AWS with existing certifcates

If you are asking a question, please follow this template:

  1. My goal is:

To provision the Things on AWS directly (not using aws-iot-setup) or use an existing Thing key/certificate.

  1. My actions are:

Create the certificate and keys via the AWS console, attach a policy and a thing.
Download the files to the device (esp8266) and set the mos.yml with the correct values

  • [“mqtt.server”, “12345.iot.eu-west-1.amazonaws.com:8883”]
    • [“mqtt.enable”, true]
    • [“mqtt.ssl_cert”, “aws-esp8266_12345.crt.pem”]
    • [“mqtt.ssl_key”, “aws-esp8266_12345.key.pem”]
    • [“mqtt.ssl_ca_cert”, “root-CA.crt”]
    • [“aws.shadow.thing_name”, “esp8266_2518EA”]
    • [“aws.thing_name”, “esp8266_123456”]
    • [“device.id”, “esp8266_123456”]
  1. The result I see is:

[Apr 9 10:26:00.414] mgos_mongoose.c:66 New heap free LWM: 24408
[Apr 9 10:26:00.421] mg_ssl_if_mbedtls.c:35 0x3fff2cbc ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
[Apr 9 10:26:01.127] SW ECDH curve 3
[Apr 9 10:26:06.341] E:M 136 (18 blocks)
[Apr 9 10:26:06.343]
[Apr 9 10:26:06.344] Exception 29 @ 0x4000e1b2, vaddr 0x00000000
[Apr 9 10:26:06.347] A0: 0x4028764b A1: 0x3ffff540 A2: 0x00000000 A3: 0x00000000
[Apr 9 10:26:06.353] A4: 0x00000088 A5: 0x00000000 A6: 0x00000080 A7: 0x00000008
[Apr 9 10:26:06.359] A8: 0x3ffe83cc A9: 0x00000190 A10: 0x00000000 A11: 0x0000007c
[Apr 9 10:26:06.364] A12: 0x00000000 A13: 0x00000088 A14: 0x00000000 A15: 0x3fff1ae8
[Apr 9 10:26:06.370]
[Apr 9 10:26:06.370] (exc SP: 0x3ffff3a0)
[Apr 9 10:26:06.372]
[Apr 9 10:26:06.372] — BEGIN CORE DUMP —
[Apr 9 10:26:06.374] mos: catching core dump

If I provision via aws-iot-setup and replace the files with the generated ones it works ok.
The certificate/key generated via AWS console also work fine using another application.

  1. My expectation & question is:

I seem to have read everything on this and still cant get it to work (unless my googleFu is on the wane).
Just trying to get a tool to analyse the log dumps to see if that throws anymore light on the subject.

You’re out of RAM.
What available RAM do you have prior to connection to AWS IoT?

This is how to trace free RAM in C:

LOG(LL_INFO, ("free ram: %d", mgos_get_free_heap_size()));

Hi,

The device is running the sample JS app and reporting mem with state.ram_free = Sys.free_ram();

[Apr 9 12:06:23.382] online: false {"ram_free":36744,"uptime":5.284549,"btnCount":0,"on":false} [Apr 9 12:06:24.382] online: false {"ram_free":36744,"uptime":6.284306,"btnCount":0,"on":false} [Apr 9 12:06:25.382] online: false {"ram_free":36744,"uptime":7.284427,"btnCount":0,"on":false} [Apr 9 12:06:25.758] ip:192.168.1.74,mask:255.255.255.0,gw:192.168.1.1 [Apr 9 12:06:25.762] mgos_net.c:101 WiFi STA: ready, IP 192.168.1.74, GW 192.168.1.1, DNS 192.168.1.8 [Apr 9 12:06:25.771] mgos_mqtt.c:427 MQTT connecting to XXXXX.iot.eu-west-1.amazonaws.com:8883 [Apr 9 12:06:26.048] mgos_mongoose.c:66 New heap free LWM: 27832 [Apr 9 12:06:26.382] online: false {"ram_free":29980,"uptime":8.284619,"btnCount":0,"on":false} [Apr 9 12:06:27.382] online: false {"ram_free":29980,"uptime":9.284388,"btnCount":0,"on":false} [Apr 9 12:06:28.382] online: false {"ram_free":29980,"uptime":10.284339,"btnCount":0,"on":false} [Apr 9 12:06:29.382] online: false {"ram_free":29980,"uptime":11.284337,"btnCount":0,"on":false} [Apr 9 12:06:30.371] mgos_mongoose.c:66 New heap free LWM: 27776 [Apr 9 12:06:30.389] online: false {"ram_free":29700,"uptime":12.290995,"btnCount":0,"on":false} [Apr 9 12:06:30.430] mgos_mongoose.c:66 New heap free LWM: 27472 [Apr 9 12:06:30.493] mgos_mongoose.c:66 New heap free LWM: 24488 [Apr 9 12:06:30.500] mgos_mongoose.c:66 New heap free LWM: 24272 [Apr 9 12:06:30.507] mg_ssl_if_mbedtls.c:35 0x3fff2afc ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 [Apr 9 12:06:31.211] SW ECDH curve 3 [Apr 9 12:06:36.390] E:M 136 (18 blocks) [Apr 9 12:06:36.392] [Apr 9 12:06:36.392] Exception 29 @ 0x4000e1b2, vaddr 0x00000000 [Apr 9 12:06:36.396] A0: 0x4028764b A1: 0x3ffff540 A2: 0x00000000 A3: 0x00000000 [Apr 9 12:06:36.402] A4: 0x00000088 A5: 0x00000000 A6: 0x00000080 A7: 0x00000008 [Apr 9 12:06:36.408] A8: 0x3ffe83cc A9: 0x00000190 A10: 0x00000000 A11: 0x0000007c [Apr 9 12:06:36.413] A12: 0x00000000 A13: 0x00000088 A14: 0x00000000 A15: 0x3fff16c0 [Apr 9 12:06:36.419] [Apr 9 12:06:36.419] (exc SP: 0x3ffff3a0)

Does the RSA (as opposed to the elliptic curve that the aws-iot-setup creates ) key processing take all the memory?

I’m part way through writing a C version of the AWS demo app.

Thanks,

Pete

Seems to work fine using C so will go down that route for now…

EC should be more RAM efficient - JS code should also work.

Nope, no joy with the JS version using my certificates.
Works like a charm with C and the same.

Works fine with Js and the ones generated by the aws-iot-setup tool too.

Stripping this back and starting again I’ve found that its a memory issue on my devices:

NodeMCU 8266 board

Mongoose OS 2.12.1 (20190410-090522/2.12.1-gdd403d6)
CPU: ESP8266EX, 160 MHz, RAM: 52328 total, 50124 free

Using JS and using the least includes I can it will connect with my certificates and keys to AWS and have access to the shadow functions.

Adding the api_gpio.js caused the app to fail so I stripped back things again and as a minimum I used:

load(‘api_aws.js’);
load(‘api_timer.js’);
load(‘api_shadow.js’);
load(‘api_mqtt.js’);
load(‘api_gpio.js’);
load(‘api_sys.js’);

And these libs:

libs:

This works but I’d like to read an DHT11 but if I add these the app crashes at the point of connecting to AWS

mgos_mongoose.c:66 New heap free LWM: 26160
[Apr 10 10:11:04.769] mg_ssl_if_mbedtls.c:35 0x3fff2fdc ciphersuite: TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
[Apr 10 10:11:05.461] SW ECDH curve 3