52
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kyle Roche, General Manager AWS IoT 28-Oct-2015 AWS IoT Getting Started

AWS October Webinar Series - Getting Started with AWS IoT

Embed Size (px)

Citation preview

Page 1: AWS October Webinar Series - Getting Started with AWS IoT

© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Kyle Roche, General Manager AWS IoT

28-Oct-2015

AWS IoTGetting Started

Page 2: AWS October Webinar Series - Getting Started with AWS IoT

Introduction AWS IoT

Page 3: AWS October Webinar Series - Getting Started with AWS IoT

Things are Becoming Connected

NowNot too long

from now Soon After

Source: Pretty much everyone

Page 4: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT

- Fully Managed Service- Bi-Directional / Long Lived Connections- Security and Identity Schemes Built for Devices- Bridge to other AWS Services

Page 5: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT - Console Interactive Tutorial

Page 6: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT

DEVICE SDKSet of client libraries to

connect, authenticate and exchange messages

DEVICE GATEWAYCommunicate with devices

via MQTT and HTTP

AUTHENTICATIONAUTHORIZATION

Secure with mutual authentication and

encryption

RULES ENGINETransform messages based on rules and

route to AWS Services

AWS Services- - - - -

3P Services

DEVICE SHADOWPersistent thing state

during intermittent connections

APPLICATIONS

AWS IoT API

DEVICE REGISTRYIdentity and Management of

your things

Page 7: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Device Registry

Page 8: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Device Registry

THING REGISTRYIdentity and Management of

your things

REGISTRYIdentity and Management of

your things

Page 9: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Device Registry

Device Metadata- Serial #- EIN / IMEI- ASIN- Support URLa

Page 10: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Device Registry (CLI)

kyleroche@Kyles-MacBook-Pro: aws iot list-things{ "things": [ { "attributes": { "ASIN": "B006LPJZ1S", "EIN": "SDLKFJ23423KJOIJOJL", "serial_number": "K123Y34R456O" }, "thingName": "thing01" } ]}

Page 11: AWS October Webinar Series - Getting Started with AWS IoT

Security & Identity

Page 12: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Security

AUTHENTICATIONSecure with mutual authentication and

encryption

AUTHENTICATIONAUTHORIZATION

Secure with mutual authentication and

encryption

Page 13: AWS October Webinar Series - Getting Started with AWS IoT

Securing and Identifying Things

- Secure Bi-Directional Pipe- Anonymous

Page 14: AWS October Webinar Series - Getting Started with AWS IoT

Securing and Identifying Things

- Secure Bi-Directional Pipe- Anonymous

- Secure Bi-Directional Pipe- Anonymous

Page 15: AWS October Webinar Series - Getting Started with AWS IoT

Securing and Identifying Things: Mutual Auth TLS

- Secure Bi-Directional Pipe- Anonymous

- Secure Bi-Directional Pipe- Mutual Proof of Identity

Page 16: AWS October Webinar Series - Getting Started with AWS IoT

Security, Designed for Connected DevicesMQTT + Mutual Auth TLS AWS Auth + HTTPS

Server Auth TLS + Cert TLS + Cert

Client Auth TLS + Cert AWS API Keys

Confidentiality TLS TLS

Protocol MQTT HTTP

Identification AWS ARNs AWS ARNs

Authorization AWS Policy AWS Policy

NEW

Page 17: AWS October Webinar Series - Getting Started with AWS IoT

Rule Invocations - IAM Roles

- Service iot.amazonaws.com- Assumes Role- Policy Allows Actions to other services

Page 18: AWS October Webinar Series - Getting Started with AWS IoT

Demo Create Keys & Certificate

Page 19: AWS October Webinar Series - Getting Started with AWS IoT

Demo Steps

- Create Keys & Certificate- Create Thing in Registry (optional)- Create Policy Document- Attach Policy to Certificate and Thing

Page 20: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Device Gateway

Page 21: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Device Gateway

DEVICE GATEWAYCommunicate with devices

via MQTT and HTTP

Page 22: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Device Gateway

Standard Protocol Support (no lock-in)Millions of devices and apps can connect over any protocol starting with MQTT and HTTP 1.1

Powerful Pub/Sub Broker with Long-lived bi-directional messagesClients (Devices and Apps) can receive commands and control signals from the cloud

Secure by DefaultConnect securely via X509 Certs and TLS 1.2 Client Mutual Auth

Topic Based Architecture

(lights/thing-2/color)

Highly ScalableDevice Gateway

Page 23: AWS October Webinar Series - Getting Started with AWS IoT

Demo Publish and Subscribe (MQTT)

Page 24: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Rules Engine

Page 25: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Rules Engine

RULES ENGINETransform messages based on rules and

route to AWS Services

Page 26: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Rules Engine Basics

SELECT * FROM ‘things/thing-2/color’ WHERE color = ‘red’

Rule

Name

Description

SQL Statement

Array of Actions

Page 27: AWS October Webinar Series - Getting Started with AWS IoT

Simple & Familiar Syntax- SQL Statement to define topic filter- Optional WHERE clause- Advanced JSON support

Functions improve signal : noise- String manipulation (regex support)- Mathematical operations- Context based helper functions- Crypto support- UUID, Timestamp, rand, etc.

AWS IoT Rules Engine Basics

SELECT * FROM ‘things/thing-2/color’ WHERE color = ‘red’

Page 28: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT - SQL Reference

SELECT DATA FROM TOPIC WHERE FILTER

Page 29: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT - SQL Reference

SELECT DATA FROM TOPIC WHERE FILTER

• Like scanning a database table• Default source is an MQTT topic

EXAMPLES:• FROM mqtt(‘my/topic’)• FROM mqtt(‘my/wildcard/+/topic’)• FROM (‘my/topic’)

Page 30: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT - SQL Reference

SELECT DATA FROM TOPIC WHERE FILTER

• Properties from the JSON Object in the payload• “.” Operator• “..” Operator• “*” Operator• Apply functions to attribute value

Page 31: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT - SQL Reference

SELECT DATA FROM…

• SELECT deviceid AS client• SELECT md5(deviceid) AS hashed_id

Substitution Templates• ${expression}• ${topic() - md5(deviceid)}• ${deviceid - temp}

{“deviceid” : “iot123”,“temp” : 54,“humidity” : 32,“coords” : {

“latitude” : 47.615694,

“longitude” : -122.3359976

},“a” : {

“another_level” : {

{“b” : 3},

{“b” : 5}

}}}

SAMPLE PAYLOAD

Page 32: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Rules Engine Actions

RULES ENGINETransform messages based on rules and

route to AWS Services

AWS Services- - - - -

3P Services

AWS Services- - - - -

3P Services

Page 33: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Rules Engine Actions

Rules Engine evaluates inbound messages published into AWS IoT, transforms and delivers to the appropriate endpoint based on business rules.

External endpoints can be reached via Lambda and Simple Notification Service (SNS).

Invoke a Lambda function

Put object in an S3 bucket

Insert, Update, Read from a DynamoDB table

Publish to an SNS Topic or Endpoint

Publish to a Kinesis stream

Actions

Amazon Firehose

Republish to AWS IoT

Page 34: AWS October Webinar Series - Getting Started with AWS IoT

Rule Template - Invoke Lambda

kyleroche@Kyles-MacBook-Pro: aws iot get-topic-rule --rule-name invokeLambda{ "rule": { "sql": "SELECT * FROM 'things/rules/lambda'", "ruleDisabled": false, "actions": [ { "lambda": { "functionArn": "arn:aws:lambda:us-east-1:8675309:function:helloWorld" } } ], "ruleName": "invokeLambda" }}

Page 35: AWS October Webinar Series - Getting Started with AWS IoT

Invoke Lambda function from MQTT

kyleroche@Kyles-MacBook-Pro: mosquitto_pub --cafile rootCert.pem --cert cert.pem --key privateKey.pem -h A3OZCB0FJ4Y4JS.iot.us-east-1.amazonaws.com -p 8883 -q 1 -d -t things/rules/lambda -i thing01 -m ”{\"color\":\"red\"}”

MQTT Payload available to Lambda event parameter

Page 36: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Rules Engine & Stream Data

N:1 Inbound Streams of Sensor Data (Signal to Noise Reduction)Rules Engine filters, transforms sensor data then sends aggregate to Amazon Kinesis

Kinesis Streams to Enterprise ApplicationsSimultaneously stream processed data to databases, applications, other AWS Services

Ordered Stream

Page 37: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Rules Engine for Machine Learning

Anomaly DetectionAmazon Machine Learning can feed predictive evaluation criteria to the Rules Engine

Continuous Improvement around PredicationContinuously look for outliers and re-calibrate the Machine Learning models

Send to S3

Amazon Machine Learning

Re-Train

Page 38: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT – Device Management

S3 Holds Versioned Firmware DistributionsOrganize and secure your firmware binaries in S3

Message Broker notifies groups of the fleet using Topic PatternsAlert the fleet (or part of it) of the update, and send the URL to the S3 download

Firmware Update

Stored in S3

Event Hook -> Lambda

Publish to groups of devices

• Ability to update global or within a Region

• Rules Engine keeps state of updates and tracks progress in a DynamoDB Table

• Store Version in Registry Entry

Page 39: AWS October Webinar Series - Getting Started with AWS IoT

Rule Template - Save to DynamoDB

kyleroche@Kyles-MacBook-Pro: aws iot get-topic-rule --rule-name saveToDynamoDB{ "rule": { "sql": "SELECT * FROM 'things/rules/dynamo'", "ruleDisabled": false, "actions": [ { "dynamoDB": { "hashKeyField": "topic", "roleArn": "arn:aws:iam::8675309:role/iot-actions-role", "tableName": "awsiot", "hashKeyValue": "${topic(3)}", "rangeKeyValue": "${timestamp()}", "rangeKeyField": "timestamp" } } ], "ruleName": "saveToDynamoDB" }}

Page 40: AWS October Webinar Series - Getting Started with AWS IoT

Demo Rules - Save to DynamoDB

Page 41: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Device Shadow

Page 42: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Device Shadow

THING SHADOWPersistent thing state

during intermittent connections

SHADOWPersistent thing state

during intermittent connections

APPLICATIONS

Page 43: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Shadow Flow

Device SDK

1. Device Publishes Current State

2. Persist JSON Data Store

3. App requests device’s current state

4. App requests change the state5. Device Shadow sync’s updated state

6. Device Publishes Current State 7. Device Shadow confirms state change

Page 44: AWS October Webinar Series - Getting Started with AWS IoT

AWS IoT Device Shadow Topics (MQTT)

Thing SDK (C-SDK, JS-SDK)makes it easy for you build shadow functionality into your device so it can automatically synchronize the state with the device.

AWS IoT Thing Shadow

UPDATE: $aws/things/{thingName}/shadow/updateDELTA: $aws/things/{thingName}/shadow/update/delta GET: $aws/things/{thingName}/shadow/getDELETE: $aws/things/{thingName}/shadow/delete

Sensor Reported Desired Delta

LED1 RED YELLOWLED1 = YellowTEMP = 60F

ACCEL X=1,Y=5,Z=4 X=1,Y=5,Z=4

TEMP 83F 60F

Page 45: AWS October Webinar Series - Getting Started with AWS IoT

Demo AWS IoT Device Shadow

Page 46: AWS October Webinar Series - Getting Started with AWS IoT

Pricing

Page 47: AWS October Webinar Series - Getting Started with AWS IoT

Pay as You Go

- No minimum- $5 per million messages published to, or delivered in

US East (N. Virginia), US West (Oregon), EU (Ireland)- $8 per million in Asia Pacific (Tokyo) - No fees for Rules, Shadows, Deliveries to other AWS

ServicesFree Tier250,000 Messages Per Month Free for first 12 Months

Page 48: AWS October Webinar Series - Getting Started with AWS IoT

Hardware and SDKs

Page 49: AWS October Webinar Series - Getting Started with AWS IoT

Get Started with AWS IoT Device SDK

C-SDK(Ideal for embedded

OS)

JS-SDK (Ideal for Embedded

Linux Platforms)

Arduino Library(Arduino Yun)

Mobile SDK(Android and iOS)

Page 50: AWS October Webinar Series - Getting Started with AWS IoT

Official IoT Starter Kits, Powered by AWS

Page 51: AWS October Webinar Series - Getting Started with AWS IoT

Summary

- Components of AWS IoT- Securely Identify and Connect a Device- Device Gateway- Publish and Subscribe over MQTT- Rules and Actions- Device Shadows- SDKs and Starter Kits

Page 52: AWS October Webinar Series - Getting Started with AWS IoT

Thank you!

https://aws.amazon.com/iot@kylemroche