Custom Authorizer Connect Sample
March 28, 2025 ยท View on GitHub
This sample demonstrates how to establish an MQTT connection with the AWS IoT Core message broker using a Custom Authorizer.
Before Running the Sample
Setup an AWS Account:
If you don't have an AWS account, complete these steps to create one. This will provide you with an account specific endpoint.
Understand AWS IoT:
See the AWS IoT Developer Guide to learn about AWS IoT.
Required Arguments:
- endpoint - account specific endpoint
- authorizer-name - Name of your custom authorizer
- authorizer-username - value of username field to be passed to the authorizer's lambda
- authorizer-password - value of the password field to be passed to the authorizer's lambda
Optional Arguments:
- token-key-name - Name of the username querty param that will contain the token value
- token-value - Value of the username query param that holds the token value that has been signed
- token-signature - URI-encoded base64-encoded digital signature of token-value
- client-id - The MQTT 5 client ID the sample use. If an ID isn't provided, "test-<UUID>" will be used.
Build the sample
// The sample should be built from the sample's folder
cd aws-iot-device-sdk-swift/Samples/Mqtt5ConnectionSamples/CustomAuthConnect
// build the sample
swift build
Run the sample
// Unsigned Custom Authorizer
swift run CustomAuthConnect \
<endpoint> \
<authorizer-name> \
<authorizer-username> \
<authorizer-password>
// Signed Custom Authorizer
swift run CustomAuthConnect \
<endpoint> \
<authorizer-name> \
<authorizer-username> \
<authorizer-password> \
--token-key-name <token-key-name> \
--token-value <token-value> \
--token-signature <token-signature>
Troubleshooting
Enable logging in samples
To enable logging in the samples, you must add the following line after initializing IotDeviceSdk. The logger level has the following options: trace, debug, info, warn, error, fatal, or none.
// The IoT Device SDK must be initialized before it is used.
IotDeviceSdk.initialize();
// This will turn on SDK and underlying CRT logging to assist in troubleshooting.
try Logger.initialize(target: .standardOutput, level: .debug)
I'm getting error code 5134: AWS_ERROR_MQTT_UNEXPECTED_HANGUP
This error is most likely due to your AWS IoT Core thing's policy. The policy must provide privileges for this sample to connect. The following is a sample policy that can be used on your AWS IoT Core thing that allows this sample to run as intended.
For the purposes of this sample, make sure your policy allows a client ID of test-* to connect or use the --client_id <client ID here> argument to use a client ID that your policy supports.
(see sample policy)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:<b>region</b>:<b>account</b>:client/test-*"
]
}
]
}
Replace the following with the data from your AWS account:
<region>: The AWS Region where you created the AWS IoT Core thing you wish to use with this sample. For example,us-east-1. For more information, see AWS IoT Core endpoints.<account>: Your AWS account ID. For more information, see View AWS account identifiers
Note: In a real application, you might want to avoid the use of wildcards in your policy or use them selectively. Follow best practices when using the SDK to work with AWS on production applications.
Error: unable to create symlink aws-common-runtime/config/s2n: Permission denied
If you encounter a "s2n Permission Denied" error, it's likely because you're attempting to use an unsupported platform. s2n-tls is a Unix-specific library.
The AWS IoT Device SDK for Swift supports the following platforms:
- macOS
- iOS
- tvOS
- Linux
Other Resources
Check out our resources to learn more: