Return to main sample list Jump To:
This sample uses the
Message Broker
for AWS IoT to send and receive messages through an MQTT connection using MQTT5 and a websocket as transport. Using websockets as transport requires the initial handshake request to be signed with the AWS Sigv4 signing algorithm. AwsCredentialsProvider.new_default_chain is used to source credentials via the default credentials provider chain to sign the websocket handshake.
You can read more about MQTT5 for the Python IoT Device SDK V2 in the MQTT5 user guide.
The AWS IAM permission policy associated with the AWS credentials resolved by the default credentials provider chain must provide privileges for the sample to connect, subscribe, publish, and receive. Below is a sample policy will allow this sample to run as intended.
(see sample policy)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Receive"
],
"Resource": [
"arn:aws:iot:region:account:topic/test/topic"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:region:account:topicfilter/test/topic"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:region:account:client/mqtt5-sample-*"
]
}
]
}
Replace with the following with the data from your AWS account:
<region>: The AWS IoT Core region where you created your AWS IoT Core thing you wish to use with this sample. For exampleus-east-1.<account>: Your AWS IoT Core account ID. This is the set of numbers in the top right next to your AWS account name when using the AWS IoT Core website.
Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. Please follow best practices when working with AWS on production applications using the SDK. Also, for the purposes of this sample, please make sure your policy allows a client ID of mqtt5-sample-* to connect or use --client_id <client ID here> to send the client ID your policy supports.
The signing_region parameter specifies the AWS region used to sign WebSocket connection requests via SigV4 authentication. It must match the region of your AWS IoT Core endpoint.
For example, if your endpoint is abcdef12345-ats.iot.us-west-2.amazonaws.com, the signing region is us-west-2.
To Run this sample from the samples\mqtt folder, use the following command:
# For Windows: replace 'python3' with 'python' and '/' with '\'
python3 mqtt5_aws_websocket.py \
--endpoint <AWS IoT endpoint> \
--signing_region <Signing region for websocket connection>If you would like to see what optional arguments are available, use the --help argument:
# For Windows: replace 'python3' with 'python' and '/' with '\'
python3 mqtt5_aws_websocket.py --helpwill result in the following output:
MQTT5 AWS Websocket Sample.
options:
-h, --help show this help message and exit
required arguments:
--endpoint IoT endpoint hostname (default: None)
--signing_region Signing region for websocket connection (default: None)
optional arguments:
--client_id Client ID (default: mqtt5-sample-<uuid>)
--topic Topic (default: test/topic)
--message Message payload (default: Hello from mqtt5 sample)
--count Messages to publish (0 = infinite) (default: 5)
The sample will not run without the required arguments and will notify you of missing arguments.
Additional help with the MQTT5 Client can be found in the MQTT5 Userguide. This guide will provide more details on MQTT5 operations, lifecycle events, connection methods, and other useful information.
These code examples interact with services that may incur charges to your AWS account. For more information, see AWS Pricing.
Additionally, example code might theoretically modify or delete existing AWS resources. As a matter of due diligence, do the following:
- Be aware of the resources that these examples create or delete.
- Be aware of the costs that might be charged to your account as a result.
- Back up your important data.