AWS Missing Authentication Token

Question

I am following this tutorial for connecting Raspberry Pi to AWS IoT using Node.js SDK. I see the following in vim ~/.aws/credentials

[default]
aws_access_key_id = SOMETHING
aws_secret_access_key = SOMETHINGELSE

When I enter the command aws iot describe-endpoint I get the following response:

{
    "endpointAddress": "A34SXNTM6AT7XH.iot.us-west-2.amazonaws.com"
}

However when I browse to that URL: https://a34sxntm6at7xh.iot.us-west-2.amazonaws.com/ I get the following error:

Missing Authentication Token

Any idea what could be wrong and how could it be solved?

Here's the files in the ~/certs folder:

pi@raspberrypi:~/certs $ ls
certificate.pem.crt  private.pem.key  public.pem.key  root-CA.pem

score 2 · Accepted Answer · answered Mar 06 '16 at 22:26

2

Mona,

Your custom endpoint responds to two protocols: MQTT and HTTPS. However, it does not serve any web content and thus does not work in the browser as a site URL. The "endpointAddress" you get from aws iot describe-endpoint will be plugged into your Node.js Device SDK that you're using in the Raspberry Pi example you linked (no https://).

You can also interface with device shadows using the HTTPS version of the endpoint by signing requests with AWS Signature version 4. More on that here: http://docs.aws.amazon.com/iot/latest/developerguide/thing-shadow-rest-api.html and here: http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html though you will likely get going faster by using the AWS CLI or AWS SDK to perform operations like this.

Ryan @ AWS

answered Mar 06 '16 at 22:26

TheRyanBurke_AWS

532
5
11

3

Nice to see the ticket can be answered from AWS staff directly. – BMW Mar 06 '16 at 22:34
Hi Ryan, so does it mean considering the fact I have done all the steps in the tutorial successfully, this "missing authentication token" should be neglected? – Mona Jalal Mar 06 '16 at 22:58
Also in the file cmdline.js does it know by default to look at `~/certs` ? `default: { region: 'us-west-2', protocol: 'mqtts', clientId: clientIdDefault, privateKey: 'private.pem.key', clientCert: 'certificate.pem.crt', caCert: 'root-CA.crt',` – Mona Jalal Mar 06 '16 at 23:05
@Ryan: with regards to my second question, according to page 117 of http://docs.aws.amazon.com/iot/latest/developerguide/iot-dg.pdf examples assume that certificates are in `~/certs` directory so I was correct on that! – Mona Jalal Mar 06 '16 at 23:12
Additionally can you please have a look at here http://stackoverflow.com/questions/35834075/how-to-interpret-the-response-from-openssl – Mona Jalal Mar 06 '16 at 23:50
Not sure if I would get a chance to see another AWS expert in SO, so can you please kindly have a look at this other connectivity issue question? http://stackoverflow.com/questions/35834558/aws-iot-connectivity-issue Thanks Ryan! – Mona Jalal Mar 07 '16 at 00:55

score 1 · Answer 2 · answered Mar 08 '16 at 01:12

By default, the example programs will look in the current directory for your certificate and private key files, but you can also use the '-f' option to specify another directory if you want to. As for the 'Missing Authentication Token' message you noticed when trying to access the endpoint from your browser, you can safely ignore it.

score 1 · Answer 3 · answered Jun 27 '17 at 18:34

1

If you use "TLS mutual authentication" you need to connect on port 8443, so in your example, it would be https://a34sxntm6at7xh.iot.us-west-2.amazonaws.com:8443/things/<thing_name>/shadow

answered Jun 27 '17 at 18:34

Den-Jason

2,395
1
22
17

AWS Missing Authentication Token

3 Answers3