This is a 400 level session that will discuss how customers can use Amazon FreeRTOS on microcontrollers with Greengrass at the edge. It will walk through connecting your devices running Amazon FreeRTOS, how to connect devices to Greengrass, and how these two services can work together to solve customer use cases. We will also cover security and authorization across Amazon FreeRTOS and Greengrass.

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Greengrass and Amazon FreeRTOS
C o n n e c t i v i t y a n d S e c u r i t y a t t h e E d g e
N o v e m b e r 3 0 , 2 0 1 7
A W S r e : I n v e n t
Shyam Krishnamoorthy
Senior Manager, Amazon FreeRTOS
Jimi Shah
Software Development Manager, AWS Greengrass
Dan Griffin
Senior Software Engineer, Amazon FreeRTOS

2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Agenda
q Introduction to AWS Greengrass and Amazon FreeRTOS
q Scenario: Enabling innovation at the edge of IoT
q Making it work
q AWS Greengrass
q Amazon FreeRTOS
q Demo
q Q&A

3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Three Pillars of IoT

4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Three Pillars of IoT

5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IoT Core – Last Week
AWS IoT
Messages
Device Gateway
Messages
Applications
Device Shadow
Message Broker
API
Registry
Messages
Messages
Rules Engine
AWS Services
Analytics
Amazon Kinesis
Artificial Intelligence
Amazon EMR
Messaging
Amazon SQS
Amazon SNS
Database
Amazon Redshift
Amazon DynamoDB
Manage
Amazon CloudWatch

6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Three Pillars of IoT

7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IoT Core – This Week

8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Benefits of AWS IoT
The AWS IoT Core platform enables you:
To securely connect
devices to the AWS Cloud
and other devices at scale
To route, process and act
upon data from these devices
To enable applications to
interact with devices even
when they are offline
To fully integrate with
other AWS service to reason
on top of the data
(Analytics, Databases, AI, etc.)

9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Three Pillars of IoT

10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Greengrass
AWS Greengrass is software that lets you run local compute,
messaging, data caching, and sync capabilities for connected
devices in a secure way.
With AWS Greengrass, connected devices can run AWS Lambda
functions, keep device data in sync, and communicate with other
devices securely – even when not connected to the Internet.

11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Data processed
in the cloud
Data processed
locally
AWS Greengrass extends AWS onto your devices,
so they can act locally on the data they generate,
while still taking advantage of the cloud

12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security
AWS-grade
security
Data and
state sync
Local
Device Shadows
Local
triggers
Local
Message Broker
AWS Greengrass Features
Local
actions
Local
AWS Lambda Functions

13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon FreeRTOS
Amazon FreeRTOS is an IoT microcontroller operating system
that makes small, low powered edge devices easy to program,
deploy, secure, maintain, and connect.

14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon FreeRTOS
IoT operating system for microcontrollers
Device software for
connectivity,
security, and
updates
Integrated cloud
services
#1 Real-Time
Operating System
for
microcontrollers
Broad ecosystem of
hardware and tools
Faster time-to-market Minimize
complexity
Reduce cost
Free and Open
Source
No commitments

15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
A modular architecture, driving faster
time to market

16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scenario: Innovation at the Edge of IoT

17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scenario: Innovation at the Edge of IoT
Amazon SNS
AWS IoT Core
AWS Greengrass Service
Greengrass Core
Zone Controller

18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Greengrass: Cloud operations

19. Connect to AWS IoT/Greengrass
Greengrass/config/config.json
{
"coreThing": {
…
"iotHost":"[HOST].iot.[REGION].amazonaws.com",
"ggHost":"greengrass.iot.[REGION].amazonaws.com",
},
"runtime": {
"cgroup": {
…
}
}
}

20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Authenticate with AWS IoT
IoT cloud certificate
Greengrass client
certificate
AWS IoT -> Create Thing -> Security ->
Create Certificate -> Activate
{
"Version": "2017-11-30",
"Statement":[
{
"Effect": "Allow",
"Action": [
"iot:*",
"greengrass:*"
],
"Resource": [
"*"
]
}
]
}

21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Authorize Greengrass to deploy to Edge
/greengrass/servicerole
AWS Greengrass Service

22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Greengrass Lambda authorization
/greengrass/groups/GroupId/role

23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Greengrass: Edge operations

24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Greengrass Core: server certificate

25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Greengrass Core: certificate lifecycle

26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Greengrass Core: discoverability
aws greengrass update-connectivity-info --thing-name "<CoreThingName>" --connectivity-info '[
{
"Id": "<ConnectivityInfoElementId>",
"HostAddress": "<CoreEndpoint>",
"PortNumber": <port>,
"Metadata": "<description>”
}]'

27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Discover Greengrass Core
…
"Connectivity": [
{
"hostAddress": "core-01-address",
"portNumber": core-01-port,
"metadata": "core-01-description”
}
]
…
],
"CAs": [
"-----BEGIN CERTIFICATE---
--cert-contents---
--END CERTIFICATE-----"
]
…

28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Greengrass: end-to-end security
• Greengrass Core Server Certificate

29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Greengrass Security: Best Practices
•Server certificate lifetime
•Client certificate revocation
•Hard rotate root CA
•Discover often
•Scope down Group Role

30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon FreeRTOS: Greengrass discovery

31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Greengrass Discovery Demo
• Amazon FreeRTOS microcontroller (Arm Cortex-M4) developer board
• Greengrass Core
Greengrass
Service
1
Amazon FreeRTOS:
Developer board
Greengrass Core
2
3
4
Greengrass
discovery with
Amazon
FreeRTOS

32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Device to Greengrass: code flow
Device power-on: main()
Network start-up:
vApplicationIPNetworkEventHook()
Greengrass Discovery
MQTT
GGD_GetGGCIPandCertificate
GGD_JSONRequestStart
GGD_JSONRequestGetSize
GGD_JSONRequestGetFile
GGD_GetIPandCertificateFromJSON
MQTT_AGENT_Create
MQTT_AGENT_Connect
MQTT_AGENT_Publish
MQTT_AGENT_Disconnect
MQTT_AGENT_Delete
1
2
4
3
5

33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Device to Greengrass: code flow
Device power-on: main()
1
Device-to-
Greengrass:
code flowNetwork start-up:
vApplicationIPNetworkEventHook()
2
Greengrass Discovery
MQTT
4
GGD_GetGGCIPandCertificate
GGD_JSONRequestStart
GGD_JSONRequestGetSize
GGD_JSONRequestGetFile
GGD_GetIPandCertificateFromJSON
MQTT_AGENT_Create
MQTT_AGENT_Connect
MQTT_AGENT_Publish
MQTT_AGENT_Disconnect
MQTT_AGENT_Delete
3
5

34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon FreeRTOS: RAM footprint
Stack:
RSA key
Heap:
RSA key
Stack:
ECC key
Heap:
ECC key
App 6984 55176 6984 50064
MQTT 4276 4276

35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How do I get started?
Many places you can get Amazon FreeRTOS software
Visit the Amazon
FreeRTOS console
GitHub FreeRTOS.org SourceForge

36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Key Learnings
q API for AWS Greengrass Discovery by Amazon FreeRTOS
q Decision criteria
q Crypto offload versus not
q RSA versus ECDSA
q How to build an application
q Discovery
q Lambda

37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
THANK YOU!