Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"

AWS IoT & GreenGrass

Jeremy Cowan, Enterprise Solutions [email protected]

25billion devices by 2020

Everyday things will be connected…

http://www.washingtonpost.com/sf/brand-connect/wp-content/uploads/sites/3/2015/05/cc_heroimage_v2.jpg

AWS IoT

DEVICE SDKSet of client libraries to

connect, authenticate and exchange messages

DEVICE GATEWAYCommunicate with devices

via MQTT, HTTPand Web Sockets

AUTHENTICATIONAUTHORIZATION

Secure with mutual authentication and

encryption

RULES ENGINETransform messages based on rules and

route to AWS Services

AWS Services- - - - -

3P Services

DEVICE SHADOWPersistent thing state

during intermittent connections

APPLICATIONS

AWS IoT API

DEVICE REGISTRYIdentity and Management of

your things

MQTT Primer

MQ Telemetry Transport – the IoT protocol

Senders ‘Publish’ to topics and send messages Receivers ‘Subscribe’ to topics and receive messages All subscribers receive all messages sent to a topic Topic names can be subscribed to using ‘wildcards’

topicname/path Use the path depth that makes sense for

your application

MQTT Primer

Pub: sensors/temp/room1

If the receiver subscribes to the exact full path, they only receive

messages sent to the exact full path

All messages published on this topic are received by all

subscribers to the topic

Sub: sensors/temp/room1

MQTT Primer


The plus (+) matches exactly one item in the topic hierarchy so here the subscriber will receivemessages for all sensors in room 1



Sub: sensors/+/room1


The Hash (#) means the subscriber will receive messages for all

temperature sensors in all rooms



Sub: sensors/temp/#

MQTT Primer

AWS IoT







encryption




3P Services



APPLICATIONS

AWS IoT API


your things

Device Shadow• Plan for devices to lose connectivity

– Device may need to shut down when idle to conserve battery. – Device may be stable, but the network could be unreliable.

• Send devices commands through Shadows– Instead of wrangling custom topics and keeping state yourself, use the

Device Shadow to abstract away the topics and connectivity issues.

• Query device state through Shadows– The Device Shadow is always available, even if the device is not.

• Addresses message ordering for command and control– Uses optimistic locking (version number)

Device Shadow

Thing

reported state

desired state

MQ

TTAWS Lambda

The device itself is the source of truth for the

‘reported’ state.

Interested parties set the ‘desired’ state to request a change to the state of

the device.

• Used to request a change to device stateInterested parties request device state change through the JSON payload.

• Difference between ‘reported’ and ‘desired’ triggers a ‘delta’ message to the deviceThe AWS IoT device shadow compares the ‘reported’ state with the ‘desired’ state, and any properties of ‘desired’ not present or different in the ‘reported’ state are notified via a ‘delta’ message.

‘Desired’ state

AWS IoT Reserved Topics

$aws/things/SmartHub/shadow/update

Topic names that begin with $aws are reserved for AWS IoT special uses, such as addressing the device shadow for a thing.

The Device Shadow listens to a well-known topic and interprets the JSON payload it receives.

You can publish well-formed messages to$aws/things/SmartHub/shadow/updateto update the shadow, or more conveniently,

use the aws-iot-sdk abstractions.

AWS IoT SDKs• Supported languages / environments

• Python• Embedded C• iOS• Android

• Javascript• NodeJS• Java• Arduino Yun

• Support device shadow and custom topicsBuilt on top of Paho MQTT client library, the SDKs abstract the device shadow but allow direct pub/sub

• Fully documentedRich documentation with examples on GitHub

AWS IoT – How Do You Connect a Device?

1. Provision a certificateAWS IoT can generate the Cert/Public/Private keys for youAlternatively, BYO certificate to more easily integrate with existing workflows

2. Attach an IoT PolicyAssociate an IoT Policy document with the certificate to scope down what the certificate holder can do

3. Connect over MQTTUse the AWS IoT SDKs or roll-your-own

4. Send some dataPublish a payload!

AWS IoT – How Do You Secure Communications?• Mutual authentication X.509 certificate-based auth

– When devices connect to the AWS IoT broker, they use certificate-based authentication. You assign policies to certificates.

• AWS SigV4– When browsers use WebSockets, connections are signed using SigV4, which

identifies the user principal that you can attach AWS IoT policies to.

• Amazon Cognito simplifies signing SigV4 requests– Takes care of steps necessary to create a unique identifier for users and

retrieve temporary, limited-privilege AWS credentials.

AWS IoT







encryption




3P Services



APPLICATIONS

AWS IoT API


your things

Rules Engine• Augment or filter data received from a device.• Write data received to an Amazon DynamoDB database.• Save a file to Amazon S3.• Send a push notification to all users of Amazon SNS.• Publish data to an Amazon SQS queue.• Invoke a Lambda function to extract data.• Push data into Elastic Search.• Process messages from a large number

of devices using Amazon Kinesis.• Republish the message to another MQTT topic.

Example Rule

SELECT * FROM '#'

The entire contentsof the MQTT message

All messages that arrive at the message broker

Example Rule

SELECT * FROM '$aws/things/SmartHub/shadow/update'

The entire contentsof the MQTT message

Only messages as part of a shadow update request

Example Rule

SELECT state.reported.info as info FROM '$aws/things/SmartHub/shadow/update' WHERE state.reported.target="LightBulb"

Just the ‘info’ property in the reported state message

Only messages that have a ‘target’ value set to ‘LightBulb’

Demo:

Color Cube Demo

http://bit.ly/2nS3GVN

Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"

Technology

Transcript of Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"