mirrors
/
Tasmota
mirror of https://github.com/arendst/Tasmota.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated AWS IoT (markdown)

s-hadinger 2019-06-22 11:15:27 +02:00
parent 1388e35594
commit c54f6b7c46
1 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
AWS-IoT.md

@ -6,13 +6,13 @@
AWS IoT provides secure, bi-directional communication between Internet-connected devices such as sensors, actuators, embedded micro-controllers. This basically allows to communicate in both direction from the cloud using MQTT over secure channels using TLS.
### More Alexa controls
### 1. More Alexa controls
It's actually easy to develop smarthome Alexa skills, so that you can control your whole house. Currently you can only use the local Philips Hue/Wemo emulation - limited to lights and switches. You can imagine for instance controlling your Sonoff RF Bridge and send IR codes to your TV.
Alexa skills need to communicate back to your devices, which is easy using MQTT and AWS IoT
### No need for a local gateway
### 2. No need for a local gateway
Of course you can do it with a local gateway like Raspberry PI using many of the open-source solutions (Domoticz...).
@ -36,7 +36,7 @@ AWS IoT requires each Tasmota device to have its own distinct Private Key and Ce
Currently the only way to onboard your private key is to custom compile your own firmware, each one with its own private key embedded in C code. We explore later ways to store the keys in EEPROM or somewhere that wouldn't need to burn it into the firmware and that would survive OTA update.
During TLS handshake, a secondary stack of 5.1k is allocated on the heap to allow BearSSL to have enough stack room. Memory is freed at the end of the handshake. Allocating such big chunks of memory can cause issues when heap fragmentation gets too high. During the first testing campaign, I didn't see any crash due to lack of memory - but this is something we need to keep on monitoring. The alternative would be to allocate this memory once and for all, meaning less memory for Tasmota but no possible crash due to fragmentation.
During TLS handshake, a secondary stack of 5.3k is allocated on the heap to allow BearSSL to have enough stack room. Memory is freed at the end of the handshake. Allocating such big chunks of memory can cause issues when heap fragmentation gets too high. During the first testing campaign, I didn't see any crash due to lack of memory - but this is something we need to keep on monitoring. The alternative would be to allocate this memory once and for all, meaning less memory for Tasmota but no possible crash due to fragmentation.
### Cost
@ -105,7 +105,7 @@ Enter in the "**Name**" field, enter the name of your policy, for ex: "**Tasmota
### Step 3. Create a Private Key and Certificate (once per Tasmota device)
> Do not use the default AWS IoT feature to generate your private key online. It creates a 2048 bits RSA key. Instead we are using elliptic curves keys - they are much smaller in memory than RSA keys (this saves ~1k of memory).
> Do not use the default AWS IoT feature to generate your private key online. It creates a 2048 bits RSA key. Instead we are using elliptic curves keys - they are much smaller in memory than RSA keys (this saves ~1k of memory) and the handshake is significantly faster.
First create an ECC private key for your device (as described in this [Blog](https://aws.amazon.com/fr/blogs/iot/elliptic-curve-cryptography-and-forward-secrecy-support-in-aws-iot-3/)). Keep you private key in a safe place.
@ -238,16 +238,16 @@ Here is a command per command description. Most commands will trigger a device r
Deactivate MQTT: `SetOption3 0`
Enter the AWS IoT endpoint. Unfortunately it will not fit in MqttHost field, so you'll need to split into two parts.
First enter the first part of the domain: `MqttUser <xxxxxxxxxxxxxx>-ats`
Enter the remaining part of the endpoint in MqttHost: `MqttHost iot.eu-central-1.amazonaws.com`
Enter the AWS IoT endpoint. `MqttHost <xxxxxxxxxxxxxx>-ats.iot.eu-central-1.amazonaws.com`
Set the MQTT port: `MqttPort 8883`
> Note: the AWS IoT endpoints will not always fit into the 32 bytes MqttHost field. If the endpoints is bigger than 32 chars, it will be transparently split between MqttUser and MqttHost. MqttUser is not used anyways in AWS IoT. You may however notice it if you flash later with a non-AWS IoT Tasmota firmware.
Optional, change the topic to distinguish the devices from each others: `Topic sonoff/Tasmota-01`
There are two ways to check the server certificate. This is controlled with the `#define USE_MQTT_TLS_CA_CERT` option in `sonoff/my_user_config.h` file. If activated, Tasmota will check the server certificate validity with the AmazonCA1 certificate embedded. This is the simplest option but it's a little slower. Alternatively you can use fingerprint validation instead.
Normally Tasmota will check the fingerprint of the public key of the server. To ease configuration you are advised to activate the 'learn on first connect feature'. Tasmota will learn the fingerprint during the first connection. To do so use: `MqttFingerprint1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00`
Alternatively you can completely disable fingerprint validation and accept any server. Keep in mind that this allows Man-in-the-Middle interception of your data. To do so use: `MqttFingerprint1 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF`
@ -258,8 +258,7 @@ Here is the wrap-up of commands:
```
SetOption3 0
MqttUser <xxxxxxxxxxxxxx>-ats
MqttHost iot.eu-central-1.amazonaws.com
MqttHost <xxxxxxxxxxxxxx>-ats.iot.eu-central-1.amazonaws.com
MqttPort 8883
Topic sonoff/Tasmota-01
MqttFingerprint1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00