Aws Jitp Mqtt Authenticator (abstractMqttDriver-AwsJitpMqttAuthenticator)

The Aws Jitp Mqtt Authenticator component connects to Amazon Web Services (AWS) utilizing the Just In Time Provisioning (JITP) functionality as configured in the awsUtils module. See “Configuring Just In Time Provisioning” in the “Niagara AWS Utils Guide” for more details.

Just In Time Provisioning allows a fleet of devices to automatically connect to AWS with auto-generated certificates as means of authentication. The major difference to the existing AWS MQTT authenticator is that the JITP authenticator does not require an AWS user to manually configure the device in AWS IoT, or to generate and sign their device certificate. This is performed in conjunction with the Signing Service, which automatically supplies signing certificates to each authenticator. In addition, certificates are also renewed without any user intervention required. For more information, see “Signing Service” in the “Niagara Signing Service Guide”.

Property	Value	Description
Broker Endpoint	string	Defines the broker endpoint with your AWS IoT service endpoint.
Client ID	read-only	Automatically populated when the signed certificate is retrieved from the Signing Service. The value will match the Common Name of the certificate.
Broker Port	numeric value [0–100000]	Automatically set to the AWS default port 8883.
Callback Router	additional properties	Specifies Callback Type and Point Callback Handler.
Certificate Alias and Password	additional properties	Specifies alias and password for the certificate used to authenticate with AWS. Alias is automatically generated in the format ‘aws_deviceName’
Cert Requester	additional properties	Contains components that submit a CSR to the Supervisor Signing Service and obtain the signed certificate to install in the User Key Store.

Automatic install

To use this authenticator, you can automatically install an MQTT device on each Niagara station in your network using a Niagara provisioning task from a Supervisor station. As the device is added to the station, it will automatically onboard with the Signing Service, obtain a signed device certificate and connect to AWS. For more information, see “Running Install AWS MQTT Device task” in the “Niagara AWS Utils Guide.

Manual install

You can also manually install a single device by dragging the AwsJitpMqttDevice component from the abstractMqttDriver palette.

Populate the broker endpoint with your AWS IoT service endpoint and change the port if different from the AWS default.
Certificate Alias will be populated automatically. We recommend that you enter a password to protect your device certificate in the Niagara User Key Store.
On Cert Requester, invoke the Onboard action and expand this component to monitor progress. An admin user will need to approve the onboarding request in the Supervisor. For more details, see “Signing Service” in the “Niagara Signing Service Guide”.