Connect ESP32 MicroPython to AWS IoT

Most IoT tutorials use something like a Raspberry Pi as the “thing”. The Raspberry Pi is a great device but when it comes to IoT, it feels too much like a computer to me. It has GPIO pins so you can connect different hardware but it runs a full Linux distribution (Raspbian, based on Debian).

I wanted to try a “real” IoT device and decided on an ESP32 from Espressif. The ESP32 is a small device, which has a Wi-Fi & Bluetooth Chip, and plenty of GPIO pins. It supports a range of firmwares including Mongoose OS, Zerynth, ESP Easy, FreeRTOS, and MicroPython.

Esp32 Breadboard Button

To make it a true IoT device, I added a hardware button. We are going to connect this ESP32 to AWS IoT and configure the ESP32 so it sends a message to AWS IoT when we press the button.

This lesson is lengthy, especially with all the AWS IoT screenshots. If you get lost, you can use the index below:


Let’s start with AWS. There are three components we need:

  • Thing
  • Certificate
  • Policy

The thing is our ESP32 and it requires a certificate for authentication. The policy defines what our thing can do.


Let’s start with the “thing” part. Head over to AWS IoT Core in the services overview:

Aws Services

Under Manage, choose Things:

Aws Iot Manage Things

You’ll see the following screen because you don’t have any things yet:

Aws Iot Register A Thing

Select register a thing and choose create a single thing:

Aws Iot Register Single Thing

We’ll give our thing a name. I’ll call it “esp32”:

Aws Iot Add Device To Thing Registry

You don’t have to select any of the options. Click Next and it will ask you to create a certificate.


The console asks us if we want to create a certificate. We need one so select the Create certificate option:

Aws Iot Add Certificate For Thing

In the following screen you will see the certificates that were created:

Aws Iot Certificate Created

Save the certificate, public key, and private key. We’ll need them later. We’ll also need the root certificates so click on the download button next to A root CA for AWS IoT. This takes you to the X.590 Certificate and AWS IoT page:

Aws Iot Root Certificates

Download all the certificates you see here. We’ll need them later.


Now we need to create a policy that defines what our thing is allowed to do. Head over to Secure and select Policies:

Aws Iot Secure Policies

The console tells us we don’t have any policies yet. Click on the Create a policy button:

Aws Iot Create Policy

Our policy requires two actions:

  • iot:Connect
  • iot:Publish

The iot:Connect action grants permission to connect to AWS IoT with client id “esp32” and the iot:Publish action restricts the device to publishing on a topic named “esp32”.

Here’s what our actions look like:

Aws Iot Create Policy Actions

Hit the Create button and head back to Secure > Certificates:

Aws Iot Certificates Esp32

In the upper right corner, select Actions:

Aws Iot Certificate Actions

Now choose the Attach policy option:

Aws Iot Certificates Attach Policy

Select the “esp32-policy” we created and click on the Attach button:

Aws Iot Certificate Attach Policy

There is one more thing to do. We need the REST API Endpoint. Go to Manage > Things:

Aws Iot Manage Things

Look for the Rest API Endpoint under Interact:

Aws Iot Thing Interact

Write down the REST API Endpoint. In my case it’s:

We’ll need it later when we configure the ESP32. This completes our AWS IoT configuration.


Time to get our hands dirty with the ESP32.


I’m using Windows 10. The first time you connect the ESP32 with the USB cable, your computer won’t recognize the device. Go to Device Manager and you will see an unknown device:

Device Manager Cp2102n

Double-click on the device and click on Update Driver:

Cp2102n Update Driver

Choose the first option to automatically search for the driver:

Cpn2102n Search Driver

This won’t take long. Once the driver is downloaded it will also show you the COM port number:

Cpn2102n Com Port

In my case, it’s COM4.

MicroPython Firmware

The ESP32 supports different firmwares. My personal favorite is MicroPython. I use Python for many things so it’s great that I can use it for the ESP32 as well.

MicroPython includes a small subset of the Python 3 standard library and is optimized to run on microcontrollers.

I downloaded the latest standard firmware (esp32-20190611-v1.11-44-g8b18cfede.bin) and saved it to my disk. To install the firmware, we need the esptool application. This tool allows us to communicate with the ROM bootloader of the ESP32.

We can install it with pip:

pip install esptool

On Windows, this gets installed in the username folder in the following directory:


First, we need to erase the flash. We do this with the following command: --chip esp32 -p com4 erase_flash v2.6
Serial port com4
Chip is ESP32D0WDQ5 (revision 1)
Features: WiFi, BT, Dual Core, 240MHz, VRef calibration in efuse, Coding Scheme None
MAC: 24:0a:c4:c1:0f:50
Uploading stub...
Running stub...
Stub running...
Erasing flash (this may take a while)...
Chip erase completed successfully in 8.7s
Hard resetting via RTS pin...

Excellent. We now have an empty flash. Let’s install the firmware we just downloaded: --chip esp32 -p com4 write_flash -z 0x1000 c:\users\renemolenaar\Downloads\esp32-20190611-v1.11-44-g8b18cfede.bin v2.6
Serial port com4
Chip is ESP32D0WDQ5 (revision 1)
Features: WiFi, BT, Dual Core, 240MHz, VRef calibration in efuse, Coding Scheme None
MAC: 24:0a:c4:c1:0f:50
Uploading stub...
Running stub...
Stub running...
Configuring flash size...
Auto-detected Flash size: 4MB
Compressed 1169696 bytes to 731891...
Wrote 1169696 bytes (731891 compressed) at 0x00001000 in 64.9 seconds (effective 144.2 kbit/s)...
Hash of data verified.

Hard resetting via RTS pin...

Our ESP32 now has the MicroPython firmware.


Let’s see if we can connect to our ESP32. We can use Putty for this. Enter the COM port number we found in Device Manager and set the speed to 115200:

Cpn2102n Putty Settings

Once you open the console, you see the following prompt:


Awesome. We now have access to Python on our ESP32!


Before we can connect our ESP32 “thing” to the Internet, we need connectivity. I’ll use the Wi-Fi chip for this. First we need to activate the Wi-Fi chip:

>>> sta_if = network.WLAN(network.STA_IF)
I (268050) wifi: wifi driver task: 3ffe2d70, prio:23, stack:3584, core=0
I (285637) wifi: wifi firmware version: 38e2484
I (285637) wifi: config NVS flash: enabled
I (285637) wifi: config nano formating: disabled
I (285637) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
I (285647) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
I (285677) wifi: Init dynamic tx buffer num: 32
I (285677) wifi: Init data frame dynamic rx buffer num: 32
I (285677) wifi: Init management frame dynamic rx buffer num: 32
I (285687) wifi: Init static rx buffer size: 1600
I (285687) wifi: Init static rx buffer num: 10
I (285697) wifi: Init dynamic rx buffer num: 32

You can verify whether the interface is active or not:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 791 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

1642 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. From where we can get the device to practice and whats the cost of device , currently I am in Saudia Arabia

  2. Hello Muhammad

    If you do a quick search online, you will see that the device is available on many sites including eBay. I’m not sure what the shipping capabilities are for each of these retailers for Saudi Arabia, but you will have to look at the policies of each provider.

    I hope this has been helpful!


  3. Hello Vic,

    In this example, technically, you only need these two files:


    You could use the IoT root CA certificates to verify that you are communicating with the actual AWS IoT servers, and some server impersonating them. In this example, I didn’t.


  4. Hi Christian,

    Did you also try the one I used?


    Just to make sure it’s a software issue, not a hardware issue.

    It is possible to convert certificate types. You could try to convert the AWS IOT X.509 certificates to DER:

    openssl x509 -in input.crt -out input.der -outform DER
    openssl x509 -in input.der -inform DER -out output.pem -outform PEM

    You can convert any certificate with openssl but if you are trying this in a lab and want a more convenient solution, there are online GUI converters.


  5. Hello Imran

    Thanks for sharing that! It’s so important for the community to share information that will make it easier for others to implement the lessons.

    Thanks again!


10 more replies! Ask a question or join the discussion by visiting our Community Forum