aws iot protocals

## AWS IoT 中常用的 Protocols 設備或用戶端如何連接到訊息代理（message broker）是可以透過驗證類型（[authentication type](https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html#connection-protocol-auth-mode)）進行設定的。預設情況下，或在未傳送 SNI 擴充（Server Name Indication）時，驗證方法會根據設備所使用的應用層協定（application protocol）、埠號（port）以及 ALPN（Application Layer Protocol Negotiation）TLS 擴充來判定。下表列出了根據埠號、埠號（原文可能重複）、與 ALPN 所預期的驗證方式。 | Protocol | Operations supported | Authentication | Port | ALPN protocol name | | :------------------ | :------------------- | :----------------------- | :--- | :----------------- | | MQTT over WebSocket | Publish, Subscribe | Signature Version 4 | 443 | N/A | | MQTT over WebSocket | Publish, Subscribe | Custom authentication | 443 | N/A | | MQTT | Publish, Subscribe | X.509 client certificate | 443† | `x-amzn-mqtt-ca` | | MQTT | Publish, Subscribe | X.509 client certificate | 8883 | N/A | | MQTT | Publish, Subscribe | Custom authentication | 443† | `mqtt` | | HTTPS | Publish only | Signature Version 4 | 443 | N/A | | HTTPS | Publish only | X.509 client certificate | 443† | `x-amzn-http-ca` | | HTTPS | Publish only | X.509 client certificate | 8443 | N/A | | HTTPS | Publish only | Custom authentication | 443 | N/A | ### MQTT & MQTT & HTTPS endpoint | Protocol | Endpoint or URL | | :------------ | :---------------------------- | | MQTT | `iot-endpoint` | | MQTT over WSS | `wss://iot-endpoint/mqtt` | | HTTPS | `https://iot-endpoint/topics` | ## Choosing an authentication type for your device communication {%preview https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html#connection-protocol-auth-mode %} 1. X.509 certificate 2. X.509 certificate with custom authorizer 3. AWS Signature Version 4 (SigV4) 4. Custom authorizer Default Authenticate devices based on the port and/or application layer protocol negotiation (ALPN) extension that devices use. Some additional authentication options are not supported. For more information, see Protocols, port mappings, and authentication. The table below shows all the supported combinations of authentication types and application protocols. | Authentication type | Secure MQTT (MQTT over TLS) | MQTT over WebSocket Secure (WSS) | HTTPS | Default | | :------------------------------------------- | :-------------------------- | :------------------------------- | :---- | :------ | | **X.509 certificate** | ✓ | | ✓ | | | **X.509 certificate with custom authorizer** | ✓ | | ✓ | | | **AWS Signature Version 4 (SigV4)** | | ✓ | ✓ | | | **Custom authorizer** | ✓ | ✓ | ✓ | | | **Default** | ✓ | | | ✓ | ## Connection duration limits [Link](https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html#connection-duration) | Feature | Maximum duration * | | :----------------------- | :----------------- | | X.509 client certificate | 1–2 weeks | | Custom authentication | 1–2 weeks | | Signature Version 4 | Up to 24 hours |