-
AN2638 ATWINC1500 AWS IoT Demo with RSA
Introduction
This application note describes how to use the SAM W25 Xplained
Pro (XPro) or SAM D21 XPro with Wi-Fi® Network Controller (WINC)
module to communicate with the Amazon Web Service (AWS) Internet
ofThings (IoT) Cloud using Rivest–Shamir–Adleman (RSA).
This demo provides an example of the Message Queue Telemetry
Transport (MQTT) to publish orsubscribe with the AWS IoT. The SAM
W25 XPro or SAM D21 XPro with WINC module is configured aseither of
the following:
• Publisher, when the AWS Console MQTT client is the Subscriber•
Subscriber, when the AWS Console MQTT client is the Publisher
Figure 1. SAM W25 Xplained Pro Board
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 1
-
Figure 2. SAM D21 XPro With ATWINC1500 Connected on EXT1
Figure 3. SAM G55 XPro With ATWINC1500 Connected on EXT1
AN2638
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 2
-
Table of Contents
Introduction......................................................................................................................1
1. Getting
Started..........................................................................................................
41.1.
Prerequisites................................................................................................................................
41.2. Demo Application
Flow.................................................................................................................4
2. Configuring the Demo
Application.............................................................................
52.1. WINC1500_AWS_RSA_EXAMPLE Application
Configuration....................................................
5
3. AWS IoT Account
Setup............................................................................................
63.1. Signing In to the AWS IoT
Console..............................................................................................63.2.
Registering a Device in the Thing
Registry..................................................................................
73.3. Creating and Activating a Device
Certificate................................................................................93.4.
Creating an AWS IoT
Policy.......................................................................................................103.5.
Attaching an AWS IoT Policy to a Device
Certificate.................................................................
143.6. Attaching a Certificate to the
Thing............................................................................................
153.7. Viewing Device MQTT Messages with the AWS IoT MQTT
Client............................................ 183.8. Configure
and Test
Rules...........................................................................................................21
4. Programming
Certificates........................................................................................
30
5. Running the
Demo...................................................................................................33
6. Document Revision
History.....................................................................................
35
The Microchip Web
Site................................................................................................
36
Customer Change Notification
Service..........................................................................36
Customer
Support.........................................................................................................
36
Microchip Devices Code Protection
Feature.................................................................
36
Legal
Notice...................................................................................................................37
Trademarks...................................................................................................................
37
Quality Management System Certified by
DNV.............................................................38
Worldwide Sales and
Service........................................................................................39
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 3
-
1. Getting StartedThis section provides information about the
sequence of activities to perform the AWS IoT demoapplication and
its prerequisites.
1.1 PrerequisitesThe following are the hardware and software
prerequisites needed to start the AWS IoT demo.
1. Hardware Prerequisites– Two SAM D21-XPRO evaluation kits and
ATWINC1500 module; or,– Two SAM W25-XPRO evaluation kits– Micro-USB
cable (Type A/Micro B)
2. Software Prerequisites– ATWINC1500 Release 19.5.2 Atmel
Studio 7– A valid AWS IoT account
1.2 Demo Application FlowThe following figure illustrates the
sequence of activities to perform the AWS IoT demo application
withthe RSA certificate.
Figure 1-1. AWS IoT Demo Application Flow
AN2638Getting Started
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 4
-
2. Configuring the Demo ApplicationThe
"WINC1500_AWS_RSA_EXAMPLE" application publishes a message (on a
certain topic) to theAWS Cloud MQTT message broker from the device,
which is configured as Publisher.
Note: The publish event is triggered by a SW0 button press.
To view the published messages, subscribe the AWS MQTT client to
the same topic on which theSAMW25/SAMD21 is publishing. The device
that is configured as Subscriber receives the messages.
2.1 WINC1500_AWS_RSA_EXAMPLE Application ConfigurationThis
section provides details about the WLAN configuration, AWS IoT
settings and application devicesettings.
2.1.1 WLAN ConfigurationIn the main.h file, set the following
configuration parameters according to the wireless Access Point
(AP)settings.
/** Wi-Fi Settings */#define MAIN_WLAN_SSID "DEMO" /**<
Destination SSID */#define MAIN_WLAN_AUTH M2M_WIFI_SEC_WPA_PSK
/**< Security manner */#define MAIN_WLAN_PSK "123456" /**<
Password for Destination SSID */
2.1.2 AWS IoT SettingsIn the aws_iot_config.h file, set the
following configuration parameters according to the AWSaccount.
// Get from console//
=================================================// To be Modified
based on the user account#define AWS_IOT_MQTT_HOST
"XXXXXXXXXXXX.iot.us-west-2.amazonaws.com"#define AWS_IOT_MQTT_PORT
8883#define AWS_IOT_MQTT_CLIENT_ID "SAMD21_MQTT"#define
AWS_IOT_MY_THING_NAME "SAMD21_MQTT"#define AWS_IOT_ROOT_CA_FILENAME
" "#define AWS_IOT_CERTIFICATE_FILENAME " "#define
AWS_IOT_PRIVATE_KEY_FILENAME " "
2.1.3 Application Device SettingsIn the main.c file, set the
following configuration parameters to set the device role as either
Subscriberor Publisher, the associated subscribe channel, and then
publish the channel to receive and sendmessages.
/*Role of the device*///#define SUBSCRIBER#define
PUBLISHER#ifdef SUBSCRIBE#define CLIENT_ID "WINC1500_Sub"R#define
SUBSCRIBE_CHANNEL "WINC1500_IOT/sub"#define PUBLISH_CHANNEL
"WINC1500_IOT/pub"#else#define CLIENT_ID "WINC1500_Pub"#define
SUBSCRIBE_CHANNEL "WINC1500_IOT/pub"#define PUBLISH_CHANNEL
"WINC1500_IOT/sub"#endif
Note: CLIENT_ID must be different and unique for different
boards.
AN2638Configuring the Demo Application
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 5
-
3. AWS IoT Account SetupThis chapter demonstrates setting up of
the AWS IoT account and the various steps involved inregistering
and activating a device.
Figure 3-1. AWS IoT Account
3.1 Signing In to the AWS IoT ConsoleThis section demonstrates
the sign in to the AWS IoT console. If the user does not have an
AWSaccount, the account must be created.
To create an AWS account:
Perform the following steps to create an AWS account:
1. Open the AWS Home Page and choose Create an AWS Account.2.
Follow the online instructions. A part of the sign-up procedure
involves receiving a phone call and
entering a PIN using the user's phone keypad.3. Sign in to the
AWS Management console and open the AWS IoT console.4. On the
Welcome page, click Get started.
Figure 3-2. Getting Started With AWS IoT Console
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 6
https://aws.amazon.com/https://www.amazon.com/ap/signin?openid.assoc_handle=aws&openid.return_to=https%3A%2F%2Fsignin.aws.amazon.com%2Foauth%3Fresponse_type%3Dcode%26client_id%3Darn%253Aaws%253Aiam%253A%253A015428540659%253Auser%252Ficebreaker%26redirect_uri%3Dhttps%253A%252F%252Fconsole.aws.amazon.com%252Fiot%252Fhome%253Fstate%253DhashArgs%252523%2526isauthcode%253Dtrue%26noAuthCookie%3Dtrue&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&action=&disableCorpSignUp=&clientContext=&marketPlaceId=&poolName=&authCookies=&pageId=aws.ssop&siteState=registering%2Cen_US&accountStatusPolicy=P1&sso=&openid.pape.preferred_auth_policies=MultifactorPhysical&openid.pape.max_auth_age=120&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&server=%2Fap%2Fsignin%3Fie%3DUTF8&accountPoolAlias=&forceMobileApp=0&language=en_US&forceMobileLayout=0
-
5. If the user is using the AWS IoT console for the first time,
the Welcome to the AWS IoT Consolepage is displayed.
3.2 Registering a Device in the Thing RegistryIn the Thing
Registry, the devices connected to AWS IoT are represented by
things. The Thing Registryallows to keep a record of all devices
that are connected to an AWS IoT account.
To register a device in the Thing Registry:
Perform the following steps to register the user device in the
Thing Registry.
1. On the Welcome to the AWS IoT Console page in the left
navigation panel, choose Registry toexpand the choices, and then
select Things.Figure 3-3. Welcome Page
2. On the You don't have any things yet page, click Register a
thing.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 7
-
Figure 3-4. Registering a Thing
3. On the Register a thing page in the Name field, enter a name
for the device, such asMyIoTButton and click Create thing to add
the device to the Thing Registry.Figure 3-5. Create a Thing
4. The result page is displayed as illustrated in following
figure.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 8
-
Figure 3-6. Device added to Thing Registry
3.3 Creating and Activating a Device CertificateThe
communication between the device and AWS IoT is protected using
X.509 certificates. The AWS IoTgenerates a certificate or the user
can use their own X.509 certificate. This demonstration assumes
thatAWS IoT generates the X.509 certificate.Note: The certificates
must be activated prior to use.
Perform the following steps to create and activate a device
certificate.
1. In the left navigation panel, choose Secure, Certificates (as
necessary), and then click Create aCertificate.Figure 3-7. Create a
Certificate
2. On the Create a Certificate page, choose Create
Certificate.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 9
-
Figure 3-8. Create a Certificate Page
3. On the Certificate Created page, click Download to download
the certificate, public key, privatekey, and the root CA for AWS
IoT and then save these downloads to the PC and choose Activateto
continue.Note:
1. The downloaded file names and certificate appear in .key and
.crt formats2. The downloaded file names appear differently than
those listed on the Certificate Created
page. The examples are 2a540e2346-certificate.pem.crt.text,
2a540e2346-private.pem.key and 2a540e2346-public.pem.key.
3. Although it is unlikely, root CA certificates are subjected
to expiration and/or revocation. If thismust occur, be sure to copy
a new root CA certificate onto the device.
Figure 3-9. Download a Certificate
4. Select Done to complete.
3.4 Creating an AWS IoT PolicyThe X.509 certificates are used to
authenticate the device with the AWS IoT. The AWS IoT policies
areused to authorize the device to perform AWS IoT operations, such
as subscribing or publishing to MQTTtopics. The device displays its
certificate, while sending messages to AWS IoT. To allow the device
to
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 10
-
perform AWS IoT operations, the user must create an AWS IoT
policy and attach it to the devicecertificate.
To create an AWS IoT Policy:
Perform the following steps to create an AWS IoT policy.
1. On the left navigation panel, choose Secure, and then
Policies. On the You don't have anypolicies yet page, click Create
a policy.Figure 3-10. AWS IoT Policy
2. On the Create a policy page, in the Name field, enter a name
for the policy (for example,MyIoTButtonPolicy). In the Action
field, type iot:Connect. In the Resource ARN field, type *.Select
the Allow check box to allow all the clients to connect to AWS
IoT.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 11
-
Figure 3-11. Create a Policy
Note: The user can restrict the clients (devices) that are able
to connect by specifying a clientARN as the resource. The client
ARNs follow this format: arn:aws:iot:your-region:your-was-account:
client/Select the Add Statement button to add another policy
statement. In the Action field, enteriot:Publish. In the Resource
ARN field, enter the ARN of the topic to which the device
publishes.
Note: The topic ARN follows this format:
arn:was:iot:your-region:your-was-account:topic/iotbutton/your-button-serial-number.
For
example:arn:aws:iot:us-east-1:123456789012:topic/iotbutton/G030JF055364XVRB
The user can find the serial number on the bottom of the button.
If the user is not using an AWS IoTbutton, after topic/ in the ARN,
place the topic at the device to publish. For
example:arn:aws:iot:us-east-1:123456789012:topic/my/topic/hereFinally,
select the Allow check box to allow the device to publish messages
to the specified topic.
3. After entering the information for the policy, choose
Create.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 12
-
Figure 3-12. Connecting to AWS IoT
4. After entering all the information for the policy, click
Create.Figure 3-13. Policy Created
5. For more information, refer to Managing AWS IoT Policies
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 13
http://docs.aws.amazon.com/iot/latest/developerguide/authorization.html
-
3.5 Attaching an AWS IoT Policy to a Device CertificateAfter
creating a AWS IoT policy, the user must attach it to the device
certificate. Attaching an AWS IoTpolicy to a certificate provides
permission for the device as specified in the policy.
Perform the following steps to attach the AWS IoT Policy to a
device certificate.
1. On the left navigation panel, choose Secure, and then
Certificates.Figure 3-14. AWS IoT Page
2. In the box for the certificate created, click ... to open a
drop-down menu, and then select Attachpolicy.Figure
3-15. Certificate Page
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 14
-
3. In the Attach policies to certificate(s) dialog box, select
the check box of the policy created by theuser, and then click
Attach.Figure 3-16. Attach Policies to Certificate
3.6 Attaching a Certificate to the ThingA device must have a
certificate, private key and root CA certificate to authenticate
with the AWS IoT. It isalso recommended that the user also can
attach the device certificate to the thing that represents
thedevice in AWS IoT. This allows the user to create AWS IoT
policies that allow permissions based oncertificates attached to
things. For more information, refer to Thing Policy Variables.
To attach a certificate to the thing representing the device in
Thing Registry:
Perform the following steps to attach a certificate to the thing
representing the device in Thing Registry.
1. Click ... on the certificate created by the user to open a
drop-down menu, and then select Attachthing.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 15
http://docs.aws.amazon.com/iot/latest/developerguide/thing-policy-variables.html
-
Figure 3-17. Attach a Thing
2. In the Attach things to certificate(s) dialog box, select the
check box on the thing registered bythe user, and then click
Attach.Figure 3-18. Attach Things to Certificate
3. To verify the thing is attached, select the box representing
the certificate. On the Details page ofthe certificate in the left
navigation panel, select Things.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 16
-
Figure 3-19. Certificate Page
4. On the Details page for the certificate in the left
navigation panel, choose Things.Figure 3-20. Things Page
5. To verify the policy is attached on the Details page for the
certificate in the left navigation panel,select Policies.Figure
3-21. Verifying the Attached Policy
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 17
-
3.7 Viewing Device MQTT Messages with the AWS IoT MQTT ClientThe
user can utilize the AWS IoT MQTT Client to understand the MQTT
messages sent by a device.
The devices publish MQTT messages on topics. The user can use
the AWS IoT MQTT client to subscribethe topics to see these
messages.
To view MQTT messages:
Perform the following steps to view the MQTT messages.
1. In the AWS IoT console in the left navigation panel, select
Test.Figure 3-22. AWS IoT Console Dashboard
2. Subscribe to the topic on which the thing publishes. In the
case of the AWS IoT button, the user cansubscribe to iotbutton/+ (+
is the wildcard character). In Subscribe to a topic window,
typeiotbutton/+ in the Subscription topic field, and then select
Subscribe to topic.Note: This topic must appear under
Subscriptions and then select it there.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 18
https://www.amazon.com/ap/signin?openid.assoc_handle=aws&openid.return_to=https%3A%2F%2Fsignin.aws.amazon.com%2Foauth%3Fresponse_type%3Dcode%26client_id%3Darn%253Aaws%253Aiam%253A%253A015428540659%253Auser%252Ficebreaker%26redirect_uri%3Dhttps%253A%252F%252Fconsole.aws.amazon.com%252Fiot%252Fhome%253Fstate%253DhashArgs%252523%2526isauthcode%253Dtrue%26noAuthCookie%3Dtrue&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&action=&disableCorpSignUp=&clientContext=&marketPlaceId=&poolName=&authCookies=&pageId=aws.ssop&siteState=registering%2Cen_US&accountStatusPolicy=P1&sso=&openid.pape.preferred_auth_policies=MultifactorPhysical&openid.pape.max_auth_age=120&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&server=%2Fap%2Fsignin%3Fie%3DUTF8&accountPoolAlias=&forceMobileApp=0&language=en_US&forceMobileLayout=0
-
Figure 3-23. Subscriptions Page
3. Choosing Subscribe to topic above, results in the topic
iotbutton/+ appearing in theSubscriptionscolumn.Figure
3-24. Subscribe to topic
4. Press the AWS IoT button, and then view the resulting message
in the AWS IoT MQTT client. If nobutton exists, the user simulates
a button press in the next step.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 19
-
Figure 3-25. Message in AWS IoT MQTT client
Note: The AWS IoT Button FAQs contains useful button LED color
pattern information.5. To use the AWS IoT console to publish a
message, be sure to follow the steps below.
On the MQTT client page, in the Publish section, in the Specify
a topic and a message topublish… field, type
iotbutton/ABCDEFG12345. In the message payload section, enter
thefollowing JSON:
Figure 3-26. JSON in Message Payload Section
6. Choose Publish to topic to see the message in the AWS IoT
MQTT client (choose iotbutton/+inthe Subscription column to see the
message).Figure 3-27. Publish to Topic
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 20
https://aws.amazon.com/iotbutton/faq/
-
3.8 Configure and Test RulesThe AWS IoT test rules engine
listens for incoming MQTT messages that match a rule. When a
matchingmessage is received, the rule takes the action with the
data in the MQTT message (For example, writingdata to an Amazon S3
bucket, invoking a Lambda function or sending a message to an
Amazon SNStopic). In this step, the user can create and configure a
rule to send the data received from a device to anAmazon SNS topic.
In addition, the user can:
• Create an Amazon SNS topic.• Subscribe to the Amazon SNS topic
using a cell phone number.• Create a rule that sends a message to
the Amazon SNS topic, when a message is received from
the device.• Test the rule using the AWS IoT button or an MQTT
client.
In the upper-right corner of this page, there is a Filter View
drop down list. For instructions to test the ruleby using the AWS
IoT button, choose AWS IoT Button. For instructions to test the
rule by using the AWSIoT MQTT client, choose MQTT Client.
3.8.1 Create an SNS TopicUse the Amazon SNS console to create an
Amazon SNS topic.Note: Amazon SNS is not available in all AWS
regions.
1. Open the Amazon SNS console.2. On the left panel, choose
Topics.
Figure 3-28. Amazon SNS Console
3. Choose Create new topic.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 21
https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fsns%2Fv2%2Fhome%3Fstate%3DhashArgs%2523%26isauthcode%3Dtrue&client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Fsns&forceMobileApp=0
-
Figure 3-29. Creating New Topic
4. Type a topic name and a display name, and then click Create
topic.Figure 3-30. Details in Creating Topic
5. Be sure to make a note of ARN for the topic that the user
created.Figure 3-31. ARN for Topic
3.8.2 Subscribe to an Amazon SNS TopicTo receive SMS messages on
the cell phone, subscribe to the Amazon SNS topic.
1. In the Amazon SNS console, select the check box next to the
user-created topic. From the Actionsmenu, choose Subscribe to
topic.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 22
-
Figure 3-32. Subscribe to Topic
2. On Create subscription field, from the Protocol drop down
list, choose SMS. In the Endpointfield, type the phone number of an
SMS-enabled cell phone, and then choose Createsubscription.Figure
3-33. Create Subscription
Note: Enter the phone number using numbers and dashes only.
3.8.3 Create a RuleAWS IoT rules consist of a topic filter, a
rule action, and an IAM role. The messages published on topicsthat
match the topic filter trigger the rule. The rule action defines
which action to take when the rule istriggered. The IAM role
contains one or more IAM policies that determine which AWS services
the rulecan access. The user can create multiple rules that listen
to a single topic. Likewise, the user can createa single rule that
is triggered by multiple topics. The AWS IoT rules engine
continuously processes themessages published on topics that match
the topic filters defined in the rules.
In this example, the user can create a rule that uses Amazon SNS
to send a SMS notification to a cellphone number.
1. On the left navigation panel in the AWS IoT console, choose
Act.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 23
-
Figure 3-34. AWS IoT Console
2. On the Act page, click Create a rule.Figure 3-35. Create a
Rule
3. On the Create a rule page in the Name field, enter a name for
the rule. In the Description field,enter a description for the
rule.Figure 3-36. Create a Rule
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 24
-
4. Scroll down to Message source and choose the latest version
from the Using SQL version dropdown list. In the Attribute field,
enter *. This specifies sending the entire MQTT message
thattriggered the rule.Figure 3-37. Message Source
5. The rules engine uses the topic filter to determine the rules
to trigger when a MQTT message isreceived. In the Topic filter
field, type iotbutton/your-button-DSN. If the user is not using
anAWS IoT button, type my/topic or the topic used in the
rule.Figure 3-38. Topic Filter in Message Source
Note: 1. The DSN is available on the bottom of the button.2.
Condition column is left blank.
6. In Set one or more actions, click Add action.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 25
-
Figure 3-39. Add Action
7. On the Select an action page, select Send a message as an SNS
push notification.Figure 3-40. Select an Action
8. Click Configure action.Figure 3-41. Configure Action
9. On the Configure action page from the SNS target drop down
list, choose the Amazon SNS topiccreated earlier.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 26
-
Figure 3-42. Configure Action Page
10. Provide AWS IoT permission to publish the Amazon SNS topic
on the user’s behalf, when the ruleis triggered. Click Create a new
role. Enter a name for new role in the IAM role name field.
Afterentering the name, click Create a new role again. Select the
newly created role from the IAM rolename drop down list.Figure
3-43. Create a New Role
11. Select Update role to apply the permissions to the newly
created role, and then click Add action.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 27
-
Figure 3-44. Update Role
12. On the Create a Rule page, click Create rule.Figure
3-45. Create a Rule
3.8.4 Test the Amazon SNS RuleTest the rule by using an AWS IoT
button or the AWS IoT MQTT client.
• AWS IoT Button:– Press the button to receive an SMS text that
shows the current battery charge level on the
device (among other things).– Try a long press (about 2 seconds)
and a fast double press, and note the resulting messages.
• AWS IoT MQTT Client:– To test the rule with AWS IoT MQTT
client:
1.1. On the left navigation panel in the AWS IoT console, click
Test.1.2. On the MQTT Client page in the Specify a topic and a
message to publish…
field, enter my/topic or the topic used in the rule. In the
message payloadsection, type the following JSON.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 28
https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fiot%2Fhome%3Fstate%3DhashArgs%2523%26isauthcode%3Dtrue&client_id=arn%3Aaws%3Aiam%3A%3A015428540659%3Auser%2Ficebreaker&forceMobileApp=0
-
Note: If the user is using the button, enter
iotbutton/your-button-DSNinstead of my/topic in the Specify a topic
and a message to publish… field.Figure 3-46. AWS IoT MQTT
Client
1.3. Click Publish to topic to receive an Amazon SNS message on
the cell phone.1.4. Thus the user has created and configured a rule
that sends the data received from
a device to an Amazon SNS topic.Note: For more information on
AWS IoT rules, refer to AWS IoT Rule Tutorialsand AWS IoT
Rules.
AN2638AWS IoT Account Setup
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 29
https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules-tutorial.htmlhttps://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html
-
4. Programming CertificatesFor performing the AWS IoT with RSA,
the programming certificate from AWS IoT is downloaded in to
thedevice.
Figure 4-1. Programming Certificates Process
Perform the following steps to program the downloaded
certificate.
1. Open the certificate file downloaded from AWS IoT.Note: For
generating a certificate, refer to Creating and Activating a Device
Certificate.
Figure 4-2. Device Certificate Window
2. Open the Details tab and click Copy to File to display the
"Certificate Export Wizard" dialog box.
AN2638Programming Certificates
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 30
-
Figure 4-3. Details Page of Certificate
3. In the "Certificate Export Wizard" dialog box, click
Next.Figure 4-4. Certificate Export Wizard
AN2638Programming Certificates
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 31
-
4. Select the default option "DER encoded binary X.509 (.CER)"
format to export and click Next.Figure 4-5. Selecting the Export
File Format
5. Save the file in the name of atmelwinc.cer and rename the AWS
downloaded private key file asatmelwinc.key.
6. Store both the atmelwinc.cer and atmelwinc.key files in the
src/tls_cert_store/ folderof the fiirmware upgrade project (These
files are not available with this package).
7. After loading the generated certificate and key file, be sure
to flash the "ATWINC1500" firmwareusing the src/
download_all_sb_samw25_xplained_pro.bat for the SAM W25 device,
ordownload_all_sb_samd21_xplained_pro.bat for the SAM D21 device
(These files are notavailable with this package).Note: During the
firmware upgrade process, be sure that the download_all.bat
contains thefollowing codes to update the certificate and the
private key.
SET TLS_RSA_KEY=../../../tls_cert_store/atmelwinc.keySET
TLS_RSA_CRT=../../../tls_cert_store/atmelwinc.cer
AN2638Programming Certificates
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 32
-
5. Running the DemoPerform the following steps to run the
demo:
1. Configure the AWS IoT Account. Refer to AWS IoT Account
Setup.2. Generate the thing and certificate from AWS IoT console.3.
Convert the certificate to the .cer format and rename both the key
and certificate, as mentioned in
chapter Programming Certificates.4. After loading the generated
certificate and key file from AWS, be sure to flash the
ATWINC1500
firmware using the src/ download_all_sb_samw25_xplained_pro.bat
for the SAM W25device, or download_all_sb_samd21_xplained_pro.bat
for the SAM D21 device (Thesefiles are not available with this
package).Note: During the firmware upgrade process, be sure that
the download_all.bat file containsthe following codes to update the
certificate and the private key.
SET TLS_RSA_KEY=../../../tls_cert_store/atmelwinc.keySET
TLS_RSA_CRT=../../../tls_cert_store/atmelwinc.cer
5. Configure the "WINC1500_AWS_RSA_EXAMPLE" application. For
details, refer to Configuring theDemo Application.
6. Build and run "WINC1500_AWS_RSA_EXAMPLE" application.7.
Configure one device as Publisher and another device as
Subscriber.8. Once the "successfully connected" status is displayed
on the serial console (115200 8N1
configuration), the user can publish and receive the
messages.Figure 5-1. Publishing Message on Console Log Window
9. When the device is configured as Publisher, press SW0 button
to publish the message and thesame is received at the Subscriber
device.
10. Press the SW0 button on Publisher device to publish a
message.11. On the MQTT client, the message is displayed on the
console (if topic has been subscribed).12. The console log for the
device is provided below for reference.
AN2638Running the Demo
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 33
-
Figure 5-2. Console Log Window
AN2638Running the Demo
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 34
-
6. Document Revision HistoryRevision A (2/2018)
Section Changes
Document Initial Release.
AN2638Document Revision History
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 35
-
The Microchip Web Site
Microchip provides online support via our web site at
http://www.microchip.com/. This web site is used asa means to make
files and information easily available to customers. Accessible by
using your favoriteInternet browser, the web site contains the
following information:
• Product Support – Data sheets and errata, application notes
and sample programs, designresources, user’s guides and hardware
support documents, latest software releases and
archivedsoftware
• General Technical Support – Frequently Asked Questions (FAQ),
technical support requests,online discussion groups, Microchip
consultant program member listing
• Business of Microchip – Product selector and ordering guides,
latest Microchip press releases,listing of seminars and events,
listings of Microchip sales offices, distributors and
factoryrepresentatives
Customer Change Notification Service
Microchip’s customer notification service helps keep customers
current on Microchip products.Subscribers will receive e-mail
notification whenever there are changes, updates, revisions or
erratarelated to a specified product family or development tool of
interest.
To register, access the Microchip web site at
http://www.microchip.com/. Under “Support”, click on“Customer
Change Notification” and follow the registration instructions.
Customer Support
Users of Microchip products can receive assistance through
several channels:
• Distributor or Representative• Local Sales Office• Field
Application Engineer (FAE)• Technical Support
Customers should contact their distributor, representative or
Field Application Engineer (FAE) for support.Local sales offices
are also available to help customers. A listing of sales offices
and locations is includedin the back of this document.
Technical support is available through the web site at:
http://www.microchip.com/support
Microchip Devices Code Protection Feature
Note the following details of the code protection feature on
Microchip devices:
• Microchip products meet the specification contained in their
particular Microchip Data Sheet.• Microchip believes that its
family of products is one of the most secure families of its kind
on the
market today, when used in the intended manner and under normal
conditions.• There are dishonest and possibly illegal methods used
to breach the code protection feature. All of
these methods, to our knowledge, require using the Microchip
products in a manner outside theoperating specifications contained
in Microchip’s Data Sheets. Most likely, the person doing so
isengaged in theft of intellectual property.
• Microchip is willing to work with the customer who is
concerned about the integrity of their code.
AN2638
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 36
http://www.microchip.com/http://www.microchip.com/http://www.microchip.com/support
-
• Neither Microchip nor any other semiconductor manufacturer can
guarantee the security of theircode. Code protection does not mean
that we are guaranteeing the product as “unbreakable.”
Code protection is constantly evolving. We at Microchip are
committed to continuously improving thecode protection features of
our products. Attempts to break Microchip’s code protection feature
may be aviolation of the Digital Millennium Copyright Act. If such
acts allow unauthorized access to your softwareor other copyrighted
work, you may have a right to sue for relief under that Act.
Legal Notice
Information contained in this publication regarding device
applications and the like is provided only foryour convenience and
may be superseded by updates. It is your responsibility to ensure
that yourapplication meets with your specifications. MICROCHIP
MAKES NO REPRESENTATIONS ORWARRANTIES OF ANY KIND WHETHER EXPRESS
OR IMPLIED, WRITTEN OR ORAL, STATUTORYOR OTHERWISE, RELATED TO THE
INFORMATION, INCLUDING BUT NOT LIMITED TO ITSCONDITION, QUALITY,
PERFORMANCE, MERCHANTABILITY OR FITNESS FOR PURPOSE.Microchip
disclaims all liability arising from this information and its use.
Use of Microchip devices in lifesupport and/or safety applications
is entirely at the buyer’s risk, and the buyer agrees to
defend,indemnify and hold harmless Microchip from any and all
damages, claims, suits, or expenses resultingfrom such use. No
licenses are conveyed, implicitly or otherwise, under any Microchip
intellectualproperty rights unless otherwise stated.
Trademarks
The Microchip name and logo, the Microchip logo, AnyRate, AVR,
AVR logo, AVR Freaks, BeaconThings,BitCloud, CryptoMemory,
CryptoRF, dsPIC, FlashFlex, flexPWR, Heldo, JukeBlox, KeeLoq,
KeeLoq logo,Kleer, LANCheck, LINK MD, maXStylus, maXTouch, MediaLB,
megaAVR, MOST, MOST logo, MPLAB,OptoLyzer, PIC, picoPower,
PICSTART, PIC32 logo, Prochip Designer, QTouch, RightTouch,
SAM-BA,SpyNIC, SST, SST Logo, SuperFlash, tinyAVR, UNI/O, and XMEGA
are registered trademarks ofMicrochip Technology Incorporated in
the U.S.A. and other countries.
ClockWorks, The Embedded Control Solutions Company, EtherSynch,
Hyper Speed Control, HyperLightLoad, IntelliMOS, mTouch, Precision
Edge, and Quiet-Wire are registered trademarks of
MicrochipTechnology Incorporated in the U.S.A.
Adjacent Key Suppression, AKS, Analog-for-the-Digital Age, Any
Capacitor, AnyIn, AnyOut, BodyCom,chipKIT, chipKIT logo, CodeGuard,
CryptoAuthentication, CryptoCompanion, CryptoController,dsPICDEM,
dsPICDEM.net, Dynamic Average Matching, DAM, ECAN, EtherGREEN,
In-Circuit SerialProgramming, ICSP, Inter-Chip Connectivity,
JitterBlocker, KleerNet, KleerNet logo, Mindi, MiWi,motorBench,
MPASM, MPF, MPLAB Certified logo, MPLIB, MPLINK, MultiTRAK,
NetDetach, OmniscientCode Generation, PICDEM, PICDEM.net, PICkit,
PICtail, PureSilicon, QMatrix, RightTouch logo, REALICE, Ripple
Blocker, SAM-ICE, Serial Quad I/O, SMART-I.S., SQI, SuperSwitcher,
SuperSwitcher II, TotalEndurance, TSHARC, USBCheck, VariSense,
ViewSpan, WiperLock, Wireless DNA, and ZENA aretrademarks of
Microchip Technology Incorporated in the U.S.A. and other
countries.
SQTP is a service mark of Microchip Technology Incorporated in
the U.S.A.
Silicon Storage Technology is a registered trademark of
Microchip Technology Inc. in other countries.
GestIC is a registered trademark of Microchip Technology Germany
II GmbH & Co. KG, a subsidiary ofMicrochip Technology Inc., in
other countries.
All other trademarks mentioned herein are property of their
respective companies.
AN2638
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 37
-
© 2018, Microchip Technology Incorporated, Printed in the
U.S.A., All Rights Reserved.
ISBN: 978-1-5224-2658-5
Quality Management System Certified by DNV
ISO/TS 16949Microchip received ISO/TS-16949:2009 certification
for its worldwide headquarters, design and waferfabrication
facilities in Chandler and Tempe, Arizona; Gresham, Oregon and
design centers in Californiaand India. The Company’s quality system
processes and procedures are for its PIC® MCUs and dsPIC®
DSCs, KEELOQ® code hopping devices, Serial EEPROMs,
microperipherals, nonvolatile memory andanalog products. In
addition, Microchip’s quality system for the design and manufacture
of developmentsystems is ISO 9001:2000 certified.
AN2638
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 38
-
AMERICAS ASIA/PACIFIC ASIA/PACIFIC EUROPECorporate Office2355
West Chandler Blvd.Chandler, AZ 85224-6199Tel: 480-792-7200Fax:
480-792-7277Technical Support:http://www.microchip.com/supportWeb
Address:www.microchip.comAtlantaDuluth, GATel: 678-957-9614Fax:
678-957-1455Austin, TXTel: 512-257-3370BostonWestborough, MATel:
774-760-0087Fax: 774-760-0088ChicagoItasca, ILTel: 630-285-0071Fax:
630-285-0075DallasAddison, TXTel: 972-818-7423Fax:
972-818-2924DetroitNovi, MITel: 248-848-4000Houston, TXTel:
281-894-5983IndianapolisNoblesville, INTel: 317-773-8323Fax:
317-773-5453Tel: 317-536-2380Los AngelesMission Viejo, CATel:
949-462-9523Fax: 949-462-9608Tel: 951-273-7800Raleigh, NCTel:
919-844-7510New York, NYTel: 631-435-6000San Jose, CATel:
408-735-9110Tel: 408-436-4270Canada - TorontoTel: 905-695-1980Fax:
905-695-2078
Australia - SydneyTel: 61-2-9868-6733China - BeijingTel:
86-10-8569-7000China - ChengduTel: 86-28-8665-5511China -
ChongqingTel: 86-23-8980-9588China - DongguanTel:
86-769-8702-9880China - GuangzhouTel: 86-20-8755-8029China -
HangzhouTel: 86-571-8792-8115China - Hong Kong SARTel:
852-2943-5100China - NanjingTel: 86-25-8473-2460China - QingdaoTel:
86-532-8502-7355China - ShanghaiTel: 86-21-3326-8000China -
ShenyangTel: 86-24-2334-2829China - ShenzhenTel:
86-755-8864-2200China - SuzhouTel: 86-186-6233-1526China -
WuhanTel: 86-27-5980-5300China - XianTel: 86-29-8833-7252China -
XiamenTel: 86-592-2388138China - ZhuhaiTel: 86-756-3210040
India - BangaloreTel: 91-80-3090-4444India - New DelhiTel:
91-11-4160-8631India - PuneTel: 91-20-4121-0141Japan - OsakaTel:
81-6-6152-7160Japan - TokyoTel: 81-3-6880- 3770Korea - DaeguTel:
82-53-744-4301Korea - SeoulTel: 82-2-554-7200Malaysia - Kuala
LumpurTel: 60-3-7651-7906Malaysia - PenangTel:
60-4-227-8870Philippines - ManilaTel: 63-2-634-9065SingaporeTel:
65-6334-8870Taiwan - Hsin ChuTel: 886-3-577-8366Taiwan -
KaohsiungTel: 886-7-213-7830Taiwan - TaipeiTel:
886-2-2508-8600Thailand - BangkokTel: 66-2-694-1351Vietnam - Ho Chi
MinhTel: 84-28-5448-2100
Austria - WelsTel: 43-7242-2244-39Fax: 43-7242-2244-393Denmark -
CopenhagenTel: 45-4450-2828Fax: 45-4485-2829Finland - EspooTel:
358-9-4520-820France - ParisTel: 33-1-69-53-63-20Fax:
33-1-69-30-90-79Germany - GarchingTel: 49-8931-9700Germany -
HaanTel: 49-2129-3766400Germany - HeilbronnTel:
49-7131-67-3636Germany - KarlsruheTel: 49-721-625370Germany -
MunichTel: 49-89-627-144-0Fax: 49-89-627-144-44Germany -
RosenheimTel: 49-8031-354-560Israel - Ra’ananaTel:
972-9-744-7705Italy - MilanTel: 39-0331-742611Fax:
39-0331-466781Italy - PadovaTel: 39-049-7625286Netherlands -
DrunenTel: 31-416-690399Fax: 31-416-690340Norway - TrondheimTel:
47-7289-7561Poland - WarsawTel: 48-22-3325737Romania -
BucharestTel: 40-21-407-87-50Spain - MadridTel: 34-91-708-08-90Fax:
34-91-708-08-91Sweden - GothenbergTel: 46-31-704-60-40Sweden -
StockholmTel: 46-8-5090-4654UK - WokinghamTel: 44-118-921-5800Fax:
44-118-921-5820
Worldwide Sales and Service
© 2018 Microchip Technology Inc. Application Note
DS00002638A-page 39
IntroductionTable of Contents1. Getting
Started1.1. Prerequisites1.2. Demo Application Flow
2. Configuring the Demo
Application2.1. WINC1500_AWS_RSA_EXAMPLE Application
Configuration2.1.1. WLAN Configuration2.1.2. AWS IoT
Settings2.1.3. Application Device Settings
3. AWS IoT Account Setup3.1. Signing In to the AWS IoT
Console3.2. Registering a Device in the Thing
Registry3.3. Creating and Activating a Device
Certificate3.4. Creating an AWS IoT Policy3.5. Attaching
an AWS IoT Policy to a Device Certificate3.6. Attaching a
Certificate to the Thing3.7. Viewing Device MQTT Messages with
the AWS IoT MQTT Client3.8. Configure and Test
Rules3.8.1. Create an SNS Topic3.8.2. Subscribe to an
Amazon SNS Topic3.8.3. Create a Rule3.8.4. Test the
Amazon SNS Rule
4. Programming Certificates5. Running the
Demo6. Document Revision HistoryThe Microchip Web SiteCustomer
Change Notification ServiceCustomer SupportMicrochip Devices Code
Protection FeatureLegal NoticeTrademarksQuality Management System
Certified by DNVWorldwide Sales and Service