AWS IoT – Basics

by

Introduction

Internet of things (IoT) is pretty ambiguous. Any phrase with the word “things” in it is inevitably somewhat ambiguous, right? IoT is a popular and rich topic and depending on the view there is a lot which falls under this term. However, in this post, we will keep it to its core, just a simple use case where we have one or more devices and we want to manage, communicate and use them for our purposes.

I’ve previously written few posts on this topic. You can refer to this post, where I discussed the device landscape for IoT.

From implementation point of view, we have few options, build our own infrastructure, with or without libraries, use cloud providers and/or mix of different technologies. In this post, we will be using AWS IoT service.

AWS IoT is a managed cloud platform that lets connected devices – cars, light bulbs, sensor grids, and more – easily and securely interact with cloud applications and other devices.

In this getting started course, we will not be touching the actual physical device but instead see the mechanism using a NodeJs process. Later in posts, we will see how to read values from actual sensors but the principles will be the same. This will keep the complexity in check in scope of this basic setup.

The following are few of the areas where you can consider using AWS IoT:

  • Connect and Managed Devices: Secure and consistent way to connect to device. You can use variety of communication protocols to connect devices to the cloud such as – HTTP, MQTT, or WebSocket.
  • Process and act upon device data: Filter, transform, and act upon data from devices on the fly, based on business rules. Easy integration with other AWS services e.g. Amazon DynamoDB, AWS Lambda etc.
  • Read and set device state at any time.
  • Provides scalability to larger number of devices .

There are many use cases and areas where AWS IoT can be used.

AWS IoT Security

Security is a very important concern for IoT and AWS provides different level of security mechanism for various application needs:

  • TLS for protecting data on the wire.
  • X.509 certificates for device identity.

These two technologies provide safety from man-in-middle attack and device impersonation.

Furtherer more on AWS we also have IAM accounts for access to AWS resources and Policies to configure action permissions.

AWS IoT Connectivity

MQTT is the protocol to support intermittent connectivity with the devices.

Shadow Devices: Small database of the last state of your device along with the message broker, allows the control of your device in almost any environment.

Setting up an IoT Device

We can use AWS CLI or AWS Web Console to create a Thing for our device. An IoT thing is the representation of our physical asset.

As part of the Things creation process, we will also need to get the certificates to be used to identify our device to AWS.

Following screenshot shows AWS IoT Web Console to manage things and other AWS IoT resources:

Further more, to speed up development, AWS provide SDK for various development environments. SDK supports many popular programming languages including JavaScript, Java, Node.js and Python.

Creating a Thing

Creating a Thing, is a very simple process, typically involves following steps:

  • Specify Device Properties
  • Create/Attach Certificates
  • Create/Attach a Policy

Create Certificates (for secure connection and data exchange)

Before, we create a thing, we need to create a set of certificates unique to our application. We will also need to download the AWS Certificate.

Create a Policy

We will need to create a policy, which tells AWS what capabilities to allow the device.

Demo – Create a Thing

From AWS IoT Web console, you can start create a thing wizard as shown below:

Click Next:

Here, give it a name and accept all other defaults. Click Next:

Select recommended option for certificates and click Next:

If you want you can click Create policy button (we will do this step later) and for now directly click, Create thing.

You will be asked to download certificates as shown below:

and once downloaded, we can finish the wizard and notice that thing is created:

Create AWS IoT Policy

We can start creating policy using following option on the AWS Web Console:

Policy can be applied to any number of certificates. Here I will create a very basic default policy:

This policy will allow any device to access any IoT resource. Once done, click the Create button:

With DefaultPolicy created, we can now return to list of things, select the thing and in details -> certificates, click the certificate as shown below:

This will open up a new page, where we can go to policy section:

from Action drop-down, select Attach policy. It will open up a new dialog, where we can select DefaultPolicy we created earlier:

With that, we have created our thing and we are ready to write code for our device.

AWS IoT using AWS CLI

Now, in this section, we will see how to use AWS CLI to create a thing. Use of CLI is great for automation purposes as well. Check this post for details about how to setup AWS CLI and some basics.

List Things:

We can list IoT things, using following command:

aws iot list-things

here is output showing earlier created thing:

Create a Thing:

aws iot create-thing --thing-name "TestDeviceCli"

as we can see that a new thing is created.

Provision Certificates:

aws iot create-keys-and-certificate --set-as-active --certificate-pem-outfile certificate.pem --public-key-outfile publicKey.pem --private-key-outfile privateKey.pem

It will generate the files:

Certificate is created and we will now setup that our thing use this client certificate.

Attach a thing to a client certificate

aws iot attach-thing-principal \
    --principal certificateArn \
    --thing-name thingName

please replace the certificateArn and thing name in the command as shown below:

If you want, you can use web console to verify that thing and certificates are attached:

Create a Policy:

aws iot create-policy --policy-name "test-policy" --policy-document file://default-policy.json

Attach a Policy to client Certificate:

aws iot attach-principal-policy --principal "certificate-arn" --policy-name "test-policy“

notice the certificate-arn, you need to replace it:

You can use Web Console to verify that policy and certificates are attached:

So far, we have created a thing, certificates for the thing, policy and attach these bits together. We saw how to do it using web console as well as using aws cli.

Connectivity Test

Now, we have already covered few topics in this getting started articles and I don’t wanna overload you with more information. We will cover device connection and communication in details in later posts. However, just to give you an idea and show you a basic workflow implementation i.e. sending data from our application to AWS IoT platform and back, we will see a simple Node.JS application demo.

AWS offers SDK for IoT integration for different programming languages such as Java, C++, JavaScript, Python. You can check more details on this link.

There are great many resources and examples online. For example the javascript SDK github page, have a very simple example on this link. I will use this basic example for our demo today.

I created a folder for source code and setup a GitHub repository, initialized it and install aws-iot-device-sdk package using npm:

npm install aws-iot-device-sdk

Here is how the initial project structure and JavaScript code looks like. device.js file contains the code and its very simple and self explanatory:

As you can see, I created a new folder certs and copied certificate which we created earlier for the thing. In device.js file, we require the SDK, we provide certificate paths and then wired two events connect and message.

We can then simply execute this code using node and we see that we are able to connect to AWS IoT successfully from console msg “connect”.

If, we now go to AWS IoT Web Console (Monitor), we can see same connection information there:

We can use Web Console for sending message to our application as well using the Test option:

From the web console, I am publishing to a Topic (topic_1) and this is the same topic, our nodejs code is listening on:

This is off course a very basic example, but you can see, how easy it is to integrate AWS IoT Core in our application.

You can download the source-code from this git repository (however, you need to place your own certificates in certs folder).

Summary

In this post, we covered basics of AWS IoT platform. We saw a simple workflow of creating a thing, getting certificates, creating and attaching policies using AWS Web Console and AWS CLI.

We then saw a simple example of how to use AWS JavaScript SDK for creating a NodeJS application to connect to our IoT thing and send and receive messages.

IoT is a big and interesting topic and we just took a very first step in this direction. In coming days, we will cover more advance use cases and solutions involving IoT.

Let me know if you have some comments or questions. Till next time, Happy Coding.

2 thoughts on “AWS IoT – Basics”

  1. Pingback: AWS IoT With .NET Core (MQTT) – Hex Quote
  2. Pingback: AWS IoT Basics – Persisting IoT Data to DynamoDB – Hex Quote

Comments are closed.