Introduction: How to Setup Mosquitto MQTT on AWS

Hi! I'am going to set up a private MQTT broker with password on my AWS(amazon web service) account for my IOT projects. To do this, I made a free account on AWS which is good for 1 year by going here:


Sofware used:



Step 1: Create an AWS Account

First, you'll need an AWS account.. I already made a free account which is good for 1 year and used it to sign in. You can create yours by going to this link, clicking "Create a free Account" and providing necessary information:

Step 2: Create a Virtual Machine


The Internet is composed two types of machines: a server or a client. A server provide services to you while the client request for the service. When you open this web page, your machine request a copy of this web page that was stored in the server. Upon receiving your request, the server sends you a copy enabling you to see it. To ensure that our MQTT broker(the service) can be accessed using other computer or electronic devices anytime, we need to install the broker to a server machine that is always turned on and connected to the internet. To do this, we rent a virtual machine,which is also known as image, on AWS that functions like a computer.


Via the Management Console

  1. Upon sign in, you'll be directed to AWS Management Console.
  2. Below the build solution click on "Launch a virtual Machine" as shown in the picture.


  1. You can also launch an instance by going to this link
  2. On the top right of the navigation bar, select your current region. In my case, its Singapore.
  3. Below the Launch instance, click on the "Launch instance" button

Step 3: Choose an Amazon Machine Image (AMI)

In this step, you'll be choosing the type of operating system(linux,windows,redhat and many more) and memory(64 bit /86 or arm) for our virtual machine.

  • Choose from the "Quick Start" type of AMI in the left pane "Ubuntu Server 18.04 LTS (HVM), SSD Volume Type - ami-0f7719e8b7ba25c61 (64-bit x86) / ami-02b6622eae4966dfd (64-bit Arm) with a free tier on its logo.
  • Ensure that the root device type: ebs and virtualization type is HVm since its faster to connect based on this

Step 4: Choose and Configure Instance Type

In the last step, we configured the computer. Here, we set it up as a server with the following memory storage and is connected to the internets(IPV6 support should say yes)

  1. Click on the Free tier eligible of type t2.micro.
  2. You can click "Review and launch"right away or Optionally, click on "Next: Configure Instance Details" on the bottom right corner
  3. Click on "Next: Add tags"

  4. Click "Go to Configure Security tabs". Here, Click add rule Until you have the following ports open:

  • 1883 : MQTT, unencrypted
  • 8883 : MQTT, encrypted
  • 8080 : MQTT over WebSockets, unencrypted
  • 8081 : MQTT over WebSockets, encrypted

5.Click on "Review and launch" on the bottom right corner

Step 5: Review Instance Launch

Review the details of your virtual machine. In AWS, they call it instance.

  • A Security warning may show up just below the review instance launch.

To remove it, go to "configure security group" and select known IP addresses using custom, or using your IP address for the type "SSH". Changing this Source value limits the devices that can connect to your virtual machine. In this case, we will use anywhere.

  1. Click "launch" on the Review tab.
  2. You will be asked to choose a key pair. Choose "Create a new key pair" on the drop down and its name. Save this file since you'll use to access your virtual machine later on.
  3. Click "Launch Instance"

Step 6: Get Public IP Address


As mentioned earlier, there is a server and a client. We can think about server as the food establishment, the internet as the food delivery service and us as the clients. First we "request" for food from an specific food establishment by telling its "address". The food delivery service the goes to that "address". The food establishment "serves" the food to the food delivery service which is then delivered to you. Similarly, our server need a Public IP Address to be reachable from the internet. To do so,

  1. Go to Network & Security tab located on the left pane
  2. Click Elastic IPs
  3. Click Allocate Elastic IP address.
  4. Press the "Allocate" button and wait till it redirects you to a page with a banner saying "Elastic OP Address Allocated"

Step 7: Connect to Your Instance

In the instances tab on the left side, click on "Instances". I've decided to name my instance as "MQTT Broker" by clicking on the name enclosed box on the name area. To connect to this instance:

  1. Right click on that instance row and click click connect.
  2. Choose a Connection method. For standalone SSH client, follow AWS official guide on connecting using PUTTY. See pictures for attached pictures on my installation.
  3. After connecting to the instance type the following commands:
    • sudo apt update
      Update the linux version on your machine
    • sudo apt install mosquitto mosquitto

      Installs the mosquitto broker

    • sudo apt install mosquitto mosquitto-clients

      Installs the mosquitto client

    • mosquitto -v

      Check the mosquitto version to ensure its installed properly. There should be a message saying "Opening ipv4 listen socket on port 1883" if installed properly. An "Error: Address already in use" means the broker is already running

    • mosquitto_sub -h -t "test"

      Listens to a topic names"test" on the broker at this public address(IPv4 Public IP)

  4. Send a Publish using a windows client like MQTT-LENS with an input similar to the attached last attached picture. You should be able to receive the message on your linux console

Step 8: Securing With a Password

On the linux console type the following to create a password. Replace with a username of your choice.

sudo mosquitto_passwd -c /etc/mosquitto/passwd <name>

It will prompt for a password twice. be careful since it will not show letters being typed out. After this, create a config file named "default.conf" located on a file path "etc/mosquitto/conf.d/" using linux server text editor named "nano" as an admin/root user by typing "sudo"

<p>sudo nano /etc/mosquitto/conf.d/default.conf</p>

After opening the file, paste the following. Save and exit by pressing Ctrl + X

allow_anonymous false
password_file /etc/mosquitto/passwd

To apply this changes restart the mosquitto by typing "Ctrl+O","Enter" and "Ctrl+X"

sudo systemctl restart mosquitto

You can now try it again using your choice of windows client and input the corresponding username and password to connect.