{"id":4450,"library":"awsiotsdk","title":"AWS IoT Device SDK for Python V2","description":"The AWS IoT Device SDK for Python V2, built on the AWS Common Runtime (CRT), enables Python applications to connect securely to AWS IoT Core and interact with services like MQTT, Device Shadow, and Jobs. It's designed for high performance and reliability. The library has a frequent release cadence, often with monthly or bi-monthly updates to integrate fixes and improvements from the underlying AWS CRT.","status":"active","version":"1.28.2","language":"en","source_language":"en","source_url":"https://github.com/aws/aws-iot-device-sdk-python-v2","tags":["aws","iot","sdk","mqtt","cloud","device"],"install":[{"cmd":"pip install awsiotsdk","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"This SDK is built on top of the AWS Common Runtime (CRT) and requires the `awscrt` package for core functionality, including MQTT, HTTP, and TLS operations.","package":"awscrt","optional":false}],"imports":[{"symbol":"mqtt_connection_builder","correct":"from awsiot.iot import mqtt_connection_builder"},{"symbol":"IotShadowClient","correct":"from awsiot.iotshadow.iotshadow_client import IotShadowClient"},{"symbol":"IotJobsClient","correct":"from awsiot.iotjobs.iotjobs_client import IotJobsClient"}],"quickstart":{"code":"import sys\nimport threading\nimport time\nimport os\nfrom awsiot.iot import mqtt_connection_builder\nfrom awscrt.mqtt import QoS\nfrom awscrt.io import LogLevel, log_level_to_string, init_logging, CrtError\nfrom awscrt.exceptions import AwsCrtError\n\n# Configure logging to see detailed output\ninit_logging(LogLevel.Trace, 'stderr')\n\n# Configuration from environment variables\nendpoint = os.environ.get('AWS_IOT_ENDPOINT', 'your-iot-endpoint.amazonaws.com')\ncert_filepath = os.environ.get('AWS_IOT_CERT', 'path/to/device.pem.crt') # e.g., 'device.pem.crt'\npri_key_filepath = os.environ.get('AWS_IOT_PRIVATE_KEY', 'path/to/private.pem.key') # e.g., 'private.pem.key'\nroot_ca_filepath = os.environ.get('AWS_IOT_ROOT_CA', 'path/to/rootCA.pem') # e.g., 'AmazonRootCA1.pem'\nclient_id = os.environ.get('AWS_IOT_CLIENT_ID', 'test_client')\ntopic = os.environ.get('AWS_IOT_TOPIC', 'sdk/test/python')\nmessage_payload = \"Hello from Python SDK!\"\n\nif not all([endpoint, cert_filepath, pri_key_filepath, root_ca_filepath, client_id, topic]):\n    print(\"Please set AWS_IOT_ENDPOINT, AWS_IOT_CERT, AWS_IOT_PRIVATE_KEY, AWS_IOT_ROOT_CA, AWS_IOT_CLIENT_ID, AWS_IOT_TOPIC environment variables.\")\n    sys.exit(1)\n\n# Callback when connection is interrupted\ndef on_connection_interrupted(connection, error, **kwargs):\n    print(f\"Connection interrupted: {error}. Will attempt to reconnect.\")\n\n# Callback when connection is resumed\ndef on_connection_resumed(connection, return_code, session_present, **kwargs):\n    print(f\"Connection resumed: {connection.id} Return Code: {return_code} Session Present: {session_present}\")\n\n# Callback for incoming messages\nreceived_all_event = threading.Event()\ndef on_message_received(response):\n    print(f\"Received message on topic '{response.topic_name}': {response.payload.decode()}\")\n    received_all_event.set()\n\nmqtt_connection = None\ntry:\n    print(f\"Connecting to {endpoint} with client ID '{client_id}'...\")\n    mqtt_connection = mqtt_connection_builder.mtls_from_path(\n        endpoint=endpoint,\n        cert_filepath=cert_filepath,\n        pri_key_filepath=pri_key_filepath,\n        ca_filepath=root_ca_filepath,\n        on_connection_interrupted=on_connection_interrupted,\n        on_connection_resumed=on_connection_resumed,\n        client_id=client_id,\n        clean_session=False,\n        keep_alive_secs=30\n    )\n\n    # Connect to AWS IoT\n    connect_future = mqtt_connection.connect()\n    connect_future.result() # Wait for connection to complete\n    print(\"Connected!\")\n\n    # Subscribe\n    print(f\"Subscribing to topic '{topic}'...\")\n    subscribe_future, packet_id = mqtt_connection.subscribe(\n        topic=topic,\n        qos=QoS.AT_LEAST_ONCE,\n        callback=on_message_received\n    )\n    subscribe_result = subscribe_future.result()\n    print(f\"Subscribed with QoS: {subscribe_result.qos}\")\n\n    # Publish\n    print(f\"Publishing message to topic '{topic}': {message_payload}\")\n    mqtt_connection.publish(\n        topic=topic,\n        payload=message_payload,\n        qos=QoS.AT_LEAST_ONCE\n    )\n    print(\"Published.\")\n\n    # Wait for the published message to be received (if subscribed to the same topic)\n    print(\"Waiting for message to be received...\")\n    if not received_all_event.wait(timeout=10): # Wait up to 10 seconds\n        print(\"Did not receive message within timeout.\")\n\nexcept CrtError as e:\n    print(f\"AWS CRT Error: {e}\")\n    sys.exit(1)\nexcept AwsCrtError as e:\n    print(f\"AWS CRT Error (Python wrapper): {e}\")\n    sys.exit(1)\nexcept Exception as e:\n    print(f\"An unexpected error occurred: {e}\")\n    sys.exit(1)\nfinally:\n    # Disconnect\n    print(\"Disconnecting...\")\n    if mqtt_connection:\n        disconnect_future = mqtt_connection.disconnect()\n        disconnect_future.result()\n    print(\"Disconnected.\")","lang":"python","description":"This quickstart demonstrates how to connect to AWS IoT Core using mutual TLS authentication, subscribe to an MQTT topic, publish a message, and receive a message. It relies on environment variables for configuration details like endpoint, certificate paths, and client ID. Remember to replace placeholder paths with your actual certificate files."},"warnings":[{"fix":"Upgrade your Python environment to 3.8 or newer, or use an older SDK version (not recommended for security reasons).","message":"Starting with v1.25.0, the minimum supported Python version is 3.8. Applications using older Python versions will fail to install or run this SDK version.","severity":"breaking","affected_versions":">=1.25.0"},{"fix":"Always update both `awsiotsdk` and `awscrt` to their latest compatible versions. If pinning, check `awsiotsdk`'s `setup.py` for its `awscrt` dependency range.","message":"The SDK is built on and tightly coupled with the `awscrt` package. Compatibility issues, security fixes, and performance improvements often originate in `awscrt`. Ensure `awscrt` is kept updated with `awsiotsdk` to avoid subtle bugs or missing critical patches.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Update to the latest `awsiotsdk` version (v1.28.2 or newer) to receive the most recent TLS 1.3 fixes. If issues persist, refer to `awscrt` documentation or AWS support for specific platform configurations.","message":"TLS 1.3 connectivity has experienced platform-specific issues. V1.28.0 explicitly failed TLS 1.3 connections on macOS, while v1.28.1 addressed a TLS 1.3 fix for Linux. Depending on your OS, connection stability with TLS 1.3 might vary across minor versions.","severity":"breaking","affected_versions":"1.28.0 (macOS), <1.28.1 (Linux)"},{"fix":"Immediately update to `awsiotsdk` v1.28.2 or newer to patch this buffer overflow vulnerability.","message":"Version 1.28.2 includes a critical fix for an eventstream decoder buffer overflow. Older versions are vulnerable to this issue, which could lead to application crashes or security vulnerabilities when processing malformed eventstream data.","severity":"breaking","affected_versions":"<1.28.2"},{"fix":"Thoroughly review the official documentation for certificate setup and PKCS#11 integration. Use `awscrt.io.init_logging(LogLevel.Trace, 'stderr')` for detailed debugging information.","message":"Certificate management, especially when using hardware security modules (HSMs) via PKCS#11, can be complex. Incorrect pathing, permissions, or module loading can prevent connection. Ensure certificates are correctly formatted (PEM) and accessible, and PKCS#11 configurations are precise.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}