AWS IoT without having to RTFM

AWS has invested heavily in the Internet of Things, but as IoT has a more limited audience than compute and storage there’s much less information out there about how to use it.

On top of that, IoT is peppered with concepts many of us have had no reason to get familiar with. I mean, what even are Things?

Thing 2 and Thing 1, © Dr. Seuss Enterprises, L.P. used under the doctrine of fair use

The aim of this article is to inspire you to get started with building your own AWS IoT project, by explaining the key concepts behind it and showing you how easy it is to get started.

Don’t fear the Things!

If you stick around to the end of this article you’ll also learn how I used AWS IoT and their Rekognition service to build a Bad Santa Detector — something every home needs at this time of year!

What Things are

Hardware devices must possess a few capabilities before they can become Things in the context of IoT. They must:

  1. Be able to connect to the Internet
  2. Be able to act independently (ie operate without human intervention)
  3. Be able to do something useful (gather, process, transmit data)

A good example of a device that can be easily turned into a Thing in AWS IoT is the Raspberry Pi Zero WH. This credit-card sized SOC computer is a cheap way to get started, costing around $25 AUD. It looks like this:

The Raspberry Pi Zero WH, naked and in a Slim case

The Pi Zero WH is a full featured PC that runs various flavours of Linux (though for most use-cases Raspbian is the best option as it is designed for the Pi). It provides built-in HDMI, USB ports, WiFi and Bluetooth (4.1 + BLE) as well as Pi Camera support.

The Pi Zero, like other members of the Pi family, also has 40 GPIO (general purpose IO) pins you can use to connect sensors and other hardware devices you want to use, eg a motion sensor, a 240v relay…there are thousands of these sorts of devices out there that you can connect to your Pi using GPIO.

Though you can run a Pi Zero on a battery for a short period, they are not suitable for remote monitoring applications or industrial conditions. They are great for prototyping and for use around the home where power sockets are available.

If your application requires your device to run for a long time on batteries you will need to look at microcontroller-based boards, like those based on the ESP32.

On-boarding your device

You can on-board devices like the Pi to AWS IoT via their simple, wizard-like process. The steps ask you to give your thing a name, ask what OS and software platform you are using and then gives you a bundled “connection kit” that you can download and install on your device. The kit will install any libraries you need for your chosen OS and software stack and run a test to establish a connection to AWS.

AWS IoT makes it easy to get your device connected

It’s almost too easy!

Communicating with your Thing

When you set up Things in AWS IoT, AWS sets up an MQTT-compatible broker in that region. Your Things will connect to that broker using X.509 certificate-based authentication over TLS (this is all set-up for you in the connection kit) and, once connected, will be able to send and receive messages on that broker.

Messaging is via the pub/sub model where publishers send messages to topics on the broker and interested parties subscribe to those topics to receive them. Topics classify and group messages based on their content and audience, allowing many different message types to co-exist on a single broker.

Typically an individual Thing will only work with a subset of the total data that the system as a whole collects and works with, eg a temperature sensor may only publish data to the sensors/temperature topic, while other types of sensors send messages to their own relevant topics.

Consuming services (eg your air-conditioner) can choose to only subscribe to topics relevant to their operation, reducing the amount of network load and processing that each part of the system is required to do.

Thing Control with Policies

In AWS, policies are the gatekeepers that control who and what can perform actions, under which conditions. A simple “getting started” IoT Policy for your Thing is created for you during the on-boarding process.

Understanding policies is key to working with AWS Services

Policies determine who can connect to the message broker, who is allowed to publish messages to which topics, and who can subscribe to those topics and receive messages.

IoT Policies are attached to the certificate your Thing uses to connect. A Thing presenting a given certificate will be granted access to whatever the policies attached to that certificate allow. More than one policy can be attached to a certificate.

Applications that want to access your IoT data can do so using IAM roles and policies. Users logging in via Cognito can assume a role to obtain temporary credentials that will allow them to work with AWS IoT.

Policies allow for very granular access control, but you also need to make sure you explicitly allow all the actions you want your Things to be able to take. If something is not working, check the policies — you’ve probably left something out, or misconfigured a Resource.

Integration with other AWS services

Now we’re at the fun bit. You have a Thing connected to the Internet via AWS IoT & publishing messages — what can we do with that data?

The AWS IoT Rules engine can query messages coming in on your broker using an SQL like query language. Messages are automatically converted into query-able objects, so you can do selects from Topics, like this:

Example query on an IoT message

When rules are matched you can invoke an action, eg run a Lambda function, trigger a Step Functions state machine invocation, or publish a message to SNS or an IoT MQTT topic.

Here’s a list of the services you can invoke in response to messages sent into your IoT MQTT broker (as of December 2019).

The current list of actions you can take using IoT Rules

You should also configure an error action (eg send you an email notification via SNS) in case your rule encounters a problem and fails to execute.

Let’s look now at a worked example of how to bring all this together!

The Bad Santa Detector

The “Bad Santa Detector” is a demo I put together to demonstrate how to use AWS IoT. It consists of three IoT Things (Pi Zeros) working together with a motion sensor, relay and a camera to interact with the physical world.

The Bad Santa Detector

Here’s how it works:

On detecting motion, the Thing named “pi-zero-3” publishes a message to the pi-zero3/motion Topic. An IoT Rule processes this message and in response re-publishes the message to the pi-zero-1/take_photo Topic. This tells the Thing with the camera (“pi-zero-1”) to take a photo of whoever has just come down the chimney.

The Thing “pi-zero-1” takes the photo, then uploads it to S3, where the upload triggers a Lambda function requesting Rekognition compare it with a photo of the known good Santa. The output from Lambda is published on the pi-zero-2/santa_detector topic.

The Thing “pi-zero-2” reads the inbound message and checks it to see if Rekognition found a face matching that of the known good Santa. If it did, it uses a relay to turn on blinking Christmas lights. Hooray, Santa has arrived!

The same example could be repurposed to do something less seasonal, of course. Imagine, for instance, using the same concepts to check the identities of people arriving at your front door, or hanging around your office car park. Check out Rekognition — it’s pretty amazing!

Next Steps…

This article has only scratched the surface of AWS’s IoT offerings. I encourage you to get yourself an AWS account (if you don’t already have one), arm yourself with a Raspberry Pi Zero WH and Go Build!

Feel free to ask questions in the comments!

Principal Consultant at Versent. Passionate about Cloud, Culture, DevOps & IoT.