nodemcu1

How to Series Blogs: Connect ESP 8266 / NodeMCU to AWS IoT

ManagementTeamMouli1

Srinidhi Murthy

In this Blog we talk about connecting the simple ESP 8266 / NodeMCU to AWS IoT. Traditionally the simple and easily available ESP 8266 based boards could not connect to AWS IoT. There are two issues that prevent the use of AWS IoT for ESP8266 Arduino and pretty much every other 8-bit microcontroller-based device.

One is the requirement to either support certificates or uses a crypto library to create “signatures”.

The other is TLS 1.2 or higher. If they allowed TLS 1.1 and added a “pre-shared key” authentication system, similar to the rest of the IoT providers’ de-facto standard for devices like these, there would already be another billion devices on the net.
AWS IoT supports web-sockets with MQTT now, which works on ESP 8266 / NodeMCU but not guaranteed.
This is all about to change … Enter the ESP-OPEN-RTOS ….

The ESP-OPEN-RTOS, a community developed the open source FreeRTOS-based framework for ESP8266 WiFi-enabled microcontrollers. This RTOS is intended for use in both commercial and open source projects. Using the ESP-OPEN-RTOS, we have the ability to create a simple event driven RTOS for controlling all Things in the near field via Wifi and also has the support needed to create signatures and supports TLS 1.2 … which means connection to AWS IoT is possible.

ESP-OPEN-RTOS can be installed on any Linux based server like Ubuntu, RHL, SuSE and using the Xtensa tool chain can be cross compiled for ESP 8266 based boards like NodeMCU / Adafruit HUZZAH etc.

The procedure for installing the ESP-OPEN-RTOS, the pre-requisites, necessary SDK’s, toolchain etc is given in detail in the link.

We are not going to delve here on installing the RSP-OPEN-RTOS or the necessary software / SDK. We are going to concentrate on the RTOS Itself and its ability to connect to AWS IoT.

Let’s quickly move to the examples section of the ESP-OPEN-RTOS where we find the AWS IoT example.

Connection to AWS IoT needs the AWS command line Interface to be installed to create policies to allow the Thing (ESP 8266 / NodeMCU) to connect and an ECC based Certificate and private key .pem file to be generated. The detailed procedure is highlighted below.

  • Modify client_config.c to provide your own account-specific AWS IoT endpoint, ECC-based client certificate, and private key.
    1. Your endpoint is in the form of <prefix>.iot.<region>.amazonaws.com. It can be retrieved using the following command:
      1. $ aws iot describe-endpoint
    2. Your ECC-based certificate and private key can be generated by using the following commands:
      1. $ openssl ecparam -out ecckey.key -name prime256v1 -genkey
      2. $ openssl req -new -sha256 -key ecckey.key -nodes -out eccCsr.csr
      3. $ aws iot create-certificate-from-csr –certificate-signing-request file://eccCsr.csr –certificate-pem-outfile eccCert.crt –set-as-active
    3. To convert the certificate or key file into C string, you could try the following example:
      1. $ cat ecckey.key | sed -e ‘s/^/”/g’ | sed -e ‘s/$/\\r\\n”/g’
        Note, more information about using ECC-based certificate with AWS IoT can be found in the following blog
        https://aws.amazon.com/blogs/iot/elliptic-curve-cryptography-and-forward-secrecy-support-in-aws-iot-3/
  • Create and attach AWS IoT access policy to the certificate
    1. $ aws iot create-policy –policy-name test-thing-policy –policy-document ‘{ “Version”: “2012-10-17”, “Statement”: [{“Action”: [“iot:*”], “Resource”: [“*”], “Effect”: “Allow” }] }’
    2. $ aws iot attach-principal-policy –policy-name test-thing-policy –principal “arn:aws:iot:eu-west-1:892804553548:cert/2d9c2da32a95b5e95a277c3b8f7af40869727f5259dc2e907fc8aba916c857e”
      Note, the ‘principal’ argument is the certificate ARN generated from the previous command ‘aws iot create-certificate-from-csr’.
  • Modify include/ssid_config.h with your Wifi access Id and credential.
  • Build and flash the example firmware to the device using the command below:
    1. $ make flash -C examples/aws_iot ESPPORT=/dev/ttyUSB0
      Note, it assumes your ESP8266 is connected through USB and exposed under your Linux host as /dev/ttyUSB0.
  • Once the ESP8266 is connected to AWS IoT, you can use the MQTT client on the AWS IoT console to receive the messages published by the ESP8266 to topic ‘esp8266/status’. You could also publish ‘on’ or ‘off’ message to topic ‘esp8266/control’ to toggle the GPIO/LED (GPIO2 is used by the example).

Leave a Reply

Your email address will not be published. Required fields are marked *