配置远程设备和使用 IoT 代理 - AWS IoT Core

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

配置远程设备和使用 IoT 代理

物联网代理用于接收包含客户端访问令牌的MQTT消息并在远程设备上启动本地代理。如果要使用安全隧道传送客户端访问令牌,则必须在远程设备上安装并运行 IoT 代理。MQTT物联网代理必须订阅以下预留的 IoT MQTT 主题:

注意

如果要通过订阅保留MQTT主题以外的方法将目标客户端访问令牌传送到远程设备,则可能需要目标客户端访问令牌 (CAT) 侦听器和本地代理。CAT监听器必须使用您选择的客户端访问令牌传送机制,并且能够在目标模式下启动本地代理。

IoT 代理代码段

物联网代理必须订阅以下预留的 IoT MQTT 主题,这样它才能接收MQTT消息并启动本地代理:

$aws/things/thing-name/tunnels/notify

thing-name与远程设备关联 AWS IoT 的事物的名称在哪里。

以下是MQTT消息负载示例:

{ "clientAccessToken": "destination-client-access-token", "clientMode": "destination", "region": "aws-region", "services": ["destination-service"] }

收到MQTT消息后,物联网代理必须使用适当的参数在远程设备上启动本地代理。

以下 Java 代码演示了如何使用AWS IoT 设备SDKProcessBuilderJava 库来构建用于安全隧道的简单 IoT 代理。

// Find the IoT device endpoint for your AWS 账户 final String endpoint = iotClient.describeEndpoint(new DescribeEndpointRequest().withEndpointType("iot:Data-ATS")).getEndpointAddress(); // Instantiate the IoT Agent with your AWS credentials final String thingName = "RemoteDeviceA"; final String tunnelNotificationTopic = String.format("$aws/things/%s/tunnels/notify", thingName); final AWSIotMqttClient mqttClient = new AWSIotMqttClient(endpoint, thingName, "your_aws_access_key", "your_aws_secret_key"); try { mqttClient.connect(); final TunnelNotificationListener listener = new TunnelNotificationListener(tunnelNotificationTopic); mqttClient.subscribe(listener, true); } finally { mqttClient.disconnect(); } private static class TunnelNotificationListener extends AWSIotTopic { public TunnelNotificationListener(String topic) { super(topic); } @Override public void onMessage(AWSIotMessage message) { try { // Deserialize the MQTT message final JSONObject json = new JSONObject(message.getStringPayload()); final String accessToken = json.getString("clientAccessToken"); final String region = json.getString("region"); final String clientMode = json.getString("clientMode"); if (!clientMode.equals("destination")) { throw new RuntimeException("Client mode " + clientMode + " in the MQTT message is not expected"); } final JSONArray servicesArray = json.getJSONArray("services"); if (servicesArray.length() > 1) { throw new RuntimeException("Services in the MQTT message has more than 1 service"); } final String service = servicesArray.get(0).toString(); if (!service.equals("SSH")) { throw new RuntimeException("Service " + service + " is not supported"); } // Start the destination local proxy in a separate process to connect to the SSH Daemon listening port 22 final ProcessBuilder pb = new ProcessBuilder("localproxy", "-t", accessToken, "-r", region, "-d", "localhost:22"); pb.start(); } catch (Exception e) { log.error("Failed to start the local proxy", e); } } }