IoT Bytes

Bits and Bytes of IoT

MQTT with AWS IoT Platform using Python and Paho

Pradeep Singh | 3rd Mar 2017


MQTT is one of the core protocols used on AWS IoT Platform. Let’s explore how to use Paho MQTT client to send and receive messages to this platform.

1. Software Prerequisites:

Before proceeding further with this article, make sure your system meets following software requirements. I will be using a Raspberry Pi to test AWS IoT MQTT using Python and Paho in this article.

  • Python 2.7+
  • OpenSSL version 1.0.1+ (TLS version 1.2)
  • Paho MQTT client library for Python

You can check Python version using “python -V” command –

pi@raspberrypi:~ $ python -V
Python 2.7.9

To check OpenSSL version you can execute “openssl version” command –

pi@raspberrypi:~ $ openssl version
OpenSSL 1.0.1t  3 May 2016

You can also check OpenSSL version from python –

pi@raspberrypi:~ $ python
Python 2.7.9 (default, Mar  8 2015, 00:52:26) 
[GCC 4.9.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
'OpenSSL 1.0.1t  3 May 2016'

You can install Paho using pip command “pip install paho-mqtt” or “sudo pip install paho-mqtt” –

pi@raspberrypi:~ $ pip install paho-mqtt

2. AWS Account:

You must have an AWS Account to start with AWS IoT Platform. If you don’t have any, you can create one from AWS Sign in Page.

3. Create AWS IoT Thing and Download Certificates:

AWS uses X.509 certificates for MQTT Authentication. In order to connect with AWS IoT services, you should create a Certificate on AWS IoT Console and map a Thing and Policy with it.

Follow these steps to generate certificate and keys for MQTT TLS authentication –

3.1 Login to AWS IoT Console and click on the “Connect” button. It will load “Connect to AWS IoT” Page. On this page click on “Get Started” button as shown in the following screenshot –


3.2 Based on the system you are going to use, select a platform (Linux or windows). For this article, I am using Raspberry Pi and Python Paho client; so I will go ahead and select Linux and Python –


3.3 On next screen, click on “Get Started” button –


3.4 Provide a name for your AWS IoT Thing on this screen. This is not a DNS name, it could be any string. I will use “MyRaspberryPi” as Thing Name. After this click on “Next Step” button –


3.5 Download connection kit by clicking on the button as shown in the following screenshot –


3.6 Create a new folder named as “paho” (or any other name of your choice) on your system and copy downloaded zip file into it. After copying this file, unzip it. Ignore the “” file for now, I will cover it in another article.

pi@raspberrypi:~/paho $ pwd
pi@raspberrypi:~/paho $ ls
pi@raspberrypi:~/paho $ unzip 
  inflating: MyRaspberryPi.private.key 
  inflating: MyRaspberryPi.public.key 
  inflating: MyRaspberryPi.cert.pem 
pi@raspberrypi:~/paho $

3.7 Download Certification Authority Root Certification for AWS IoT from the following link –

To download this certificate, right-click on this link and select “Save Link As…“, and save the file with name as “root-CA.crt“.

Copy this Root Certificate File (“root-CA.crt“) in “paho” directory you created in the previous step.

pi@raspberrypi:~/paho $ pwd
pi@raspberrypi:~/paho $ ls root-CA.crt
pi@raspberrypi:~/paho $

4. AWS IoT Custom Endpoint:

AWS IoT Custom endpoint will allow you to connect to AWS IoT Platform. This is an important property for your MQTT client as the client will use it as MQTT Broker Host Address.

You can find your Custom Endpoint on AWS IoT Console by clicking on “settings” button, as hown in following screenshot –


5. Python Code for Paho Publisher and Subscriber:

Download sample Python scripts from GitHub Repository Octocat and place them into the “paho” directory created earlier (step # 3.6). You will find following two files in this GitHub Repository – This file will publish MQTT messages to a Topic defined as “helloTopic” (Feel free to change it). This file will subscribe to MQTT topic “helloTopic” (If you change Topic in “” file, then use same Topic in this file).

After downloading these files, change the following variables (in both files) according to your Certificate/Key File names and you Custom Endpoint.

MQTT_HOST = "put your Custom Endpoint here"
CA_ROOT_CERT_FILE = "put AWS IoT Root Certificate File Name here"
THING_CERT_FILE = "put your Thing's Certificate File Name here"
THING_PRIVATE_KEY = "put your Thing's Private Key File Name here"

After setting the correct values for these variables, you can execute the python scripts from two different shell windows –


6. AWS IoT MQTT Client (Test Utility):

AWS IoT Console has a built-in MQTT Test tool that can be used to test MQTT Modules from your projects. Using this test utility, you can Subscribe or Publish to MQTT Topics.

While your “” script is still executing (if not, start it again), you can subscribe to MQTT Topic used in this file (for ex: “helloTopic“) and intercept all the messages published by this script.

From IoT Console click on “Test” button to launch MQTT Test utility. Enter your MQTT Topic in the TextBox and click on “Subscribe to topic” button to start capturing messages published to this topic.




This is the foundation to send and receive MQTT messages to/from AWS IoT Platform. You can tweak or enhance this code based on your project requirements to take full advantage of AWS Services.

4 thoughts on “MQTT with AWS IoT Platform using Python and Paho

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: