2
votes

Once we create a thing in AWS IOT Core, we get an endpoint which has to be used by java program in the device to connect to AWS IOT.

The endpoint *.iot.us-west-2.amazonaws.com has region in it. This end point has to be configured in device which we want to avoid. The reason is to have low latency when device communicates with AWS IOT. For this, we were planning to have a registered domain and create a hosted zone in Route53. Then map this domain to the actual end point. In Route53 we can select the "Geolocation" as a routing policy and create records for each region and map the corresponding endpoint.Do you think this a good solution?

The purpose is -

  1. The device should not be aware of the IOT endpoint,
  2. Route 53 should be able to identify the region of incoming traffic and directs it to the corresponding endpoint as specified by various records in the hosted zone.

Another question is - The program on the device which is connecting to AWS IOT is MQTT client. Will it be able to connect to Route53? (Route 53 is not an MQTT server.)

1
Can you please give more detail on - For this, we were planning to have a registered domain and create a hosted zone in Route53. Then map this domain to the actual end point. In Route53 we can select the "Geolocation" as a routing policy and create records for each region and map the corresponding endpoint. Like how will the device still be aware of iot endpoint. - Aarth Tandel
I want to connect to Route53 from AWS SDK for IOT Core. I am getting an exception - MqttException (0) - javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching <domain-name? found. Here the domain-name is a new domain I created. - Abhinav Mutreja
That's probably because the certificates you use are bound to a single region, and will not be recognized by AWS IoT on another region. You need to have a provisionning strategy to accomplish a multi-region deployment on AWS IoT. First question is, is it really needed and are your devices going to "travel" across regions in the world often ? - Halim Qarroum
The devices might not travelling frequently. Probably once in a while. I created my own CA cert (uploaded on AWS IOT core) and own device cert. Still the same error. Debugged a little more and found that the cert it is picking to matchDNS is still the one which is region specific. Not sure why. - Abhinav Mutreja
currently, Route53 does not support it. You can go to here and then add "+1 request for this feature" to make aws consider to add it forums.aws.amazon.com/thread.jspa?threadID=232780 - Bui Anh Tuan

1 Answers

0
votes

Recently, AWS has added a support of configurable domain name for IoT endpoint, though in beta version yet.

Outline to achieve it

  1. Register certificate to AWS Certificate Manager (ACM)
  2. Create Domain Configuration for IoT (of type DATA)
  3. Using Route 53, create DNS record for domain and IoT mapping.

Step by Step illustration, is available here