From 00602d43042395963e3f83a53eba3c9d8e2f268b Mon Sep 17 00:00:00 2001 From: Alfred Gedeon Date: Wed, 23 Aug 2023 09:49:32 -0700 Subject: [PATCH 1/3] Doc: Correct aws secret access env variable --- documents/MQTT5_Userguide.md | 2 +- samples/Mqtt5/PubSub/README.md | 2 +- samples/WebsocketConnect/README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/documents/MQTT5_Userguide.md b/documents/MQTT5_Userguide.md index 471ac8efb..af68bcb9b 100644 --- a/documents/MQTT5_Userguide.md +++ b/documents/MQTT5_Userguide.md @@ -130,7 +130,7 @@ String clientEndpoint = "-ats.iot..amazonaws.com"; AwsIotMqtt5ClientBuilder builder = AwsIotMqtt5ClientBuilder.newWebsocketMqttBuilderWithSigv4Auth(clientEndpoint, null); ~~~ -See the [authorizing direct AWS](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) page for documentation on how to get the AWS credentials, which then can be set to the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS`, and `AWS_SESSION_TOKEN` environment variables prior to running the application. +See the [authorizing direct AWS](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) page for documentation on how to get the AWS credentials, which then can be set to the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables prior to running the application. Alternatively, if you're connecting to a special region for which standard pattern matching does not work, or if you need a specific credentials provider, you can specify advanced websocket configuration options using the following code: diff --git a/samples/Mqtt5/PubSub/README.md b/samples/Mqtt5/PubSub/README.md index 56f1ce7ac..6d8ded573 100644 --- a/samples/Mqtt5/PubSub/README.md +++ b/samples/Mqtt5/PubSub/README.md @@ -82,4 +82,4 @@ To Run this sample using Websockets, use the following command: mvn compile exec:java -pl samples/Mqtt5/PubSub -Dexec.mainClass=mqtt5.pubsub.PubSub -Dexec.args='--endpoint --signing_region ' ``` -Note that to run this sample using Websockets, you will need to set your AWS credentials in your environment variables or local files. See the [authorizing direct AWS](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) page for documentation on how to get the AWS credentials, which then you can set to the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS`, and `AWS_SESSION_TOKEN` environment variables. +Note that to run this sample using Websockets, you will need to set your AWS credentials in your environment variables or local files. See the [authorizing direct AWS](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) page for documentation on how to get the AWS credentials, which then you can set to the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables. diff --git a/samples/WebsocketConnect/README.md b/samples/WebsocketConnect/README.md index 434a90c9a..d34f7d413 100644 --- a/samples/WebsocketConnect/README.md +++ b/samples/WebsocketConnect/README.md @@ -31,7 +31,7 @@ Replace with the following with the data from your AWS account: Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. Please follow best practices when working with AWS on production applications using the SDK. Also, for the purposes of this sample, please make sure your policy allows a client ID of `test-*` to connect or use `--client_id ` to send the client ID your policy supports. -For this sample, using Websockets will attempt to fetch the AWS credentials to authorize the connection from your environment variables or local files. See the [authorizing direct AWS](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) page for documentation on how to get the AWS credentials, which then you can set to the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS`, and `AWS_SESSION_TOKEN` environment variables. +For this sample, using Websockets will attempt to fetch the AWS credentials to authorize the connection from your environment variables or local files. See the [authorizing direct AWS](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) page for documentation on how to get the AWS credentials, which then you can set to the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables. From 6035ff0702b3f94f31ecc23c40fdf1940287523d Mon Sep 17 00:00:00 2001 From: Joseph Klix Date: Fri, 30 Aug 2024 12:26:10 -0700 Subject: [PATCH 2/3] Update MQTT5_Userguide.md --- documents/MQTT5_Userguide.md | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/documents/MQTT5_Userguide.md b/documents/MQTT5_Userguide.md index cb336aa67..ab56aebe1 100644 --- a/documents/MQTT5_Userguide.md +++ b/documents/MQTT5_Userguide.md @@ -108,36 +108,6 @@ String keyData = readFile("", StandardCharsets.UTF_8); AwsIotMqtt5ClientBuilder builder = AwsIotMqtt5ClientBuilder.newMtlsBuilder(clientEndpoint, certificateData, keyData); ~~~ -### **Websocket Connection with Sigv4 Authentication Method** - -Sigv4-based authentication requires a credentials provider capable of sourcing valid AWS credentials. Sourced credentials will sign the websocket upgrade request made by the client while connecting. The default credentials provider chain supported by the SDK is capable of resolving credentials in a variety of environments according to a chain of priorities: - -~~~ -Environment -> Profile (local file system) -> STS Web Identity -> IMDS (ec2) or ECS -~~~ - -If the default credentials provider chain and built-in AWS region extraction logic are sufficient, you do not need to specify any additional configuration and can use the following code: - -~~~ java -String clientEndpoint = "-ats.iot..amazonaws.com"; -AwsIotMqtt5ClientBuilder builder = AwsIotMqtt5ClientBuilder.newWebsocketMqttBuilderWithSigv4Auth(clientEndpoint, null); -~~~ - -See the [authorizing direct AWS](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) page for documentation on how to get the AWS credentials, which then can be set to the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables prior to running the application. - -Alternatively, if you're connecting to a special region for which standard pattern matching does not work, or if you need a specific credentials provider, you can specify advanced websocket configuration options using the following code: - -~~~ java -WebsocketSigv4Config websocketConfig = new WebsocketSigv4Config(); -websocketConfig.region = "us-east-1"; -DefaultChainCredentialsProvider.DefaultChainCredentialsProviderBuilder providerBuilder = new DefaultChainCredentialsProvider.DefaultChainCredentialsProviderBuilder(); -providerBuilder.withClientBootstrap(ClientBootstrap.getOrCreateStaticDefault()); -websocketConfig.credentialsProvider = providerBuilder.build(); - -String clientEndpoint = "-ats.iot..amazonaws.com"; -AwsIotMqtt5ClientBuilder builder = AwsIotMqtt5ClientBuilder.newWebsocketMqttBuilderWithSigv4Auth(clientEndpoint, websocketConfig); -~~~ - ### **Direct MQTT with Custom Authorizer Method** A MQTT5 direct connection can be made using a [Custom Authorizer](https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html) rather than a certificate and key file like in the Direct Connection section above. Instead of using Mutual TLS to connect, a Custom Authorizer can be invoked instead and used to authorize the connection. When making a connection to a Custom Authorizer, the MQTT5 client can optionally passing username, password, and/or token signature arguments based on the configuration of the Custom Authorizer on AWS IoT Core. From 3f25e9da6e5712adaf92b19b7365ca9891beed6f Mon Sep 17 00:00:00 2001 From: Joseph Klix Date: Fri, 30 Aug 2024 12:28:37 -0700 Subject: [PATCH 3/3] Update MQTT5_Userguide.md --- documents/MQTT5_Userguide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documents/MQTT5_Userguide.md b/documents/MQTT5_Userguide.md index ab56aebe1..df416eead 100644 --- a/documents/MQTT5_Userguide.md +++ b/documents/MQTT5_Userguide.md @@ -289,7 +289,7 @@ String clientEndpoint = "-ats.iot..amazonaws.com"; AwsIotMqtt5ClientBuilder builder = AwsIotMqtt5ClientBuilder.newWebsocketMqttBuilderWithSigv4Auth(clientEndpoint, null); ~~~ -See the [authorizing direct AWS](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) page for documentation on how to get the AWS credentials, which then can be set to the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS`, and `AWS_SESSION_TOKEN` environment variables prior to running the application. +See the [authorizing direct AWS](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) page for documentation on how to get the AWS credentials, which then can be set to the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables prior to running the application. Alternatively, if you're connecting to a special region for which standard pattern matching does not work, or if you need a specific credentials provider, you can specify advanced websocket configuration options using the following code: