AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. In this session, we will discuss how constrained devices in Enterprise environments can securely connect to the cloud over HTTP, MQTT and WebSockets. We will discuss how developers can use the AWS IoT Rules Engine and Thing Shadows. Finally, we will cover new features released since the launch of AWS IoT including integration with Amazon Machine Learning and ElasticSearch.
18. Publish / Subscribe
Standard Protocol Support
MQTT, HTTP, WebSockets
Long Lived Connections
Receive signals from the cloud
Secure by Default
Connect securely via X509 Certs
and TLS 1.2 Client Mutual Auth
19. Sensor messages
Standard protocol support
MQTT, HTTP, WebSockets
Topic/channel
Message routing hierarchy
Control over full tree
Payload (JSON)
Customer-defined JSON payload
21. Extracting the value from messages
• Filter messages with certain criteria
• Move messages to other topics
• Move messages to other systems
• Transform the payload of messages
• Predict messages based on trends
• React based on messages
23. AWS IoT SQL reference
SELECT DATA FROM TOPIC WHERE FILTER
• Like scanning a database table
• Default source is an MQTT topic
EXAMPLES:
• FROM mqtt(‘my/topic’)
• FROM mqtt(‘my/wildcard/+/topic’)
• FROM (‘my/topic’)
24. Rules engine
• Familiar SQL syntax
• SELECT * FROM topic WHERE filter
• Functions
• String manipulation (regex support)
• Mathematical operations
• Context based helper functions
• Crypto support
• UUID, timestamp, rand, etc.
• Execute simultaneous actions
25. new: Rules engine features
• Versioning
• 2016-10-08 – Original version
• 2016-03-23-beta – Beta version released on specific date
• beta – Latest beta version (breaking changes!)
• lts – Latest long-term support version, automatically updated
{
"sql": "expression",
"ruleDisabled": false,
"awsIotSqlVersion": "2015-03-23-beta",
"actions": [{
"republish": {
"topic": "my-mqtt-topic",
"roleArn": "arn:aws:iam::123456789012:role/my-iot-role"
}
}]}
26. new: Rules engine features
• JSON collections
• get(array, int) – get item at index of array
• get(string, int) – get character at position of string
• get(object, key) – get value of key
• SUB SELECT from collections
• SELECT (SELECT v FROM e WHERE n = 'temperature') as
temperature FROM 'topic'
32. Basic flow for using prediction
• Generate data
• Use AWS IoT rule to forward to S3
• Build your Amazon Machine Learning model using S3
data source
• Enable real-time predications in Amazon ML
• Use AWS IoT rule to validate predicted value from real-
time prediction endpoint in Amazon ML
• Add other actions
36. 1. Device publishes current state
2. Persist JSON data store
3. App requests device’s current state
4. App requests change the state
5. Device shadow syncs
updated state
6. Device publishes current state 7. Device shadow confirms state change
AWS IoT device shadow flow
37. AWS IoT device shadow: Simple yet powerful
{
"state" : {
“desired" : {
"lights": { "color": "RED" },
"engine" : "ON"
},
"reported" : {
"lights" : { "color": "GREEN" },
"engine" : "ON"
},
"delta" : {
"lights" : { "color": "RED" }
} },
"version" : 10
}
Device
Report its current state to one or multiple shadows
Retrieve its desired state from shadow
Mobile App
Set the desired state of a device
Get the last reported state of the device
Delete the shadow
Shadow
Shadow reports delta, desired, and reported
states along with metadata and version
42. TLS mutual authentication
• Create CSR
• Create X.509 certificate from CSR
• Activate the certificate
• Create policy
• Attach policy to certificate
* Certificate must be issued by AWS IoT
43. new: Bring your own certificate
• Use certificates issued by your own CA
• Existing certificate issuance infrastructure
• Use certificates already on board
• Limited Internet connectivity from assembly/manufacturing
locations
• Seamless provisioning of devices
• 8 new API calls to support management of certificates
49. Securing user access
• WebSockets support Signature Version 4
authentication
• IAM roles and policies
• Amazon Cognito identity pools
• Anonymous access to iot:Subscribe
• Use your own application-level authentication patterns
51. Device SDK support
• Based on open standards like Eclipse Paho
• C
• Arduino (Yun)
• iOS (Swift)
• Android
• WebSocket support
• NodeJS
• JS SDK for statically hosted site (WebSockets)
52. Summary
• AWS IoT
• New Region launch (EU – Frankfurt)
• New Rules engine features
• Elasticsearch
• Amazon ML prediction function
• New Bring your own certificates
Same room after keynote:
Deep Dive on Rules and Analytics next!