Our great sponsors
-
aws-device-gateway-signed-url
Create a signed WebSocket URL for a MQTT AWS device gateway endpoint, so browsers can connect to AWS IOT MQTT message queues easily
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
There is also another option that doesn't seem to be documented; a pre-signed url! I found a library that does the trick perfectly. To control what the user can do you must create a IAM user for it with the right permissions on iot:Connect, iot:Subscribe, iot:Receive and iot:Publish and use that to sign the request. Your client can then simply connect to the pre-signed url and do it's thing. The pre-signed url is reusable for multiple users which means you can cache it on your CDN. Keep in mind this does give every user the same permissions but in some cases this is exactly what you need.
When you need websockets in a project on AWS most likely API Gateway Websockets (I will refer to it as API Gateway from now on) is the first service coming to mind. At some point when looking into options, I ran into IoT Core instead. I thought this was meant only for very specific scenarios involving hardware; however it also supports MQTT over websockets which makes it an amazing choice for web and app. I think this is a hidden gem in the AWS eco system and in this post I will explain why.
Related posts
- Introducing SeaStreamer 🌊 - a stream processing toolkit for working with Kafka and Redis Streams
- Control your IoT devices with this new MQTT Client in C# (published on NuGet)
- I'm working on a project, which will let me connect esp01 board directly to database like mongo DB.
- sending messages to raspberry pi 3 from pico
- How to keep a history of MQTT data with Node.js