how to become an aws iot enthusiast... · summit © 2019, amazon web services, inc. or its...

S U M M I T B e r l i n 2 0 1 9

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T

How to Become an AWS IoT Enthusiast

Dr. Jürgen Nützel, [email protected] CEO of 4FriendsOnly.com AG Lead of AWS User Group Ilmenau


Author: Dr. Jürgen Nützel, [email protected]

Agenda

The Author and his User Group

IoT – What it is and Why?

AWS IoT Core

AWS IoT in Praxis



About Jürgen Nützel

CEO and main owner of

4FriendsOnly.com Internet Technologies AG, www.4FO.de Spin-off of Fraunhofer IDMT & Technical University Ilmenau

E-Commerce experts (> 10 years)

Company focus also on

Mobile development

Cloud-computing (AWS since 2013)

Digital transformation

Amazon AWS partner since 2017

University lecturer (Privatdozent)

AWS user group lead

http://www.4fo.de/



The Ilmenau AWS User Group

Founded in September 2018, > 100 Members

Meetup page:

https://www.meetup.com/de-DE/Ilmenau-Amazon-Web-Services-Meetup/

Management Team: Dr. Jürgen Nützel, 4FriendsOnly.com AG Ines Richter, ELMUG eG, Co-Organizer Dr. Dieter Wuttke, Gesellschaft für Informatik (GI) Dr. Frank Spiller, Mittelstand 4.0 Kompentenzzentrum

Our Next Meetup: April 9th Knowledge transfer on AI for local companies















IoT – Internet of Things

IoT involves extending Internet connectivity to any physical devices and everyday objects.

These devices can communicate and interact over the Internet, and they can be remotely monitored and controlled. https://en.wikipedia.org/wiki/Internet_of_things

Smart Home Example Philips Hue

https://en.wikipedia.org/wiki/Internet_of_things





Why we talk about IoT?

We are a part of ELMUG eG (www.elmug.de) A network of sensor technology companies

Some say: “Ilmenau is in the sensor valley of Thuringia”

Companies business models will change From producing sensors

To providing a service which manages sensor data

AWS may become part of these services



What is AWS IoT?

AWS IoT provides secure, bi-directional communication between Internet-connected devices (such as sensors, actuators, embedded micro-controllers) and the AWS Cloud.

You can also create applications that enable your users to control these devices from their phones or tablets.

https://docs.aws.amazon.com/en_us/iot/latest/developerguide/what-is-aws-iot.html











Important AWS IoT Components

Message broker: more later

Rules engine: select data from message payloads, and then process and send the data to other services, such as Amazon S3, Amazon DynamoDB, and AWS Lambda.

Registry: Organizes the resources associated with each device in the AWS Cloud. Assign certificates and MQTT client IDs with each.

Device Shadow service: more later

Device gateway: Enables devices to securely and efficiently communicate with AWS IoT.











Security and Authentication

Authentication and end-to-end encryption guarantees that data is never exchanged between devices and AWS IoT Core without proven identity.

In addition, you can secure access to your devices and applications by applying policies with granular permissions.

Later more about public key cryptography …



Message Broker for AWS IoT …

… is a publish/subscribe broker service that enables the sending and receiving of messages to and from AWS IoT. When communicating with AWS IoT, a client sends a message addressed to a topic like Sensor/temp/room1. The message broker, in turn, sends the message to all clients that have registered to receive messages for that topic.

The act of sending the message is referred to as publishing. The act of registering to receive messages for a topic filter is referred to as subscribing.

https://docs.aws.amazon.com/en_us/iot/latest/developerguide/iot-message-broker.html









Protocols and MQTT

The message broker uses the MQTT protocol. The message broker also supports MQTT over the WebSocket protocol.

In HTTP connections every action of the server requires a preceding client request. In the WebSocket protocol the connection keeps open. This allows the server (broker) to send new data to the client without waiting for a new client request.

https://docs.aws.amazon.com/en_us/iot/latest/developerguide/protocols.html, https://en.wikipedia.org/wiki/MQTT Image from Simon A. Eugster - Eigenes Werk, CC BY-SA 4.0 https://commons.wikimedia.org/w/index.php?curid=70622928

https://docs.aws.amazon.com/en_us/iot/latest/developerguide/protocols.html




https://en.wikipedia.org/wiki/MQTT



https://commons.wikimedia.org/w/index.php?curid=70622928

https://commons.wikimedia.org/w/index.php?curid=70622928



Device Shadow Service

The Device Shadow service uses MQTT topics to facilitate communication between applications and devices. This includes to retrieve, update and delete device status data of a shadow device.

The names of topics start with $aws/things/thingName/shadow.

The lamp updates its shadow using this:

$aws/things/myLightBulb/shadow/update https://docs.aws.amazon.com/en_us/iot/latest/developerguide/device-shadow-data-flow.html

{ "state": { "reported": { "color": "red" } } }

https://docs.aws.amazon.com/en_us/iot/latest/developerguide/device-shadow-data-flow.html













Using the Device Shadow

UPDATE:

Creates or updates a device's shadow. The data is stored with timestamp. Messages are sent to all subscribers with the difference between desired or reported state (delta). Things or apps that receive a message can perform an action based on the difference between desired or reported states.

GET:

This method returns the full JSON document (desired, reported and delta), including metadata.

DELETE:

Deletes the shadow

https://docs.aws.amazon.com/en_us/iot/latest/developerguide/using-device-shadows.html









A Complete Shadow Document


{ "state": { "desired": { "lights": { "color": "RED" }, "engine": "ON" }, "reported": { "lights": { "color": "GREEN" }, "engine": "ON" }, "delta": { "lights": { "color": "RED" } } },

"metadata": { "desired": { "lights": { "color": { "timestamp": 123456 }, } "engine": { "timestamp": 123456 } }, "reported": { "lights": { "color": { "timestamp": 789012 } }, "engine": { "timestamp": 789012 } }, "delta": { "lights": { "color": { "timestamp": 123456 } } } }, "version": 10, "timestamp": 123456789 }








RESTful-API for the Device Shadow

A shadow exposes the following URI for updating state information: https://endpoint/things/thingName/shadow

The endpoint is specific to your AWS account. The format of the endpoint is as follows: identifier.iot.region.amazonaws.com

API Actions: GetThingShadow,

UpdateThingShadow,

DeleteThingShadow

https://docs.aws.amazon.com/en_us/iot/latest/developerguide/device-shadow-rest-api.html











The Demo Setup

Two Raspberry Pis publish every 5min all sensors’ values. They subscribe the shadow of each other.

The first Raspberry Pi subscribes to IoT button’s topic.

We display the sensors’ values using AWS QuickSight. Design in https://cloudcraft.io

https://cloudcraft.io/



We Start with the AWS IoT Button

A device which connects directly via WiFi to AWS IoT.

Perfect to start and learn.

There is also the new AWS IoT Enterprise Button available. Enabled for the AWS IoT 1-Click Service.



First you have to Register a Thing

Under Mange/Things click Create



Step 1/3: Add the Button to the Thing Registry

Enter a name for the thing.



Step 2/3: Add/create a Certificate

We recommend to create the keys independently and then upload only the certificate (includes the public key only).



Download Certificate and Keys

Don’t forget to download it here!



Step 3/3: Add a Policy

You have to create a policy before.



Configure the IoT Button

Press the button until a blue blinking light appears.

The button will act as WiFi access point. Connect with a computer and configure it. Upload keys and certificate from the connected computer.



Then we can Test the IoT Button

In AWS IoT open “Test”.

Subscribe to the topic:

iotbutton/serialnumber

Three click types: SINGLE, DOUBLE and LONG



Raspberry Pi 3 Model B+ & Sense HAT Board

The Sense HAT board includes:

• Gyroscope sensor

• Accelerometer

• Magnetometer

• Barometer

• Temperature sensor

• Relative hygrometer

• 8 x 8 LED matrix display

• Small joystick

https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/

https://www.raspberrypi.org/products/sense-hat/



















Start with the Raspberry Pi in AWS IoT Core

Under ‘Onboard’ click

‘Get started’



Choose Platform and SDK

Linux runs on the Raspberry Pi.

We developed our demo in Node.js



Step 1/3: Register the Raspberry Pis

For our two Raspberry Pis

we create two things.



Step 2/3: Download a Connection Kit

Now it is time to explain the security concept in AWS IoT.

It uses public key cryptography.

MQTT includes mutual authentication using X.509 certificates.



Explanation (1/2): Public Key Cryptography

The basic principle (very short)

• We have two keys (= a key pair)

• What you encrypt with one key (from the pair) can you decrypt with the other key only (= asymmetric)

• One key is called public key

• The other key is called private key

Two use cases:

Digital Signature Asymmetric Encryption

Hash digests

over message Message +

Message Hash digests over message is encrypted with the private key of sender

Message is encrypted with the public key of the receiver

Distributed

in a

certificate



Explanation (2/2): Digital Signature in AWS IoT

Why digital signature? • Integrity of exchanged messages and authentication of communication of partners

The procedure • Sender (thing or AWS IoT, Message Broker) signs (= encryption of the hash digest) its

message with its own private key

• Receiver (thing of AWS IoT) checks the signature (= decryption of encrypted hash digest and comparison with the hash digest over the received message) with the public key (found in the certificate) of the sender



Step 3/3: Configure and Test

You get a simple shell script to test the communication of the Raspberry Pi with AWS IoT.



Shell Script: start.sh

# stop script on error set –e # Check to see if root CA file exists, download if not if [ ! -f ./root-CA.crt ]; then printf "\nDownloading AWS IoT Root CA certificate from AWS...\n“ curl https://www.amazontrust.com/repository/AmazonRootCA1.pem > root-CA.crt fi # install AWS Device SDK for NodeJS if not already installed if [ ! -d ./node_modules ]; then printf "\nInstalling AWS SDK...\n“ npm install aws-iot-device-sdk fi # run pub/sub sample app using certificates downloaded in package printf "\nRunning pub/sub sample application...\n“ node node_modules/aws-iot-device-sdk/examples/device-example.js --host-name=a2osbxo2t0q8i7-ats.iot.eu-central-1.amazonaws.com --private-key=sensehat-raspi-1.private.key --client-certificate=sensehat-raspi-1.cert.pem --ca-certificate=root-CA.crt --client-id=sdk-nodejs-a6f7f31e-0948-417e-b1c1-087ccb95fbdb

https://github.com/aws/aws-iot-device-sdk-js/blob/master/examples/device-example.js















Bluetooth Plant Sensor

Measures and broadcasts:

Sunlight, moisture, temperature and soil fertility Pictures from: www.huahuacaocao.com

http://www.huahuacaocao.com/



AWS QuickSight for Data Visualization

Amazon QuickSight is a fast, cloud-powered business intelligence (BI).

QuickSight lets you create and publish interactive dashboards that can be accessed from browsers or mobile devices. You can embed dashboards into your applications, providing your customers with powerful self-service analytics. https://aws.amazon.com/quicksight

https://aws.amazon.com/quicksight





Setup (1/2) for QuickSight

Under menu “Act” we select a thing (a Raspberry Pi) to define a rule.

With SQL we select/filter the data from the shadow.

Under Actions we define the S3 bucket to store the selected data.

This runs for every shadow update.



Setup (2/2) for QuickSight

We use AWS Athena to fill a table with data from S3.

Athena is the glue logic between S3 and QuickSight.



Design a Dashboard in QuickSight

We design easily dashboards which show the data of the plant sensor.

The first graph shows the sunlight over three days.

We can embed QuickSight dashboards into public web pages.



Thank you!


Dr. Jürgen Nützel, [email protected] CEO of 4FriendsOnly.com AG Lead of AWS User Group Ilmenau Ask me for our Raspberry Pi Node.js code !

how to become an aws iot enthusiast... · summit © 2019, amazon web services, inc. or its...

Documents