From cedfe125107742f9d823371eaeb7714c37805ad8 Mon Sep 17 00:00:00 2001 From: Alfred Gedeon Date: Fri, 5 Jan 2024 11:00:48 -0800 Subject: [PATCH 1/7] WebSocket Connection methods --- samples/utils/command_line_utils.py | 26 +++++ samples/websocket_connect.md | 13 ++- samples/websocket_connect_custom_auth.md | 107 ++++++++++++++++++ .../websocket_connect_static_credentials.md | 82 ++++++++++++++ 4 files changed, 227 insertions(+), 1 deletion(-) create mode 100644 samples/websocket_connect_custom_auth.md create mode 100644 samples/websocket_connect_static_credentials.md diff --git a/samples/utils/command_line_utils.py b/samples/utils/command_line_utils.py index 3dd3e77a..73ac205d 100644 --- a/samples/utils/command_line_utils.py +++ b/samples/utils/command_line_utils.py @@ -294,6 +294,10 @@ class CmdData: # PKCS12 input_pkcs12_file : str input_pkcs12_password : str + # Static credentials + input_session_token : str + input_access_key_id : str + input_secret_access_key : str def __init__(self) -> None: pass @@ -424,6 +428,25 @@ def parse_sample_input_custom_authorizer_connect(): cmdData.input_is_ci = cmdUtils.get_command(CommandLineUtils.m_cmd_is_ci, None) != None return cmdData + def parse_sample_input_static_credentials_connect(): + cmdUtils = CommandLineUtils( + "Static Credentials Connect - Make a MQTT connection using Static Credentials.") + cmdUtils.add_common_mqtt_commands() + cmdUtils.add_common_logging_commands() + cmdUtils.add_common_custom_authorizer_commands() + cmdUtils.register_command(CommandLineUtils.m_cmd_client_id, "", + "Client ID to use for MQTT connection (optional, default='test-*').", + default="test-" + str(uuid4())) + cmdUtils.get_args() + + cmdData = CommandLineUtils.CmdData() + cmdData.input_endpoint = cmdUtils.get_command_required(CommandLineUtils.m_cmd_endpoint) + cmdData.input_session_token = cmdUtils.get_command(CommandLineUtils.m_cmd_session_token) + cmdData.input_access_key_id = cmdUtils.get_command(CommandLineUtils.m_cmd_access_key_id) + cmdData.input_secret_access_key = cmdUtils.get_command(CommandLineUtils.m_secret_access_key) + cmdData.input_clientId = cmdUtils.get_command(CommandLineUtils.m_cmd_client_id, "test-" + str(uuid4())) + cmdData.input_is_ci = cmdUtils.get_command(CommandLineUtils.m_cmd_is_ci, None) != None + return cmdData def parse_sample_input_fleet_provisioning(): cmdUtils = CommandLineUtils("Fleet Provisioning - Provision device using either the keys or CSR.") @@ -892,3 +915,6 @@ def parse_sample_input_pkcs12_connect(): m_cmd_pkcs12_password = "pkcs12_password" m_cmd_region = "region" m_cmd_mqtt_version = "mqtt_version" + m_cmd_session_token = "session_token" + m_cmd_secret_access_key = "secret_access_key" + m_cmd_access_key_id = "access_key_id" diff --git a/samples/websocket_connect.md b/samples/websocket_connect.md index 38ef539a..db1032e6 100644 --- a/samples/websocket_connect.md +++ b/samples/websocket_connect.md @@ -4,6 +4,12 @@ This sample makes an MQTT connection via Websockets and then disconnects. On startup, the device connects to the server via Websockets and then disconnects right after. This sample is for reference on connecting via Websockets. This sample demonstrates the most straightforward way to connect via Websockets by querying the AWS credentials for the connection from the device's environment variables or local files. +If you want to use custom auth (or static creds, or basic auth, etc) instead, +then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme. + +* [custom auth](./websocket_connect_custom_auth.md) +* [static credentials](./websocket_connect_static_credentials.md) + Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended.
@@ -37,9 +43,14 @@ For this sample, using Websockets will attempt to fetch the AWS credentials to a ## How to run +ptional parameters: +``` +--proxy_host +--proxy_port +``` To run the websocket connect from the `samples` folder, use the following command: ``` sh # For Windows: replace 'python3' with 'python' and '/' with '\' -python3 websocket_connect.py --endpoint --signing_region +python3 websocket_connect.py --endpoint --signing_region --proxy_host --proxy_port ``` diff --git a/samples/websocket_connect_custom_auth.md b/samples/websocket_connect_custom_auth.md new file mode 100644 index 00000000..72ca0c81 --- /dev/null +++ b/samples/websocket_connect_custom_auth.md @@ -0,0 +1,107 @@ +# Websocket Connect with Custom Authentication + +[**Return to main sample list**](../../README.md) + +This sample makes an MQTT connection and connects through a [Custom Authorizer](https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html). +On startup, the device connects to the server and then disconnects. +This sample is for reference on connecting using a Custom Authorizer. +Using a Custom Authorizer allows you to perform your own authorization using an AWS Lambda function. +See [Custom Authorizer](https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html) for more information. +You will need to setup your Custom Authorizer so that the lambda function returns a policy document. +See [this page on the documentation](https://docs.aws.amazon.com/iot/latest/developerguide/config-custom-auth.html) for more details and example return result. +You can customize this lambda function as needed for your application to provide your own security measures based on the needs of your application. +Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. +Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended. + +If you want to use simple or custom auth (or static creds, or basic auth, etc) instead, +then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme. + +Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended. + +
+(see sample policy) +
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iot:Connect"
+      ],
+      "Resource": [
+        "arn:aws:iot:region:account:client/test-*"
+      ]
+    }
+  ]
+}
+
+ + +Replace with the following with the data from your AWS account: +* ``: The AWS IoT Core region where you created your AWS IoT Core thing you wish to use with this sample. For example `us-east-1`. +* ``: Your AWS IoT Core account ID. This is the set of numbers in the top right next to your AWS account name when using the AWS IoT Core website. + +Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. Please follow best practices when working with AWS on production applications using the SDK. Also, for the purposes of this sample, please make sure your policy allows a client ID of `test-*` to connect or use `--client_id ` to send the client ID your policy supports. + +For this sample, using Websockets will attempt to connect using custom auth. + +
+ +
+ (code snipet to replace similar section) +
+
+def connection_setup():
+    # cmdData is the arguments/input from the command line placed into a single struct for
+    # use in this sample. This handles all of the command line parsing, validating, etc.
+    # See the Utils/CommandLineUtils for more information.
+    cmdData = CommandLineUtils.parse_sample_input_custom_authorizer_connect()
+    # Create the proxy options if the data is present in cmdData
+    proxy_options = None
+    if cmdData.input_proxy_host is not None and cmdData.input_proxy_port != 0:
+        proxy_options = http.HttpProxyOptions(
+            host_name=cmdData.input_proxy_host,
+            port=cmdData.input_proxy_port)
+
+    # Create a default credentials provider and a MQTT connection from the command line data
+    credentials_provider = auth.AwsCredentialsProvider.new_default_chain()
+    mqtt_connection = mqtt_connection_builder.websockets_with_custom_authorizer(
+        endpoint=cmdData.input_endpoint,
+        region=cmdData.input_signing_region,
+        credentials_provider=credentials_provider,
+        auth_username=cmdData.input_input_custom_auth_username,
+        auth_authorizer_name=cmdData.input_custom_authorizer_name,
+        auth_authorizer_signature=cmdData.input_custom_authorizer_signature,
+        auth_password=cmdData.input_custom_auth_password,
+        auth_token_key_name=cmdData.input_custom_authorizer_token_key_name,
+        auth_token_value=cmdData.input_custom_authorizer_token_value,
+        on_connection_interrupted=on_connection_interrupted,
+        on_connection_resumed=on_connection_resumed,
+        client_id=cmdData.input_clientId,
+        clean_session=False,
+        keep_alive_secs=30)
+
+    return mqtt_connection, cmdData
+
+
+
+
+ +## How to run +Options for custom auth +``` +--custom_auth_username +--custom_auth_authorizer_name +--custom_auth_authorizer_signature +--custom_auth_password +--custom_auth_token_name +--custom_auth_token_value +``` + +To run the websocket connect from the `samples` folder, use the following command: +``` sh +# For Windows: replace 'python3' with 'python' and '/' with '\' +python3 websocket_connect.py --endpoint --signing_region --custom_auth_username --custom_auth_authorizer_name --custom_auth_authorizer_signature --custom_auth_password --custom_auth_token_name --custom_auth_token_value +``` + diff --git a/samples/websocket_connect_static_credentials.md b/samples/websocket_connect_static_credentials.md new file mode 100644 index 00000000..c6cfd544 --- /dev/null +++ b/samples/websocket_connect_static_credentials.md @@ -0,0 +1,82 @@ +# Websocket Connect with static credentials + +[**Return to main sample list**](../../README.md) + +This sample makes an MQTT connection via Websockets and then disconnects. +On startup, the device connects to the server via Websockets then disconnects right after. +This sample demonstrates connecting via static credentials. + +If you want to use simple or custom auth (or static creds, or basic auth, etc) instead, +then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme. + +Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended. + +
+(see sample policy) +
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iot:Connect"
+      ],
+      "Resource": [
+        "arn:aws:iot:region:account:client/test-*"
+      ]
+    }
+  ]
+}
+
+ +Replace with the following with the data from your AWS account: +* ``: The AWS IoT Core region where you created your AWS IoT Core thing you wish to use with this sample. For example `us-east-1`. +* ``: Your AWS IoT Core account ID. This is the set of numbers in the top right next to your AWS account name when using the AWS IoT Core website. + +Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. Please follow best practices when working with AWS on production applications using the SDK. Also, for the purposes of this sample, please make sure your policy allows a client ID of `test-*` to connect or use `--client_id ` to send the client ID your policy supports. + +For this sample, using Websockets will attempt to fetch the AWS credentials to authorize the connection from static credentials. + +
+ + +
+ (code snipet to replace similar section) +
+
+def connection_setup():
+    # cmdData is the arguments/input from the command line placed into a single struct for
+    # use in this sample. This handles all of the command line parsing, validating, etc.
+    # See the Utils/CommandLineUtils for more information.
+    cmdData = CommandLineUtils.parse_sample_input_static_credentials_connect()
+    cred_provider = AwsCredentialsProvider.new_static(
+        access_key_id=cmdData.input_access_key_id,
+        secret_access_key=cmdData.input_secret_access_key,
+        session_token=cmdData.input_session_token)
+    mqtt_connection = mqtt_connection_builder.websockets_with_default_aws_signing(
+        region=cmdData.input_signing_region,
+        credentials_provider=cred_provider,
+        endpoint=cmdData.input_endpoint,
+        client_id=cmdData.input_clientId)
+
+    return mqtt_connection, cmdData
+
+
+
+ +## How to run + +Options for static credentials +``` +--access_key_id +--secret_access_key +--session_token +``` + +To run the websocket connect from the `samples` folder, use the following command: +``` sh +# For Windows: replace 'python3' with 'python' and '/' with '\' +python3 websocket_connect.py --endpoint --signing_region --access_key_id --secret_access_key --session_token +``` + From c388a8112673c1d2a81c40b1b515b5f7337ef111 Mon Sep 17 00:00:00 2001 From: Alfred Gedeon Date: Thu, 11 Jan 2024 17:20:21 -0800 Subject: [PATCH 2/7] Merge readmes into one file --- samples/utils/command_line_utils.py | 4 +- samples/websocket_connect.md | 151 ++++++++++++++++-- samples/websocket_connect_custom_auth.md | 107 ------------- .../websocket_connect_static_credentials.md | 82 ---------- 4 files changed, 145 insertions(+), 199 deletions(-) delete mode 100644 samples/websocket_connect_custom_auth.md delete mode 100644 samples/websocket_connect_static_credentials.md diff --git a/samples/utils/command_line_utils.py b/samples/utils/command_line_utils.py index 73ac205d..81f9925e 100644 --- a/samples/utils/command_line_utils.py +++ b/samples/utils/command_line_utils.py @@ -433,10 +433,12 @@ def parse_sample_input_static_credentials_connect(): "Static Credentials Connect - Make a MQTT connection using Static Credentials.") cmdUtils.add_common_mqtt_commands() cmdUtils.add_common_logging_commands() - cmdUtils.add_common_custom_authorizer_commands() cmdUtils.register_command(CommandLineUtils.m_cmd_client_id, "", "Client ID to use for MQTT connection (optional, default='test-*').", default="test-" + str(uuid4())) + cmdUtils.register_command(CommandLineUtils.m_cmd_session_token, "", "", default="test-" + str(uuid4())) + cmdUtils.register_command(CommandLineUtils.m_cmd_access_key_id, "", "", type=int) + cmdUtils.register_command(CommandLineUtils.m_cmd_secret_access_key, "", "") cmdUtils.get_args() cmdData = CommandLineUtils.CmdData() diff --git a/samples/websocket_connect.md b/samples/websocket_connect.md index db1032e6..5eeed83a 100644 --- a/samples/websocket_connect.md +++ b/samples/websocket_connect.md @@ -1,16 +1,18 @@ # Websocket Connect [**Return to main sample list**](./README.md) - -This sample makes an MQTT connection via Websockets and then disconnects. On startup, the device connects to the server via Websockets and then disconnects right after. This sample is for reference on connecting via Websockets. This sample demonstrates the most straightforward way to connect via Websockets by querying the AWS credentials for the connection from the device's environment variables or local files. - If you want to use custom auth (or static creds, or basic auth, etc) instead, then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme. +[**Websocket Connection Using Custom Authentication**](#Websocket Connection Using Custom Authentication) +[**Websocket Connection Using Static Credentials**](#Websocket Connection Using Custom Authentication) -* [custom auth](./websocket_connect_custom_auth.md) -* [static credentials](./websocket_connect_static_credentials.md) +This sample makes an MQTT connection via Websockets and then disconnects. +On startup, the device connects to the server via Websockets and then disconnects right after. +This sample is for reference on connecting via Websockets. +This sample demonstrates the most straightforward way to connect via Websockets by querying the AWS credentials for the connection from the device's environment variables or local files. -Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended. +Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. +Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended.
(see sample policy) @@ -35,15 +37,18 @@ Replace with the following with the data from your AWS account: * ``: The AWS IoT Core region where you created your AWS IoT Core thing you wish to use with this sample. For example `us-east-1`. * ``: Your AWS IoT Core account ID. This is the set of numbers in the top right next to your AWS account name when using the AWS IoT Core website. -Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. Please follow best practices when working with AWS on production applications using the SDK. Also, for the purposes of this sample, please make sure your policy allows a client ID of `test-*` to connect or use `--client_id ` to send the client ID your policy supports. +Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. +Please follow best practices when working with AWS on production applications using the SDK. +Also, for the purposes of this sample, please make sure your policy allows a client ID of `test-*` to connect or use `--client_id ` to send the client ID your policy supports. -For this sample, using Websockets will attempt to fetch the AWS credentials to authorize the connection from your environment variables or local files. See the [authorizing direct AWS](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) page for documentation on how to get the AWS credentials, which then you can set to the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables. +For this sample, using Websockets will attempt to fetch the AWS credentials to authorize the connection from your environment variables or local files. +See the [authorizing direct AWS](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) page for documentation on how to get the AWS credentials, which then you can set to the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables.
## How to run -ptional parameters: +Optional parameters: ``` --proxy_host --proxy_port @@ -54,3 +59,131 @@ To run the websocket connect from the `samples` folder, use the following comman # For Windows: replace 'python3' with 'python' and '/' with '\' python3 websocket_connect.py --endpoint --signing_region --proxy_host --proxy_port ``` + + +# Websocket Connection Using Custom Authentication + +This sample makes an MQTT connection and connects through a [Custom Authorizer](https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html). +On startup, the device connects to the server and then disconnects. +This sample is for reference on connecting using a Custom Authorizer. +Using a Custom Authorizer allows you to perform your own authorization using an AWS Lambda function. +See [Custom Authorizer](https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html) for more information. +You will need to setup your Custom Authorizer so that the lambda function returns a policy document. +See [this page on the documentation](https://docs.aws.amazon.com/iot/latest/developerguide/config-custom-auth.html) for more details and example return result. +You can customize this lambda function as needed for your application to provide your own security measures based on the needs of your application. +Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. +Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended. + +If you want to use simple or custom auth (or static creds, or basic auth, etc) instead, +then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme. + +
+ (code snipet to replace similar section) +
+
+def connection_setup():
+    # cmdData is the arguments/input from the command line placed into a single struct for
+    # use in this sample. This handles all of the command line parsing, validating, etc.
+    # See the Utils/CommandLineUtils for more information.
+    cmdData = CommandLineUtils.parse_sample_input_custom_authorizer_connect()
+    # Create the proxy options if the data is present in cmdData
+    proxy_options = None
+
+    if cmdData.input_proxy_host is not None and cmdData.input_proxy_port != 0:
+        proxy_options = http.HttpProxyOptions(
+            host_name=cmdData.input_proxy_host,
+            port=cmdData.input_proxy_port)
+
+    # Create a default credentials provider and a MQTT connection from the command line data
+    credentials_provider = auth.AwsCredentialsProvider.new_default_chain()
+
+    mqtt_connection = mqtt_connection_builder.websockets_with_custom_authorizer(
+        endpoint=cmdData.input_endpoint,
+        credentials_provider=credentials_provider,
+        auth_username=cmdData.input_input_custom_auth_username,
+        auth_authorizer_name=cmdData.input_custom_authorizer_name,
+        auth_authorizer_signature=cmdData.input_custom_authorizer_signature,
+        auth_password=cmdData.input_custom_auth_password,
+        auth_token_key_name=cmdData.input_custom_authorizer_token_key_name,
+        auth_token_value=cmdData.input_custom_authorizer_token_value,
+        on_connection_interrupted=on_connection_interrupted,
+        on_connection_resumed=on_connection_resumed,
+        client_id=cmdData.input_clientId,
+        clean_session=False,
+        keep_alive_secs=30)
+
+    return mqtt_connection, cmdData
+
+
+
+
+ +## How to run +Options for custom auth +``` +--custom_auth_username +--custom_auth_authorizer_name +--custom_auth_authorizer_signature +--custom_auth_password +--custom_auth_token_name +--custom_auth_token_value +``` + +To run the websocket connect from the `samples` folder, use the following command: +``` sh +# For Windows: replace 'python3' with 'python' and '/' with '\' +python3 websocket_connect.py --endpoint --custom_auth_username --custom_auth_authorizer_name --custom_auth_authorizer_signature --custom_auth_password --custom_auth_token_name --custom_auth_token_value +``` + + +# Websocket Connection Using Static Credentials +This sample makes an MQTT connection via Websockets and then disconnects. +On startup, the device connects to the server via Websockets then disconnects right after. +This sample demonstrates connecting via static credentials. + +If you want to use simple or custom auth (or static creds, or basic auth, etc) instead, +then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme. + +For this sample, using Websockets will attempt to fetch the AWS credentials to authorize the connection from static credentials. + +
+ (code snipet to replace similar section) +
+
+def connection_setup():
+    # cmdData is the arguments/input from the command line placed into a single struct for
+    # use in this sample. This handles all of the command line parsing, validating, etc.
+    # See the Utils/CommandLineUtils for more information.
+    cmdData = CommandLineUtils.parse_sample_input_static_credentials_connect()
+
+    cred_provider = AwsCredentialsProvider.new_static(
+        access_key_id=cmdData.input_access_key_id,
+        secret_access_key=cmdData.input_secret_access_key,
+        session_token=cmdData.input_session_token)
+
+    mqtt_connection = mqtt_connection_builder.websockets_with_default_aws_signing(
+        region=cmdData.input_signing_region,
+        credentials_provider=cred_provider,
+        endpoint=cmdData.input_endpoint,
+        client_id=cmdData.input_clientId)
+
+    return mqtt_connection, cmdData
+
+
+
+ +## How to run + +Options for static credentials +``` +--access_key_id +--secret_access_key +--session_token +``` + +To run the websocket connect from the `samples` folder, use the following command: +``` sh +# For Windows: replace 'python3' with 'python' and '/' with '\' +python3 websocket_connect.py --endpoint --signing_region --access_key_id --secret_access_key --session_token +``` + diff --git a/samples/websocket_connect_custom_auth.md b/samples/websocket_connect_custom_auth.md deleted file mode 100644 index 72ca0c81..00000000 --- a/samples/websocket_connect_custom_auth.md +++ /dev/null @@ -1,107 +0,0 @@ -# Websocket Connect with Custom Authentication - -[**Return to main sample list**](../../README.md) - -This sample makes an MQTT connection and connects through a [Custom Authorizer](https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html). -On startup, the device connects to the server and then disconnects. -This sample is for reference on connecting using a Custom Authorizer. -Using a Custom Authorizer allows you to perform your own authorization using an AWS Lambda function. -See [Custom Authorizer](https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html) for more information. -You will need to setup your Custom Authorizer so that the lambda function returns a policy document. -See [this page on the documentation](https://docs.aws.amazon.com/iot/latest/developerguide/config-custom-auth.html) for more details and example return result. -You can customize this lambda function as needed for your application to provide your own security measures based on the needs of your application. -Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. -Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended. - -If you want to use simple or custom auth (or static creds, or basic auth, etc) instead, -then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme. - -Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended. - -
-(see sample policy) -
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "iot:Connect"
-      ],
-      "Resource": [
-        "arn:aws:iot:region:account:client/test-*"
-      ]
-    }
-  ]
-}
-
- - -Replace with the following with the data from your AWS account: -* ``: The AWS IoT Core region where you created your AWS IoT Core thing you wish to use with this sample. For example `us-east-1`. -* ``: Your AWS IoT Core account ID. This is the set of numbers in the top right next to your AWS account name when using the AWS IoT Core website. - -Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. Please follow best practices when working with AWS on production applications using the SDK. Also, for the purposes of this sample, please make sure your policy allows a client ID of `test-*` to connect or use `--client_id ` to send the client ID your policy supports. - -For this sample, using Websockets will attempt to connect using custom auth. - -
- -
- (code snipet to replace similar section) -
-
-def connection_setup():
-    # cmdData is the arguments/input from the command line placed into a single struct for
-    # use in this sample. This handles all of the command line parsing, validating, etc.
-    # See the Utils/CommandLineUtils for more information.
-    cmdData = CommandLineUtils.parse_sample_input_custom_authorizer_connect()
-    # Create the proxy options if the data is present in cmdData
-    proxy_options = None
-    if cmdData.input_proxy_host is not None and cmdData.input_proxy_port != 0:
-        proxy_options = http.HttpProxyOptions(
-            host_name=cmdData.input_proxy_host,
-            port=cmdData.input_proxy_port)
-
-    # Create a default credentials provider and a MQTT connection from the command line data
-    credentials_provider = auth.AwsCredentialsProvider.new_default_chain()
-    mqtt_connection = mqtt_connection_builder.websockets_with_custom_authorizer(
-        endpoint=cmdData.input_endpoint,
-        region=cmdData.input_signing_region,
-        credentials_provider=credentials_provider,
-        auth_username=cmdData.input_input_custom_auth_username,
-        auth_authorizer_name=cmdData.input_custom_authorizer_name,
-        auth_authorizer_signature=cmdData.input_custom_authorizer_signature,
-        auth_password=cmdData.input_custom_auth_password,
-        auth_token_key_name=cmdData.input_custom_authorizer_token_key_name,
-        auth_token_value=cmdData.input_custom_authorizer_token_value,
-        on_connection_interrupted=on_connection_interrupted,
-        on_connection_resumed=on_connection_resumed,
-        client_id=cmdData.input_clientId,
-        clean_session=False,
-        keep_alive_secs=30)
-
-    return mqtt_connection, cmdData
-
-
-
-
- -## How to run -Options for custom auth -``` ---custom_auth_username ---custom_auth_authorizer_name ---custom_auth_authorizer_signature ---custom_auth_password ---custom_auth_token_name ---custom_auth_token_value -``` - -To run the websocket connect from the `samples` folder, use the following command: -``` sh -# For Windows: replace 'python3' with 'python' and '/' with '\' -python3 websocket_connect.py --endpoint --signing_region --custom_auth_username --custom_auth_authorizer_name --custom_auth_authorizer_signature --custom_auth_password --custom_auth_token_name --custom_auth_token_value -``` - diff --git a/samples/websocket_connect_static_credentials.md b/samples/websocket_connect_static_credentials.md deleted file mode 100644 index c6cfd544..00000000 --- a/samples/websocket_connect_static_credentials.md +++ /dev/null @@ -1,82 +0,0 @@ -# Websocket Connect with static credentials - -[**Return to main sample list**](../../README.md) - -This sample makes an MQTT connection via Websockets and then disconnects. -On startup, the device connects to the server via Websockets then disconnects right after. -This sample demonstrates connecting via static credentials. - -If you want to use simple or custom auth (or static creds, or basic auth, etc) instead, -then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme. - -Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended. - -
-(see sample policy) -
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "iot:Connect"
-      ],
-      "Resource": [
-        "arn:aws:iot:region:account:client/test-*"
-      ]
-    }
-  ]
-}
-
- -Replace with the following with the data from your AWS account: -* ``: The AWS IoT Core region where you created your AWS IoT Core thing you wish to use with this sample. For example `us-east-1`. -* ``: Your AWS IoT Core account ID. This is the set of numbers in the top right next to your AWS account name when using the AWS IoT Core website. - -Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. Please follow best practices when working with AWS on production applications using the SDK. Also, for the purposes of this sample, please make sure your policy allows a client ID of `test-*` to connect or use `--client_id ` to send the client ID your policy supports. - -For this sample, using Websockets will attempt to fetch the AWS credentials to authorize the connection from static credentials. - -
- - -
- (code snipet to replace similar section) -
-
-def connection_setup():
-    # cmdData is the arguments/input from the command line placed into a single struct for
-    # use in this sample. This handles all of the command line parsing, validating, etc.
-    # See the Utils/CommandLineUtils for more information.
-    cmdData = CommandLineUtils.parse_sample_input_static_credentials_connect()
-    cred_provider = AwsCredentialsProvider.new_static(
-        access_key_id=cmdData.input_access_key_id,
-        secret_access_key=cmdData.input_secret_access_key,
-        session_token=cmdData.input_session_token)
-    mqtt_connection = mqtt_connection_builder.websockets_with_default_aws_signing(
-        region=cmdData.input_signing_region,
-        credentials_provider=cred_provider,
-        endpoint=cmdData.input_endpoint,
-        client_id=cmdData.input_clientId)
-
-    return mqtt_connection, cmdData
-
-
-
- -## How to run - -Options for static credentials -``` ---access_key_id ---secret_access_key ---session_token -``` - -To run the websocket connect from the `samples` folder, use the following command: -``` sh -# For Windows: replace 'python3' with 'python' and '/' with '\' -python3 websocket_connect.py --endpoint --signing_region --access_key_id --secret_access_key --session_token -``` - From 7494edf1d4c384c71ce6cb56ab4825ab619c94ea Mon Sep 17 00:00:00 2001 From: Alfred Gedeon Date: Thu, 11 Jan 2024 23:09:15 -0800 Subject: [PATCH 3/7] Fix local links --- samples/websocket_connect.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/samples/websocket_connect.md b/samples/websocket_connect.md index 5eeed83a..ce6fab63 100644 --- a/samples/websocket_connect.md +++ b/samples/websocket_connect.md @@ -3,8 +3,9 @@ [**Return to main sample list**](./README.md) If you want to use custom auth (or static creds, or basic auth, etc) instead, then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme. -[**Websocket Connection Using Custom Authentication**](#Websocket Connection Using Custom Authentication) -[**Websocket Connection Using Static Credentials**](#Websocket Connection Using Custom Authentication) + +[**Websocket Connection Using Custom Authentication**](#Websocket-Connection-Using-Custom-Authentication) +[**Websocket Connection Using Static Credentials**](#Websocket-Connection-Using-Custom-Authentication) This sample makes an MQTT connection via Websockets and then disconnects. On startup, the device connects to the server via Websockets and then disconnects right after. @@ -78,7 +79,7 @@ If you want to use simple or custom auth (or static creds, or basic auth, etc) i then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme.
- (code snipet to replace similar section) + (code snipet to replace the similar function) 
 
 def connection_setup():
@@ -147,7 +148,7 @@ then you will need to replace part of the sample (connection\_setup function) wi
 For this sample, using Websockets will attempt to fetch the AWS credentials to authorize the connection from static credentials.
 
 

- (code snipet to replace similar section)
+ (code snipet to replace the similar function)
 
 
 def connection_setup():

From 9fb6d4b395f2eab02b5fdbe49100aaf8201ae0f9 Mon Sep 17 00:00:00 2001
From: Alfred Gedeon 
Date: Thu, 11 Jan 2024 23:13:17 -0800
Subject: [PATCH 4/7] Fix local links

---
 samples/websocket_connect.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/samples/websocket_connect.md b/samples/websocket_connect.md
index ce6fab63..95cf242c 100644
--- a/samples/websocket_connect.md
+++ b/samples/websocket_connect.md
@@ -4,8 +4,8 @@
 If you want to use custom auth (or static creds, or basic auth, etc) instead,
 then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme.
 
-[**Websocket Connection Using Custom Authentication**](#Websocket-Connection-Using-Custom-Authentication)
-[**Websocket Connection Using Static Credentials**](#Websocket-Connection-Using-Custom-Authentication)
+[Websocket Connection Using Custom Authentication](#Websocket-Connection-Using-Custom-Authentication)
+[Websocket Connection Using Static Credentials](#Websocket-Connection-Using-Custom-Authentication)
 
 This sample makes an MQTT connection via Websockets and then disconnects.
 On startup, the device connects to the server via Websockets and then disconnects right after.

From 28eecfd6823df09e9e078bfb4e729c2e59c3fdba Mon Sep 17 00:00:00 2001
From: Alfred Gedeon 
Date: Thu, 11 Jan 2024 23:17:16 -0800
Subject: [PATCH 5/7] Fix local links

---
 samples/websocket_connect.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/samples/websocket_connect.md b/samples/websocket_connect.md
index 95cf242c..8d249061 100644
--- a/samples/websocket_connect.md
+++ b/samples/websocket_connect.md
@@ -4,8 +4,8 @@
 If you want to use custom auth (or static creds, or basic auth, etc) instead,
 then you will need to replace part of the sample (connection\_setup function) with a code snippet we provided in its corresponding readme.
 
-[Websocket Connection Using Custom Authentication](#Websocket-Connection-Using-Custom-Authentication)
-[Websocket Connection Using Static Credentials](#Websocket-Connection-Using-Custom-Authentication)
+* [Websocket Connection Using Custom Authentication](#websocket-connection-using-custom-authentication)
+* [Websocket Connection Using Static Credentials](#websocket-connection-using-custom-authentication)
 
 This sample makes an MQTT connection via Websockets and then disconnects.
 On startup, the device connects to the server via Websockets and then disconnects right after.

From 5344440a1956c0de853074807393b52d7288aac5 Mon Sep 17 00:00:00 2001
From: Alfred Gedeon 
Date: Thu, 25 Jan 2024 16:11:03 -0800
Subject: [PATCH 6/7] add connection_setup to websocket_connect

---
 samples/websocket_connect.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/samples/websocket_connect.py b/samples/websocket_connect.py
index 3afa91b8..1edf9010 100644
--- a/samples/websocket_connect.py
+++ b/samples/websocket_connect.py
@@ -8,10 +8,6 @@
 # This sample shows how to create a MQTT connection using websockets.
 # This sample is intended to be used as a reference for making MQTT connections.
 
-# cmdData is the arguments/input from the command line placed into a single struct for
-# use in this sample. This handles all of the command line parsing, validating, etc.
-# See the Utils/CommandLineUtils for more information.
-cmdData = CommandLineUtils.parse_sample_input_websocket_connect()
 
 # Callback when connection is accidentally lost.
 def on_connection_interrupted(connection, error, **kwargs):
@@ -21,8 +17,12 @@ def on_connection_interrupted(connection, error, **kwargs):
 def on_connection_resumed(connection, return_code, session_present, **kwargs):
     print("Connection resumed. return_code: {} session_present: {}".format(return_code, session_present))
 
+def connection_setup():
+    # cmdData is the arguments/input from the command line placed into a single struct for
+    # use in this sample. This handles all of the command line parsing, validating, etc.
+    # See the Utils/CommandLineUtils for more information.
+    cmdData = CommandLineUtils.parse_sample_input_websocket_connect()
 
-if __name__ == '__main__':
     # Create the proxy options if the data is present in cmdData
     proxy_options = None
     if cmdData.input_proxy_host is not None and cmdData.input_proxy_port != 0:
@@ -43,6 +43,9 @@ def on_connection_resumed(connection, return_code, session_present, **kwargs):
         clean_session=False,
         keep_alive_secs=30)
 
+if __name__ == '__main__':
+    mqtt_connection, cmdData = connection_setup()
+
     if not cmdData.input_is_ci:
         print(f"Connecting to {cmdData.input_endpoint} with client ID '{cmdData.input_clientId}'...")
     else:

From 4566aae773946e4d59fedca59cfa73efa684962c Mon Sep 17 00:00:00 2001
From: Alfred Gedeon 
Date: Thu, 25 Jan 2024 16:13:31 -0800
Subject: [PATCH 7/7] add return

---
 samples/websocket_connect.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/samples/websocket_connect.py b/samples/websocket_connect.py
index 1edf9010..5db42cb8 100644
--- a/samples/websocket_connect.py
+++ b/samples/websocket_connect.py
@@ -42,6 +42,7 @@ def connection_setup():
         client_id=cmdData.input_clientId,
         clean_session=False,
         keep_alive_secs=30)
+    return mqtt_connection, cmdData
 
 if __name__ == '__main__':
     mqtt_connection, cmdData = connection_setup()