In this session, we discuss how customers can use Amazon FreeRTOS on microcontrollers with AWS Greengrass at the edge. We walk through connecting your devices running Amazon FreeRTOS and connecting devices to AWS Greengrass. We also show you how these two services can work together to solve customer use cases. In addition, we cover security best practices for key management and TLS implementation across Amazon FreeRTOS and AWS Greengrass.

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Greengrass & Amazon FreeRTOS:
Connectivity and Security at the Edge
Richard Elberger
Global Partner Solutions Architect – IoT
Amazon Web Services
I O T 3 5 6

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
What the AWS Cloud is doing at the edge
Amazon FreeRTOS capabilities
AWS Greengrass capabilities
Orchestrating edge services together

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Breakout repeats
Tuesday, November 27th
AWS Greengrass & Amazon FreeRTOS: Connectivity & Security at the Edge
4:45 p.m. – 5:35 p.m. | MGM, Level 3, South Concourse 301
Thursday, November 29th
AWS Greengrass & Amazon FreeRTOS: Connectivity & Security at the Edge
12:15 p.m. – 1:05 p.m. | Mirage, Antigua B

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Things
Sense & Act
Cloud
Storage & Compute
Intelligence
Insights & Logic → Action
Our concept of IoT

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Things
Sense & Act
Cloud
Storage & Compute
Intelligence
Insights & logic → Action
AWS IoT Architecture
Secure device
connectivity
and messaging

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Endpoints
Fleet onboarding,
management and
SW updates
Fleet
audit and
protection
IoT data analytics
and intelligence
Gateway
Things
Sense & Act
Cloud
Storage & Compute
Secure local
triggers, actions,
and data sync
Secure device
connectivity
and messaging
AWS IoT Architecture
Intelligence
Insights & logic → Action

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Data processed
in the cloud
Data processed
locally
AWS Greengrass extends AWS onto your devices, so they can act
locally on the data they generate, while still taking advantage of the
cloud

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security
AWS-grade
security
Data and
state sync
Local
device shadows
Local
triggers
Local
message broker
AWS Greengrass features
Local
actions
Local
AWS Lambda functions

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon FreeRTOS is an IoT
microcontroller operating system
that makes small, low-powered
edge devices easy to program,
deploy, secure, maintain, and
connect

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon FreeRTOS
IoT operating system for microcontrollers
Device software for
connectivity,
security, and
updates
Integrated cloud
services
One of the top
real-time operating
systems for
microcontrollers
Broad array of
hardware and tools
Faster time to market Minimize
complexity
Reduce cost
Free and open
source
No commitments

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
A modular architecture, driving faster time to market

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Scenario: Innovation at the edge of IoT
AQAGreengrass Core
Zone Controller
#2
#1
#3
#4
#4
#5
#6

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Connect to AWS IoT/AWS Greengrass
Greengrass/config/config.json
{
"coreThing": {
…
"iotHost":"[HOST].iot.[REGION].amazonaws.com",
"ggHost":"greengrass.iot.[REGION].amazonaws.com",
},
"runtime": {
"cgroup": {
…
}
}
}

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Authenticate with AWS IoT
AWS IoT cloud
certificate
AWS Greengrass
client certificate
AWS IoT -> Create Thing -> Security ->
Create Certificate -> Activate
{
"Version": "2017-11-30",
"Statement":[
{
"Effect": "Allow",
"Action": [
"iot:*",
"greengrass:*"
],
"Resource": [
"*"
]
}
]
}

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Authorize AWS Greengrass to deploy to the edge
/greengrass/servicerole

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Greengrass Lambda authorization
/greengrass/groups/GroupId/role

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Greengrass core: Server certificate

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Greengrass core: Certificate lifecycle

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Greengrass core: Discoverability
aws greengrass update-connectivity-info --thing-name "<CoreThingName>" --connectivity-info '[
{
"Id": "<ConnectivityInfoElementId>",
"HostAddress": "<CoreEndpoint>",
"PortNumber": <port>,
"Metadata": "<description>”
}]'

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Discover AWS Greengrass core
…
"Connectivity": [
{
"hostAddress": "core-01-address",
"portNumber": core-01-port,
"metadata": "core-01-description”
}
]
…
],
"CAs": [
"-----BEGIN CERTIFICATE---
--cert-contents---
--END CERTIFICATE-----"
]
…

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Greengrass: End-to-end security
• Greengrass Core Server Certificate
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Greengrass: end-to-end security
• Greengrass Core Server Certificate

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Greengrass security: Best practices
• Server certificate lifetime
• Client certificate revocation
• Hard rotate root CA
• Discover often
• Scope down group role

27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Device to AWS Greengrass: Code flow
Device power-on: main()
Network start-up:
vApplicationIPNetworkEventHook()
AWS Greengrass Discovery
MQTT
GGD_GetGGCIPandCertificate
GGD_JSONRequestStart
GGD_JSONRequestGetSize
GGD_JSONRequestGetFile
GGD_GetIPandCertificateFromJSON
MQTT_AGENT_Create
MQTT_AGENT_Connect
MQTT_AGENT_Publish
MQTT_AGENT_Disconnect
MQTT_AGENT_Delete
1
2
4
3
5

29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon FreeRTOS: RAM footprint
Stack:
RSA key
Heap:
RSA key
Stack:
ECC key
Heap:
ECC key
App 6984 55176 6984 50064
MQTT 4276 4276

30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How do I get started?
Many places you can get Amazon FreeRTOS software
Visit the Amazon
FreeRTOS console
GitHub FreeRTOS.org SourceForge

31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Greengrass Discovery demo
• Amazon FreeRTOS microcontroller (Arm Cortex-M4) developer board
• AWS Greengrass core
1
Amazon FreeRTOS:
Developer board
AWS Greengrass
core
3
AWS
Greengrass
Discovery with
Amazon
FreeRTOS
2
4

32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Some thought-provoking questions
Are you bringing together AWS Greengrass and edge devices today?
Are you connecting small microcontroller devices together and
aggregating data at the edge?
What other RTOS would you consider for the edge? Conversely, is there
another edge gateway aggregation device you would consider?
What is your top priority for the edge? Security? Power management?

35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Call to action
Identify interesting, compelling problems to solve at the edge
Learn how to orchestrate AWS Greengrass and small, constrained devices
together
Solve real problems at the edge, but leverage valuable data in the cloud
Talk to us! Here at the conference and with your account team about
further learning paths

36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key learnings
• API for AWS Greengrass Discovery by Amazon FreeRTOS
• Decision criteria
• Crypto offload versus not
• RSA versus ECDSA
• How to build an application
• AWS Greengrass Discovery
• Lambda

37. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.