This content is part of the Conference Coverage: Your passport to AWS re:Invent 2016

AWS Internet of Things connection primer

Getting started with the Internet of Things can seem daunting to the inexperienced. This step-by-step guide helps you connect devices to the AWS IoT platform.

The Internet of Things enables communication and easy interaction between internally connected devices, and allows for an automated built-in communication pipeline with minimal human interaction. The AWS Internet of Things platform acts as a message broker -- routing relevant information between internet-connected devices, applications and other cloud services.

AWS Internet of Things (IoT) enables IT teams to register, manage and secure physically connected devices. IoT devices communicate with one other, mobile apps and other endpoints through the following service chain:

  • Only an authorized device or application can send commands or data to the broker. All data transmitted is encrypted by default -- the developer must maintain certifications and Identity and Access Management credentials.
  • The AWS Internet of Things message broker is used to publish and subscribe protocols, such as HTTP or MQTT, to ensure authentication of devices using the AWS IoT software development kit (SDK).
  • Once the message passes through the message broker, the AWS IoT Rules Engine applies a set of rules to specific sets of data and specific resources. In parallel, the AWS device shadow feature maintains the state of the IoT device. That way, if a device loses connection to the cloud, AWS products can still function from the virtual shadow.

Setting up AWS Internet of Things functionality

There are several ways to get started with the AWS Internet of Things service, depending on the user and integration process.

AWS SDKs for configuration: The main purpose is to create and manage identities and authorization. The rules engine attaches rules and actions to endpoints, as specified. It also assigns logging roles and levels, names and attributes to things in the Thing Registry.

AWS SDKs and Thing Shadows: This feature supports HTTP protocol to publish messages directly to the message broker and define the state of the Thing Shadow.

AWS IoT enables IT teams to register, manage and secure physically connected devices.

Device SDK for AWS IoT: This support connects the embedded device to an IoT platform, implements the security requirements to connect to the AWS IoT service broker and allows access to the Thing Shadow over MQTT without implementing support for an HTTP RESTful API. The AWS IoT Thing SDK was designed to work with a variety of industry standard real-time operating systems. The SDK embeds Linux and implements TLS 1.2 and cryptographic library to maintain the high security standards of the AWS IoT platform broker. Device SDK supports the Arduino Yun platform, Node.js, which is ideal for embedded Linux; and C, which is ideal for an embedded OS. To connect the physical device to these platforms using one of these OSes, follow the step-by-step instructions.

1. Sign in to the AWS Management Console and open the AWS IoT console. On the welcome page, choose Get started with AWS IoT.

2. On the following page, click Create a Thing, and then give it a name. I used the name MyNewThing. Next, click Create.

3. Check the details of the MyNewThing by selecting View thing.

4. On this page, you'll see the details of the newly created thing, followed by two options: Create a rule and Connect a device. To register the device with the thing, select Connect a device.

5. On the Connect a device page, select the SDK to use and then choose Generate certificate and policy. This will generate an X.509 certificate and key pair.

6. Activate the X.509 certificate and create an AWS IoT policy, then attach it to the certificate. Next, select Confirm and start connecting. After doing so, the following page displays SDK options for the device:

AWS IoT displays AWS SDK options for a connected device.
The AWS Internet of Things platform displays the available SDK options.

There are two versions of the AWS IoT Device SDK for C: OpenSSL and mbed TLS. Choose the OpenSSL link; this will download the AWS IoT Device SDK for C in a tarball (linux_mqtt_openssl-latest.tar).

8. It's important to set some policies to control the action of resources. To do so, select Create a policy. For the policy called IoT_All, putting iot: * into the Action field allows all actions and resources.

So far, we have created and registered a thing, attached a device or virtual app and attached the certificate to the device. This makes our platform ready to set the AWS IoT Device SDK for all types of embedded devices the AWS IoT service supports.

What is a thing, anyway?

Thing Shadow -- A JSON file that is used to keep the current state for a device.

Thing Registry -- The device registry or the attributes and capabilities associated with a device. The Thing Registry supports a device fleet identity management, such as a check-in using a unique serial number.

AWS IoT Thing SDK -- A device API that enables a developer to create interactions between the cloud and the device.

Putting AWS IoT platform into action with Raspberry Pi

Let's assume that we are going to fully set up a Raspberry Pi board with internet access. Once the board is set up properly, we set up the IoT Device SDK for C Runtime environment. To do so, we must install the OpenSSL library on Raspberry Pi.

In a terminal window, run:

$ sudo apt-get install libssl-dev

We previously downloaded linux_mqtt_openssl-latest.tar file, which needs to be transferred onto the Raspberry PI system through WinSCP or SCP. Once the file transfers, unzip it and place it into the devicesdk directory.

Next, create a certificate and place it into the cert folder. We need Root certificate associate (CA) and device-signed certificates. You can download a root CA from Symantec. Copy the content and paste it into a file, and then name the file aws-iot-rootCA.crt.

Device-signed certificates and device private keys create a 2048-bit RSA key pair and issue an X.509 certificate using the issued public key.

$ create-keys-and-certificate --public-key-outfile <value> --private-key-outfile <value>

Copy all of these certificates and place them into the cert directory, under the devicesdk directory.

The next step is to configure an endpoint, private key and certificate. To configure the endpoint, go back to step 4 above and copy the value of REST API ENDPOINT -- for example, -- of MyNewThings.

The AWS IoT Device SDK for C includes sample apps to try. For simplicity, let's run this file: subscribe_publish_sample.

Navigate to the deviceSDK/sample_apps/subscribe_publish_sample directory. In that folder, open the aws_iot_config.h

Then update the values for the following:

AWS_IOT_MQTT_HOST: The value of REST API ENDPOINT, which we copied in previous step.

AWS_IOT_MY_THING_NAME: Your thing name, which is MyNewThing in this example.

AWS_IOT_ROOT_CA_FILENAME: Root CA certificate, such as rootCA.crt.

AWS_IOT_CERTIFICATE_FILENAME: Certificate file name, such as cert.pem.

AWS_IOT_PRIVATE_KEY_FILENAME: Private key, such as privkey.pem.

Next, run the sample application by compiling the subscribe_publish_sample_app using the included makefile:

$ make -f Makefile

This will generate an executable file. Then run subscribe_publish_sample_app.

Finally, the Raspberry Pi is connected to the AWS Internet of Things using the AWS IoT Device SDK for C.

Next Steps

Get to work with AWS IoT

AWS opens IoT door for businesses

Manage IoT apps in AWS

Dig Deeper on AWS tools for development