Launch a secure MQTT broker in minutes. Eclipse Mosquitto with per-instance credentials auto-generated on first boot - no default passwords, no manual hardening. Backed by 24/7 cloudimg support.
This is a repackaged open source software product wherein additional charges apply for cloudimg support services.
## Overview
Eclipse Mosquitto is the open source message broker that implements the MQTT protocol - the de facto standard for lightweight publish/subscribe messaging on the Internet of Things. It is small, fast, and battle tested, and is the broker recommended by the OASIS MQTT technical committee. Eclipse Mosquitto has been downloaded millions of times and powers IoT deployments worldwide across industries including industrial automation, smart buildings, and fleet management.
This AMI delivers Eclipse Mosquitto fully installed and configured so a working, authenticated MQTT broker is running within minutes of launch. The current stable line is provided.
## What Is Included
Eclipse Mosquitto, installed from the official Mosquitto PPA, running as a single node broker. The mosquitto-clients package provides the mosquitto_pub and mosquitto_sub command line tools for publishing and subscribing from the instance itself or remote machines. The broker is the only workload on the image, so the platform stays lean and predictable.
## Authentication Enabled By Default
The image ships with password authentication switched on. The Mosquitto configuration sets allow_anonymous to false and points at a password file, so anonymous MQTT connections are rejected from the moment the broker starts. There is no public or default broker access. This eliminates the risk of exposed default credentials - a common attack vector in IoT deployments.
## Secure First Boot
On the first boot of your instance a one-shot service generates a fresh, strong password for the cloudimg MQTT user, unique to that instance, applies it to the broker with mosquitto_passwd, and writes it to a file that only the root user can read. No shared or default MQTT credentials ship in the image. Each instance receives its own cryptographically random credentials.
## Security and Hardening
## AWS Integrations
This broker integrates with your AWS environment:
The broker also works with popular open source platforms such as Node-RED for visual flow programming and Home Assistant for smart home automation.
## Use Case: Industrial IoT Telemetry Pipeline
A manufacturing facility with thousands of sensors reporting temperature, vibration, and pressure readings every 30 seconds publishes telemetry to the Mosquitto broker over MQTT. The broker fans out messages to subscribers including a time-series database for historical analysis and an alerting service for threshold breaches. The lightweight protocol keeps bandwidth low even over constrained factory networks.
## Ready To Use
1. Launch the AMI from AWS Marketplace in your chosen VPC and subnet
2. Ensure your Security Group allows inbound TCP on port 1883 (and 8883 if using TLS)
3. SSH into the instance using your key pair
4. Read the generated password: sudo cat /root/mqtt_password.txt
5. Test immediately: mosquitto_pub -h localhost -u cloudimg -P YOUR_PASSWORD -t test -m hello
6. Subscribe from another terminal: mosquitto_sub -h localhost -u cloudimg -P YOUR_PASSWORD -t test
The broker listens for MQTT on port 1883 by default; the user guide explains how to add a TLS listener on 8883 with your own certificate.
## cloudimg Support
24/7 technical support by email and chat. Help with MQTT broker deployment, authentication and access control, TLS configuration, bridging multiple brokers, AWS IoT Core integration, and broker tuning.
All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.