- Newest
- Most votes
- Most comments
Hi, for the client devices to communicate with the core device via MQTT, they'll have to authenticate the MQTT broker on the core device using the certificate authority(CA). Client devices can obtain the core device CA certificate chain from the cloud using the discovery client. The documentation provided in this page provides the code sample that does all of it and lets the client devices to successfully connect, publish and subscribe messages to the core device.
-
However, if your client devices also disconnect regularly, you may want to explore the offline authentication solution where you can bring your own certificate authority. More information about this offline authentication capability and its limitations can be found here.
-
By default, core device caches the credentials for a minute. You can increase this time by configuring the
security->clientDeviceTrustDurationMinutes
in the client device auth component. -
There's no additional configuration for setting the lambda to work in the disconnected mode. However, we recommend you to work with GreengrassV2 native components instead of lambda components. Tutorial for creating a component using GDK CLI can be found here.
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 8 months ago
Shiko, from your source code, it looks like you're using V1 of the Python SDK. I recommend you instead use V2: https://github.com/aws/aws-iot-device-sdk-python-v2
Thanks Greg, I switched to the new version but I am getting some errors regarding the disconnected mode as well. I just replied with the issue (point 1) in my last comment
Thanks Saranya for replying In my case, both the client and the core will experience multiple internet disconnections for 10 - 20 min. I have multiple questions here: 1 - If I increase the time in security->clientDeviceTrustDurationMinutes, will this guarantee the connection between the client and the core during the disconnection time? and once the internet is resumed, the credentials store should be updated. Here is the experiment I did and didn't work as expected. I set this variable to 10 minutes, deployed the new config for the component and made sure it was successful, then I turned off the internet from the PI only (client device can access the internet) and now the device is connected to the PI via ethernet and the IPDetector detected the static IP of the PI. I started the connection right away from the device to the PI and it worked fine for 2 min (sending msgs and processing them at the core) then the device disconnected from the mqtt connection established with the core (disconnect_future = mqtt_connection.disconnect()) and tried to reconnect again to the core's mqtt via python SDK 2 but I keep getting "Connection failed with exception AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE: TLS (SSL) negotiation failed" How can I keep connecting/disconnecting to the core in these 10 min duration? 2 - Why is it recommended to use components over lambda functions in GG? Are there limitations to lambda functions that are not available in the components?
Answer for 1: https://repost.aws/questions/QUdlP7RPbtTC6dharYb10gnw 2. Lambda components are mainly provided to help migrate your applications from Greengrass v1 to v2. If you're developing an application for the first time in v2, we highly recommend native components as they're easy to develop and have more support in terms of new features and improvements.