SlideShare a Scribd company logo

AWS_IoT_Device_Management_Workshop.pptx

Download as PPTX, PDF
H
hawkheadtrolley

AWS IoT Device Management allows users to register, organize, monitor, and remotely manage connected devices at scale. It offers features like fast device registration, real-time fleet indexing and search, monitoring and updating devices, secure access to individual devices, and fleet onboarding, management, and software updates. Users can organize devices into logical hierarchies using thing groups and search both the device registry and device shadows. Device changes can be monitored through registry events. Secure tunneling provides remote access to troubleshoot devices. Device behavior is monitored through logs and security policies. Devices can be updated using jobs that define local actions for devices to execute.

Data & Analytics
1 of 37
AWS IoT Device Management Workshop
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS IoT architecture
Fast device registration at scale Real-time fleet indexing and search Monitoring and updating devices AWS IoT Device Management AWS IoT Device Management helps you register, organize, monitor, and remotely manage your growing fleet of connected devices. Access individual device securely
Onboard
AWS IoT – starting to explore…
At xcale - Howto provision devices? Secure device connectivity and messaging Devices AWS IoT Core Fleet onboarding, management and SW updates Architecture is developed… How Do I onboard my devices???
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. When a device is provisioned •(Created in the device registry) •Device certificate registered with AWS IoT Core •(Certificate attached to the device) •IoT Policy attached to the device through: • Certificate • Thing group
• API Calls • Single Device Provisioning • Bulk Device Provisioning • Fleet Provisioning • Just-in-Time Provisioning • Just-in-Time Registration IoT topic rule Lambda function AWS IoT provisioning options
Provisioning template "Parameters" : { "ThingName" : { "SerialNumber" : "Location" : { "Ty "Defa "CSR" : { "Type" "Type" : "String" }, { "Type" : "String" }, pe" : "String", ult" : "WA“ }, : "String“ } } "Resources" : { "thing" : { "Type" : "AWS::IoT::Thing", "Properties" : { "ThingName" : {"Ref" : "ThingName"}, "AttributePayload" : { "version" : "v1", "serialNumber" : {"Ref" : "SerialNumber"} }, "ThingTypeName" : "lightBulb-versionA", "ThingGroups" : ["v1-lightbulbs", {"Ref" : "Location"}] } }, "certificate" : { "Type" : "AWS::IoT::Certificate", "Properties" : { "CertificateSigningRequest": {"Ref" : "CSR"}, "Status" : "ACTIVE" } }
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Single/Bulk device provisioning {"ThingName": "foo", "SerialNumber": "123", "CSR": "csr1"} {"ThingName": "bar", "SerialNumber": "456", "CSR": "csr2"} • Parameters with device information are used in the provisioning template • Single: on ”line” as parameter to register a thing • Bulk: multiple parameter lines in an S3 bucket
“Trusted bootstrap identity” “Trusted user“ Fleet provisioning: How it works
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fleet provisioning • Create a provisioning template • Optional Lambda-based pre-provisioning hook • Create provisioning claim key/certificate • Attach restricted policy to the claim certificate • Device connects for the first time with claim key/certificate • Uses the provisioning MQTT API to obtain final certificate and being provisioned in AWS IoT • $aws/provisioning-templates/templateName/provision/payload- format • $aws/provisioning-templates/templateName/provision/payload- format/# • $aws/certificates/create-from-csr/payload-format/# • $aws/certificates/create/payload-format/#
• Own CA required • Provisioning Template attached to own CA 1.Device connects to AWS IoT, device certificate gets registered 2. JITP provisions device according to the provisioning template © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Device Onboarding – JITP AWS IoT Own CA
1.Device connects to AWS IoT, device certificate gets registered 2.AWS IoT publishes message to $aws/events/certificates/registered/<caCertificateID> 3.Topic Rule is invoked 4.Topic Rule calls Lambda Function as action 5.Lambda provisions device © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Device Onboarding – JITR AWS IoT Topic Topic- rule 1 3 4 • Create thing 5 • Activate Certificate • Create/Attach IoT Policy • Attach policy to certificate • Do more stuff… Own CA 2
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. JITR vs. JITP JITR JITP Topic rule and Lambda function. Code must be written and maintained No code, only body template attached to CA Provisioning more complex: Device connects, certificate registers with status PENDING_ACTIVATION, service sends MQTT message, rule triggers Lambda, Lambda does provisioning and optionally more stuff Easy provisioning: Device connects, provisioning workflow run automatically Flexible, different policies for different devices can be created/attached. Information from/to the provisioning process can be put/read from other systems, etc. Static, same provisioning process for every device
Global Device Provisioning Lambda function Amazon DynamoDB Amazon API 1. send thing name Gateway 5. on successful provisioning send endpoint, key, certificate to devicel 4. if device is not allowed send error message if device is allowed determine the appropriate region, and provision device in AWS IoT and update DynamoDB 3. query DynamoDB if thing may be provisioned 2. call Lambda 5. send answer IoT Device 6 device connects to the selected region AWS IoT AWS IoT AWS IoT Optional Exercise: https://aws.amazon.com/blogs/iot/provision-devices-globally-with-aws-iot/
Organize
Grouping and Searching for Devices Organize into logical Hierarchies Search Both the Registry and Device Shadow Notification of Device Changes
Thing Groups Need fluorescent lightbulb
Thing Group Policies
Thing Group Benefits
Device Registry/Shadow/Connectivity Indexing Lucene-index queries
Device Notifications through Registry Events
Registry Events • AWS IoT publishes event messages when certain events occur • Event messages are published over MQTT with a JSON payload • Registry events for things, thing types, thing groups Use-Cases • Trigger Rules based on changes in the device registry • Update own datastore when devices are CRUD • Enrich data in the device registry
Access
Secure Tunneling AWS IoT Device Management Provides secure connectivity to individual devices in just a few clicks to diagnose issues and take action to solve them. Establish trusted connections that adhere to customers’ corporate security policies Troubleshoot and solve device issues more quickly and cost- effectively, with no disruption to end user experience Gain remote access to devices on isolated networks or behind firewalls
Secure Tunneling Open-tunnel Destination local-proxy Remote Shell Source local- proxy < / > In the workshop your • Source is AWS Cloud9 • Target is Amazon EC2
Monitor
Monitoring Device Events Monitor Devices Joining Groups Monitoring of Device Updates Monitor Device Security Policies
Ressource-specific Logging { "timestamp": "2018-04-17 13:50:21.616", "logLevel": "INFO", "traceId": "6753a942-92c3-f979-587c- 9c634874b672", "accountId": “123456789012", "status": "Success", "eventType": "Publish-In", "protocol": "MQTT", "topicName": "$aws/things/job-agent/jobs/get", "clientId": "job-agent", "principalId": "9187849467e75a1a92cbcf0f3a6a49b4f10d820b 99dfa62657cf4b6e60c0dac4", "sourceIp": "35.178.51.181", "sourcePort": 46435 }
Update
IoT thing camera IoT thing windfarm IoT thing coffee pot IoT thing travel Job AWS IoT Jobs use JSON files called Job Documents to define actions that the device should take locally Example use cases: • Firmware updates • Reboot a device • Rotate certificates Define Local Actions Using Jobs
• Include one or more locations of dependent data to download (i.e. S3 Objects) • Use location links as placeholders for pre- signed URL at run-time • JSON Encoded • Create jobs using AWS Console, CLI, and SDK JSON Define Local Actions Using Jobs
{ "operation" : "reboot” } { "operations" : { "reboot" : ”safe-mode", "configurations" : { "log" : "persist", "download" : { "target" : "${aws:iot:s3-presigned- url:https://s3.amazonaws.com/bucket/key}", "patch" : "critical" }, "restart" : "blemodule" } } } Structure of Job Documents
http://bit.ly/aws-iot-device-management-workshop
Any Questions?
Thank you! Please complete the survey (link at the website)

Recommended

AWS IoT Security Best Practices
AWS IoT Security Best PracticesAWS IoT Security Best Practices
AWS IoT Security Best Practices
Amazon Web Services
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoT
Amazon Web Services
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Amazon Web Services
 
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
AWS Chicago
 
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksHow to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
Amazon Web Services
 
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...
Amazon Web Services
 
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Amazon Web Services
 
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
Amazon Web Services Korea
 

Recommended

AWS IoT Security Best Practices
AWS IoT Security Best PracticesAWS IoT Security Best Practices
AWS IoT Security Best Practices
Amazon Web Services
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoT
Amazon Web Services
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Amazon Web Services
 
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
AWS Chicago
 
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksHow to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
Amazon Web Services
 
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...
AWS March 2016 Webinar Series - AWS IoT Real Time Stream Processing with AWS ...
Amazon Web Services
 
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Amazon Web Services
 
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
Amazon Web Services Korea
 
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
Amazon Web Services
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
Amazon Web Services
 
(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT
Amazon Web Services
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
Amazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Amazon Web Services
 
Getting started with aws io t.compressed.compressed
Getting started with aws io t.compressed.compressedGetting started with aws io t.compressed.compressed
Getting started with aws io t.compressed.compressed
Amazon Web Services
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Amazon Web Services
 
AWS IoT Deep Dive
AWS IoT Deep DiveAWS IoT Deep Dive
AWS IoT Deep Dive
Kristana Kane
 
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Amazon Web Services
 
Introduction to AWS IoT
Introduction to AWS IoTIntroduction to AWS IoT
Introduction to AWS IoT
Amazon Web Services
 
The Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT ThingThe Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT Thing
Amazon Web Services
 
Connecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made SimpleConnecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made Simple
Danilo Poccia
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
 
AWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web DayAWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web Day
AWS Germany
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel Aviv
Amazon Web Services
 
Deep Dive on AWS IoT Core
Deep Dive on AWS IoT CoreDeep Dive on AWS IoT Core
Deep Dive on AWS IoT Core
Amazon Web Services
 
Herramientas Cloud Ninja AWS "From Zero to Hero"
Herramientas Cloud Ninja AWS "From Zero to Hero"Herramientas Cloud Ninja AWS "From Zero to Hero"
Herramientas Cloud Ninja AWS "From Zero to Hero"
Amazon Web Services LATAM
 
Deep Dive on AWS IoT
Deep Dive on AWS IoTDeep Dive on AWS IoT
Deep Dive on AWS IoT
Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Amazon Web Services
 
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Amazon Web Services
 
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
nyfuhyz
 
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
sameer shah
 

More Related Content

Similar to AWS_IoT_Device_Management_Workshop.pptx

IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
Amazon Web Services
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
Amazon Web Services
 
(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT
Amazon Web Services
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
Amazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Amazon Web Services
 
Getting started with aws io t.compressed.compressed
Getting started with aws io t.compressed.compressedGetting started with aws io t.compressed.compressed
Getting started with aws io t.compressed.compressed
Amazon Web Services
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Amazon Web Services
 
AWS IoT Deep Dive
AWS IoT Deep DiveAWS IoT Deep Dive
AWS IoT Deep Dive
Kristana Kane
 
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Amazon Web Services
 
Introduction to AWS IoT
Introduction to AWS IoTIntroduction to AWS IoT
Introduction to AWS IoT
Amazon Web Services
 
The Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT ThingThe Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT Thing
Amazon Web Services
 
Connecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made SimpleConnecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made Simple
Danilo Poccia
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
 
AWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web DayAWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web Day
AWS Germany
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel Aviv
Amazon Web Services
 
Deep Dive on AWS IoT Core
Deep Dive on AWS IoT CoreDeep Dive on AWS IoT Core
Deep Dive on AWS IoT Core
Amazon Web Services
 
Herramientas Cloud Ninja AWS "From Zero to Hero"
Herramientas Cloud Ninja AWS "From Zero to Hero"Herramientas Cloud Ninja AWS "From Zero to Hero"
Herramientas Cloud Ninja AWS "From Zero to Hero"
Amazon Web Services LATAM
 
Deep Dive on AWS IoT
Deep Dive on AWS IoTDeep Dive on AWS IoT
Deep Dive on AWS IoT
Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Amazon Web Services
 
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Amazon Web Services
 

Similar to AWS_IoT_Device_Management_Workshop.pptx (20)

IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
 
(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Getting started with aws io t.compressed.compressed
Getting started with aws io t.compressed.compressedGetting started with aws io t.compressed.compressed
Getting started with aws io t.compressed.compressed
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
 
AWS IoT Deep Dive
AWS IoT Deep DiveAWS IoT Deep Dive
AWS IoT Deep Dive
 
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
 
Introduction to AWS IoT
Introduction to AWS IoTIntroduction to AWS IoT
Introduction to AWS IoT
 
The Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT ThingThe Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT Thing
 
Connecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made SimpleConnecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made Simple
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 
AWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web DayAWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web Day
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel Aviv
 
Deep Dive on AWS IoT Core
Deep Dive on AWS IoT CoreDeep Dive on AWS IoT Core
Deep Dive on AWS IoT Core
 
Herramientas Cloud Ninja AWS "From Zero to Hero"
Herramientas Cloud Ninja AWS "From Zero to Hero"Herramientas Cloud Ninja AWS "From Zero to Hero"
Herramientas Cloud Ninja AWS "From Zero to Hero"
 
Deep Dive on AWS IoT
Deep Dive on AWS IoTDeep Dive on AWS IoT
Deep Dive on AWS IoT
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
 

Recently uploaded

一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
nyfuhyz
 
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
sameer shah
 
Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)
TravisMalana
 
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
slg6lamcq
 
一比一原版(BCU毕业证书)伯明翰城市大学毕业证如何办理
一比一原版(BCU毕业证书)伯明翰城市大学毕业证如何办理一比一原版(BCU毕业证书)伯明翰城市大学毕业证如何办理
一比一原版(BCU毕业证书)伯明翰城市大学毕业证如何办理
dwreak4tg
 
Influence of Marketing Strategy and Market Competition on Business Plan
Influence of Marketing Strategy and Market Competition on Business PlanInfluence of Marketing Strategy and Market Competition on Business Plan
Influence of Marketing Strategy and Market Competition on Business Plan
jerlynmaetalle
 
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
nuttdpt
 
My burning issue is homelessness K.C.M.O.
My burning issue is homelessness K.C.M.O.My burning issue is homelessness K.C.M.O.
My burning issue is homelessness K.C.M.O.
rwarrenll
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
ahzuo
 
University of New South Wales degree offer diploma Transcript
University of New South Wales degree offer diploma TranscriptUniversity of New South Wales degree offer diploma Transcript
University of New South Wales degree offer diploma Transcript
soxrziqu
 
一比一原版(爱大毕业证书)爱丁堡大学毕业证如何办理
一比一原版(爱大毕业证书)爱丁堡大学毕业证如何办理一比一原版(爱大毕业证书)爱丁堡大学毕业证如何办理
一比一原版(爱大毕业证书)爱丁堡大学毕业证如何办理
g4dpvqap0
 
Enhanced Enterprise Intelligence with your personal AI Data Copilot.pdf
Enhanced Enterprise Intelligence with your personal AI Data Copilot.pdfEnhanced Enterprise Intelligence with your personal AI Data Copilot.pdf
Enhanced Enterprise Intelligence with your personal AI Data Copilot.pdf
GetInData
 
一比一原版(Dalhousie毕业证书)达尔豪斯大学毕业证如何办理
一比一原版(Dalhousie毕业证书)达尔豪斯大学毕业证如何办理一比一原版(Dalhousie毕业证书)达尔豪斯大学毕业证如何办理
一比一原版(Dalhousie毕业证书)达尔豪斯大学毕业证如何办理
mzpolocfi
 
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
mbawufebxi
 
Unleashing the Power of Data_ Choosing a Trusted Analytics Platform.pdf
Unleashing the Power of Data_ Choosing a Trusted Analytics Platform.pdfUnleashing the Power of Data_ Choosing a Trusted Analytics Platform.pdf
Unleashing the Power of Data_ Choosing a Trusted Analytics Platform.pdf
Enterprise Wired
 
Learn SQL from basic queries to Advance queries
Learn SQL from basic queries to Advance queriesLearn SQL from basic queries to Advance queries
Learn SQL from basic queries to Advance queries
manishkhaire30
 
一比一原版(Glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(Glasgow毕业证书)格拉斯哥大学毕业证如何办理一比一原版(Glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(Glasgow毕业证书)格拉斯哥大学毕业证如何办理
g4dpvqap0
 
Everything you wanted to know about LIHTC
Everything you wanted to know about LIHTCEverything you wanted to know about LIHTC
Everything you wanted to know about LIHTC
Roger Valdez
 
State of Artificial intelligence Report 2023
State of Artificial intelligence Report 2023State of Artificial intelligence Report 2023
State of Artificial intelligence Report 2023
kuntobimo2016
 
一比一原版(Coventry毕业证书)考文垂大学毕业证如何办理
一比一原版(Coventry毕业证书)考文垂大学毕业证如何办理一比一原版(Coventry毕业证书)考文垂大学毕业证如何办理
一比一原版(Coventry毕业证书)考文垂大学毕业证如何办理
74nqk8xf
 

Recently uploaded (20)

一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
 
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
 
Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)
 
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
 
一比一原版(BCU毕业证书)伯明翰城市大学毕业证如何办理
一比一原版(BCU毕业证书)伯明翰城市大学毕业证如何办理一比一原版(BCU毕业证书)伯明翰城市大学毕业证如何办理
一比一原版(BCU毕业证书)伯明翰城市大学毕业证如何办理
 
Influence of Marketing Strategy and Market Competition on Business Plan
Influence of Marketing Strategy and Market Competition on Business PlanInfluence of Marketing Strategy and Market Competition on Business Plan
Influence of Marketing Strategy and Market Competition on Business Plan
 
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
 
My burning issue is homelessness K.C.M.O.
My burning issue is homelessness K.C.M.O.My burning issue is homelessness K.C.M.O.
My burning issue is homelessness K.C.M.O.
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
 
University of New South Wales degree offer diploma Transcript
University of New South Wales degree offer diploma TranscriptUniversity of New South Wales degree offer diploma Transcript
University of New South Wales degree offer diploma Transcript
 
一比一原版(爱大毕业证书)爱丁堡大学毕业证如何办理
一比一原版(爱大毕业证书)爱丁堡大学毕业证如何办理一比一原版(爱大毕业证书)爱丁堡大学毕业证如何办理
一比一原版(爱大毕业证书)爱丁堡大学毕业证如何办理
 
Enhanced Enterprise Intelligence with your personal AI Data Copilot.pdf
Enhanced Enterprise Intelligence with your personal AI Data Copilot.pdfEnhanced Enterprise Intelligence with your personal AI Data Copilot.pdf
Enhanced Enterprise Intelligence with your personal AI Data Copilot.pdf
 
一比一原版(Dalhousie毕业证书)达尔豪斯大学毕业证如何办理
一比一原版(Dalhousie毕业证书)达尔豪斯大学毕业证如何办理一比一原版(Dalhousie毕业证书)达尔豪斯大学毕业证如何办理
一比一原版(Dalhousie毕业证书)达尔豪斯大学毕业证如何办理
 
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
 
Unleashing the Power of Data_ Choosing a Trusted Analytics Platform.pdf
Unleashing the Power of Data_ Choosing a Trusted Analytics Platform.pdfUnleashing the Power of Data_ Choosing a Trusted Analytics Platform.pdf
Unleashing the Power of Data_ Choosing a Trusted Analytics Platform.pdf
 
Learn SQL from basic queries to Advance queries
Learn SQL from basic queries to Advance queriesLearn SQL from basic queries to Advance queries
Learn SQL from basic queries to Advance queries
 
一比一原版(Glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(Glasgow毕业证书)格拉斯哥大学毕业证如何办理一比一原版(Glasgow毕业证书)格拉斯哥大学毕业证如何办理
一比一原版(Glasgow毕业证书)格拉斯哥大学毕业证如何办理
 
Everything you wanted to know about LIHTC
Everything you wanted to know about LIHTCEverything you wanted to know about LIHTC
Everything you wanted to know about LIHTC
 
State of Artificial intelligence Report 2023
State of Artificial intelligence Report 2023State of Artificial intelligence Report 2023
State of Artificial intelligence Report 2023
 
一比一原版(Coventry毕业证书)考文垂大学毕业证如何办理
一比一原版(Coventry毕业证书)考文垂大学毕业证如何办理一比一原版(Coventry毕业证书)考文垂大学毕业证如何办理
一比一原版(Coventry毕业证书)考文垂大学毕业证如何办理
 

AWS_IoT_Device_Management_Workshop.pptx

  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS IoT architecture
  • 3. Fast device registration at scale Real-time fleet indexing and search Monitoring and updating devices AWS IoT Device Management AWS IoT Device Management helps you register, organize, monitor, and remotely manage your growing fleet of connected devices. Access individual device securely
  • 5. AWS IoT – starting to explore…
  • 6. At xcale - Howto provision devices? Secure device connectivity and messaging Devices AWS IoT Core Fleet onboarding, management and SW updates Architecture is developed… How Do I onboard my devices???
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. When a device is provisioned •(Created in the device registry) •Device certificate registered with AWS IoT Core •(Certificate attached to the device) •IoT Policy attached to the device through: • Certificate • Thing group
  • 8. • API Calls • Single Device Provisioning • Bulk Device Provisioning • Fleet Provisioning • Just-in-Time Provisioning • Just-in-Time Registration IoT topic rule Lambda function AWS IoT provisioning options
  • 9. Provisioning template "Parameters" : { "ThingName" : { "SerialNumber" : "Location" : { "Ty "Defa "CSR" : { "Type" "Type" : "String" }, { "Type" : "String" }, pe" : "String", ult" : "WA“ }, : "String“ } } "Resources" : { "thing" : { "Type" : "AWS::IoT::Thing", "Properties" : { "ThingName" : {"Ref" : "ThingName"}, "AttributePayload" : { "version" : "v1", "serialNumber" : {"Ref" : "SerialNumber"} }, "ThingTypeName" : "lightBulb-versionA", "ThingGroups" : ["v1-lightbulbs", {"Ref" : "Location"}] } }, "certificate" : { "Type" : "AWS::IoT::Certificate", "Properties" : { "CertificateSigningRequest": {"Ref" : "CSR"}, "Status" : "ACTIVE" } }
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Single/Bulk device provisioning {"ThingName": "foo", "SerialNumber": "123", "CSR": "csr1"} {"ThingName": "bar", "SerialNumber": "456", "CSR": "csr2"} • Parameters with device information are used in the provisioning template • Single: on ”line” as parameter to register a thing • Bulk: multiple parameter lines in an S3 bucket
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fleet provisioning • Create a provisioning template • Optional Lambda-based pre-provisioning hook • Create provisioning claim key/certificate • Attach restricted policy to the claim certificate • Device connects for the first time with claim key/certificate • Uses the provisioning MQTT API to obtain final certificate and being provisioned in AWS IoT • $aws/provisioning-templates/templateName/provision/payload- format • $aws/provisioning-templates/templateName/provision/payload- format/# • $aws/certificates/create-from-csr/payload-format/# • $aws/certificates/create/payload-format/#
  • 13. • Own CA required • Provisioning Template attached to own CA 1.Device connects to AWS IoT, device certificate gets registered 2. JITP provisions device according to the provisioning template © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Device Onboarding – JITP AWS IoT Own CA
  • 14. 1.Device connects to AWS IoT, device certificate gets registered 2.AWS IoT publishes message to $aws/events/certificates/registered/<caCertificateID> 3.Topic Rule is invoked 4.Topic Rule calls Lambda Function as action 5.Lambda provisions device © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Device Onboarding – JITR AWS IoT Topic Topic- rule 1 3 4 • Create thing 5 • Activate Certificate • Create/Attach IoT Policy • Attach policy to certificate • Do more stuff… Own CA 2
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. JITR vs. JITP JITR JITP Topic rule and Lambda function. Code must be written and maintained No code, only body template attached to CA Provisioning more complex: Device connects, certificate registers with status PENDING_ACTIVATION, service sends MQTT message, rule triggers Lambda, Lambda does provisioning and optionally more stuff Easy provisioning: Device connects, provisioning workflow run automatically Flexible, different policies for different devices can be created/attached. Information from/to the provisioning process can be put/read from other systems, etc. Static, same provisioning process for every device
  • 16. Global Device Provisioning Lambda function Amazon DynamoDB Amazon API 1. send thing name Gateway 5. on successful provisioning send endpoint, key, certificate to devicel 4. if device is not allowed send error message if device is allowed determine the appropriate region, and provision device in AWS IoT and update DynamoDB 3. query DynamoDB if thing may be provisioned 2. call Lambda 5. send answer IoT Device 6 device connects to the selected region AWS IoT AWS IoT AWS IoT Optional Exercise: https://aws.amazon.com/blogs/iot/provision-devices-globally-with-aws-iot/
  • 18. Grouping and Searching for Devices Organize into logical Hierarchies Search Both the Registry and Device Shadow Notification of Device Changes
  • 23. Device Notifications through Registry Events
  • 24. Registry Events • AWS IoT publishes event messages when certain events occur • Event messages are published over MQTT with a JSON payload • Registry events for things, thing types, thing groups Use-Cases • Trigger Rules based on changes in the device registry • Update own datastore when devices are CRUD • Enrich data in the device registry
  • 26. Secure Tunneling AWS IoT Device Management Provides secure connectivity to individual devices in just a few clicks to diagnose issues and take action to solve them. Establish trusted connections that adhere to customers’ corporate security policies Troubleshoot and solve device issues more quickly and cost- effectively, with no disruption to end user experience Gain remote access to devices on isolated networks or behind firewalls
  • 27. Secure Tunneling Open-tunnel Destination local-proxy Remote Shell Source local- proxy < / > In the workshop your • Source is AWS Cloud9 • Target is Amazon EC2
  • 29. Monitoring Device Events Monitor Devices Joining Groups Monitoring of Device Updates Monitor Device Security Policies
  • 30. Ressource-specific Logging { "timestamp": "2018-04-17 13:50:21.616", "logLevel": "INFO", "traceId": "6753a942-92c3-f979-587c- 9c634874b672", "accountId": “123456789012", "status": "Success", "eventType": "Publish-In", "protocol": "MQTT", "topicName": "$aws/things/job-agent/jobs/get", "clientId": "job-agent", "principalId": "9187849467e75a1a92cbcf0f3a6a49b4f10d820b 99dfa62657cf4b6e60c0dac4", "sourceIp": "35.178.51.181", "sourcePort": 46435 }
  • 32. IoT thing camera IoT thing windfarm IoT thing coffee pot IoT thing travel Job AWS IoT Jobs use JSON files called Job Documents to define actions that the device should take locally Example use cases: • Firmware updates • Reboot a device • Rotate certificates Define Local Actions Using Jobs
  • 33. • Include one or more locations of dependent data to download (i.e. S3 Objects) • Use location links as placeholders for pre- signed URL at run-time • JSON Encoded • Create jobs using AWS Console, CLI, and SDK JSON Define Local Actions Using Jobs
  • 34. { "operation" : "reboot” } { "operations" : { "reboot" : ”safe-mode", "configurations" : { "log" : "persist", "download" : { "target" : "${aws:iot:s3-presigned- url:https://s3.amazonaws.com/bucket/key}", "patch" : "critical" }, "restart" : "blemodule" } } } Structure of Job Documents
  • 37. Thank you! Please complete the survey (link at the website)