And good news: the Arduino example is safe. An example where the safety is embedded from the get go.
The exercise is easy. I just had to follow the tutorial from arduino.cc to make it work. And that proves that it isn't impossible to get everyone started with safe solution. The supplier just has to put the effort in to write the instructions and have no example where security is omitted.
What do you need?
You'll have to get a free AWS account, a Arduino MKR 1010 and a WiFi connection to the internet.
I am not repeating the excellent tutorial. If you haven't done so, read it now. Just follow it step by step.
There's one correction: where the tutorial says to download ArduinoMqtt, you actually have to install ArduinoMqttClient.
The example did compile out of the box on Arduino IDE 1.8.8. I had a compile error with version 1.8.1.
What does it do?
The sketch first logs on to your WiFi router. It will then make an SSL connection to AWS.
WiFiClient wifiClient; // Used for the TCP socket connection
BearSSLClient sslClient(wifiClient); // Used for SSL/TLS connection, integrates with ECC508
It uses certificates for authentication.
Once that's successful, it'll send messages to the topic arduino/outgoing and subscribe to messages posted on arduino/incoming.
Here you see messages from the MKR1010 arriving in AWS:
And this is a message from AWS retrieved by the MKR1010.