Connecting to AWS IoT Core over WebSockets

Hi there,
I am trying to connect to AWS IoT Core using node red. I am behind a corporate proxy with a lot of restrictions concerning port availability etc, and can therefore not use the node-red-contrib-aws-iot-hub as no mqtt connections are allowed. My end goal is to subscribe to a topic and receive value updates in node-red.

I have decided to write my own node-red node, however I am having problems with the proxy configuration. The node works just fine when I test it on a raspberry pi outside the corporate network, but when deployed in the network I get ECONNREFUSED error with errno -111. I tried multiple ways of setting up the proxy, but each approach ended up in the same error.

Does someone maybe have experience with deploying the AWS node behind a proxy? Or any suggestion on how I can establish a connection would be very helpful and appreciated.

Welcome to the forums @FrankAr

If I may, we won't help you circumvent a corporate firewall, it's not in our nature.

I know nothing about AWS, but someone here may know about its supporting NPM modules.
But I stress, I hope the help someone here may provide is not a guide on how to "dodge" the security setup in your corporate environment.

Hi Marcus,
I agree, dodging the firewall should not be discussed here, that is also in no way my goal here.
I am not trying to dodge the firewall, rather to connect to AWS while operating within its limits. The firewall blocks MQTT connections categorically, which is why I am looking at connecting via WebSockets which are open. My problem is, that the existing node uses MQTT making it unusable for me. And my own solution using WebSockets can not find the server when behind proxy, even though I (as far as I can tell) configured it the right way in my node.

Just to clarify, I am not aiming to dodge the firewall, the firewall is just a reason one solution does not work. The semantics of the firewall are not to block AWS connections, therefore a connection using websockets is just to stay within the perimeter.

Ok...

So I believe, the ws npm package can use an agent
an agent in the node runtime, is the client "user-agent" if you will - I don't really know where it sits :thinking:

An agent can specify a proxy server, below is one example.

example:

const agent = new HttpsProxyAgent(options);
const socket = new WebSocket(endpoint, { agent: agent });`

I hope this helps

Check your AWS rules to accept the IP address
PS: I'm not an expert, so I can't help you more

Don't be totally sure of that, have you confirmed it?

Also, I hope you are using TLS secured connections? You really MUST do this (with the possible exception of having a private network connection to the inside of your AWS setup - but even then I wouldn't recommend it).

Does the MQTT broker support websocket connections and is it configured?

Hi everyone,
Firstly, thank you for your suggestions and help.
I have managed to establish a connection, my problem was with setting the proxy settings the right way. I was setting just the websocket agent, which for some reason was not enough and I had to set global agent as well.