The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018

1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Essentials of AWS IoT Device Management I O T 3 2 6 Ryan Dsouza IoT Specialist SA Amazon Web Services Tim Mattison Partner SA Amazon Web Services

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enterprise Applications Enterprise Users Corp Apps Amazon QuickSight Amazon EMR Amazon RedshiftAmazon S3 Machine Learning AWS Lambda All AWS Cloud Device Shadow Rules Engine AWS IoT Core Certificate Authority AWS IoT Device Management AWS IoT Users Over-The-Air (OTA) Updates Analytics Data Store Data Pipelines Templated Reports Batch Fleet Provisioning Real-Time Fleet Index & Search AWS IoT Device Defender Ad-hoc & In-depth Analysis Risk Mitigation Monitor Device Behavior Alerts Message Broker Audit Device Configurations Amazon Kinesis AWS IoT Analytics MQTT MQTT Endpoints Gateway/PLC Device Shadow Snowball Edge AWS Greengrass Lambda Functions Message Router Local Comms Long-range Comms Amazon FreeRTOS Certificate Authority Local Resources OPC-UA Adapter IoT SDK OPC-UA MQTT Edge Users Cert WiFi MQTT Edge OTA OTA Amazon FreeRTOS Integrated Client AWS IoT architecture

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bulk Fleet Provisioning Real-time Fleet Index & Search Fine Grained Device Logging & Monitoring Over the Air Updates AWS IoT Device Management is a service that helps you onboard, organize, remotely manage, and monitor your growing number of connected devices. AWS IoT Device Management

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. When a Device is Provisioned •Created in the device registry •Device certificate registered with AWS IoT Core •Certificate attached to the device •IoT Policy attached to the device through: • Certificate • Thing group

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • API Calls • Single Device Provisioning • Bulk Device Provisioning • Just-in-Time Provisioning • Just-in-Time Registration IoT topic rule Lambda function AWS IoT Provisioning Options

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Provisioning Template "Parameters" : { "ThingName" : { "Type" : "String" }, "SerialNumber" : { "Type" : "String" }, "Location" : { "Type" : "String", "Default" : "WA“ }, "CSR" : { "Type" : "String“ } } "Resources" : { "thing" : { "Type" : "AWS::IoT::Thing", "Properties" : { "ThingName" : {"Ref" : "ThingName"}, "AttributePayload" : { "version" : "v1", "serialNumber" : {"Ref" : "SerialNumber"} }, "ThingTypeName" : "lightBulb-versionA", "ThingGroups" : ["v1-lightbulbs", {"Ref" : "Location"}] } }, "certificate" : { "Type" : "AWS::IoT::Certificate", "Properties" : { "CertificateSigningRequest": {"Ref" : "CSR"}, "Status" : "ACTIVE" } }

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Grouping and Searching for Devices Organize into logical Hierarchies Search Both the Registry and Device Shadow Notification of Device Changes

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Resource-specific Logging { "timestamp": "2018-04-17 13:50:21.616", "logLevel": "INFO", "traceId": "6753a942-92c3-f979-587c- 9c634874b672", "accountId": “123456789012", "status": "Success", "eventType": "Publish-In", "protocol": "MQTT", "topicName": "$aws/things/job- agent/jobs/get", "clientId": "job-agent", "principalId": "9187849467e75a1a92cbcf0f3a6a49b4f10d820b99d fa62657cf4b6e60c0dac4", "sourceIp": "35.178.51.181", "sourcePort": 46435 }

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Capabilities Push over the air updates and actions to your devices Receive statuses of each device update to monitor your updates as they execute Control your deployment velocity and set failure criteria to reduce the blast radius of any update IoT thing AWS IoT Job Execution Notify topic (per thing) Status Update Accepted topic (per thing) Rejected topic (per thing) Accepted Rejected S3 Bucket (Job Artifacts) Optional Downloads Job Document IoT rule IoT rule IoT rule {"operation": "install", "files":[{ "fileName": “update.bin", "fileSource": {"url":”https://somebucket.s3.amazonaws.com/update.bin” },}, { "fileName": "config.json", "fileSource": { "url": "https://somebucket.s3.amazonaws.com/config.json"} } ]} AWS IoT Device Management – Jobs

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IoT thing camera IoT thing windfarm IoT thing coffee pot IoT thing travel Job AWS IoT Jobs use JSON files called Job Documents to define actions that the device should take locally Example use cases: • Firmware updates • Reboot a device • Rotate certiﬁcates Define Local Actions Using Jobs

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Job topics •$aws/things/MyThing/jobs/notify (or aws/things/MyThing/jobs/notify-next) •$aws/things/MyThing/jobs/get/accepted •$aws/things/MyThing/jobs/get/rejected •$aws/things/MyThing/jobs/jobId/get/accepted •$aws/things/MyThing/jobs/jobId/get/rejected

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Update Job Execution { "status": "job-execution-state", "statusDetails": { "string": "string" ... }, "expectedVersion": "number", "executionNumber": "long", "includeJobExecutionState": "boolean", "includeJobDocument": "boolean", "stepTimeoutInMinutes": "long", "clientToken": "string" } $aws/things/thingName/jobs/jobId/update

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Jobs Fleet Rollouts Capabilities • Configure a variable increasing rate of deployment • Set up abort criteria to minimize your blast radius

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Connectivity Indexing Find the connectivity status of your devices at any time thingName:Doorlock* AND thingConnectivity.connected:true AND shadow.reported.lockedStatus = “yes”

29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo architecture Fleet Operators Installed Software update in S3 Snapshot Job Raspberry Pi Device with Sense HAT AWS IoT device Node.js SDK Sample JOBS agent $aws/events/# Select device & add a job file

32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sample Job document - JSON { "operation":"install", "packageName":"sensehat", "autoStart":"true", "workingDirectory":"sensehat", "launchCommand":"npm install && node sensehat.js", "files":[ { "fileName":"package.json", "fileSource":{ "url":"${aws:iot:s3-presigned-url:https://s3.amazonaws.com/reinvent2018ryan/package.json}" } }, { "fileName":"sensehat.js", "fileSource":{ "url":"${aws:iot:s3-presigned-url:https://s3.amazonaws.com/reinvent2018ryan/sensehat_colorbar.js}" } } ] }

33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sample Job document - JSON { "operation":"install", "packageName":"sensehat", "autoStart":"true", "workingDirectory":"sensehat", "launchCommand":"npm install && node sensehat.js", "files":[ { "fileName":"package.json", "fileSource":{ "url":"${aws:iot:s3-presigned-url:https://s3.amazonaws.com/reinvent2018ryan/package.json}" } }, { "fileName":"sensehat.js", "fileSource":{ "url":"${aws:iot:s3-presigned-url:https://s3.amazonaws.com/reinvent2018ryan/sensehat.js}" } } ] }

36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. JavaScript installation package { "name":"sensehat", "version":"1.0.0", "description":"", "main":"sensehat.js", "scripts":{ "test":"echo "Error: no test specified" && exit 1" }, "author":"", "license":"ISC", "dependencies":{ "sense-hat-led":"^1.0.1" } }

37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. JOB event - JSON { "format":"json", "payload":{ "eventType":"JOB", "eventId":"fb990110-4355-405b-9adf-ddd35ed5d415", "timestamp":1541980710, "operation":"completed", "jobId":"Job16", "status":"COMPLETED", "targetSelection":"SNAPSHOT", "targets":[ "arn:aws:iot:us-east-1:764773667781:thing/RaspberryPi1" ], "completedAt":1541980709964, "createdAt":1541980699152, "lastUpdatedAt":1541980709964, "jobProcessDetails":{ "numberOfCanceledThings":0, "numberOfRejectedThings":0, "numberOfFailedThings":0, "numberOfRemovedThings":0, "numberOfSucceededThings":1, "numberOfTimedOutThings":0 } }, "qos":0, "timestamp":1541980710024, "topic":"$aws/events/job/Job16/completed" }

38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. JOB EXECUTION event - JSON { "format":"json", "payload":{ "eventType":"JOB_EXECUTION", "eventId":"2627c8ca-c670-489b-a105-489535d52ba3", "timestamp":1541980709, "operation":"succeeded", "jobId":"Job16", "thingArn":"arn:aws:iot:us-east-1:764773667781:thing/RaspberryPi1", "status":"SUCCEEDED", "statusDetails":{ "operation":"install", "state":"package installed and started" } }, "qos":0, "timestamp":1541980709423, "topic":"$aws/events/jobExecution/Job16/succeeded" }

39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Examples of job documents systemStatus operation { "operation": "systemStatus“ } reboot operation { "operation": "reboot“ } shutdown operation { "operation": "shutdown“ } start operation { "operation": "start", "packageName": "somePackageName“ } stop operation { "operation": "stop", "packageName": "somePackageName" } restart operation { "operation": "restart", "packageName": "somePackageName“ }

40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sample device code – Node.js const jobsModule = require('..').jobs; const jobs = jobsModule({ keyPath: args.privateKey, certPath: args.clientCert, caPath: args.caCert, host: args.Host, … }); jobs.subscribeToJobs(args.thingName, function(err, job) { // Report to AWS IoT Jobs that the job execution is in progress job.inProgress({ step: 'step 1 of job execution' }, function(err) { // Do some work... The job document is accessible via ‘job.document’ // Report to AWS IoT Jobs that the job execution successfully completed job.succeeded({ step: 'finished all steps' }, function(err) { }); }); }); jobs.startJobNotifications(args.thingName, function(err) {});

41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Device Onboarding – JITP AWS IoT Own CA • Own CA required • Provisioning Template attached to own CA 1. Device connects to AWS IoT, device certificate gets registered 2. JITP provisions device according to the provisioning template

42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Device Onboarding – JITR AWS IoT 1.Device connects to AWS IoT, device certificate gets registered 2.AWS IoT publishes message to $aws/events/certificates/registered/<caCertificateID> 3.Topic Rule is invoked 4.Topic Rule calls Lambda Function as action 5.Lambda provisions device Topic Topic- rule • Create thing • Activate Certificate • Create/Attach IoT Policy • Attach policy to certificate • Do more stuff… 1 2 3 4 5 Own CA

The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018

You are reading a preview.

Check these out next

The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018

More Related Content

Slideshows for you (20)

Similar to The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018 (20)

More from Amazon Web Services (20)