PrivateKey\": \"-----BEGIN RSA PRIVATE KEY-----\\n ... \\n-----END RSA PRIVATE KEY-----\\n\"\n },\n \"certificateId\": \"7bb8fd75139186deef4c054a73d15ea9e2a5f603a29025e453057bbe70c767fe\"\n}\n\n```\n\nOn the thing we later need (see [config.h-dir](examples/pubSubTest/config.h-dist)):\n\n* the private key stored in `${THING}_key.pem` (i.e. `ESP32_SENSOR_key.pem`)\n* the certificate stored in `${THING}_cert.pem` (i.e. `ESP32_SENSOR_cert.pem`)\n\nNote that this is the only time that the private key will be output by AWS.\n\nNext we attach the certificate to the thing:\n\n```bash\n$ aws iot attach-thing-principal --thing-name \"$THING\" \\\n --principal \"arn:aws:iot:eu-central-1:*****:cert/7bb8fd75139186deef4c054a73d15ea9e2a5f603a29025e453057bbe70c767fe\"\n$ aws iot list-principal-things --principal \"arn:aws:iot:eu-central-1:*****:cert/7bb8fd75139186deef4c054a73d15ea9e2a5f603a29025e453057bbe70c767fe\"\n{\n \"things\": [\n \"ESP32_SENSOR\"\n ]\n}\naws iot list-thing-principals --thing-name $THING\n{\n \"principals\": [\n \"arn:aws:iot:eu-central-1:*****:cert/7bb8fd75139186deef4c054a73d15ea9e2a5f603a29025e453057bbe70c767fe\"\n ]\n}\n```\n\n### Attach policy to your thing\n\nIt is important to attach a policy to your thing (technically: to the\ncertificate attached to the thing), otherwise no communication will be\npossible.\n\nFirst we need to create a permission named `iot-full-permissions` which, as\nthe name suggests, has full iot permissions:\n\n```bash\n$ cat \u003ething_policy_full_permissions.json\u003c\u003cEOT\n{\n \"Version\" : \"2012-10-17\",\n \"Statement\" : [\n {\n \"Action\" : [\n \"iot:Publish\",\n \"iot:Connect\",\n \"iot:Receive\",\n \"iot:Subscribe\",\n \"iot:GetThingShadow\",\n \"iot:DeleteThingShadow\",\n \"iot:UpdateThingShadow\"\n ],\n \"Effect\" : \"Allow\",\n \"Resource\" : [\n \"*\"\n ]\n }\n ]\n}\nEOT\n$ aws iot create-policy --policy-name \"iot-full-permissions\" \\\n --policy-document file://thing_policy_full_permissions.json\n$ aws iot list-policies\n{\n \"policies\": [\n {\n \"policyName\": \"iot-full-permissions\",\n \"policyArn\": \"arn:aws:iot:eu-central-1:*****:policy/iot-full-permissions\"\n }\n ]\n}\n```\n\n(TODO least privilege permission sets in policies)\n\nNext, we attach the policy to the certificate:\n\n**WiP**\n\n```bash\n\"arn:aws:iot:eu-central-1:*****:thing/ESP32_SENSOR\"\n$ aws iot attach-policy --policy-name \"iot-full-permissions\" \\\n --target \"7bb8fd75139186deef4c054a73d15ea9e2a5f603a29025e453057bbe70c767fe\"\n$ aws iot list-targets-for-policy --policy-name iot-full-permissions\n...\n```\n\n### All-in-one thing creator script\n\nEntering above aws cli commands manually is slow and error prone. See the\nprovided [create_thing.py](tools/create_thing/create_thing.py) Python script,\nwhich performs all steps automatically and also produces c++ code containing\nthe certificate and keys ready to be included in your ESP32 sketch.\n\n```\nusage: create_thing.py [-h] [--type-name TYPE_NAME] name policy_name\n\npositional arguments:\n name name of the thing to create\n policy_name policy to attach thing to\n\noptional arguments:\n -h, --help show this help message and exit\n --type-name TYPE_NAME\n thing type name\n```\n\n### MQTT endpoint\n\nRunning `aws describe-endpoint` will give you the endpoint of your MQTT service\n(make sure to use the `ATS` enpoint for the data service type):\n\n```bash\n$ aws iot describe-endpoint --endpoint-type iot:Data-ATS\n{\n \"endpointAddress\": \"*****-ats.iot.eu-central-1.amazonaws.com\"\n}\n```\n\nThe secure MQTT port is 8883. To test if your MQTT endpoint is up, you could\nfor example issue a netcat command like `nc -v \u003cyour-iot-endpoint\u003e 8883`.\n\n## Troubleshooting\n\n### Error -0x2780\n\n```\nE (15426) aws_iot: failed! mbedtls_x509_crt_parse returned -0x2780 while parsing device cert`\n```\n\nCheck the format of your PEM key and certificates in `config.h`. \n\n### Error -0x2700\n\n```\n(11417) aws_iot: failed! mbedtls_ssl_handshake returned -0x2700\nE (11417) aws_iot: Unable to verify the server's certificate. \nE (11427) AWS_IOT: Error(-4) connecting to **********.iot.eu-central-1.amazonaws.com:8883,\n```\n\nAre you using the correct MQTT endpoint (hint use the `ATS` endpoint)?\n\n## Author\n\nJan Delgado \u003cjdelgado at gmx.net\u003e, original work from https://github.com/ExploreEmbedded/Hornbill-Examples.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjandelgado%2Fesp32-aws-iot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjandelgado%2Fesp32-aws-iot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjandelgado%2Fesp32-aws-iot/lists"}