Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Getting Started with AWS IoT

11,039 views

Published on

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. In this session, we will discuss how constrained devices in Enterprise environments can securely connect to the cloud over HTTP, MQTT and WebSockets. We will discuss how developers can use the AWS IoT Rules Engine and Thing Shadows. Finally, we will cover new features released since the launch of AWS IoT including integration with Amazon Machine Learning and ElasticSearch.

Published in: Technology

Getting Started with AWS IoT

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kyle Roche | General Manager, Internet of Things 19-April-2016 IoT on AWS Overview
  2. 2. The “Internet of Things” (plural)
  3. 3. Things are NOT static assets
  4. 4. Purpose != Measurement != means NOT EQUAL btw btw = by the way
  5. 5. The customer has many identities
  6. 6. The home is someone’s enterprise
  7. 7. AWS IoT
  8. 8. new: EU (Frankfurt) Region Available US-EAST (N. Virginia) US-WEST (Oregon) EU (Dublin) * EU (Frankfurt) Asia Pacific (Tokyo)
  9. 9. Routing noise
  10. 10. Device Gateway
  11. 11. Publish / Subscribe Standard Protocol Support MQTT, HTTP, WebSockets Long Lived Connections Receive signals from the cloud Secure by Default Connect securely via X509 Certs and TLS 1.2 Client Mutual Auth
  12. 12. Sensor messages Standard protocol support MQTT, HTTP, WebSockets Topic/channel Message routing hierarchy Control over full tree Payload (JSON) Customer-defined JSON payload
  13. 13. Finding the signals
  14. 14. Extracting the value from messages • Filter messages with certain criteria • Move messages to other topics • Move messages to other systems • Transform the payload of messages • Predict messages based on trends • React based on messages
  15. 15. Rules Engine
  16. 16. AWS IoT SQL reference SELECT DATA FROM TOPIC WHERE FILTER • Like scanning a database table • Default source is an MQTT topic EXAMPLES: • FROM mqtt(‘my/topic’) • FROM mqtt(‘my/wildcard/+/topic’) • FROM (‘my/topic’)
  17. 17. Rules engine • Familiar SQL syntax • SELECT * FROM topic WHERE filter • Functions • String manipulation (regex support) • Mathematical operations • Context based helper functions • Crypto support • UUID, timestamp, rand, etc. • Execute simultaneous actions
  18. 18. new: Rules engine features • Versioning • 2016-10-08 – Original version • 2016-03-23-beta – Beta version released on specific date • beta – Latest beta version (breaking changes!) • lts – Latest long-term support version, automatically updated { "sql": "expression", "ruleDisabled": false, "awsIotSqlVersion": "2015-03-23-beta", "actions": [{ "republish": { "topic": "my-mqtt-topic", "roleArn": "arn:aws:iam::123456789012:role/my-iot-role" } }]}
  19. 19. new: Rules engine features • JSON collections • get(array, int) – get item at index of array • get(string, int) – get character at position of string • get(object, key) – get value of key • SUB SELECT from collections • SELECT (SELECT v FROM e WHERE n = 'temperature') as temperature FROM 'topic'
  20. 20. new: Elasticsearch Integration
  21. 21. new: Lifecycle events
  22. 22. Next session’s demo
  23. 23. new: Predict Function
  24. 24. Basic flow for using prediction • Generate data • Use AWS IoT rule to forward to S3 • Build your Amazon Machine Learning model using S3 data source • Enable real-time predications in Amazon ML • Use AWS IoT rule to validate predicted value from real- time prediction endpoint in Amazon ML • Add other actions
  25. 25. Predictive Maintenance blog: http://bit.ly/aws-iot-aml-blog
  26. 26. AWS IoT device shadow
  27. 27. AWS IoT Device Shadow
  28. 28. 1. Device publishes current state 2. Persist JSON data store 3. App requests device’s current state 4. App requests change the state 5. Device shadow syncs updated state 6. Device publishes current state 7. Device shadow confirms state change AWS IoT device shadow flow
  29. 29. AWS IoT device shadow: Simple yet powerful { "state" : { “desired" : { "lights": { "color": "RED" }, "engine" : "ON" }, "reported" : { "lights" : { "color": "GREEN" }, "engine" : "ON" }, "delta" : { "lights" : { "color": "RED" } } }, "version" : 10 } Device Report its current state to one or multiple shadows Retrieve its desired state from shadow Mobile App Set the desired state of a device Get the last reported state of the device Delete the shadow Shadow Shadow reports delta, desired, and reported states along with metadata and version
  30. 30. Security
  31. 31. AWS security operating principles Separation of duties Different personnel across service lines Least privilege
  32. 32. Securing devices
  33. 33. TLS mutual authentication • Create CSR • Create X.509 certificate from CSR • Activate the certificate • Create policy • Attach policy to certificate * Certificate must be issued by AWS IoT
  34. 34. new: Bring your own certificate • Use certificates issued by your own CA • Existing certificate issuance infrastructure • Use certificates already on board • Limited Internet connectivity from assembly/manufacturing locations • Seamless provisioning of devices • 8 new API calls to support management of certificates
  35. 35. Example publish/subscribe policy "Effect": "Allow", "Action": [ "iot:Publish" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:topic/foo" ] }, { "Effect": "Deny", "Action": [ ”iot:Subscribe" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:topic/bar" ] Allow access to topic/foo Deny access topic/bar
  36. 36. AWS IoT policies • Effect • Allow or Deny • Action • "iot:Publish" - MQTT publish • "iot:Subscribe" - MQTT subscribe • "iot:UpdateThingShadow" - Update a thing shadow • "iot:GetThingShadow" - Retrieve a thing shadow • "iot:DeleteThingShadow - Delete a thing shadow • Resource • Client • Topic ARN or topic filter ARN
  37. 37. Securing AWS resource access
  38. 38. Creating the trust relationship with AWS IoT P P P Role { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": “iot.amazonaws.com” }, "Action": "sts:AssumeRole" } ] }
  39. 39. Securing AWS resource access
  40. 40. Securing user access • WebSockets support Signature Version 4 authentication • IAM roles and policies • Amazon Cognito identity pools • Anonymous access to iot:Subscribe • Use your own application-level authentication patterns
  41. 41. Device SDKs
  42. 42. Device SDK support • Based on open standards like Eclipse Paho • C • Arduino (Yun) • iOS (Swift) • Android • WebSocket support • NodeJS • JS SDK for statically hosted site (WebSockets)
  43. 43. Summary • AWS IoT • New Region launch (EU – Frankfurt) • New Rules engine features • Elasticsearch • Amazon ML prediction function • New Bring your own certificates Same room after keynote: Deep Dive on Rules and Analytics next!
  44. 44. Thank You! @kylemroche

×