Publishing Data to AWS IoT Using Webhook Actions and AWS Signature V4 Authentication

This guide explains how to use the AWS Signature Version 4 authentication to publish data to AWS IoT from Soracom Flux Webhook Actions. By leveraging Signature V4 authentication, you can interact with AWS services without embedding credentials or Signature V4 generation logic on your devices.

Step 1: Create an AWS IAM Policy and IAM Role

To allow the Soracom Flux Webhook Action to publish data to AWS IoT in your AWS account, set up the following IAM policy and role in your AWS account. You can perform your IAM setup using the AWS IAM Console.

• IAM Policy: Grant permissions to publish data to AWS IoT.

  • Service: IoT
  • Actions: Publish
  • Resource: Specify any region and topic.

  

• IAM Role:

  • Trust Entity: Specify Soracom's AWS account as a trusted entity.
    • Enter one of the following in the Account ID field according to the Soracom coverage type.
      • Global Coverage: 950858143650
      • Japan Coverage: 762707677580
  • External ID: Strengthen security by requiring an external ID.
  • Attach the IAM policy created above.

  

  The External ID and IAM role ARN will be used in Step 3.

---

Step 2: Confirm Device Data Endpoint for AWS IoT

1. Open the AWS IoT Console.
2. Select the AWS Region you intend to use in the console.

3. Navigate to Domain configurations and copy the domain name labeled iot:Data-ATS to your clipboard.

   

   This domain name will be used in Step 4.

---

Step 3: Register AWS IAM Role Credentials in the Soracom User Console

Register the IAM role credentials in the credential set menu in the Soracom User Console.

Field	Value
Credential set ID	Any descriptive name, e.g., AWS-IAM-role-credentials-flux-webhook
Type	AWS IAM Role credentials
Role ARN	The ARN of your IAM role you created in Step 1.
External ID	The external ID you entered in Step 1.

---

Step 4: Configure a Flux Application

Set up a Flux application to execute webhook actions. For this guide you use API/Manual Execution Event Source to manually send data.

1. Login to the User Console. From the Menu, expand Soracom Flux and select Flux Apps.

   

2. Click Create a new Flux app.

3. Enter the app Name and Description, then click Create.

   The Flux application will be created, and the Studio tab in Soracom Flux Studio will be displayed.

---

Step 5: Add Event Source and Webhook Action to Flux App

1. Open the Studio tab in Soracom Flux Studio.
2. Click Create a channel and select event source of type API/Manual Execution, then click Next.

3. Enter the Name of the channel and optionally add a Description, then click Create a new channel.

   A channel connected to the event source will be created and a screen displaying the channel details will appear.

4. Click Actions > Add Action.

   The Create a new action dialog will appear.

5. Select Webhook and click OK.

   The Create a new action: Webhook dialog will appear.

6. Configure the following fields:

   Field	Description
   Name	Enter a name for the Webhook action.
   Description	Provide a brief summary of the Webhook action.
   Enabled	Set this option to Enabled to activate the action.
   Action Condition	Leave this blank to execute the action for all conditions.

   

7. Continue with the following settings:

   Field	Description
   HTTP Method	Select the HTTP method for the Webhook. Choose POST here.
   URL	Enter the Webhook HTTP URL. Use the AWS IoT endpoint obtained in Step 2. Example: https://<random-string>-ats.iot.ap-northeast-1.amazonaws.com/topics/<TopicName>/. For this guide, use test-topic for the topic name.
   Auth Type	Select AWS Signature V4.
   Service	Enter the AWS IoT ServiceCode: iotdata.
   Region	Select the AWS IoT region used in Step 2.
   Credentials	Select the credentials registered in Step 3.

   

8. Configure additional fields:

   Field	Description
   HTTP Header	Set the HTTP headers for the Webhook request. Selecting application/json for the HTTP body will auto-fill this.
   HTTP Body	Set the HTTP body for the Webhook request. Use ${payload} to send the input data from the event source directly.
   Output	Configure whether the Webhook action's response should be sent to another channel. Set this to Disabled.

   

9. Click Create.

   The Webhook action will be created and displayed under the Actions tab of the channel's details screen.

---

Testing the Configuration

Prepare the AWS IoT MQTT Test Client

1. Access the AWS IoT Console.

2. From the left pane, click MQTT test client.

3. Click the Subscribe to a topic tab and enter the topic name you set in Step 5, e.g., test-topic/#.

   

4. Click Subscribe.

---

Send a Message Using API/Manual Execution

1. Log in to the User Console and navigate to the Flux Apps screen as shown in Step 4.
2. Click the Flux Application you created in Step 4.

3. Select theAPI/Manual Execution event source created in Step 5.

   

4. Click Test tab, then enter a message in the Body field to send to the channel. For example: {"message":"Hello from Flux!"}.

   

5. Click Execute.

6. Verify the message appears in the AWS IoT MQTT Test Client.

   

---

View Flux App Execution History

You can also check execution history in the History tab of Soracom Flux Studio.

1. Login to the User Console. From the Menu, expand Soracom Flux and select Flux Apps.

2. Select the Flux app you created.

3. Click the History tab.

   You will see logs for each channel, including Message, Context, and the Input and Output of actions executed from that channel. For more details, see View Logs.