AWS iot client wont connect to broker

androidzz
2022-07-29
2022-10-14
  • androidzz - 2022-07-29

    The AWS IOT Client has Busy = TRUE but it wont connect to the broker, see image. I got a certificate with private key installed in codesys(attachment) which corresponds with the AWS IOT server.

    What can be the problem im really out of idea's

     
  • androidzz - 2022-07-29

    Ill upload attachments again in this post.

    I followed that guide. At step 67 my program differs. mine wont connect to the broker.

     
  • androidzz - 2022-07-29
     

    Last edit: androidzz 2022-07-29
  • i-campbell

    i-campbell - 2022-07-29

    I think you should try to create a CSR like in the guide. The certificate name has to be the same as the client ID/Thing name i think.

    also, make sure the permissions are set up right. it looks like you are trying to publish a last will to the topic 'my last will'. so make sure you have permissions to publish to 'my last will'.

     
  • man2002 - 2022-10-03

    Hello Androidzz,

    I am having a similar problem with connecting to the AWS server from Codesys (Codesys V3.5 SP17 Patch). I am using the AWS IoT Core Client Example as a means of connection to the server. I followed the same guide as the one posted by J-Campbell above.

    I created the certificates per the guide and I cannot seem to establish a connection to the server (I am getting a busy response). I have attached a copy of my certs in CODESYS and my setup in the PLC_PRG for reference. I am really running out of ideas on how to rectify the problem. How and what did you do to fix the problem? Thank you for your help.

     
    • rdcoulton - 2022-10-03

      Hi man2002,

      Might not be the answer to your issue, but the screenshot of the certificates shows all three in the same folder.

      The AWS Device certificate should be in the "Own Certificates" folder in the Device Security Manager and the AWS ones in the "Trusted Certificates Folder".

      The other thing to check would be the Policies in the AWS Security settings section as this can cause hours of head aches!

      As a basic test policy - not to be used for day-to-day as it could pose a security risk - you could create a basic allow all policy, and apply this security policy to the Thing profile you have for the PLC. This would be something along the lines of the attached policy, but with the XXXXXXXXXXXX section replaced with your AWS Account ID and the Region set to your selected AWS Region.

      This allows the Thing that matches a thing name to connect, and then both Publish and Receive to any Topic and it also allows the Thing to Subscribe to any Topic.

      In deployment a more secure variant should be ideally used limiting access to only relevant Topics etc for that Thing.

      Regards,

      Richard

       

      Last edit: rdcoulton 2022-10-03
  • man2002 - 2022-10-03

    Hi Rdcoulton,

    Thank you for your prompt response. I have and had the AWS Device certificate in the "Own Certificates" in the Device Security Manager. I however made the rest of changes that you recommended and my "xbusy" communication status has graduated into an "xError."

    I made changes to the Policy attached to my "thing" in the AWS server for a more open access per your suggestion as well. I am yet to make a valid error free communication yet.

    I really appreciate you for taking the time in looking into this on behalf. I have also attached my changes to both the CODESYS Security Screen and AWS Server. I have attached copies of the changes for your inspection reference for more guidance.

    Thanks once again.

     
    • androidzz - 2022-10-14

      Try removing the last topic. I succesfully established connection to the AWS broker with no (or another) last will topic

       
  • androidzz - 2022-10-06

    Hello,

    I have the right permissions. I uploaded the certificates just as in the tutorial (https://faq.codesys.com/pages/viewpage.action?pageId=119504904).

    The AWS client FB remains on a TCP_READ_ERROR. It seems that we cannot/should not connect to AWS. This could be due to the certificates. See attachment.

    Now, if we are to follow the approach in this Codesys documentation with the necessary adjustments following changes to the AWS console, we would be generating a certificate signing request (CSR) (steps 37-41). We have generated the signed certificate based on the CSR using Amazon as the certificate authority. The certificate file along with the root CA files are attached to this email. These files are needed in steps 61-66.

    We do not have a privite key (belonging to the CSR file of steps 37-41) in our hands. Based on Codesys' documentation, one must assume that the private key is available somewhere within the Codesys environment.

    Can this be verified?

    Kind regard!

    EDIT: I do have certifictes in "own"certificates but the screenshot is not showing this :)

     

    Last edit: androidzz 2022-10-06
  • androidzz - 2022-10-10

    @man2002 did you had any luck so far connecting to the AWS broker?

     
    • man2002 - 2022-10-10

      Hi Androidzz,

      No luck so far. I am looking into using Mosquitto as a broker and using the Linux VM on the AWS as an alternative. I will let keep you posted should anything change.

       

      Last edit: man2002 2022-10-10

Log in to post a comment.