The Architecture of AWS IoT Core

The simple and practical guide to communicating with an edge device using AWS IoT core.

Photo by Anh Trần on Unsplash

If we wish to smoothly ride Technology, we need to love it first…

Storytelling has been an integral part of Human Culture. It is believed to be an engaging way of communication that enchants the child within us. Since we are exposed to a million different concepts, it becomes strenuous to remember it all.

This blog intends to depict the Technical Knowledge in a story form so that it sketches a lasting impression on our minds.

For clarity and simplicity, this blog is divided into 3 parts.

The First part is the continuation of the story about a guy named Mathew Queen, Mr. MQ(fictional character) from my previous blog. (If you are aware of the concept of MQTT, go ahead with this article. If not please visit my previous blog here. )

The second part is getting familiar with the fundamental concept of AWS IoT Core.

The Third part is the fun zone, a practical set up that you can try at home, making your laptop as a special edge device.

So, let’s get started …

In our last blog, we lived through the challenges faced by Amelia and Clark and saw how beautifully Mathew transformed their lives.

Because of his adorable, light-hearted and friendly nature, he became an instant favourite in the community.

Mathew’s charm started to spread like a wildfire in the forest. Everyone wanted to talk with him, everyone wanted to execute business with him.

With thousands of clients pouring in; safety, security and authentication of clients became of prime importance for Mathew.

Mr. MQ collaborated with the company called AIC (AWS IoT Core service) for expanding his reach to his beloved audience (Client ID) in a secure (Private key, Public key, rootCA and certificate)fashion.

AIC being an incredible Company came bearing gifts (Rules Engine to connect with S3, DynamoDb, SNS, SQS, AWS Analytics etc..), it allowed Mr. MQ to reach beyond the horizon with new enterprises.

AIC also appointed Scarlett (Thing and Thing Shadow), a new assistant for Mr. MQ. Scarlett was so enthusiastic and dedicated, she would always look after (Synchronization) Mathew in case a connection was lost.

The friendship of AIC (AWS IoT Core) and Mr.MQ started changing the way cloud communication worked for the edge devices.

Image by https://mindmajix.com/what-is-aws-iot

Second Part: Technical

Taking the learnings from the above story, let us dive deep into understanding the Technology behind the AWS IoT Core.

This might seem little overwhelming for the first time, but hold on till the practical session and the puzzle will solve itself.

Photo by Ben White on Unsplash

AWS IoT provides the cloud services that connect your IoT devices to other devices and AWS cloud services. AWS IoT provides device software that can help you integrate your IoT devices into AWS IoT-based solutions. If your devices can connect to AWS IoT, AWS IoT can connect them to the cloud services that AWS provides.
citation from official AWS Resources.

Image by https://docs.aws.amazon.com/

The Major Components of AWS IoT Core are:

1. IoT Devices
2. AWS IoT Thing
3. Authentication and Authorization
4. Shadow
5. Test
6. Act — Rules Engine
7. Connect to AWS Services

IoT Devices

IoT Devices could be any compliant edge devices

to AWS IoT Standards (Example ESP8266, Raspberry Pi or your Laptop)

AWS IoT Thing

It is like a virtual device or a device registry for amazon to provide or validate its certificate.

Authentication and Authorization

AWS IoT Core provides mutual authentication and encryption at all points of connection so that data is never exchanged between devices and AWS IoT Core without a proven identity. This is accomplished by exchanging private key, public key, AWS Root CA and thing specific certificate.

It has two further components, private key and root certificate. You have to create a Policy (permissions of actions) and attach to the certificate which is finally attached to the thing.

Shadow

Device Shadow was created to protect from data loss in case of connection loss. It behaves as a virtual device on your cloud, that keeps the last recorded state and desired future state of each device when the device is offline. This provides the synchronisation when the device wakes up.

Image by Unknow Source

Test

Helps you test your topic with an AWS IoT Services provided publish and subscribe client.

Act-Rules Engine

The Rules Engine makes it possible to build IoT applications that gather, process, analyze and act on data generated by connected devices at a global scale without having to manage any infrastructure.

Connect to AWS Services

AWS IoT Services allows to route messages to AWS endpoints including AWS IoT Analytics, AWS IoT Events, AWS Lambda, Amazon Kinesis, Amazon S3, Amazon DynamoDB, Amazon CloudWatch, Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), Amazon Elasticsearch Service, and AWS Step Functions. External endpoints can be reached using AWS Lambda, Amazon Kinesis, Amazon SNS, and Rules Engine’s native HTTP action.

Image by https://volansys.com/design-practices-aws-iot-solutions/

Third Part: Practical

No theoretical knowledge is complete until we have little fun with it in our practical way.

Let’s create our python Client and communicate with AWS IoT Core.

Requirements:

• Laptop with an internet connection
• AWS Free Tier Account
• Python v3 installed

Let’s get started….

I am trying to go as much in detail as possible and trying to present slides for every minute step. So that it becomes fun and easy to reproduce.

1. Sign in to your Free Tier AWS account.

2. Select the IoT Core Service. Go to ‘Things’ and select on ‘Register a thing’.

3. Select ‘Create a single thing’.

4. Give a name to your Thing.

5. Select Next

6. Here it gives you an option to create a Certificate. Select ‘Create Certificate’.

7. Once the certificate is created. Download ‘certificate for this thing’, ‘private key’ and select Activate. Create a sub-directory in your folder called certificates, and store these files in that. Go to ‘a root CA for AWS IoT’

8. Download Amazon Root CA 1 and store it certificates sub-directory as root.pem

9. Select attach a Policy

10. No match found. That means we will have to create permissions (Policy).

11. Go To Policies and select ‘Create a Policy’.

12. Give an appropriate name for the Policy. Policy Statements is a huge topic by itself, for now, you can follow the same. In ‘Action’ provide ‘iot:*’, star symbol indicates all the permissions available under its service. For Resource give ‘*’, only for testing purpose, otherwise provide the specific arn number. It is not a good idea to use ‘*’ for production purposes. At last select ‘Allow’ in the Effect. Now, create your Policy.

13. Go to Things and select your thing name.

14. You will list of all the certificates for your thing. Select the certificate id.

15. Go to ‘Actions’ and select ‘Attach Policy’.

16. Attach the freshly created policy.

17. Its time to write our python client — ‘mqtt.py’. Pre-requisite: Download Python 3 and AWS IoT Device SDK for Python

mqtt.py
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
import time as t
import json
import AWSIoTPythonSDK.MQTTLib as AWSIoTPyMQTT
# Define ENDPOINT, CLIENT_ID, PATH_TO_CERT, PATH_TO_KEY, PATH_TO_ROOT, MESSAGE, TOPIC, and RANGE
ENDPOINT = "xxxxxxxxxxxx-ats.iot.us-east-1.amazonaws.com"
CLIENT_ID = "testDevice"
PATH_TO_CERT = "certificates/xxxxxxxxxx-certificate.pem.crt"
PATH_TO_KEY = "certificates/xxxxxxxxxx-private.pem.key"
PATH_TO_ROOT = "certificates/root.pem"
MESSAGE = "Hello World"
TOPIC = "mqttfun"
RANGE = 20
myAWSIoTMQTTClient = AWSIoTPyMQTT.AWSIoTMQTTClient(CLIENT_ID)
myAWSIoTMQTTClient.configureEndpoint(ENDPOINT, 8883)
myAWSIoTMQTTClient.configureCredentials(PATH_TO_ROOT, PATH_TO_KEY, PATH_TO_CERT)
myAWSIoTMQTTClient.connect()
print('Begin Publish')
for i in range (RANGE):
data = "{} [{}]".format(MESSAGE, i+1)
message = {"message" : data}
myAWSIoTMQTTClient.publish(TOPIC, json.dumps(message), 1)
print("Published: '" + json.dumps(message) + "' to the topic: " + "'mqttfun'")
t.sleep(0.1)
print('Publish End')
myAWSIoTMQTTClient.disconnect()

18. In the above code, modify Endpoint which you will get from interact. Modify pem files and crt files that you downloaded while creating the certificates. Remember, Mqtt.py and sub-directory certificates must be in the same location.

19. Let’s have some fun. Go to Test and subscribe to the topic ‘mqttfun’. Also, execute your python file with the following command.

python3 mqtt.py

20. Voila! you will see the message sent by python client from the edge device is received at the IoT Core Service.

Little Bonus:

This incoming message can be used to trigger multiple aws services like bulk email, bulk message, s3 bucket, DynamoDB etc. Thus, expanding the reach of edge device multifold.

Also, delete the thing certificate and policy once done. We don’t want to be paying for the services when not in use.

Hope, you enjoyed the tutorial and had fun with the practical. See you next time.

Until then.

Keep Playing!