SAS Token Handling for Custom Module Connectivity in Azure IoT Edge

Question

I am connecting a custom module to IoTHub using Azure IoT Edge.

• The authentication method for the IoT Edge device is "Symmetric Key."
• The package used for connecting to IoTHub is the azure-iot-sdk-c (https://github.com/Azure/azure-iot-sdk-c).
• Connection is established using the "IoTHubModuleClient_CreateFromEnvironment" function from the azure-iot-sdk-c.
• MQTT is the chosen protocol.
• Versions of IoT Edge, edgeHub, and edgeAgent are 1.4.16.

When connecting the custom module to IoTHub and transmitting telemetry, my understanding is as follows:

(1) The custom module generates an SAS token (generated during the execution of the "IoTHubModuleClient_CreateFromEnvironment" function in azure-iot-sdk-c).

(2) The custom module uses the SAS token generated in (1) to connect to edgeHub and passes the SAS token to edgeHub.

(3) The custom module uses the SAS token generated in (1) to transmit telemetry to edgeHub.

(4) edgeHub, using the SAS token passed in (2), transmits telemetry to IoTHub.

I want to confirm whether the SAS token between the custom module and edgeHub is the same as the SAS token between edgeHub and IoTHub or if they are different.

Thank you.

Answer 1

The SAS token you have mentioned is only used for communication between IoT Edge modules and IoT Edge Hub module. If there are multiple modules on your IoT Edge device, each module gets their own token using the above approach. Note that each of the modules here are connecting to IoT Edge Hub using ModuleClient

IoT Edge Hub on the other hand connects to Azure IoT Hub using DeviceClient. The configuration needed for IoT Edge Hub connection is set up during the Edge device deployment. For instance, notice the section Deploy the IoT Edge device where you could see the device connection string parameter set. This will be used by the IoT Edge runtime and IoT Edge Hub to authenticate and communicate with IoT Hub.

Refer to the documentation Understand the Azure IoT Edge runtime and its architecture to get a better understanding on the architecture and functionality of IoT Edge Hub.