BG95-M3 Doesn't call callback function!

Hello everyone!
In our company has been developing device which based on modem BG95-M3. I work with example of MQTT from SDK (Quectel_BG95_QuecOpen_SDK_Package_V1.1.7\quectel\example\mqtt) I run this example with ssl (port 8883). I successful publish in test topic to AWS and my messages comes to AWS console. I successfully subscribe on test topic but when I publish message from AWS console, I do not receive callback (qapi_Net_MQTT_Set_Message_Callback). Below I present fragments of code for more understanding.
I put timeout before disconnect 2 min. At this time, I published message from AWS console:
Firmware version on my BG95-M3:
AT+QGMR BG95M3LAR02A03_01.015.01.015
OK
Also, I’m trying doing at same with help AT commands! You can find LOG below.
Publishing is Ok!
Subscribe is also Ok to!
But when I subscribe and try to publish message from AWS I don’t receive any Report when the client has received the packet data from MQTT server.
(+QMTRECV: <client_idx>,,,)

Please help me resolve my issue.
Thanks in advance!

/* test with Telit Iot Platform */
uint8 clean_session = true;
char will_topic_ptr[] = “will_topic”;
uint8 will_topic_len = strlen(will_topic_ptr);
char will_message_ptr[] = “will_msg”;
uint8 will_message_len = strlen(will_message_ptr);
uint8 will_qos = 0;
char username_ptr[] = “ggq1992@126 com”;
uint8 username_len = strlen(username_ptr);
char password_ptr[] = “00quectel&mqtt”;
uint8 password_len = strlen(password_ptr);
char client_id[] = “12345”;
uint8 client_id_len = strlen(client_id);
struct sockaddr_in *sin4;
struct ip46addr ipaddr;
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
MQTT_UART_DBG(“conn_mqtt entry”);

memset(&mqttdemo_cfg, 0, sizeof(mqttdemo_cfg));

sin4 = (struct sockaddr_in *)&mqttdemo_cfg.remote;
sin4->sin_family = AF_INET;
sin4->sin_port = _htons(8883);
#if 0
sin4->sin_addr.s_addr = inet_addr(“220.180.239.212”);
#else
ipaddr.type = AF_INET;
get_ip_from_url(CLI_MQTT_SVR_NAME, &ipaddr);
sin4->sin_addr.s_addr = ipaddr.a.addr4;
#endif
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
qapi_Status_t pub_mqtt( )
{
char topic[] = “pub_topic”;
char msg[] = “Hello from BG95 app”;
int qos = 0;
int retain = 0;

if(NULL == app_mqttcli_ctx)
{
MQTT_UART_DBG("No MQTT Connection, Please do MQTT connection first ");
return QAPI_ERROR;
}

mqtt_cli_publish((uint8 *)topic, (uint8 *)msg, qos, retain);

return QAPI_OK;
}
qapi_Status_t sub_mqtt()
{
char topic[] = “sub_topic”;
int qos = 0;

if(NULL == app_mqttcli_ctx)
{
MQTT_UART_DBG("No MQTT Connection, Please do MQTT connection first ");
return QAPI_ERROR;
}
mqtt_cli_subscribe((uint8 *)topic, qos);

return QAPI_OK;
}
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

      MQTT_UART_DBG("DSS_SIG_EVT_CONN_E Signal");

      tcp_show_sysinfo();

        /* Connect to mqtt server */
      conn_mqtt();
    
      /* Subscribe topic*/
      sub_mqtt();

      /* Publish msg with a topic*/
      pub_mqtt();

      /* wait for the interaction to complete */
      qapi_Timer_Sleep(120, QAPI_TIMER_UNIT_SEC, true);
      
      /* Disconnect to mqtt server */
      disconn_mqtt();

Debug LOG:
RDY

+QDBGPRNT:MQTT Task Start…
+QDBGPRNT:~ qapi_Device_Info_Init OK [0]
+QDBGPRNT:[dev_info] status, status 0
+QDBGPRNT:[dev_info] qapi_Device_Info_Set_Callback, status 0

APP RDY
+QDBGPRNT:~type[b] id[29] status[1]
+QDBGPRNT:network registered!
+QDBGPRNT:Initializes the DSS netctrl library
+QDBGPRNT:qapi_DSS_Init success
+QDBGPRNT:Registering Callback tcp_dss_handle
+QDBGPRNT:tcp_dss_handle -459603174, status 0
+QDBGPRNT:Registed tcp_dss_handler success
+QDBGPRNT:Setting tech to Automatic
+QDBGPRNT:Setting APN - internet
+QDBGPRNT:Setting family to IPv4
+QDBGPRNT:qapi_DSS_Start_Data_Call start!!!.
+QDBGPRNT:Start Data service success.
+QDBGPRNT:Data test event callback, event: 1
+QDBGPRNT:Data Call Connected.
+QDBGPRNT:SIGNAL EVENT IS [4]
+QDBGPRNT:DSS_SIG_EVT_CONN_E Signal
+QDBGPRNT:<— static IP address information —>
+QDBGPRNT:static IP: 10.212.140.145
+QDBGPRNT:Gateway IP: 10.212.140.146
+QDBGPRNT:Primary DNS IP: 46.56.128.20
+QDBGPRNT:Second DNS IP: 46.56.128.4
+QDBGPRNT:<— End of system info —>
+QDBGPRNT:conn_mqtt entry
+QDBGPRNT:@@@j = 1
+QDBGPRNT:Primary DNS IP: 46.56.128.20
+QDBGPRNT:Second DNS IP: 46.56.128.4
+QDBGPRNT:Start DNSc…
+QDBGPRNT:device_name: rmnet_data0
+QDBGPRNT:hostname: a1fr79kqcc2q4h-ats.iot.eu-central-1.amazonaws.com is resoling in interface: rmnet_data0
+QDBGPRNT:reshost ret: 0
+QDBGPRNT:a1fr79kqcc2q4h-ats.iot.eu-central-1.amazonaws.com → 18.157.225.153
+QDBGPRNT:Reading EFS file size 1187
+QDBGPRNT:Read /datatx/AmazonRootCA1.pem, result 0
+QDBGPRNT:mqtt_calist.bin qapi_Net_SSL_Cert_Convert_And_Store: 0
+QDBGPRNT:Reading EFS file size 1224
+QDBGPRNT:Read /datatx/3e51-certificate.pem.crt, result 0
+QDBGPRNT:Reading EFS file size 1675
+QDBGPRNT:Read /datatx/3e51-private.pem.key, result 0
+QDBGPRNT:mqtt_cert.bin qapi_Net_SSL_Cert_Convert_And_Store: 0
+QDBGPRNT:client_len=5, client_str=12345
+QDBGPRNT:username_len=15, username_str=ggq1992@126_com
+QDBGPRNT:pwd_len=14, pwd_str=00quectel&mqtt
+QDBGPRNT:mqtt_cli_connect entry
+QDBGPRNT:Mqtt Context created success, ctx=0x55ec6a9b
+QDBGPRNT:IP for remote: 18.157.225.153 Port: 8883
+QDBGPRNT:Connecting…
+QDBGPRNT:MQTT Connected, reason code=0
+QDBGPRNT:MQTT Connect Successfull
+QDBGPRNT:subscribing…
+QDBGPRNT:Subscribe Successfull
+QDBGPRNT:Published trying…
+QDBGPRNT:Published Successfull
+QDBGPRNT:Subscribe granted, topic=sub_topic, qos=0
+QDBGPRNT:Disconnecting…
+QDBGPRNT:Disconnect Successful

AT Commands LOG:
AT+QFLST=“*” +QFLST: “3e51-certificate.pem.crt”,1224
+QFLST: “3e51-private.pem.key”,1675
+QFLST: “AmazonRootCA1.pem”,1187
+QFLST: “security/”,2

OK
AT+cereg=2 OK
ATE1 OK
AT+CIMI 257010017547199

OK
AT+CGDCONT=1,“IP”,“iot.1nce,net” OK
AT+CGACT=1,1 OK
AT+CGPADDR=1 +CGPADDR: 1,10.212.140.145

OK
AT+COPS? +COPS: 0,0,“A1 BY”,0

OK
AT+CEREG? +CEREG: 2,4

OK
AT+CREG? +CREG: 0,1

OK
AT+CGREG? +CGREG: 0,1

OK
AT+QSSLCFG=“sslversion”,1,4 OK
AT+QSSLCFG=“ciphersuite”,1,0x0035 OK
AT+QSSLCFG=“seclevel”,1,2 OK
AT+QSSLCFG=“negotiatetime”,1,300 OK
AT+QSSLCFG=“cacert”,1,“AmazonRootCA1.pem” OK
AT+QSSLCFG=“clientcert”,1,“3e51-certificate.pem.crt” OK
AT+QSSLCFG=“clientkey”,1,“3e51-private.pem.key” OK
AT+QSSLCFG=“ignorelocaltime”,1,0 OK
AT+QSSLCFG=“sni”,1,1 OK
AT+QMTCFG=“pdpcid”,0,1 OK
AT+QMTCFG=“ssl”,0,1,1 OK
AT+QMTCFG=“version”,0,4 OK
AT+QMTOPEN=0,“a1fr79kqcc2q4h-ats.iot.eu-central-1.amazonaws com”,8883 OK

+QMTOPEN: 0,0
AT+QMTCONN=0,“MQTT” OK

+QMTCONN: 0,0,0
AT+QMTPUBEX=0,0,0,0,“topic_1”,“Hello from BG95M3” OK

+QMTPUB: 0,0,0
AT+QMTDISC=0 OK

+QMTDISC: 0,0

Publishing is Ok!
Let’s try to subscribe:

AT+QMTOPEN=0,“a1fr79kqcc2q4h-ats.iot.eu-central-1.amazonaws com”,8883 OK

+QMTOPEN: 0,0
AT+QMTCONN=0,“MQTT” OK

+QMTCONN: 0,0,0
AT+QMTSUB=0,1,“topic_2”,0 OK

+QMTSUB: 0,1,0,0

Subscribe is also Ok!

Ok, I found resolve for my issue!

For correct work this example you have to make sure that:

  • Firmware on your BG95-M3 should not be older then BG95M3LAR02A03_01.015.01.015 (you may check this with command “AT+QGMR“)
  • The Policies connected with uses certificate should be contain next fields:
    {
    “Version”: “2012-10-17”,
    “Statement”: [
    {
    “Effect”: “Allow”,
    “Action”: “iot:Connect”,
    “Resource”: “arn:aws:iot:eu-central-1:123456789000:"
    },
    {
    “Effect”: “Allow”,
    “Action”: “iot:Publish”,
    “Resource”: "arn:aws:iot:eu-central-1:123456789000:

    },
    {
    “Effect”: “Allow”,
    “Action”: “iot:Subscribe”,
    “Resource”: “arn:aws:iot:eu-central-1:123456789000:"
    },
    {
    “Effect”: “Allow”,
    “Action”: “iot:Receive”,
    “Resource”: "arn:aws:iot:eu-central-1:123456789000:

    }
    ]
    }

And I provide correct log AT Commands:
AT+QFLST=“*”

+QFLST: “3e51-certificate.pem.crt”,1224
+QFLST: “3e51-private.pem.key”,1675
+QFLST: “AmazonRootCA1.pem”,1187
+QFLST: “security/”,2
OK
AT+cereg=2
OK
ATE1
OK
AT+CIMI
257010017547199
OK
AT+CGDCONT=1,“IP”,“iot.1nce_net
OK
AT+CGACT=1,1
OK
AT+CGPADDR=1
+CGPADDR: 1,10.215.204.55
OK
AT+COPS?
+COPS: 0,0,“A1 BY”,0
OK
AT+CEREG?
+CEREG: 2,4
OK
AT+CREG?
+CREG: 0,1
OK
AT+CGREG?
+CGREG: 0,1
OK
AT+QSSLCFG=“sslversion”,1,4
OK
AT+QSSLCFG=“ciphersuite”,1,0x0035
OK
AT+QSSLCFG=“seclevel”,1,2
OK
AT+QSSLCFG=“negotiatetime”,1,300
OK
AT+QSSLCFG=“cacert”,1,“AmazonRootCA1.pem”
OK
AT+QSSLCFG=“clientcert”,1,“3e51-certificate.pem.crt”
OK
AT+QSSLCFG=“clientkey”,1,“3e51-private.pem.key”
OK
AT+QSSLCFG=“ignorelocaltime”,1,0
OK
AT+QSSLCFG=“sni”,1,1
OK
AT+QMTCFG=“pdpcid”,0,1
OK
AT+QMTCFG=“ssl”,0,1,1
OK
AT+QMTCFG=“version”,0,4
OK
AT+QMTOPEN=0,“a1fr79kqcc2q4h-ats.iot.eu-central-1.amazonaws_com”,8883
OK
+QMTOPEN: 0,0
AT+QMTCONN=0,“MQTT”
OK
+QMTCONN: 0,0,0
AT+QMTPUBEX=0,0,0,0,“topic_1”,“Hello from BG95M3”
OK
+QMTPUB: 0,0,0
AT+QMTDISC=0
OK
+QMTDISC: 0,0
AT+QMTCFG=“pdpcid”,0,1
OK
AT+QMTCFG=“ssl”,0,1,1
OK
AT+QMTCFG=“version”,0,4
OK
AT+QMTOPEN=0,“a1fr79kqcc2q4h-ats.iot.eu-central-1.amazonaws_com”,8883
OK
+QMTOPEN: 0,0
AT+QMTCONN=0,“MQTT”
OK
+QMTCONN: 0,0,0
AT+QMTSUB=0,1,“topic_2”,0
OK
+QMTSUB: 0,1,0,0
+QMTRECV: 0,0,“topic_2”,“{
“message”: “Hello from AWS IoT console”
}”
AT+QMTUNS=0,1,“topic_2”
OK
+QMTUNS: 0,1,0
AT+QMTDISC=0
OK
+QMTDISC: 0,0