Amazon web services AWS：使用带和不带WebSocket的MQTT连接

我正在学习AWS，我有一个Python脚本，只有在证书中没有附加任何策略的情况下才能工作。 下面是配置MQTT的部分代码：

def subscribeForDelta(self, parameterCallback):
    clientId = self.serial_number
    endpointAddress = boto3.client('iot').describe_endpoint()
    host = endpointAddress["endpointAddress"]
    rootCAPath = '/home/pi/root-CA.crt'
    certificatePath = '/home/pi/'+ self.serial_number+'.cert.pem'
    privateKeyPath = '/home/pi/'+ self.serial_number+'.private.key'
    thingName = self.serial_number
    port = 443

    myAWSIoTMQTTShadowClient = None
    myAWSIoTMQTTShadowClient = AWSIoTMQTTShadowClient(clientId, useWebsocket=True)
    myAWSIoTMQTTShadowClient.configureEndpoint(host, port)
    myAWSIoTMQTTShadowClient.configureCredentials(rootCAPath)
    myAWSIoTMQTTShadowClient.configureAutoReconnectBackoffTime(1, 32, 20)
    myAWSIoTMQTTShadowClient.configureConnectDisconnectTimeout(10)  
    myAWSIoTMQTTShadowClient.configureMQTTOperationTimeout(5)  

    myAWSIoTMQTTShadowClient.connect()

    deviceShadowHandler = myAWSIoTMQTTShadowClient.createShadowHandlerWithName(thingName, True)
    shadowCallbackContainer_Bot = shadowCallbackContainer(deviceShadowHandler, parameterCallback)
    deviceShadowHandler.shadowRegisterDeltaCallback(shadowCallbackContainer_Bot.customShadowCallback_Delta)

它在端口443使用WebSocket。 这里是我当前的策略文件：

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:Connect"
      ],
      "Resource": [
        "arn:aws:iot:us-east-2:<account>:client/<thing>"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish"
      ],
      "Resource": [
        "arn:aws:iot:us-east-2:<account>:topic/$aws/things/<thing>/shadow/update",
        "arn:aws:iot:us-east-2:<account>:topic/IoTData"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:GetThingShadow",
        "iot:UpdateThingShadow"
      ],
      "Resource": [
        "arn:aws:iot:us-east-2:<account>:thing/<thing>",
        "arn:aws:iot:us-east-2:<account>:thing/<thing>/shadow"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Subscribe",
        "iot:Receive"
      ],
      "Resource": [
        "arn:aws:iot:us-east-2:<account>:topicfilter/$aws/things/<thing>/shadow/update/accepted",
        "arn:aws:iot:us-east-2:<account>:topicfilter/$aws/things/<thing>/shadow/update/rejected",
        "arn:aws:iot:us-east-2:<account>:topicfilter/$aws/things/<thing>/shadow/update/delta"
      ]
    }
  ]
}

使用此配置，它会超时：

Client 000000008c42325b sending CONNECT
Client 000000008c42325b sending CONNECT
Client 000000008c42325b sending CONNECT
Client 000000008c42325b sending CONNECT
Client 000000008c42325b sending CONNECT
Client 000000008c42325b sending CONNECT
Client 000000008c42325b sending CONNECT
...

但如果我将该策略附加到证书上，则情况正好相反：我可以使用mosquito成功发布/订阅，但不能使用Python脚本

我想用两种方法。 所以我首先尝试为websocket配置Mosquito_sub。表示对于MQTT w/websocket，端点URL为

wss://iot-endpoint/mqtt

。但将其用作mosquitto_sub（和端口443）的

-h

参数会返回查找错误

第一个问题：使用

mosquitto\u sub

w/websockets的正确语法是什么

作为第二次尝试，我将Python脚本更改为使用端口8883，不使用WebSocket。但现在它不能再订阅了：

Error subscribing delta: OSError
['  File "myProject.py", line 390, 
        in loop myproject.subscribeForDelta(changeParameter)',
        
 '  File "/home/pi/ThingShadow.py", line 192, 
        in subscribeForDelta myAWSIoTMQTTShadowClient.configureCredentials(rootCAPath)',
        
 '  File "/usr/local/lib/python3.5/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 1046, 
        in configureCredentials self._AWSIoTMQTTClient.configureCredentials(CAFilePath, KeyPath, CertificatePath)',
        
 '  File "/usr/local/lib/python3.5/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 239, 
        in configureCredentials  self._mqtt_core.configure_cert_credentials(cert_credentials_provider)',
        
 '  File "/usr/local/lib/python3.5/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 132, 
        in configure_cert_credentials self._internal_async_client.set_cert_credentials_provider(cert_credentials_provider)', 
 
 '  File "/usr/local/lib/python3.5/dist-packages/AWSIoTPythonSDK/core/protocol/internal/clients.py", line 84, 
        in set_cert_credentials_provider cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_SSLv23)',
        
 '  File "/usr/local/lib/python3.5/dist-packages/AWSIoTPythonSDK/core/protocol/paho/client.py", line 617, 
        in tls_set raise IOError(certfile+": "+err.strerror)']

第二个问题：我不清楚策略文件的作用以及为什么这两种连接方法相互排斥

Error subscribing delta: OSError
['  File "myProject.py", line 390, 
        in loop myproject.subscribeForDelta(changeParameter)',
        
 '  File "/home/pi/ThingShadow.py", line 192, 
        in subscribeForDelta myAWSIoTMQTTShadowClient.configureCredentials(rootCAPath)',
        
 '  File "/usr/local/lib/python3.5/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 1046, 
        in configureCredentials self._AWSIoTMQTTClient.configureCredentials(CAFilePath, KeyPath, CertificatePath)',
        
 '  File "/usr/local/lib/python3.5/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 239, 
        in configureCredentials  self._mqtt_core.configure_cert_credentials(cert_credentials_provider)',
        
 '  File "/usr/local/lib/python3.5/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 132, 
        in configure_cert_credentials self._internal_async_client.set_cert_credentials_provider(cert_credentials_provider)', 
 
 '  File "/usr/local/lib/python3.5/dist-packages/AWSIoTPythonSDK/core/protocol/internal/clients.py", line 84, 
        in set_cert_credentials_provider cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_SSLv23)',
        
 '  File "/usr/local/lib/python3.5/dist-packages/AWSIoTPythonSDK/core/protocol/paho/client.py", line 617, 
        in tls_set raise IOError(certfile+": "+err.strerror)']