Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018

•

0 likes•684 views

There are many different components of AWS IoT Core, including Device gateway, Registry, Message broker, Rules engine, and Device shadow. In this session, we cover each component in depth, how to use them, and best practices. Come away with an understanding of how AWS IoT Core can help you securely connect and manage devices, process and act on device data, and read and set device state. In addition to best practices, we discuss common customer questions when using different features of AWS IoT Core.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Best Practices for AWS IoT Core
Max Jindal
Sr. Software Development Engineer
AWS IoT Core
I O T 3 4 7 - R
Alexandra Lee
Sr. Software Development Engineer
AWS IoT Core

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Related Sessions
Tuesday, November 27th
The Essentials of AWS IoT Device Management
2:30 – 3:30 | Mirage, St. Croix A
Thursday, November 29th
Anatomy of a Successful IoT Project
4:00 – 5:00 | Mirage, Grand Ballroom F

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Best Practices Summary
Connectivity and Security
1. Ensure the device clock stays
up-to-date
2. Use a single identity per
device
3. Apply fine-grained access
controls
4. Use Just-in-Time
Provisioning
Messaging
5. Do not share shadow
6. Use wildcard subscriptions
7. Place wildcard towards right
of high cardinality topic part
8. Use Rules Engine instead of
device subscriptions
9. Shard subscribers for faster
message delivery

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
1. Ensure the Device Clock Stays Up-To-Date

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Transport Layer Security (TLS) Authentication

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Device Certificates
✓
✕

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
2. Use a Single Identity per Device

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
3. Apply Fine-Grained Access Controls

$© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 4. Use Just In-Time Provisioning { "templateBody":"{ "Parameters" : { "AWS::IoT::Certificate::Id" : { "Type" : "String" } }, "Resources" : { "certificate" : { "Type" : "AWS::IoT::Certificate", "Properties" : { "CertificateSigningRequest": {"Ref" : "CSR"}, "Status" : "ACTIVE" }, "OverrideSettings" : { "Status" : "DO_NOTHING" } }, "policy" : { "Type" : "AWS::IoT::Policy", "Properties" : { "PolicyDocument" : "{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action":["iot:Publish"], "Resource": ["arn:aws:iot:us- east-1:123456789012:topic/foo/bar"] }] }" } } } }$

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Messaging Patterns
Command & Control
Telemetry
Large Scale Notifications

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Command & Control - AWS IoT Shadows
SUBSCRIBE
Change Channel Forwards Command

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
5. Do Not Share Shadows

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Command & Control
Change Channel Forward Command
PUBLISH
command/switchOn
command/switchOff
command/volumeUp
command/volumeDown
…
…
SUBSCRIBE
command/switchOn
command/switchOff
command/volumeUp
command/volumeDown
…
…

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
6. Use Wildcard Subscriptions
SUBSCRIBE
command/switchOn
command/switchOff
command/volumeUp
command/volumeDown
…
…
SUBSCRIBE
command/+

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Command & Control – Multiple Devices
Change Channel
Forward Command
PUBLISH
deviced1/command/switchOn
deviced1/command/switchOff
deviced1/command/volumeUp
deviced1/command/volumeDown
…
…
SUBSCRIBE
device1/command/+
SUBSCRIBE
device2/command/+

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
7. Wildcard Placement on Subscription Topic Filter
Subscription Topic Filter should have high cardinality key before the
wildcard
scalable
scalable
deviceId/command/+
command/deviceId/+
NOT
scalable
command/+/deviceId

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Telemetry – Use Rules Engine
Amazon
Kinesis
AWS IoT rule
action
Telemetry data

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
8. Do Not Use Device Subscription for Telemetry
Telemetry data

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Large Scale Notifications
SUBSCRIBE
notification/firetv
PUBLISH
notification/firetv

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS IoT fanout
For each inbound message onto AWS IoT, AWS IoT will deliver that message
to all subscribers at a rate of 10,000 per sec
For 1 million devices, it takes
100 seconds
If we wanted to deliver messages < 60 sec ?

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
9. Shard Subscribers
SUBSCRIBE
notification/firetv/shard2
SUBSCRIBE
notification/firetv/shard1
PUBLISH
notification/firetv/shard1
notification/firetv/shard2

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Helping you manage the security of your IoT fleet is a top priority for AWS. You can use AWS IoT Device Defender to audit device fleets for best practices and drift in security settings, detect abnormal device behavior, and receive alerts to investigate issues. In this session, we will show you how you can use AWS IoT Device Defender to implement and maintain secure policies and controls to keep data and devices secure. Come away understanding how to spot insecure device configurations and how to set up metrics that can be used to spot a DDoS and botnet attacks. We will also look at how AWS IoT Device Defender works with AWS IoT Core and AWS IoT Device Management to respond to security alerts.

The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018

Amazon Web Services

Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018

Amazon Web Services

Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...

Amazon Web Services

IoT (IIoT) bridges the gap between legacy industrial equipment and infrastructure and new technologies, such as machine learning, cloud, mobile, and edge computing. In this session, we focus on how you can extract data from your industrial data sources and build operational insights using AWS IoT services. We cover how to bridge traditional on-premises applications and data stores with new cloud-based IoT applications.

Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...

Amazon Web Services

Edge computing is all about moving compute power to the source of the data instead of having to bring it to the cloud. The edge is a fundamental part of IoT, and it is not only about connecting things to the internet. In this sesssion, we discuss how AWS Greengrass, which is an IoT edge software, can power devices small and large, from a sensor all the way to a wind turbine. With AWS Greengrass, these IoT devices can securely gather data, keep device data in sync, and communicate with each other while still using the cloud for management, analytics, and durable storage. Join us to learn more about the edge of IoT.

[NEW LAUNCH!] Introducing AWS IoT Events (IOT367) - AWS re:Invent 2018

Amazon Web Services

AWS IoT Events is a new IoT-managed service that allows enterprises with large operations dependent on IoT devices to continuously monitor data from their equipment, applications, and fleets of devices for changes in operation and trigger the appropriate response when events occur. IoT Events monitors inputs from many IoT sensors and applications simultaneously; it can also combine sensor and application data with analytical results, including machine learning from AWS IoT Analytics. It helps customers reduce costs through efficiency gains, minimize downtime, and improve product quality. IoT Events is applicable to several industries, including device manufacturers, manufacturing plants, power and utilities, shipping, oil and gas, etc. Join us for this session to learn more about the customer benefits of IoT Events, and catch a demo of IoT Events in action.

Internet of Things (IoT) is taking the world by storm. Nearly every study indicates that the number of edge devices connected to an IoT platform will grow exponentially in the next few years. It’s our belief that over time, everything that can be connected to Internet will be. That’s “lots” of things. Protecting your IoT deployment is key to securing data and earning customer trust. In this talk, we walk through best practices for securing edge devices using native capabilities within AWS IoT and AWS IoT Device Defender.

IoT at the Edge: Introduction to AWS Greengrass (IOT406-R1) - AWS re:Invent 2018

Amazon Web Services

Monitoring IoT Device Behavior with AWS IoT Device Defender Detect (IOT360) -...

Amazon Web Services

AWS IoT - from Cloud to Edge | AWS Floor28

Amazon Web Services

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices and with AWS Greengrass you can extends AWS IoT Core onto your devices at the edge, so they can act locally on the data they generate. In this session we discuss the challenges of running IoT devices and how we solve them with AWS IoT that let you build powerful IoT and edge compute applications. In this tech talk, we will discuss how constrained devices can leverage AWS IoT and use AWS IoT Button to demonstrate building a real connected product, securely connect with AWS IoT.

Detect Abnormal Device Behavior with AWS IoT Device Defender (IOT313-R3) - AW...

Amazon Web Services

Alexa and AWS IoT, ft. VIZIO (IOT302-R1) - AWS re:Invent 2018

Amazon Web Services

The document discusses Vizio's use of Alexa and AWS IoT to enable voice control of their SmartCast devices. It describes how Vizio uses AWS services like IoT, Lambda, and DynamoDB to build their voice and IoT capabilities. It also provides an overview of developing skills for Alexa using the Alexa Skills Kit and AWS services and explains how Vizio leveraged these tools to add voice control to their SmartCast devices and services.

Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...

Amazon Web Services

AWS GovCloud (US) is isolated AWS infrastructure and services designed to allow US government agencies and enterprises in highly regulated industries to move sensitive data and regulated IT workloads to the cloud by addressing specific regulatory and compliance requirements. While enterprises and organizations are increasingly integrating software as a service (SaaS) technologies into their IT environments, they often require SaaS products to address the same compliance features of the AWS GovCloud (US) Region. In this session, we discuss the opportunities for SaaS in AWS GovCloud (US), how SaaS vendors should approach building products in AWS GovCloud (US), key architecture and operational considerations, and best practices for bringing a SaaS product on AWS GovCloud (US) to market.

AWS Greengrass & Amazon FreeRTOS: Connectivity & Security at the Edge (IOT356...

Amazon Web Services

In this session, we discuss how customers can use Amazon FreeRTOS on microcontrollers with AWS Greengrass at the edge. We walk through connecting your devices running Amazon FreeRTOS and connecting devices to AWS Greengrass. We also show you how these two services can work together to solve customer use cases. In addition, we cover security best practices for key management and TLS implementation across Amazon FreeRTOS and AWS Greengrass.

Understand the State of Your Connected Devices (IOT367) - AWS re:Invent 2018

Amazon Web Services

Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...

Amazon Web Services

Whether you are part of a large organization moving your applications to the cloud, or a new application owner just getting started, you always need a baseline security for your web applications. In addition, large organizations with common security requirements frequently need to standardize their security posture across many applications. With compliance initiatives, such as PCI, OFAC, and GDPR, there is a need to effectively manage this posture with minimal error. In this session, learn how to use services like AWS WAF, AWS Shield, and AWS Firewall Manager to deploy and manage rules and protections uniformly across many accounts and resources. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.

How to Quickly Get Insights from IoT Data on AWS (ANT337-S) - AWS re:Invent 2018

Amazon Web Services

The Internet of Things (IoT) is creating massive amounts of data, but users can’t easily access that data and quickly make decisions from it. Data projects are too often funded and delivered without enough consideration for how users will access and consume that data. Domo connects the people, data, and systems to give users the data they need to do their jobs, anytime and from anywhere. In this session, learn how LifeConEx, DHL’s temperature management specialist, uses Domo to get insights from their IoT data to its users, and see the impressive results they have achieved. This session is brought to you by AWS partner, Domo.

Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018

Amazon Web Services

In this session, learn how to use AWS IoT services to build devices that can be used in regulated industries, like healthcare and pharma manufacturing. Come hear from AWS solution architects about how you can use the AWS IoT Core to enable your devices, services like AWS Greengrass to build devices that have local compute, messaging, data caching, sync, and machine learning inference capabilities and AWS IoT Analytics to run sophisticated analytics on massive volumes of IoT data without having to worry about all the cost and complexity typically required to build your own IoT analytics platform. You will also hear about how you can set up the fine-grained access control, auditability, and automated guardrails necessary for the creation and maintenance of regulated workloads following Good Laboratory, Clinical, and Manufacturing Practices (GxP) and other industry standards and ISOs.

Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...

Amazon Web Services

In this presentation, we take a deeper look at Amazon FreeRTOS. As OEMs work to squeeze more functionality onto cheaper and smaller IoT devices, they face a series of challenges in development and operations that results in security vulnerabilities, inefficient code, compatibility issues, and unclear licensing. With Amazon FreeRTOS, it is now easier to build, deploy, and update connected microcontroller-based devices quickly and economically, while retaining confidence that the devices are secure. Also, learn how Pentair, a leading water treatment company, is developing an IoT solution with the help of Amazon FreeRTOS and Espressif Systems, a hardware partner.

Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018

Amazon Web Services

AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices. In this session, we dive into Device Defender Detect, the feature that monitors metrics collected on device and cloud-side to identify anomalous behaviors. We get into the details of how Device Defender Detect works and metrics that it supports. The session includes a demo of how best to leverage Device Defender Detect for keeping your devices secure.

Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018

Amazon Web Services

The document discusses AWS IoT Analytics, a service that processes, enriches, stores, analyzes, and visualizes IoT data. It provides an overview of the key components of AWS IoT Analytics including channels to ingest data from multiple sources, pipelines to filter, transform and enrich data, data stores to store raw and processed data, data sets to query the data stores using SQL, and Jupyter notebooks and containers to build and run machine learning models on the data. It also provides examples of how customers in energy/oil and gas, consumer products, and manufacturing are using AWS IoT Analytics for applications like predictive maintenance, anomaly detection, device telemetry analysis, and quality control.

Tips for Building IoT Applications Faster (IOT366) - AWS re:Invent 2018

Amazon Web Services

AWS IoT services help you connect devices to AWS services and other devices, secure data, interactions, and process, act on device data, and enable applications to interact with devices, even when they are offline. In this session, we provide tips for using the portfolio to create applications faster and deploying applications at the edge. We show you how to save time when adding new kinds of devices to your applications.

AWS-Vizalytics-March-2018 2.pdf

Amazon Web Services

The document discusses AWS and Vizalytics technology for smart cities solutions. It provides an overview of AWS cloud capabilities for infrastructure, analytics, IoT, machine learning and other services. It also presents customer stories of how cities like Chicago and Transport for London have used AWS to power applications and platforms for open data, transportation, and other smart city initiatives. Finally, it outlines a logical architecture for a smart city platform leveraging AWS cloud services for data ingestion, processing, storage in a data lake, and analysis.

AWS IoT - How Low Can You Go (IOT357-R1) - AWS re:Invent 2018

Amazon Web Services

AWS IoT and Amazon FreeRTOS set a high bar for transport layer security, which can overwhelm the capabilities of microcontrollers and embedded systems. In this session, we cover how to enable popular microcontrollers, Wi-Fi chipsets, and cryptocomponents to communicate with AWS IoT at minimal cost. Also, we compare and contrast different approaches for hardware solutions to enable AWS Greengrass devices to effectively communicate in a secure manner. We discuss microcontroller ecosystems, discrete components, and mature frameworks for development. Our goal is to help you understand and minimize bill of materials, or BOM, that goes into IoT hardware development.

AWS IoT: servizi costruiti per migliorare le performance di business

Amazon Web Services

In questa sessione presenteremo la suite di servizi della piattaforma AWS IoT. Approfondiremo come AWS IoT aiuta i nostri clienti ad ottenere dei solidi vantaggi di business come: accedere a nuove opportunità di business, sviluppare nuovi prodotti e servizi, migliorare le relazioni con i propri Clienti, velocizzare i processi decisionali e creare una cultura aziendale basata sull'utilizzo intelligente dei dati.

Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...

Amazon Web Services

Lock It Down: How to Secure Your Organization's AWS Account

Amazon Web Services

The cloud enables users to run workloads in a more secure fashion than what typically can be done in a traditional datacenter. However, many customers are still not sure how to actually harden their AWS accounts and resources and make sure compliance is being enforced. When large customers have multiple accounts, ensuring consistency around governance can also be of concern. In this session we will review how to use automation, tools and techniques to harden and audit your AWS accounts and also how to leverage AWS Organizations to ensure compliance in your enterprise. Geordie Anderson, Security Specialist Solutions Architect, Amazon Web Services Sean Donaghy, Senior Cyber Security Advisor, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada Michael Davie, Security Engineer, Canadian Centre for Cyber Security, Communications Security Establishment, Government of Canada

AWS Security by Design

Amazon Web Services

The document discusses security best practices for AWS, including implementing a segregated account environment, strong identity and access management, enabling traceability through logging and monitoring, and applying security controls at multiple layers. It provides examples of setting up identity and access management with AWS IAM, implementing detective controls with AWS CloudTrail and GuardDuty, and using network and host-level security features like VPCs, security groups, and AWS WAF.

What's hot

Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018

Amazon Web Services

IoT at the Edge: Introduction to AWS Greengrass (IOT406-R1) - AWS re:Invent 2018

Amazon Web Services

Monitoring IoT Device Behavior with AWS IoT Device Defender Detect (IOT360) -...

Amazon Web Services

AWS IoT - from Cloud to Edge | AWS Floor28

Amazon Web Services

Detect Abnormal Device Behavior with AWS IoT Device Defender (IOT313-R3) - AW...

Amazon Web Services

Alexa and AWS IoT, ft. VIZIO (IOT302-R1) - AWS re:Invent 2018

Amazon Web Services

Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...

Amazon Web Services

AWS Greengrass & Amazon FreeRTOS: Connectivity & Security at the Edge (IOT356...

Amazon Web Services

Understand the State of Your Connected Devices (IOT367) - AWS re:Invent 2018

Amazon Web Services

Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...

Amazon Web Services

How to Quickly Get Insights from IoT Data on AWS (ANT337-S) - AWS re:Invent 2018

Amazon Web Services

Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018

Amazon Web Services

Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...

Amazon Web Services

Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018

Amazon Web Services

Customer Showcase for AWS IoT Analytics (IOT219) - AWS re:Invent 2018

Amazon Web Services

Tips for Building IoT Applications Faster (IOT366) - AWS re:Invent 2018

Amazon Web Services

AWS-Vizalytics-March-2018 2.pdf

Amazon Web Services

AWS IoT - How Low Can You Go (IOT357-R1) - AWS re:Invent 2018

Amazon Web Services

AWS IoT: servizi costruiti per migliorare le performance di business

Amazon Web Services

Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...

Amazon Web Services

What's hot (20)