Unable to connect to AwS IoT Core with blinking app

  • Dear all.
    I believe I have follow all the steps as described in : https://edukit.workshop.aws/en/blinky-hello-world/blinking-the-leds.html Unfortunately the blink app is not able to connect to the AWS IoT Core. Please check the table of all the steps I have done. Have I missed something? Did I make a mistake somewhere? Help is appreciated. Regards
    Getting started https://edukit.workshop.aws/en/getting-started.html
    M5Stack Core 2 AWS https://shop.m5stack.com/collections/stack-series/products/m5stack-core2-esp32-iot-development-kit-for-aws-iot-edukit Check
    Mac OS X Visual studio code https://visualstudio.microsoft.com Check
    ESP Rainmaker for IOS https://apps.apple.com/us/app/esp-rainmaker/id1497491540 Check
    Silicon Labs USB to UART bridge setup Check
    Cloning the code repository https://github.com/m5stack/Core2-for-AWS-IoT-EduKit.git Check
    Building and uploading the RainMaker Agent firmware pio run --environment core2foraws
    Check Check
    Compile firmware pio run --environment core2foraws --target upload
    Monitor serial port pio run --environment core2foraws --target monitor
    Claiming and provisioning the device QR code received, scanned in with rainmaker app Check
    Have an AWS account that is not running production workloads Check
    Downloading and Installing the AWS CLI Check
    Configuring the AWS CLI Was configure run. IAM user credentials stored. Not sure about region, choose us-west-2 although I am in Europe. Does that matter? Check
    Check CLI aws --version Check
    Next, you will verify the AWS CLI is configured with your IAM credentials and US West (Oregon) region aws iot describe-endpoint --endpoint-type iot:Data-ATS
    Opening the Blink Hello World project Check
    Retrieving the Device Certificate and Registering your AWS IoT thing cd utilities/AWS_IoT_registration_helper python3 registration_helper.py -p 2 Check (Port 2 is used)
    go back to the Blinky-Hello-World directory cd ../..
    Before you set the configuration, you will first need to retrieve your AWS IoT endpoint. aws iot describe-endpoint --endpoint-type iot:Data-ATS
    Now, you’ll go into the KConfig menu to configure the required symbols, including Wi-Fi and AWS IoT endpoint address. Start by switching to the Blink-Hello-World directory of the repository in the PIO terminal window and enter pio run --environment core2foraws --target menuconfig

    Component config –> Amazon Web Services IoT Platform and open AWS IoT Endpoint Hostname to set the string

    Then select AWS IoT EduKit Configuration from the menu. Set your WiFi SSID and WiFi Password with your Wi-FI credentials Check
    To build the firmware, paste in the command below (it will take several minutes): pio run --environment core2foraws
    With the build successful, it’s time to upload the compiled firmware to the connected device over USB by running the command pio run --environment core2foraws --target upload
    Lastly, monitor the serial output from the device on your host machine via: pio run --environment core2foraws --target monitor
    And this is where the monitor show this error ␛[0;31mE (133448) MAIN: Error(-12) connecting to XXXXXXXXXXXXXXX-ats.iot.us-west-2.amazonaws.com:8883␛[0m
    ␛[0;32mI (134508) aws_iot: Attempting to use device certificate from ATECC608␛[0m
    ␛[0;31mE (137328) aws_iot: Failed
    ! mbedtls_ssl_read returned -0x7880 No connection.
    Display shows WiFi symbol
    Starting Cloud Connected Blinky
    Connecting to AWS IoT Core..

  • Have you copied
    Private Key,
    and the region cert to the core?
    Please use an access point in the EU closer to you otherwise you may be charged a stupid fee.
    AWS is a PITA to get working. I had it working on an ATOM but forgotten how I did it and been to busy to look into redoing the steps.

  • Also you need to rename the keys to private.key, public.key and region.cert long filenames with symbols don't work.

  • @ajb2k3 Thank you. After fully erasing the firmware I have executed again all the steps in the AWS getting started section. Again, same error about connection issue. The steps about Private key, Public key and region are not mentioned in the manual for Cloud connected Blinky.
    I should point out to that I was able te recreate the getting started example and are able to connect my rainmaker app on my iPhone with the AWS module. So that is at least a small step. I hope anyone can chip in.

  • The Core2 for AWS has a pre-provisioned secure element that has a private key and paired public key to be used for registering the device to AWS and establishing a secure TLS connection. This not only prevents anyone from accidentally leaking the private key, but also enables a more systematic registration procedure. The provided script extracts the public key and signs it and sends it to AWS IoT. Ajb2k3's instructions won't apply here.

    Using US West 2 when you're in Europe won't charge you any additional fees either. The only effect you should see is additional latency, but within the thresholds of what's allowed before triggering a timeout. We selected us-west-2 for this reason and tested in multiple countries.

    The error code meanings from mbedtls' SSL APIs can be viewed here. So mbedtls_ssl_read returning a -0x7880 means /**< The peer notified us that the connection is going to be closed. */. So AWS is closing the connection.

    Few things to check:

    1. Did the registration script say it successfully registered the thing? If you re-run it, you should get an error at the end that says it couldn't register because the thing already exists.
    2. Are you 100% sure you copied the endpoint address correctly? We've seen a few users either miss a character or add the quotation marks.
    3. When you go to your AWS Console to view your things at https://us-west-2.console.aws.amazon.com/iot/home?region=us-west-2#/thinghub, do you see the device there? If you do and you click the thing name (e.g. 01xxxxxxx), then the certificates tab, you should see a long ID for the certificate that belongs to the device. If you click that certificate ID, then the Policies tab, you should see a policy that's attached to that certificate called Default.

    If all of that checks out, the device should definitely connect. We know that the device is connected to WiFi because it won't try to connect to AWS IoT over MQTT otherwise. If the port was being blocked by the firewall, you should see a different error code. Let me know what happens there.

    Sorry for the delayed response. We usually expect people going through the program assets to use the support links and post in the GitHub discussions.

  • @rashedtalukder "Using US West 2 when you're in Europe won't charge you any additional fees either. The only effect you should see is additional latency, but within the thresholds of what's allowed before triggering a timeout. We selected us-west-2 for this reason and tested in multiple countries."

    Really I was charged!

    BTW welcome to the forum !

  • I don't see that in our pricing matrix:

    Our pricing for simple usage to the message broker is generally connection minutes and messages transferred. We don't have location as part of that pricing.

  • @rashedtalukder Neather did I but When I tried to use a region outside the UK (I'm based in the UK) I got charged.
    BTW, I managed to jigger my OSX system into working (after a few other hiccups with the getting started guide) and wrote my own guide today.

  • You should file a ticket with support to get a refund. I don't believe you should've been charged unless you were doing something else or using other features.