For some manufacturers that have been scaled up, the massive amount of user-side device authentication information is generally stored in an internal enterprise database, which not only facilitates management queries, but also increases the security of the data and reduces the risk of data leakage. Although EMQX Cloud supports bulk import of authentication information, in practice, if the number of authentication devices grows rapidly, it often takes a long time to modify or troubleshoot problems.
Previously, EMQX Cloud provided users with the ability to connect to self-built authentication centers through HTTP custom authentication to meet increasingly complex user authentication needs. Besides this, we have recently introduced MySQL and PostgreSQL external auth&acl, which supports direct verification of device authentication information from the user's MySQL or PostgreSQL database, helping to achieve more secure and faster access to a massive amount of devices.
As a fully-managed cloud-native MQTT messaging service, EMQX Cloud allows users to authenticate their devices and control Topic access through the console's Authentication & ACL module. Authentication is performed in the form of username and password, and access control supports three granularities of client ID, username, and all users. Bulk import of CSV files is supported for both authentication and access control.
In addition to storing authentication information in EMQX Cloud, users can also authenticate devices and realize more complex ACL verification logic by verifying user-side authentication information through external authentication authorization.
Users can access the External Auth & ACL feature by accessing the console and going to the left menu bar "Authentication & ACL" -> "External Auth & ACL". For specific configuration and debugging steps, please refer to the interface tips and the auxiliary document at the end of the text.
MySQL Auth/ACL Example
PostgreSQL Auth/ACL Example
With the External Auth&ACL feature, users can verify authentication information from external MySQL and PostgreSQL databases as the authentication data source, which makes it easier to store large amounts of data quickly and integrate with external device management systems.
- If built-in authentication is also enabled, EMQX Cloud will chain authentication in the order of default authentication first, followed by external authentication
- If the current deployment is the standard version, please fill in the public network address for the server address
- If the current deployment is professional Plan, you need to create a VPC peering connection, please fill in the intranet address for the server address
- If you are prompted with "Init resource failure!", check if the server address is correct, if the security group is enabled, and if the database is allowed to be accessed by the EMQX Cloud cluster
For more details on the use of MySQL and PostgreSQL External Auth & ACL, please refer to:
MySQL Authentication/Access Control: https://docs.emqx.com/en/cloud/latest/deployments/mysql_auth.html
PostgreSQL Authentication/Access Control: https://docs.emqx.com/en/cloud/latest/deployments/pgsql_auth.html