AWS IoT and building an Internet connected camera
Timothée Cruse, Solutions Architect,
Amazon Web Services
Healthcare and Life
Sciences
Municipal Infrastructure Smart Home Retail
Manufacturing, Logistics &
Supply Chain
Agriculture Education Automotive
AWS customers are connecting physical things to the cloud in every industry imaginable.
Complexities of IoT
• Security
• Infrastructure
• Scale
• Distribution
• Device Management
• Online vs. Offline
• Hardware
• …
Millions of
Devices / Producers
Millions of
Users / Consumers /
Devices
connecting
AWS IoT
Any device can connect securelyAnyone can connect a
deviceGetting started is easy
“Securely connect one or one-billion devices to AWS,
so they can interact with applications and other devices”
AWS IoT
DEVICE GATEWAYCommunicate with devices via
MQTT, HTTP and WebSockets
Protocols – MQTT
MQTTS vs HTTPS:
• 93x faster throughput
• 11.89x less battery to send
• 170.9x less battery to receive
• 50% less power to keep connected
• 8x less network overhead
Source:
http://stephendnicholas.com/archives/1217
• OASIS standard protocol (v3.1.1)
• Lightweight, pub-sub, transport protocol
that is useful for connected devices
• MQTT is used on oil rigs, connected
trucks, and many more sensitive and
resource-sensitive scenarios.
• Customers have needed to build,
maintain and scale a broker to use
MQTT with cloud applications
Protocols – HTTPS and MQTT over WebSockets
HTTPS:
• AWS HTTPS Restful API
• SigV4 authentication
• POST - Publish to topics and shadow
• GET - Read shadow
MQTT over WebSockets:
• Ideal for web and dash-boarding
• SigV4 authentication
• Can be used standalone
• Publisher / Subscriber
Protocols – MQTT – Use Cases
mydevices/#
mydevices/1
mydevices/2
mydevices/3
Protocols – MQTT – Use Cases
mydevices/4
mydevices/4
Protocols – MQTT – Use Cases
mydevices/4
mydevices/4
Protocols – MQTT – Use Cases
mydevices/to_all
mydevices/to_all
Protocols – MQTT – QoS 0
1
2
3
4
5
61,2,3,5,6
Protocols – MQTT – QoS 1
1
2
3
4
5
41,2,3,4,5,6
6
AWS IoT
DEVICE SDKSet of client libraries to
connect, authenticate and
exchange messages
DEVICE GATEWAYCommunicate with devices via
MQTT, HTTP and WebSockets
AUTHENTICATION
AUTHORIZATIONSecure with mutual
authentication and encryption
TLS + Cert
Device SDKs
C-SDK
(Ideal for embedded OS)
JS-SDK
(Ideal for Embedded
Linux Platforms)
Arduino Library
(Arduino Yun)
Mobile SDK
(Android and iOS)
Security
• Strong Authentication
• Secure Communication
• TLS Mutual Authentication
• Packaged in the SDKs
AWS IoT
DEVICE SDKSet of client libraries to
connect, authenticate and
exchange messages
DEVICE GATEWAYCommunicate with devices via
MQTT, HTTP and WebSockets
AUTHENTICATION
AUTHORIZATIONSecure with mutual
authentication and encryption
TLS + Cert
RULES ENGINETransform messages
based on rules and
route to AWS Services
AWS Services
- - - - -
3P Services
AWS IoT Rules Engine Basics
SELECT * FROM ‘things/thing-2/color’
WHERE color = ‘red’
Simple & Familiar Syntax
- SQL Statement to define topic filter
- Optional WHERE clause
- Advanced JSON support
Functions improve signal : noise
- String manipulation (regex support)
- Mathematical operations
- Context based helper functions
- Crypto support
- UUID, Timestamp, rand, etc.
AWS IoT Rules Engine
Rules Engine evaluates inbound
messages published into AWS IoT,
transforms and delivers to the
appropriate endpoint based on
business rules.
External endpoints can be reached via
Lambda and Simple Notification
Service (SNS).
Invoke a Lambda function
Put object in an S3 bucket
Insert, Update, Read from
a DynamoDB table
Publish to an SNS Topic
or Endpoint
Publish to a Kinesis stream
Actions
Kinesis Firehose
Republish to AWS IoT
Publish to ElasticSearch
AWS IoT
DEVICE SDKSet of client libraries to
connect, authenticate and
exchange messages
DEVICE GATEWAYCommunicate with devices via
MQTT, HTTP and WebSockets
AUTHENTICATION
AUTHORIZATIONSecure with mutual
authentication and encryption
TLS + Cert
RULES ENGINETransform messages
based on rules and
route to AWS Services
AWS Services
- - - - -
3P Services
DEVICE SHADOWPersistent thing state during
intermittent connections
APPLICATIONS
Protocols – AWS IoT Shadow
{"state" : {
“desired" : {"lights": { "color": "RED" },"engine" : "ON"
},"reported" : {
"lights" : { "color": "GREEN" },"engine" : "ON"
},"delta" : {
"lights" : { "color": "RED" }}
},"version" : 10}
Thing
Report its current state to one or multiple
shadow
Retrieve its desired state from shadow
App
Set the desired state of a device
Get the last reported state of the device
Delete the shadow
Shadow
Shadow reports delta, desired
and reported states along with metadata and version
Protocols – AWS IoT Shadow Use Case
{"state" : {
“desired" : {"engine" : "OFF”,“light”: “green”
},"reported" : {
"engine" : ”OFF”,“light”, “green”
},},"version" : 10}
Protocols – AWS IoT Shadow Use Case
{"state" : {
“desired" : {"engine" : "OFF”,“light”: “green”
},"reported" : {
"engine" : ”OFF”“light”: “green”
},},"version" : 10}
"engine" : ”OFF”,“light”: “green”
Protocols – AWS IoT Shadow Use Case
{"state" : {
“desired" : {"engine" : ”ON”,”light”: “green”
},"reported" : {
"engine" : ”OFF”,“light”: “green”
},"delta" : {
"engine" : ”ON”},
},"version" : 10}
"engine" : ”ON”
Protocols – AWS IoT Shadow Use Case
{"state" : {
“desired" : {"engine" : ”ON”,”light”: “green”
},"reported" : {
"engine" : ”OFF”,“light”: “green”
},"delta" : {
"engine" : ”ON”},
},"version" : 10}
"engine" : ”ON”
Protocols – AWS IoT Shadow Use Case
{"state" : {
“desired" : {"engine" : ”ON”,“light”: “green”
},"reported" : {
"engine" : ”ON”,“light”: “green”
},},"version" : 10}
"engine" : ”ON”,“light”: “green”
AWS IoT
DEVICE SDKSet of client libraries to
connect, authenticate and
exchange messages
DEVICE GATEWAYCommunicate with devices via
MQTT, HTTP and WebSockets
AUTHENTICATION
AUTHORIZATIONSecure with mutual
authentication and encryption
TLS + Cert
RULES ENGINETransform messages
based on rules and
route to AWS Services
AWS Services
- - - - -
3P Services
DEVICE SHADOWPersistent thing state during
intermittent connections
APPLICATIONS
AWS IoT API
DEVICE REGISTRYIdentity and Management of
your things
Official IoT Starter Kits, Powered by AWS
Official IoT Starter Kits on Variety of Platforms
Broadcom WICED
BCM4343W
On Threadx/Netx
Marvell
EZConnect
MW302
On FreeRTOS
Renasas RX63N
On Micrium OS
TI CC3200
On TI-RTOSMicrochip WCM
PIC32 Platform
Intel Edison
on Yocto Linux
Mediatek
LinkOne
on Linkit OS
Dragonboard
410c on
Ubuntu
Seeeduino
Arduino on
openWRT
Beaglebone
Green on
Debian
SONOS
”A 10 year old product can do things that hadn't been invented 10 years
ago. Most importantly, going forward, people will expect your product to
improve, and if it isn't being updated and getting better, you're literally being
left behind.” – SONOS
Let’s build an Internet connected camera!
What we’ll need
• Raspberry Pi with Camera module (already setup and ready to go)
• NodeJS installed on the Raspberry PI
• AWS IoT, Amazon Cognito, Amazon S3
• A couple lines of code!
AWS IoT Amazon S3Amazon
Cognito
Architecture
AWS IoT
Amazon S3
Amazon
Cognito
Architecture – Step 1
(Subscribe) camera/button AWS IoT
Amazon S3
Amazon
Cognito
Architecture – Step 2
AWS IoT
Amazon S3
Load website from S3 (static web)
Amazon
Cognito
Architecture – Step 3
(Subscribe) camera/button AWS IoT
Amazon S3
(Subscribe) camera/uploaded
Amazon
Cognito
Architecture – Step 4
(Subscribe) camera/button
(Publish) camera/button
{ event: “press” }
AWS IoT
Amazon S3
(Subscribe) camera/uploaded
Amazon
Cognito
Architecture – Step 5
AWS IoT
Amazon S3
(Subscribe) camera/uploaded
Amazon
Cognito
Architecture – Step 6
AWS IoT
Amazon S3Upload 1463811192.jpg to S3
(Subscribe) camera/uploaded
Amazon
Cognito
Architecture – Step 7
AWS IoT
Amazon S3
(Publish) camera/uploaded
{ filename: “1463811192.jpg” }
(Subscribe) camera/uploaded
Amazon
Cognito
Architecture – Step 8
AWS IoT
Amazon S3
Fetch image from S3 and display it
Amazon
Cognito
Step 1.1: IAM Security – Raspberry Pi
• IAM User for uploading images to S3 (Access Key ID / Secret Access Key)
• Restrict access to only specified bucket
AWS
IAM
Step 1.2: IAM Security – Web (websockets)
• Amazon Cognito identity pool
• Unauthenticated Role
• Gives access to our website to AWS IoT websockets
Amazon
Cognito
AWS
IAM
Step 1.3: AWS IoT (Thing / Policy / Certificate)
Create:
Thing: “pi-camera”
Policy: “pi-camera-policy”
Certificate:
certificate.pem.crt
private.pem.key
Attach policy and thing to certificate
Ste
p 2
: R
as
pb
err
y P
i (N
od
e.js)
(Io
Tm
inim
um
co
de)
Ste
p 3
: Te
st
it w
ith
MQ
TT
Step 4: Web – WebSockets
• Using websockets requires signing requests to AWS• http://docs.aws.amazon.com/iot/latest/developerguide/protocols.html
• AWSLabs Sample code• https://github.com/awslabs/aws-iot-examples
Demo
Insert video demo here - Innovate - Tim Cruse IoT.mp4
Duration 00.06.01
Online Labs & Training
Gain confidence and hands-on
experience with AWS.
Watch free Instructional Videos and
explore Self-Paced Labs
Instructor Led Classes
Learn how to design, deploy and
operate highly available, cost-effective
and secure applications on AWS in
courses led by qualified AWS instructors
Validate your technical expertise
with AWS and use practice exams
to help you prepare for AWS
Certification
AWS Certification
More info at http://aws.amazon.com/training
Thank You for Attending AWS Innovate
We hope you found it interesting!
Do provide us with your feedback for the session and complete the feedback form.
Let us know your thoughts of today’s event and how we can improve the event
experience for you in the future.