service/iot: Add support for MQTT Auth with PKI

[ci-iotsyst]

I got the AWS IoT samples to events to MQTT service, but only using AWS creds. I couldn't find anything in API to specify Thing key or cert or use root CA.

If this feature is missing, I would appreciate guidance on building a PR. My first step was to look at how js or C drivers do this and port that to go. The credentials.Credentials struct seems to be specific to AccessKey and SecretAccessKey so I'm not sure if this is the right place to refactor.

[xibz]

Hello @ci-iotsyst, thank you for reaching out to us. The JS library you are referring to is something IOT maintains. If you wanted to do something similar, you'd have to look at their code itself and mimic the logic. If you do make the library, it may be better to submit it as a new standalone project. In addition, it may be a good idea to browse the IOT forums for feedback. If you have any other questions, please let us know! I will reach out to IOT letting them know that there is interest in a library for Go. Going to go ahead and close this.

[ci-iotsyst]

This is 100% supposed to be a part of the AWS IoT SDK. You create keys as part of the tutorial with the intent you use these to communicate. I'm ok with the fact this has not been coded yet, but this really shouldn't be closed. The AWS SDK has some IoT capability but it's missing this part which is rather critical for AWS IoT development.

[xibz]

@ci-iotsyst, that makes sense. We code-generate a lot of the code for services based off of the models. IOT has not added anything as of yet to allow the SDKs to do this. However, this would be a pretty big refactor in terms of how we deal with credentials. I will reopen this and mark it as a feature request and see why we had not done that with IOT from the start.

[xibz]

@ci-iotsyst - So, it seems that there is very little reason to use the SDK on embedded object, as the binaries can be quite large and there will be very little to no use of the SDK, but only IOT's SDK. This SDK is the SDK that IOT maintains So, with that said, does the alternative of submitting a project to IOT seem reasonable?

[ci-iotsyst]

re: Go for IoT
https://gobot.io/

If you submit a feature request to remove all IoT stuff from SDK, then closing this issue would make sense otherwise I think you'd agree it's misleading of have IoT support that you aren't supposed to use
http://stackoverflow.com/questions/34409792/http-post-to-aws-iot-using-golang-and-aws-sdk-iotdataplane.

If code is generated from models, maybe just provide a hook in the generated code for people to implement their own auth. Go's PKI infrastructure is complete so I'm sure it's not a lot of work once we have a place to put it. I can take a crack at it and we can work backwards at how to work that into the SDK.

[ci-iotsyst]

BTW: You've mentioned IOT as if it's a group or project. Is that a group internal to Amazon?

[xibz]

Yes, IOT is one of AWS' services. In addition, I have expressed your concerns in a message for IOT to get feedback. For now, I am leaving this as a feature request. I definitely understand why you would want to be able to have IOTs custom credential interface. So, if you have any additional feedback or questions, please let us know

[github-actions]

We have noticed this issue has not recieved attention in 3 years. We will close this issue for now. If you think this is in error, please feel free to comment and reopen the issue.