AWS IoT Best Practices


Understanding that Particle doesn’t provide HTTPS/TLS (even the lighter-weight elliptic curve crypto), it seems we’re left with webhooks to hit configured AWS endpoints.

Security is a hugely important thing for our customers, as I am sure many of yours. I am wondering what documentation / best-practices are out there?

In our particular case, we just need to be able to pub/sub MQTT topics…

There’s a decent-looking (community) library for that available for Particle which is fine, but for the fact that it is looking for username/password…so I presume there’s a technique for not hard-coding these in firmware.

Irrespective of that hard-coding question, AWS requires a significantly more secure mechanism to be able to access MQTT topics within their IoT platform (that or I’m not aware of a less-secure mechanism).

I welcome insights and discussion!

You can use the EEPROM Emulation as part of a configuration process to store and manage some value.

I Would very much an integration of the photon “safe” with MQTT, but still not have seen of this type.
however, Particle Cloud integrates with Google Cloud Platform already now

It would be very interesting, in my opinion, also a Integrator with AWS.
For now when I have to exchange messages MQTT, i use one or more servers that read the Event Stream Particle and then push data via MQTT.
The same thing would be feasible using WebHooks.

So it seems like the way to do this is to use code that is based on Amazon’s AWS embedded C SDK, changing the code to use byte arrays of your certificates rather than giving it file locations of the certs and then loading them from disk.

The AWS IoT Embedded C SDK uses mbed TLS, same as the Particle Firmware, so it might just be a simple matter for someone with sufficient motivation and skill to get this shoved into a Particle library.

I personally don’t have the C chops to do it, and I’m hoping that someone reading this at some point does.