You’re using the AWS IoT Device SDK to connect to AWS IoT from your web application. However, you’re missing some important pieces of information in your client configuration. Instead of using accessKeyId, secretKey, and sessionToken directly in your client configuration, you should use AWS credentials that are obtained securely and passed to the SDK.

Here’s how you can update your code to use AWS credentials securely:


const awsIot = require('aws-iot-device-sdk');

// Assume you have AWS credentials configured using AWS SDK for JavaScript
// For example, using AWS.Credentials class
const credentials = new AWS.Credentials({
  accessKeyId: 'YOUR_ACCESS_KEY_ID',
  secretAccessKey: 'YOUR_SECRET_ACCESS_KEY',

const client = awsIot.device({
    region: awsConfig.region,
    protocol: 'wss',
    accessKeyId: credentials.accessKeyId,
    secretKey: credentials.secretAccessKey,
    sessionToken: credentials.sessionToken,
    port: 443,
    host: 'YOUR_IOT_ENDPOINT' // Replace with your IoT endpoint

client.on('connect', res => {
    // Connected successfully

client.on('error', error => {
    // Handle connection errors
or => {
 // Handle connection errors

In this updated code:

We assume you’ve already configured AWS credentials securely using the AWS SDK for JavaScript. If you haven’t, you should do so. Make sure your IAM user or role has appropriate permissions to access AWS IoT resources.
We create an instance of AWS.Credentials with your access key ID, secret access key, and optionally a session token if you’re using temporary security credentials.
We then pass these credentials to the awsIot.device() function for authentication.
Replace ‘YOUR_IOT_ENDPOINT’ with your actual IoT endpoint.

Note, it’s crucial to securely manage your AWS credentials and never hardcode them directly in your application code, especially in client-side code like a web application. Always follow best practices for securing sensitive information.

Support On Demand!

QA Automation