This content is part of the Essential Guide: An admin's guide to AWS data management

AWS IoT platform connects devices to cloud services

Few businesses have the capital or infrastructure to successfully operate an Internet of Things back end. AWS IoT handles the hard work to enable cloud connectivity to real-world objects.

Developers can harness the Internet of Things for great insights, but it's not without challenges.

That's where the cloud comes in, as millions of intelligent devices streaming information and waiting for commands can create numerous data and device management problems. It's hard to imagine many organizations having the scale of systems and communications infrastructure required to build a real world Internet of Things (IoT) back end. The sheer volume of messages and real-time data processing can be enormous.

Still, it's an opportunity that's not lost on the biggest infrastructure as a service providers, as AWS and Microsoft Azure both introduced IoT services in the last six months. The AWS IoT platform can offer several advantages to Amazon cloud customers.

Announced at re:Invent 2015, AWS IoT is a suite of services designed to manage intelligent devices, such as industrial sensors and consumer wearables, and connect them to the broader AWS ecosystem. AWS collects the captured information, where it can stream into databases, trigger other services and respond to commands from external applications. The AWS IoT platform has five major components, plus a software development kit (SDK) with libraries that connect, authenticate and register devices to the IoT portal. These AWS IoT components are as follows:

Device Gateway

The AWS IoT platform features strong authentication, incorporates fine-grained, policy-based authorization and uses secure communication channels.

This is a publish/subscribe message broker that creates secure, one-to-one and one-to-many communications between devices and AWS. It supports both HTTP via RESTful API and Message Queuing Telemetry Transport (MQTT). The latter is an OASIS standard designed as a lightweight, publish-subscribe protocol that is preferable for IoT devices because of its small code footprint, speed and low resource use.

According to one set of tests, MQTT is faster and more efficient, with less network overhead than HTTP. It also uses less power -- important for battery-powered devices -- when transmitting messages or maintaining a connection and provides more reliable message delivery and retention. The Device Gateway allows clients -- IoT devices and mobile apps -- to receive command and control signals from the cloud, and can support billions of devices.

Authentication and authorization

The AWS IoT platform features strong authentication, incorporates fine-grained, policy-based authorization and uses secure communication channels. Each device needs a credential, typically an X.509 certificate or AWS key, to access the gateway message broker. Each device also has a unique identity, which is used to manage individual and group permissions within the system. Like other AWS products, IoT operates on the policy of least privilege, meaning IoT clients can only run operations if specifically granted permission to do so. Traffic to and from the service is encrypted over Transport Layer Security with support for most major cipher suites.

Device Registry

The Device Registry is like an identity management system for devices, where they check in, receive a unique identifier and store metadata, such as device attributes and capabilities. Typical metadata might include the type of data a particular sensor provides, such as the temperature, pressure, position, units of measurement (e.g., Fahrenheit, Celsius), the manufacturer, firmware version and serial number. AWS doesn't charge for using Device Registry and metadata doesn't expire -- as long as an entry is accessed or updated at least once every seven years.

Device Shadow

Shadows are virtual representations of a device, recorded as JavaScript Object Notation documents, which live in the cloud and are available whether or not a device is connected. They include data such as device state (desired and reported), device metadata (e.g., sensor types), a client token (a unique ID), a document version (incremented every time the shadow information is updated) and timestamp of the last message to AWS. The desired state is typically updated by IoT apps used to manage or control devices, while the reported state is data sent from the device.

Applications interact with the Device Shadow, not the actual device, which enables proper operation whether or not the device is connected. This is an important consideration given the intermittent nature of IoT connectivity.

Rules Engine

The brains of AWS IoT is the Rules Engine. This is how IoT applications gather and process data and execute instructions. Like other data pipelines, it parses and analyzes incoming messages and triggers actions on other Amazon cloud services, including AWS Lambda, Kinesis, Amazon Simple Storage Service, Machine Learning and DynamoDB, based on predefined criteria.

The Rules Engine also communicates with external devices or applications using AWS Lambda, Kinesis and Simple Notification Service. The Rules Engine uses a SQL-like syntax with functions for string manipulation, math operators, context-based helper functions, crypto support and metadata lookup -- UUID, timestamp and so on. Rules can also trigger Java, Node.js or Python code to run in AWS Lambda, allowing for arbitrarily complex operations.

Examples and getting started

AWS has 10 hardware partners, including Broadcom, Intel, Qualcomm and Texas Instruments, with IoT Starter Kits that support the AWS SDK. These kits include microcontroller development boards, sensors and actuators and a copy of the SDK.

The AWS IoT Button is another option. This is an alternative to the Dash Button, and can be used to trigger IoT workflows without writing device-specific embedded code. For example, a button press could launch a Lambda job that connects to Twilio and sends a text message to Dominos, ordering your favorite pizza.

The AWS IoT platform released to general availability in December and is available in four regions -- two in U.S. and one in each the E.U. and Asia-Pacific regions. The price is $5 per million messages up to a 512-byte block of data published to or delivered by the service. This means that a 900-byte payload counts as two messages. For example, if an organization has 100 sensors, each updating data every minute, that's 4.32 million messages per month. If the Rules Engine sends each sensor reading to an external metering device and records it in a DynamoDB table, that's another 4.32 million external and internal AWS message deliveries. Messages within AWS are free, so the total is 8.64 million messages for the month, or $43.20. The AWS Free Tier includes 250,000 IoT messages, so developers can do a lot of prototyping without incurring any charges.

Next Steps

AWS IoT houses billions of connected devices

AWS at forefront of IoT revolution

Support IoT apps in AWS

Dig Deeper on AWS tools for development