1. AWS IoT allows devices to communicate with each other and applications using MQTT protocol. It acts as a broker between devices and applications.
2. The Rules Engine in AWS IoT can transform and route incoming data from devices to other endpoints like Lambda functions, databases or SNS.
3. Device Shadows in AWS IoT create virtual representations of devices that can receive messages even when devices are offline, and sync the latest state to devices when they reconnect.
6. resource identifier,依照各服務而有差異;可能是 *, aaaa, aaa/bbb, aaa:bbb 等格
式,在AWS IOT為Policy
AWS Identity and Access Management (IAM)
管理 IAM 使用者及其存取權 – 您可以在 IAM 中建立使用者,為他們指派個別的安全登入資料 (換
句話說,就是存取金鑰、密碼和多重驗證裝置),或請求臨時的安全登入資料,為使用者提供 AWS
服務和資源的存取權。您可以管理許可以控制使用者可執行的操作。
管理 IAM 角色及其許可 – 您可以在 IAM 中建立角色和管理許可,以控制擔任該角色的實體或
AWS 服務可執行的操作。您也可以定義允許擔任該角色的實體。
管理聯合身分使用者及其許可 – 您可以啟用聯合身分功能,以允許企業中的現有身分 (使用者、群
組和角色) 存取 AWS 管理主控台、呼叫 AWS API 以及存取資源,而不必為每個身分建立 IAM 使
用者。
===============================
1. thingShadow class必須先register後才能進行操作,如get, update等
等。
2.
state
desired
The desired state of the thing. Applications can write to this portion of the document
to update the state of a thing without having to directly connect to a thing.
reported
The reported state of the thing. Things write to this portion of the document to report
their new state. Applications read this portion of the document to determine the state
7. of a thing.
metadata
Information about the data stored in the state section of the document. This includes
timestamps, in Epoch time, for eac
3. 7688必須先安裝AWS CLI: pip install awscli
4. 建立Certificate相關檔案: aws iot create-keys-and-certificate
--set-as-active --certificate-pem-outfile cert.pem
--public-key-outfile publicKey.pem --private-key-outfile
privateKey.pem
便會產出3個相關的檔案
5. 補充資料
15. 【MQTT Pub/Sub Messages】
/update
publish到該topic,用來更新 thing shadow
$aws/things/thingName/shadow/update
AWS IoT responds by publishing to either /update/accepted or /update/rejected
Example Policy
The following is an example policy:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["iot:Publish"],
"Resource": ["arn:aws:iot:region:account:topic/$aws/things/thingName/shadow/update"]
}]
}
/update/accepted
當AWS IoT接收到 thing shadow有更新時會response state document到該topic
$aws/things/thingName/shadow/update/accepted
Example Policy
The following is an example policy:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["iot:Subscribe"],
"Resource": ["arn:aws:iot:region:account:topic/$aws/things/thingName/shadow/update/accepted"]
}]
}
/update/rejected
當 AWS IoT拒絕 thing shadow 更新時會 response error document 到該 topic
$aws/things/thingName/shadow/update/rejected
Example Policy
The following is an example policy:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["iot:Subscribe"],
"Resource": ["arn:aws:iot:region:account:topic/$aws/things/thingName/shadow/update/rejected"]
}]
}
16. /update/delta
當AWS IoT接收到 thing shadow有更新時,且 desired state 與 reported state 不一致時會response
state document到該topic
$aws/things/thingName/shadow/update/delta
Example Policy
The following is an example policy:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["iot:Subscribe"],
"Resource": ["arn:aws:iot:region:account:topic/$aws/things/thingName/shadow/update/delta"]
}]
}
/get
publish到該topic,用來取得 thing shadow
$aws/things/thingName/shadow/get
AWS IoT responds by publishing to either /get/accepted or /get/rejected.
Example Policy
The following is an example policy:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["iot:Publish"],
"Resource": ["arn:aws:iot:region:account:topic/$aws/things/thingName/shadow/get"]
}]
}
/get/accepted
當 AWS IoT接收到 thing shadow /get 時會 response state document 到該topic
$aws/things/thingName/shadow/get/accepted
Example Policy
The following is an example policy:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["iot:Subscribe"],
"Resource": ["arn:aws:iot:region:account:topic/$aws/things/thingName/shadow/get/accepted"]
17. }]
}
/get/rejected
當 AWS IoT 無法 return thing shadow 時會 response error document 到該 topic
$aws/things/thingName/shadow/get/rejected
Example Policy
The following is an example policy:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["iot:Subscribe"],
"Resource": ["arn:aws:iot:region:account:topic/$aws/things/thingName/shadow/get/rejected"]
}]
}
/delete
publish到該topic,用來刪除 thing shadow,訊息內容( Request state document )可忽略
$aws/things/thingName/shadow/delete
AWS IoT responds by publishing to either /delete/accepted or /delete/rejected.
Example Policy
The following is an example policy:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["iot:Subscribe"],
"Resource": ["arn:aws:iot:region:account:topic/$aws/things/thingName/shadow/delete"]
}]
}
/delete/accepted
當 AWS IoT 接收到 thing shadow /delete 時會 response state document 到該topic
$aws/things/thingName/shadow/delete/accepted
Example Policy
The following is an example policy:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["iot:Subscribe"],
21. Get endpoint
$ aws iot describe-endpoint
Examples
【Device class】
awsIot.device(option),option也可以是mqtt.js支援的參數
https://github.com/mqttjs/MQTT.js/blob/master/README.md#client
var awsIot = require('aws-iot-device-sdk');
var device = awsIot.device({
keyPath: '~/awsCerts/private.pem.key',
certPath: '~/awsCerts/certificate.pem.crt',
caPath: '~/awsCerts/root-CA.crt',
clientId: 'myAwsClientId',
region: 'us-east-1'
});
//
// Device is an instance returned by mqtt.Client(), see mqtt.js for full
// documentation.
//
device
.on('connect', function() {
console.log('connect');
device.subscribe('topic_1');
device.publish('topic_2', JSON.stringify({ test_data: 1}));
});
device
.on('message', function(topic, payload) {
console.log('message', topic, payload.toString());
});
10. AWS IoT Troubleshooting
AWS IoT Troubleshooting
22. 1. The thing shadow supports 8 KB of data only.
2. 建立 AWS CloudWatch 來查看 AWS IoT Logging
https://ap-northeast-1.console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1
#logs:
【Create an IAM Role for AWS IoT】
$ aws iam create-role --role-name <value>
--assume-role-policy-document <file://path-to-your-policy-document>
Assume Logging Role policy document.json example
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "iot.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
【Grant Permissions to the Role】
【Create IAM policy】
該步驟可省略,IAM已經有內建的 CloudWatch 相關的 Policy 可直接使用,透過指令來查
詢有哪些可用的Policy
$ aws iam list-policies | grep CloudWatch
$ aws iam create-policy --policy-name <value> --policy-document
<file://IAM-policy-document-file-path>
*把Arn記下來! 或是輸入 aws iam list-roles來查詢
IAM policy document.json example Action部份依照需求調整
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [ "dynamodb:*", "lambda:InvokeFunction", "iot:Publish"],
"Resource": ["*"]
}]
}
【Attach IAM policy】
$ aws iam attach-role-policy --role-name <value> --policy-arn
arn:aws:iam::964391593426:role/iot-actions-role
*可輸入 aws iam list-roles來查詢各個Role的Arn
【Register the Logging Role with AWS IoT】
$ aws iot set-logging-options --logging-options-payload
roleArn="arn:aws:iam::<your-aws-account-num>:role/IoTLoggingRole",log
Level="INFO"
更多關於 AWS CloudWatch 的設定請參閱以下連結:
23. http://docs.aws.amazon.com/zh_cn/iot/latest/developerguide/cloud-watc
h-logs.html
11. AWS IoT Limits
AWS IoT Limits
Topic length limit 256 bytes encoded in UTF-8.
Restricted topic prefix Topics開頭’$’是保留字,除了 Thing
Shadows 外都不可使用
Maximum number of slashes in topic and
topic filter
最多8個 slashes (/)
Client ID size limit 128 bytes encoded in UTF-8.
Restricted client ID prefix ’$’ 是 client IDs 保留字
Message size limit payload 最多 128 KB,若超過大小會被
AWS IoT Service reject
Throughput per connection AWS IoT limits the ingress and egress rate
on each client connection to 512 KB/s. Data
sent or received at a higher rate will be
throttled to this throughput.
Maximum subscriptions per subscribe call A single subscribe call is limited to request
a maximum of eight subscriptions.
Subscriptions per session The message broker limits each client
session to subscribe to up to 50
subscriptions. A subscribe request that
pushes the total number of subscriptions
past 50 will result in the connection being
disconnected.
Connection inactivity (keep-alive) limits 預設30秒沒有任何動作則斷開連結,也可設
定更短的keep-alive,範圍5~1200秒,設定
<5秒則以5秒為預設;設定0秒則以預設值執
行
Maximum inbound unacknowledged
messages
The message broker allows 100 in-flight
unacknowledged messages (limit is across
all messages requiring ACK). When this
limit is reached, no new messages will be
accepted until an ACK is returned by the
server.
Maximum outbound unacknowledged
messages
The message broker only allows 100
in-flight unacknowledged messages (limit is
across all messages requiring ACK). When
24. this limit is reached, no new messages will
be sent to the client until the client
acknowledges the in-flight messages.
Maximum retry interval for delivering QoS 1
messages
If a connected client is unable to receive an
ACK on a QoS 1 message for one hour, the
message broker will drop the message. The
client may be unable to receive the
message if it has 100 in-flight messages, it
is being throttled due to large payloads, or
other errors.
WebSocket connection duration WebSocket連線限制為5分鐘,超過則會斷
線,若要連線超過5分鐘,則在 client 端關閉
連線並重開即可
26. Demo1: 展示直接連結Device
node /root/project/aws/device.js
MQTTfx: subscribe “test2”
MQTTfx: publish “test1”
Demo2: 用Demo1展示Rule engine
Rule Engine設置republish to "rep/test”
Demo3: 展示透過shadow thing來溝通而不是直接連結裝置
接收端(led燈): node /root/project/aws/shadowThing.js
發送端:node /root/project/aws2/thing-passthrough-example.js --test-mode=1
用MQTTfx來觀看實際註冊情形,先subscribe以下幾組:
http://docs.aws.amazon.com/zh_cn/iot/latest/developerguide/thing-shadow-data-flow.html
$aws/things/myLightBulb/shadow/update/accepted
The Thing Shadows service sends messages to this topic when an update is
successfully made to a thing shadow.
$aws/things/myLightBulb/shadow/update/rejected
The Thing Shadows service sends messages to this topic when an update to a
thing shadow is rejected.
$aws/things/myLightBulb/shadow/update/delta
The Thing Shadows service sends messages to this topic when a difference is
detected between the reported and desired sections of a thing shadow.
$aws/things/myLightBulb/shadow/get/accepted
The Thing Shadows service sends messages to this topic when a request for a
thing shadow is made successfully.
$aws/things/myLightBulb/shadow/get/rejected
The Thing Shadows service sends messages to this topic when a request for a
thing shadow is rejected.