ATWINC1500 AWS IoT Demo With RSA - Microchip...

AN2638 ATWINC1500 AWS IoT Demo with RSA

Introduction

This application note describes how to use the SAM W25 Xplained Pro (XPro) or SAM D21 XPro with Wi-Fi® Network Controller (WINC) module to communicate with the Amazon Web Service (AWS) Internet ofThings (IoT) Cloud using Rivest–Shamir–Adleman (RSA).

This demo provides an example of the Message Queue Telemetry Transport (MQTT) to publish orsubscribe with the AWS IoT. The SAM W25 XPro or SAM D21 XPro with WINC module is configured aseither of the following:

• Publisher, when the AWS Console MQTT client is the Subscriber• Subscriber, when the AWS Console MQTT client is the Publisher

Figure 1. SAM W25 Xplained Pro Board

© 2018 Microchip Technology Inc. Application Note DS00002638A-page 1

Figure 2. SAM D21 XPro With ATWINC1500 Connected on EXT1

Figure 3. SAM G55 XPro With ATWINC1500 Connected on EXT1

AN2638


Table of Contents

Introduction......................................................................................................................1

1. Getting Started.......................................................................................................... 41.1. Prerequisites................................................................................................................................ 41.2. Demo Application Flow.................................................................................................................4

2. Configuring the Demo Application............................................................................. 52.1. WINC1500_AWS_RSA_EXAMPLE Application Configuration.................................................... 5

3. AWS IoT Account Setup............................................................................................ 63.1. Signing In to the AWS IoT Console..............................................................................................63.2. Registering a Device in the Thing Registry.................................................................................. 73.3. Creating and Activating a Device Certificate................................................................................93.4. Creating an AWS IoT Policy.......................................................................................................103.5. Attaching an AWS IoT Policy to a Device Certificate................................................................. 143.6. Attaching a Certificate to the Thing............................................................................................ 153.7. Viewing Device MQTT Messages with the AWS IoT MQTT Client............................................ 183.8. Configure and Test Rules...........................................................................................................21

4. Programming Certificates........................................................................................ 30

5. Running the Demo...................................................................................................33

6. Document Revision History..................................................................................... 35

The Microchip Web Site................................................................................................ 36

Customer Change Notification Service..........................................................................36

Customer Support......................................................................................................... 36

Microchip Devices Code Protection Feature................................................................. 36

Legal Notice...................................................................................................................37

Trademarks................................................................................................................... 37

Quality Management System Certified by DNV.............................................................38

Worldwide Sales and Service........................................................................................39


1. Getting StartedThis section provides information about the sequence of activities to perform the AWS IoT demoapplication and its prerequisites.

1.1 PrerequisitesThe following are the hardware and software prerequisites needed to start the AWS IoT demo.

1. Hardware Prerequisites– Two SAM D21-XPRO evaluation kits and ATWINC1500 module; or,– Two SAM W25-XPRO evaluation kits– Micro-USB cable (Type A/Micro B)

2. Software Prerequisites– ATWINC1500 Release 19.5.2 Atmel Studio 7– A valid AWS IoT account

1.2 Demo Application FlowThe following figure illustrates the sequence of activities to perform the AWS IoT demo application withthe RSA certificate.

Figure 1-1. AWS IoT Demo Application Flow

AN2638Getting Started


2. Configuring the Demo ApplicationThe "WINC1500_AWS_RSA_EXAMPLE" application publishes a message (on a certain topic) to theAWS Cloud MQTT message broker from the device, which is configured as Publisher.

Note: The publish event is triggered by a SW0 button press.

To view the published messages, subscribe the AWS MQTT client to the same topic on which theSAMW25/SAMD21 is publishing. The device that is configured as Subscriber receives the messages.

2.1 WINC1500_AWS_RSA_EXAMPLE Application ConfigurationThis section provides details about the WLAN configuration, AWS IoT settings and application devicesettings.

2.1.1 WLAN ConfigurationIn the main.h file, set the following configuration parameters according to the wireless Access Point (AP)settings.

/** Wi-Fi Settings */#define MAIN_WLAN_SSID "DEMO" /**< Destination SSID */#define MAIN_WLAN_AUTH M2M_WIFI_SEC_WPA_PSK /**< Security manner */#define MAIN_WLAN_PSK "123456" /**< Password for Destination SSID */

2.1.2 AWS IoT SettingsIn the aws_iot_config.h file, set the following configuration parameters according to the AWSaccount.

// Get from console// =================================================// To be Modified based on the user account#define AWS_IOT_MQTT_HOST "XXXXXXXXXXXX.iot.us-west-2.amazonaws.com"#define AWS_IOT_MQTT_PORT 8883#define AWS_IOT_MQTT_CLIENT_ID "SAMD21_MQTT"#define AWS_IOT_MY_THING_NAME "SAMD21_MQTT"#define AWS_IOT_ROOT_CA_FILENAME " "#define AWS_IOT_CERTIFICATE_FILENAME " "#define AWS_IOT_PRIVATE_KEY_FILENAME " "

2.1.3 Application Device SettingsIn the main.c file, set the following configuration parameters to set the device role as either Subscriberor Publisher, the associated subscribe channel, and then publish the channel to receive and sendmessages.

/*Role of the device*///#define SUBSCRIBER#define PUBLISHER#ifdef SUBSCRIBE#define CLIENT_ID "WINC1500_Sub"R#define SUBSCRIBE_CHANNEL "WINC1500_IOT/sub"#define PUBLISH_CHANNEL "WINC1500_IOT/pub"#else#define CLIENT_ID "WINC1500_Pub"#define SUBSCRIBE_CHANNEL "WINC1500_IOT/pub"#define PUBLISH_CHANNEL "WINC1500_IOT/sub"#endif

Note: CLIENT_ID must be different and unique for different boards.

AN2638Configuring the Demo Application


3. AWS IoT Account SetupThis chapter demonstrates setting up of the AWS IoT account and the various steps involved inregistering and activating a device.

Figure 3-1. AWS IoT Account

3.1 Signing In to the AWS IoT ConsoleThis section demonstrates the sign in to the AWS IoT console. If the user does not have an AWSaccount, the account must be created.

To create an AWS account:

Perform the following steps to create an AWS account:

1. Open the AWS Home Page and choose Create an AWS Account.2. Follow the online instructions. A part of the sign-up procedure involves receiving a phone call and

entering a PIN using the user's phone keypad.3. Sign in to the AWS Management console and open the AWS IoT console.4. On the Welcome page, click Get started.

Figure 3-2. Getting Started With AWS IoT Console

AN2638AWS IoT Account Setup


https://aws.amazon.com/https://www.amazon.com/ap/signin?openid.assoc_handle=aws&openid.return_to=https%3A%2F%2Fsignin.aws.amazon.com%2Foauth%3Fresponse_type%3Dcode%26client_id%3Darn%253Aaws%253Aiam%253A%253A015428540659%253Auser%252Ficebreaker%26redirect_uri%3Dhttps%253A%252F%252Fconsole.aws.amazon.com%252Fiot%252Fhome%253Fstate%253DhashArgs%252523%2526isauthcode%253Dtrue%26noAuthCookie%3Dtrue&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&action=&disableCorpSignUp=&clientContext=&marketPlaceId=&poolName=&authCookies=&pageId=aws.ssop&siteState=registering%2Cen_US&accountStatusPolicy=P1&sso=&openid.pape.preferred_auth_policies=MultifactorPhysical&openid.pape.max_auth_age=120&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&server=%2Fap%2Fsignin%3Fie%3DUTF8&accountPoolAlias=&forceMobileApp=0&language=en_US&forceMobileLayout=0

5. If the user is using the AWS IoT console for the first time, the Welcome to the AWS IoT Consolepage is displayed.

3.2 Registering a Device in the Thing RegistryIn the Thing Registry, the devices connected to AWS IoT are represented by things. The Thing Registryallows to keep a record of all devices that are connected to an AWS IoT account.

To register a device in the Thing Registry:

Perform the following steps to register the user device in the Thing Registry.

1. On the Welcome to the AWS IoT Console page in the left navigation panel, choose Registry toexpand the choices, and then select Things.Figure 3-3. Welcome Page

2. On the You don't have any things yet page, click Register a thing.



Figure 3-4. Registering a Thing

3. On the Register a thing page in the Name field, enter a name for the device, such asMyIoTButton and click Create thing to add the device to the Thing Registry.Figure 3-5. Create a Thing

4. The result page is displayed as illustrated in following figure.



Figure 3-6. Device added to Thing Registry

3.3 Creating and Activating a Device CertificateThe communication between the device and AWS IoT is protected using X.509 certificates. The AWS IoTgenerates a certificate or the user can use their own X.509 certificate. This demonstration assumes thatAWS IoT generates the X.509 certificate.Note: The certificates must be activated prior to use.

Perform the following steps to create and activate a device certificate.

1. In the left navigation panel, choose Secure, Certificates (as necessary), and then click Create aCertificate.Figure 3-7. Create a Certificate

2. On the Create a Certificate page, choose Create Certificate.



Figure 3-8. Create a Certificate Page

3. On the Certificate Created page, click Download to download the certificate, public key, privatekey, and the root CA for AWS IoT and then save these downloads to the PC and choose Activateto continue.Note:

1. The downloaded file names and certificate appear in .key and .crt formats2. The downloaded file names appear differently than those listed on the Certificate Created

page. The examples are 2a540e2346-certificate.pem.crt.text, 2a540e2346-private.pem.key and 2a540e2346-public.pem.key.

3. Although it is unlikely, root CA certificates are subjected to expiration and/or revocation. If thismust occur, be sure to copy a new root CA certificate onto the device.

Figure 3-9. Download a Certificate

4. Select Done to complete.

3.4 Creating an AWS IoT PolicyThe X.509 certificates are used to authenticate the device with the AWS IoT. The AWS IoT policies areused to authorize the device to perform AWS IoT operations, such as subscribing or publishing to MQTTtopics. The device displays its certificate, while sending messages to AWS IoT. To allow the device to



perform AWS IoT operations, the user must create an AWS IoT policy and attach it to the devicecertificate.

To create an AWS IoT Policy:

Perform the following steps to create an AWS IoT policy.

1. On the left navigation panel, choose Secure, and then Policies. On the You don't have anypolicies yet page, click Create a policy.Figure 3-10. AWS IoT Policy

2. On the Create a policy page, in the Name field, enter a name for the policy (for example,MyIoTButtonPolicy). In the Action field, type iot:Connect. In the Resource ARN field, type *.Select the Allow check box to allow all the clients to connect to AWS IoT.



Figure 3-11. Create a Policy

Note: The user can restrict the clients (devices) that are able to connect by specifying a clientARN as the resource. The client ARNs follow this format: arn:aws:iot:your-region:your-was-account: client/Select the Add Statement button to add another policy statement. In the Action field, enteriot:Publish. In the Resource ARN field, enter the ARN of the topic to which the device publishes.

Note: The topic ARN follows this format: arn:was:iot:your-region:your-was-account:topic/iotbutton/your-button-serial-number. For example:arn:aws:iot:us-east-1:123456789012:topic/iotbutton/G030JF055364XVRB

The user can find the serial number on the bottom of the button. If the user is not using an AWS IoTbutton, after topic/ in the ARN, place the topic at the device to publish. For example:arn:aws:iot:us-east-1:123456789012:topic/my/topic/hereFinally, select the Allow check box to allow the device to publish messages to the specified topic.

3. After entering the information for the policy, choose Create.



Figure 3-12. Connecting to AWS IoT

4. After entering all the information for the policy, click Create.Figure 3-13. Policy Created

5. For more information, refer to Managing AWS IoT Policies



http://docs.aws.amazon.com/iot/latest/developerguide/authorization.html

3.5 Attaching an AWS IoT Policy to a Device CertificateAfter creating a AWS IoT policy, the user must attach it to the device certificate. Attaching an AWS IoTpolicy to a certificate provides permission for the device as specified in the policy.

Perform the following steps to attach the AWS IoT Policy to a device certificate.

1. On the left navigation panel, choose Secure, and then Certificates.Figure 3-14. AWS IoT Page

2. In the box for the certificate created, click ... to open a drop-down menu, and then select Attachpolicy.Figure 3-15. Certificate Page



3. In the Attach policies to certificate(s) dialog box, select the check box of the policy created by theuser, and then click Attach.Figure 3-16. Attach Policies to Certificate

3.6 Attaching a Certificate to the ThingA device must have a certificate, private key and root CA certificate to authenticate with the AWS IoT. It isalso recommended that the user also can attach the device certificate to the thing that represents thedevice in AWS IoT. This allows the user to create AWS IoT policies that allow permissions based oncertificates attached to things. For more information, refer to Thing Policy Variables.

To attach a certificate to the thing representing the device in Thing Registry:

Perform the following steps to attach a certificate to the thing representing the device in Thing Registry.

1. Click ... on the certificate created by the user to open a drop-down menu, and then select Attachthing.



http://docs.aws.amazon.com/iot/latest/developerguide/thing-policy-variables.html

Figure 3-17. Attach a Thing

2. In the Attach things to certificate(s) dialog box, select the check box on the thing registered bythe user, and then click Attach.Figure 3-18. Attach Things to Certificate

3. To verify the thing is attached, select the box representing the certificate. On the Details page ofthe certificate in the left navigation panel, select Things.



Figure 3-19. Certificate Page

4. On the Details page for the certificate in the left navigation panel, choose Things.Figure 3-20. Things Page

5. To verify the policy is attached on the Details page for the certificate in the left navigation panel,select Policies.Figure 3-21. Verifying the Attached Policy



3.7 Viewing Device MQTT Messages with the AWS IoT MQTT ClientThe user can utilize the AWS IoT MQTT Client to understand the MQTT messages sent by a device.

The devices publish MQTT messages on topics. The user can use the AWS IoT MQTT client to subscribethe topics to see these messages.

To view MQTT messages:

Perform the following steps to view the MQTT messages.

1. In the AWS IoT console in the left navigation panel, select Test.Figure 3-22. AWS IoT Console Dashboard

2. Subscribe to the topic on which the thing publishes. In the case of the AWS IoT button, the user cansubscribe to iotbutton/+ (+ is the wildcard character). In Subscribe to a topic window, typeiotbutton/+ in the Subscription topic field, and then select Subscribe to topic.Note: This topic must appear under Subscriptions and then select it there.



https://www.amazon.com/ap/signin?openid.assoc_handle=aws&openid.return_to=https%3A%2F%2Fsignin.aws.amazon.com%2Foauth%3Fresponse_type%3Dcode%26client_id%3Darn%253Aaws%253Aiam%253A%253A015428540659%253Auser%252Ficebreaker%26redirect_uri%3Dhttps%253A%252F%252Fconsole.aws.amazon.com%252Fiot%252Fhome%253Fstate%253DhashArgs%252523%2526isauthcode%253Dtrue%26noAuthCookie%3Dtrue&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&action=&disableCorpSignUp=&clientContext=&marketPlaceId=&poolName=&authCookies=&pageId=aws.ssop&siteState=registering%2Cen_US&accountStatusPolicy=P1&sso=&openid.pape.preferred_auth_policies=MultifactorPhysical&openid.pape.max_auth_age=120&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&server=%2Fap%2Fsignin%3Fie%3DUTF8&accountPoolAlias=&forceMobileApp=0&language=en_US&forceMobileLayout=0

Figure 3-23. Subscriptions Page

3. Choosing Subscribe to topic above, results in the topic iotbutton/+ appearing in theSubscriptionscolumn.Figure 3-24. Subscribe to topic

4. Press the AWS IoT button, and then view the resulting message in the AWS IoT MQTT client. If nobutton exists, the user simulates a button press in the next step.



Figure 3-25. Message in AWS IoT MQTT client

Note: The AWS IoT Button FAQs contains useful button LED color pattern information.5. To use the AWS IoT console to publish a message, be sure to follow the steps below.

On the MQTT client page, in the Publish section, in the Specify a topic and a message topublish… field, type iotbutton/ABCDEFG12345. In the message payload section, enter thefollowing JSON:

Figure 3-26. JSON in Message Payload Section

6. Choose Publish to topic to see the message in the AWS IoT MQTT client (choose iotbutton/+inthe Subscription column to see the message).Figure 3-27. Publish to Topic



https://aws.amazon.com/iotbutton/faq/

3.8 Configure and Test RulesThe AWS IoT test rules engine listens for incoming MQTT messages that match a rule. When a matchingmessage is received, the rule takes the action with the data in the MQTT message (For example, writingdata to an Amazon S3 bucket, invoking a Lambda function or sending a message to an Amazon SNStopic). In this step, the user can create and configure a rule to send the data received from a device to anAmazon SNS topic. In addition, the user can:

• Create an Amazon SNS topic.• Subscribe to the Amazon SNS topic using a cell phone number.• Create a rule that sends a message to the Amazon SNS topic, when a message is received from

the device.• Test the rule using the AWS IoT button or an MQTT client.

In the upper-right corner of this page, there is a Filter View drop down list. For instructions to test the ruleby using the AWS IoT button, choose AWS IoT Button. For instructions to test the rule by using the AWSIoT MQTT client, choose MQTT Client.

3.8.1 Create an SNS TopicUse the Amazon SNS console to create an Amazon SNS topic.Note: Amazon SNS is not available in all AWS regions.

1. Open the Amazon SNS console.2. On the left panel, choose Topics.

Figure 3-28. Amazon SNS Console

3. Choose Create new topic.



https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fsns%2Fv2%2Fhome%3Fstate%3DhashArgs%2523%26isauthcode%3Dtrue&client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Fsns&forceMobileApp=0

Figure 3-29. Creating New Topic

4. Type a topic name and a display name, and then click Create topic.Figure 3-30. Details in Creating Topic

5. Be sure to make a note of ARN for the topic that the user created.Figure 3-31. ARN for Topic

3.8.2 Subscribe to an Amazon SNS TopicTo receive SMS messages on the cell phone, subscribe to the Amazon SNS topic.

1. In the Amazon SNS console, select the check box next to the user-created topic. From the Actionsmenu, choose Subscribe to topic.



Figure 3-32. Subscribe to Topic

2. On Create subscription field, from the Protocol drop down list, choose SMS. In the Endpointfield, type the phone number of an SMS-enabled cell phone, and then choose Createsubscription.Figure 3-33. Create Subscription

Note: Enter the phone number using numbers and dashes only.

3.8.3 Create a RuleAWS IoT rules consist of a topic filter, a rule action, and an IAM role. The messages published on topicsthat match the topic filter trigger the rule. The rule action defines which action to take when the rule istriggered. The IAM role contains one or more IAM policies that determine which AWS services the rulecan access. The user can create multiple rules that listen to a single topic. Likewise, the user can createa single rule that is triggered by multiple topics. The AWS IoT rules engine continuously processes themessages published on topics that match the topic filters defined in the rules.

In this example, the user can create a rule that uses Amazon SNS to send a SMS notification to a cellphone number.

1. On the left navigation panel in the AWS IoT console, choose Act.



Figure 3-34. AWS IoT Console

2. On the Act page, click Create a rule.Figure 3-35. Create a Rule

3. On the Create a rule page in the Name field, enter a name for the rule. In the Description field,enter a description for the rule.Figure 3-36. Create a Rule



4. Scroll down to Message source and choose the latest version from the Using SQL version dropdown list. In the Attribute field, enter *. This specifies sending the entire MQTT message thattriggered the rule.Figure 3-37. Message Source

5. The rules engine uses the topic filter to determine the rules to trigger when a MQTT message isreceived. In the Topic filter field, type iotbutton/your-button-DSN. If the user is not using anAWS IoT button, type my/topic or the topic used in the rule.Figure 3-38. Topic Filter in Message Source

Note: 1. The DSN is available on the bottom of the button.2. Condition column is left blank.

6. In Set one or more actions, click Add action.



Figure 3-39. Add Action

7. On the Select an action page, select Send a message as an SNS push notification.Figure 3-40. Select an Action

8. Click Configure action.Figure 3-41. Configure Action

9. On the Configure action page from the SNS target drop down list, choose the Amazon SNS topiccreated earlier.



Figure 3-42. Configure Action Page

10. Provide AWS IoT permission to publish the Amazon SNS topic on the user’s behalf, when the ruleis triggered. Click Create a new role. Enter a name for new role in the IAM role name field. Afterentering the name, click Create a new role again. Select the newly created role from the IAM rolename drop down list.Figure 3-43. Create a New Role

11. Select Update role to apply the permissions to the newly created role, and then click Add action.



Figure 3-44. Update Role

12. On the Create a Rule page, click Create rule.Figure 3-45. Create a Rule

3.8.4 Test the Amazon SNS RuleTest the rule by using an AWS IoT button or the AWS IoT MQTT client.

• AWS IoT Button:– Press the button to receive an SMS text that shows the current battery charge level on the

device (among other things).– Try a long press (about 2 seconds) and a fast double press, and note the resulting messages.

• AWS IoT MQTT Client:– To test the rule with AWS IoT MQTT client:

1.1. On the left navigation panel in the AWS IoT console, click Test.1.2. On the MQTT Client page in the Specify a topic and a message to publish…

field, enter my/topic or the topic used in the rule. In the message payloadsection, type the following JSON.



https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fiot%2Fhome%3Fstate%3DhashArgs%2523%26isauthcode%3Dtrue&client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Ficebreaker&forceMobileApp=0

Note: If the user is using the button, enter iotbutton/your-button-DSNinstead of my/topic in the Specify a topic and a message to publish… field.Figure 3-46. AWS IoT MQTT Client

1.3. Click Publish to topic to receive an Amazon SNS message on the cell phone.1.4. Thus the user has created and configured a rule that sends the data received from

a device to an Amazon SNS topic.Note: For more information on AWS IoT rules, refer to AWS IoT Rule Tutorialsand AWS IoT Rules.



https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules-tutorial.htmlhttps://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html

4. Programming CertificatesFor performing the AWS IoT with RSA, the programming certificate from AWS IoT is downloaded in to thedevice.

Figure 4-1. Programming Certificates Process

Perform the following steps to program the downloaded certificate.

1. Open the certificate file downloaded from AWS IoT.Note: For generating a certificate, refer to Creating and Activating a Device Certificate.

Figure 4-2. Device Certificate Window

2. Open the Details tab and click Copy to File to display the "Certificate Export Wizard" dialog box.

AN2638Programming Certificates


Figure 4-3. Details Page of Certificate

3. In the "Certificate Export Wizard" dialog box, click Next.Figure 4-4. Certificate Export Wizard



4. Select the default option "DER encoded binary X.509 (.CER)" format to export and click Next.Figure 4-5. Selecting the Export File Format

5. Save the file in the name of atmelwinc.cer and rename the AWS downloaded private key file asatmelwinc.key.

6. Store both the atmelwinc.cer and atmelwinc.key files in the src/tls_cert_store/ folderof the fiirmware upgrade project (These files are not available with this package).

7. After loading the generated certificate and key file, be sure to flash the "ATWINC1500" firmwareusing the src/ download_all_sb_samw25_xplained_pro.bat for the SAM W25 device, ordownload_all_sb_samd21_xplained_pro.bat for the SAM D21 device (These files are notavailable with this package).Note: During the firmware upgrade process, be sure that the download_all.bat contains thefollowing codes to update the certificate and the private key.

SET TLS_RSA_KEY=../../../tls_cert_store/atmelwinc.keySET TLS_RSA_CRT=../../../tls_cert_store/atmelwinc.cer



5. Running the DemoPerform the following steps to run the demo:

1. Configure the AWS IoT Account. Refer to AWS IoT Account Setup.2. Generate the thing and certificate from AWS IoT console.3. Convert the certificate to the .cer format and rename both the key and certificate, as mentioned in

chapter Programming Certificates.4. After loading the generated certificate and key file from AWS, be sure to flash the ATWINC1500

firmware using the src/ download_all_sb_samw25_xplained_pro.bat for the SAM W25device, or download_all_sb_samd21_xplained_pro.bat for the SAM D21 device (Thesefiles are not available with this package).Note: During the firmware upgrade process, be sure that the download_all.bat file containsthe following codes to update the certificate and the private key.

SET TLS_RSA_KEY=../../../tls_cert_store/atmelwinc.keySET TLS_RSA_CRT=../../../tls_cert_store/atmelwinc.cer

5. Configure the "WINC1500_AWS_RSA_EXAMPLE" application. For details, refer to Configuring theDemo Application.

6. Build and run "WINC1500_AWS_RSA_EXAMPLE" application.7. Configure one device as Publisher and another device as Subscriber.8. Once the "successfully connected" status is displayed on the serial console (115200 8N1

configuration), the user can publish and receive the messages.Figure 5-1. Publishing Message on Console Log Window

9. When the device is configured as Publisher, press SW0 button to publish the message and thesame is received at the Subscriber device.

10. Press the SW0 button on Publisher device to publish a message.11. On the MQTT client, the message is displayed on the console (if topic has been subscribed).12. The console log for the device is provided below for reference.

AN2638Running the Demo


Figure 5-2. Console Log Window

AN2638Running the Demo


6. Document Revision HistoryRevision A (2/2018)

Section Changes

Document Initial Release.

AN2638Document Revision History


The Microchip Web Site

Microchip provides online support via our web site at http://www.microchip.com/. This web site is used asa means to make files and information easily available to customers. Accessible by using your favoriteInternet browser, the web site contains the following information:

• Product Support – Data sheets and errata, application notes and sample programs, designresources, user’s guides and hardware support documents, latest software releases and archivedsoftware

• General Technical Support – Frequently Asked Questions (FAQ), technical support requests,online discussion groups, Microchip consultant program member listing

• Business of Microchip – Product selector and ordering guides, latest Microchip press releases,listing of seminars and events, listings of Microchip sales offices, distributors and factoryrepresentatives

Customer Change Notification Service

Microchip’s customer notification service helps keep customers current on Microchip products.Subscribers will receive e-mail notification whenever there are changes, updates, revisions or erratarelated to a specified product family or development tool of interest.

To register, access the Microchip web site at http://www.microchip.com/. Under “Support”, click on“Customer Change Notification” and follow the registration instructions.

Customer Support

Users of Microchip products can receive assistance through several channels:

• Distributor or Representative• Local Sales Office• Field Application Engineer (FAE)• Technical Support

Customers should contact their distributor, representative or Field Application Engineer (FAE) for support.Local sales offices are also available to help customers. A listing of sales offices and locations is includedin the back of this document.

Technical support is available through the web site at: http://www.microchip.com/support

Microchip Devices Code Protection Feature

Note the following details of the code protection feature on Microchip devices:

• Microchip products meet the specification contained in their particular Microchip Data Sheet.• Microchip believes that its family of products is one of the most secure families of its kind on the

market today, when used in the intended manner and under normal conditions.• There are dishonest and possibly illegal methods used to breach the code protection feature. All of

these methods, to our knowledge, require using the Microchip products in a manner outside theoperating specifications contained in Microchip’s Data Sheets. Most likely, the person doing so isengaged in theft of intellectual property.

• Microchip is willing to work with the customer who is concerned about the integrity of their code.

AN2638


http://www.microchip.com/http://www.microchip.com/http://www.microchip.com/support

• Neither Microchip nor any other semiconductor manufacturer can guarantee the security of theircode. Code protection does not mean that we are guaranteeing the product as “unbreakable.”

Code protection is constantly evolving. We at Microchip are committed to continuously improving thecode protection features of our products. Attempts to break Microchip’s code protection feature may be aviolation of the Digital Millennium Copyright Act. If such acts allow unauthorized access to your softwareor other copyrighted work, you may have a right to sue for relief under that Act.

Legal Notice

Information contained in this publication regarding device applications and the like is provided only foryour convenience and may be superseded by updates. It is your responsibility to ensure that yourapplication meets with your specifications. MICROCHIP MAKES NO REPRESENTATIONS ORWARRANTIES OF ANY KIND WHETHER EXPRESS OR IMPLIED, WRITTEN OR ORAL, STATUTORYOR OTHERWISE, RELATED TO THE INFORMATION, INCLUDING BUT NOT LIMITED TO ITSCONDITION, QUALITY, PERFORMANCE, MERCHANTABILITY OR FITNESS FOR PURPOSE.Microchip disclaims all liability arising from this information and its use. Use of Microchip devices in lifesupport and/or safety applications is entirely at the buyer’s risk, and the buyer agrees to defend,indemnify and hold harmless Microchip from any and all damages, claims, suits, or expenses resultingfrom such use. No licenses are conveyed, implicitly or otherwise, under any Microchip intellectualproperty rights unless otherwise stated.

Trademarks

The Microchip name and logo, the Microchip logo, AnyRate, AVR, AVR logo, AVR Freaks, BeaconThings,BitCloud, CryptoMemory, CryptoRF, dsPIC, FlashFlex, flexPWR, Heldo, JukeBlox, KeeLoq, KeeLoq logo,Kleer, LANCheck, LINK MD, maXStylus, maXTouch, MediaLB, megaAVR, MOST, MOST logo, MPLAB,OptoLyzer, PIC, picoPower, PICSTART, PIC32 logo, Prochip Designer, QTouch, RightTouch, SAM-BA,SpyNIC, SST, SST Logo, SuperFlash, tinyAVR, UNI/O, and XMEGA are registered trademarks ofMicrochip Technology Incorporated in the U.S.A. and other countries.

ClockWorks, The Embedded Control Solutions Company, EtherSynch, Hyper Speed Control, HyperLightLoad, IntelliMOS, mTouch, Precision Edge, and Quiet-Wire are registered trademarks of MicrochipTechnology Incorporated in the U.S.A.

Adjacent Key Suppression, AKS, Analog-for-the-Digital Age, Any Capacitor, AnyIn, AnyOut, BodyCom,chipKIT, chipKIT logo, CodeGuard, CryptoAuthentication, CryptoCompanion, CryptoController,dsPICDEM, dsPICDEM.net, Dynamic Average Matching, DAM, ECAN, EtherGREEN, In-Circuit SerialProgramming, ICSP, Inter-Chip Connectivity, JitterBlocker, KleerNet, KleerNet logo, Mindi, MiWi,motorBench, MPASM, MPF, MPLAB Certified logo, MPLIB, MPLINK, MultiTRAK, NetDetach, OmniscientCode Generation, PICDEM, PICDEM.net, PICkit, PICtail, PureSilicon, QMatrix, RightTouch logo, REALICE, Ripple Blocker, SAM-ICE, Serial Quad I/O, SMART-I.S., SQI, SuperSwitcher, SuperSwitcher II, TotalEndurance, TSHARC, USBCheck, VariSense, ViewSpan, WiperLock, Wireless DNA, and ZENA aretrademarks of Microchip Technology Incorporated in the U.S.A. and other countries.

SQTP is a service mark of Microchip Technology Incorporated in the U.S.A.

Silicon Storage Technology is a registered trademark of Microchip Technology Inc. in other countries.

GestIC is a registered trademark of Microchip Technology Germany II GmbH & Co. KG, a subsidiary ofMicrochip Technology Inc., in other countries.

All other trademarks mentioned herein are property of their respective companies.

AN2638


© 2018, Microchip Technology Incorporated, Printed in the U.S.A., All Rights Reserved.

ISBN: 978-1-5224-2658-5

Quality Management System Certified by DNV

ISO/TS 16949Microchip received ISO/TS-16949:2009 certification for its worldwide headquarters, design and waferfabrication facilities in Chandler and Tempe, Arizona; Gresham, Oregon and design centers in Californiaand India. The Company’s quality system processes and procedures are for its PIC® MCUs and dsPIC®

DSCs, KEELOQ® code hopping devices, Serial EEPROMs, microperipherals, nonvolatile memory andanalog products. In addition, Microchip’s quality system for the design and manufacture of developmentsystems is ISO 9001:2000 certified.

AN2638


AMERICAS ASIA/PACIFIC ASIA/PACIFIC EUROPECorporate Office2355 West Chandler Blvd.Chandler, AZ 85224-6199Tel: 480-792-7200Fax: 480-792-7277Technical Support:http://www.microchip.com/supportWeb Address:www.microchip.comAtlantaDuluth, GATel: 678-957-9614Fax: 678-957-1455Austin, TXTel: 512-257-3370BostonWestborough, MATel: 774-760-0087Fax: 774-760-0088ChicagoItasca, ILTel: 630-285-0071Fax: 630-285-0075DallasAddison, TXTel: 972-818-7423Fax: 972-818-2924DetroitNovi, MITel: 248-848-4000Houston, TXTel: 281-894-5983IndianapolisNoblesville, INTel: 317-773-8323Fax: 317-773-5453Tel: 317-536-2380Los AngelesMission Viejo, CATel: 949-462-9523Fax: 949-462-9608Tel: 951-273-7800Raleigh, NCTel: 919-844-7510New York, NYTel: 631-435-6000San Jose, CATel: 408-735-9110Tel: 408-436-4270Canada - TorontoTel: 905-695-1980Fax: 905-695-2078

Australia - SydneyTel: 61-2-9868-6733China - BeijingTel: 86-10-8569-7000China - ChengduTel: 86-28-8665-5511China - ChongqingTel: 86-23-8980-9588China - DongguanTel: 86-769-8702-9880China - GuangzhouTel: 86-20-8755-8029China - HangzhouTel: 86-571-8792-8115China - Hong Kong SARTel: 852-2943-5100China - NanjingTel: 86-25-8473-2460China - QingdaoTel: 86-532-8502-7355China - ShanghaiTel: 86-21-3326-8000China - ShenyangTel: 86-24-2334-2829China - ShenzhenTel: 86-755-8864-2200China - SuzhouTel: 86-186-6233-1526China - WuhanTel: 86-27-5980-5300China - XianTel: 86-29-8833-7252China - XiamenTel: 86-592-2388138China - ZhuhaiTel: 86-756-3210040

India - BangaloreTel: 91-80-3090-4444India - New DelhiTel: 91-11-4160-8631India - PuneTel: 91-20-4121-0141Japan - OsakaTel: 81-6-6152-7160Japan - TokyoTel: 81-3-6880- 3770Korea - DaeguTel: 82-53-744-4301Korea - SeoulTel: 82-2-554-7200Malaysia - Kuala LumpurTel: 60-3-7651-7906Malaysia - PenangTel: 60-4-227-8870Philippines - ManilaTel: 63-2-634-9065SingaporeTel: 65-6334-8870Taiwan - Hsin ChuTel: 886-3-577-8366Taiwan - KaohsiungTel: 886-7-213-7830Taiwan - TaipeiTel: 886-2-2508-8600Thailand - BangkokTel: 66-2-694-1351Vietnam - Ho Chi MinhTel: 84-28-5448-2100

Austria - WelsTel: 43-7242-2244-39Fax: 43-7242-2244-393Denmark - CopenhagenTel: 45-4450-2828Fax: 45-4485-2829Finland - EspooTel: 358-9-4520-820France - ParisTel: 33-1-69-53-63-20Fax: 33-1-69-30-90-79Germany - GarchingTel: 49-8931-9700Germany - HaanTel: 49-2129-3766400Germany - HeilbronnTel: 49-7131-67-3636Germany - KarlsruheTel: 49-721-625370Germany - MunichTel: 49-89-627-144-0Fax: 49-89-627-144-44Germany - RosenheimTel: 49-8031-354-560Israel - Ra’ananaTel: 972-9-744-7705Italy - MilanTel: 39-0331-742611Fax: 39-0331-466781Italy - PadovaTel: 39-049-7625286Netherlands - DrunenTel: 31-416-690399Fax: 31-416-690340Norway - TrondheimTel: 47-7289-7561Poland - WarsawTel: 48-22-3325737Romania - BucharestTel: 40-21-407-87-50Spain - MadridTel: 34-91-708-08-90Fax: 34-91-708-08-91Sweden - GothenbergTel: 46-31-704-60-40Sweden - StockholmTel: 46-8-5090-4654UK - WokinghamTel: 44-118-921-5800Fax: 44-118-921-5820

Worldwide Sales and Service


IntroductionTable of Contents1. Getting Started1.1. Prerequisites1.2. Demo Application Flow

2. Configuring the Demo Application2.1. WINC1500_AWS_RSA_EXAMPLE Application Configuration2.1.1. WLAN Configuration2.1.2. AWS IoT Settings2.1.3. Application Device Settings

3. AWS IoT Account Setup3.1. Signing In to the AWS IoT Console3.2. Registering a Device in the Thing Registry3.3. Creating and Activating a Device Certificate3.4. Creating an AWS IoT Policy3.5. Attaching an AWS IoT Policy to a Device Certificate3.6. Attaching a Certificate to the Thing3.7. Viewing Device MQTT Messages with the AWS IoT MQTT Client3.8. Configure and Test Rules3.8.1. Create an SNS Topic3.8.2. Subscribe to an Amazon SNS Topic3.8.3. Create a Rule3.8.4. Test the Amazon SNS Rule

4. Programming Certificates5. Running the Demo6. Document Revision HistoryThe Microchip Web SiteCustomer Change Notification ServiceCustomer SupportMicrochip Devices Code Protection FeatureLegal NoticeTrademarksQuality Management System Certified by DNVWorldwide Sales and Service

ATWINC1500 AWS IoT Demo With RSA - Microchip...

Documents

Transcript of ATWINC1500 AWS IoT Demo With RSA - Microchip...