SIM 800 GPRS modem for HTTP GET and POST to AWS IoT and AWS API gateway

Question

I was trying to POST and GET some JSON data to and from the AWS cloud respectively using the SIM 800 module. I\'m initially trying it out directly from my PC over a terminal

Answer 1

Microsoft Azure has recently upgraded TLS requirements with the effect that "If a client tries to negotiate TLS 1.0 over such a scenario, the request will fail with connection reset". This explains why my application now fails as the SIM800 module only supports TLS 1.0.

AWS may have done the same. It seems that there is an ongoing move to deprecate TLS 1.0 and according to SSL and TLS, what is the Big Deal About June 30th? 30 June 2018 is the cutoff date at which point TLS 1.0 will not be supported if you want to claim PCI compliance.

Answer 2

I have the same issue. AWS requires TLS1.2 while the Simcom only permits TLS1.0.

Answer 3

The way to do it is method 2 i.e. API Gateway. I don't think its possible to do it through method 1 i.e. AWS IoT.

@mich and @patrick-fischer are correct with the reason and I too was suspecting the same but didn't know the solution. I and my team contacted AWS support and they told us the solution.

Apparently, you do it through AWS CloudFront. You have to go and create a CloudFront distribution with the link of your API Gateway (in my case https://XXXX.execute-api.us-west-2.amazonaws.com/XXX/calc/4/2/+). While creating this distribution you can mention whether to accept incoming HTTP, HTTPS or both.

In one of the sections (don't remember the name of the section), it allows you to mention which TLS/SSL version to allow incoming requests from. In the case of SIM 800, TLSv1.0 is the highest supported version which has to be set in the CloudFront distribution.

What CloudFront does is allow traffic from sources with certain parameters like the version of HTTP, TLS version .etc.