Aws Jitp Mqtt Authenticator (abstractMqttDriver-AwsJitpMqttAuthenticator)
The Aws Jitp Mqtt Authenticator component connects to Amazon Web Services (AWS) utilizing the Just In Time Provisioning (JITP) functionality as configured in the awsUtils module. See “Configuring Just In Time Provisioning” in the “Niagara AWS Utils Guide” for more details.
Just In Time Provisioning allows a fleet of devices to automatically connect to AWS with auto-generated certificates as means of authentication. The major difference to the existing AWS MQTT authenticator is that the JITP authenticator does not require an AWS user to manually configure the device in AWS IoT, or to generate and sign their device certificate. This is performed in conjunction with the Signing Service, which automatically supplies signing certificates to each authenticator. In addition, certificates are also renewed without any user intervention required. For more information, see “Signing Service” in the “Niagara Signing Service Guide”.
| Property | Value | Description |
|---|---|---|
| Broker Endpoint | string | Defines the broker endpoint with your AWS IoT service endpoint. |
| Client ID | read-only | Automatically populated when the signed certificate is retrieved from the Signing Service. The value will match the Common Name of the certificate. |
| Broker Port | numeric value [0–100000] | Automatically set to the AWS default port 8883. |
| Callback Router | additional properties | Specifies Callback Type and Point Callback Handler. |
| Certificate Alias and Password | additional properties | Specifies alias and password for the certificate used to authenticate with AWS. Alias is automatically generated in the format ‘aws_deviceName’ |
| Cert Requester | additional properties | Contains components that submit a CSR to the Supervisor Signing Service and obtain the signed certificate to install in the User Key Store. |
Automatic install
To use this authenticator, you can automatically install an MQTT device on each Niagara station in your network using a Niagara provisioning task from a Supervisor station. As the device is added to the station, it will automatically onboard with the Signing Service, obtain a signed device certificate and connect to AWS. For more information, see “Running Install AWS MQTT Device task” in the “Niagara AWS Utils Guide.
Manual install
Populate the broker endpoint with your AWS IoT service endpoint and change the port if different from the AWS default.
Certificate Alias will be populated automatically. We recommend that you enter a password to protect your device certificate in the Niagara User Key Store.
On Cert Requester, invoke the Onboard action and expand this component to monitor progress. An admin user will need to approve the onboarding request in the Supervisor. For more details, see “Signing Service” in the “Niagara Signing Service Guide”.