Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
Download as PPTX, PDF•4 likes•480 views
The document discusses AWS IoT and Greengrass, detailing its components including the AWS IoT Device SDK, Device Gateway, and the concept of Device Shadows for managing device states. It explains MQTT protocol for communication between devices, security measures like mutual authentication, and various AWS services that can interact with IoT devices. Additionally, it covers how to connect and secure devices using certificates and policies.
Jeremy Cowan's AWS user group presentation "AWS Greengrass & IoT demo"
- 1. AWS IoT & GreenGrass Jeremy Cowan, Enterprise Solutions Architect [email protected]
- 2. 25billion devices by 2020
- 3. Everyday things will be connected… http://www.washingtonpost.com/sf/brand-connect/wp-content/uploads/sites/3/2015/05/cc_heroimage_v2.jpg
- 6. AWS IoT DEVICE SDK Set of client libraries to connect, authenticate and exchange messages DEVICE GATEWAY Communicate with devices via MQTT, HTTP and Web Sockets AUTHENTICATION AUTHORIZATION Secure with mutual authentication and encryption RULES ENGINE Transform messages based on rules and route to AWS Services AWS Services - - - - - 3P Services DEVICE SHADOW Persistent thing state during intermittent connections APPLICATIONS AWS IoT API DEVICE REGISTRY Identity and Management of your things
- 7. MQTT Primer MQ Telemetry Transport – the IoT protocol Senders ‘Publish’ to topics and send messages Receivers ‘Subscribe’ to topics and receive messages All subscribers receive all messages sent to a topic Topic names can be subscribed to using ‘wildcards’ topicname/path Use the path depth that makes sense for your application
- 8. MQTT Primer Pub: sensors/temp/room1 If the receiver subscribes to the exact full path, they only receive messages sent to the exact full path All messages published on this topic are received by all subscribers to the topic Sub: sensors/temp/room1
- 9. MQTT Primer Pub: sensors/temp/room1 The plus (+) matches exactly one item in the topic hierarchy so here the subscriber will receive messages for all sensors in room 1 All messages published on this topic are received by all subscribers to the topic Sub: sensors/+/room1
- 10. Pub: sensors/temp/room1 The Hash (#) means the subscriber will receive messages for all temperature sensors in all rooms All messages published on this topic are received by all subscribers to the topic Sub: sensors/temp/# MQTT Primer
- 11. AWS IoT DEVICE SDK Set of client libraries to connect, authenticate and exchange messages DEVICE GATEWAY Communicate with devices via MQTT, HTTP and Web Sockets AUTHENTICATION AUTHORIZATION Secure with mutual authentication and encryption RULES ENGINE Transform messages based on rules and route to AWS Services AWS Services - - - - - 3P Services DEVICE SHADOW Persistent thing state during intermittent connections APPLICATIONS AWS IoT API DEVICE REGISTRY Identity and Management of your things
- 12. Device Shadow • Plan for devices to lose connectivity – Device may need to shut down when idle to conserve battery. – Device may be stable, but the network could be unreliable. • Send devices commands through Shadows – Instead of wrangling custom topics and keeping state yourself, use the Device Shadow to abstract away the topics and connectivity issues. • Query device state through Shadows – The Device Shadow is always available, even if the device is not. • Addresses message ordering for command and control – Uses optimistic locking (version number)
- 13. Device Shadow Thing reported state desired state MQTT AWS Lambda The device itself is the source of truth for the ‘reported’ state. Interested parties set the ‘desired’ state to request a change to the state of the device.
- 14. • Used to request a change to device state Interested parties request device state change through the JSON payload. • Difference between ‘reported’ and ‘desired’ triggers a ‘delta’ message to the device The AWS IoT device shadow compares the ‘reported’ state with the ‘desired’ state, and any properties of ‘desired’ not present or different in the ‘reported’ state are notified via a ‘delta’ message. ‘Desired’ state
- 15. AWS IoT Reserved Topics $aws/things/SmartHub/shadow/update Topic names that begin with $aws are reserved for AWS IoT special uses, such as addressing the device shadow for a thing.
- 16. The Device Shadow listens to a well-known topic and interprets the JSON payload it receives. You can publish well-formed messages to $aws/things/SmartHub/shadow/update to update the shadow, or more conveniently, use the aws-iot-sdk abstractions.
- 17. AWS IoT SDKs • Supported languages / environments • Python • Embedded C • iOS • Android • Javascript • NodeJS • Java • Arduino Yun • Support device shadow and custom topics Built on top of Paho MQTT client library, the SDKs abstract the device shadow but allow direct pub/sub • Fully documented Rich documentation with examples on GitHub
- 18. AWS IoT – How Do You Connect a Device? 1. Provision a certificate AWS IoT can generate the Cert/Public/Private keys for you Alternatively, BYO certificate to more easily integrate with existing workflows 2. Attach an IoT Policy Associate an IoT Policy document with the certificate to scope down what the certificate holder can do 3. Connect over MQTT Use the AWS IoT SDKs or roll-your-own 4. Send some data Publish a payload!
- 19. AWS IoT – How Do You Secure Communications? • Mutual authentication X.509 certificate-based auth – When devices connect to the AWS IoT broker, they use certificate-based authentication. You assign policies to certificates. • AWS SigV4 – When browsers use WebSockets, connections are signed using SigV4, which identifies the user principal that you can attach AWS IoT policies to. • Amazon Cognito simplifies signing SigV4 requests – Takes care of steps necessary to create a unique identifier for users and retrieve temporary, limited-privilege AWS credentials.
- 20. AWS IoT DEVICE SDK Set of client libraries to connect, authenticate and exchange messages DEVICE GATEWAY Communicate with devices via MQTT, HTTP and Web Sockets AUTHENTICATION AUTHORIZATION Secure with mutual authentication and encryption RULES ENGINE Transform messages based on rules and route to AWS Services AWS Services - - - - - 3P Services DEVICE SHADOW Persistent thing state during intermittent connections APPLICATIONS AWS IoT API DEVICE REGISTRY Identity and Management of your things
- 21. Rules Engine • Augment or filter data received from a device. • Write data received to an Amazon DynamoDB database. • Save a file to Amazon S3. • Send a push notification to all users of Amazon SNS. • Publish data to an Amazon SQS queue. • Invoke a Lambda function to extract data. • Push data into Elastic Search. • Process messages from a large number of devices using Amazon Kinesis. • Republish the message to another MQTT topic.
- 22. Example Rule SELECT * FROM '#' The entire contents of the MQTT message All messages that arrive at the message broker
- 23. Example Rule SELECT * FROM '$aws/things/SmartHub/shadow/update' The entire contents of the MQTT message Only messages as part of a shadow update request
- 24. Example Rule SELECT state.reported.info as info FROM '$aws/things/SmartHub/shadow/update' WHERE state.reported.target="LightBulb" Just the ‘info’ property in the reported state message Only messages that have a ‘target’ value set to ‘LightBulb’
Editor's Notes
- #2: Greeting Role Today – IoT / Connected devices
- #5: Take amazon for example… if we build apps to monitor a single robot, we’d have quite a bit of a challenge managing our logistics operations. Hundreds of thousands or robots like these from Amazon Robotics in our fullfillment centers globally These are all working in concert with our commerce business to get packages to customers in a quick, safe and reliable manner. 1 hour in some areas! (starter kit plug?)
- #7: Out prime:now service uses contract drivers in some areas
- #8: so, if you’re not aware, we have a decent size delivery business. In addition to the trucks, we have other methods of delivery… My next point, the purpose of the thing doesn’t dictate how it can be measured
- #9: And, of course the drone. The point again… various ways of delivering packages... Machines w/ the same function. VERY different requirements for monitoring and management.
- #29: Many applications can’t rely exclusively on the cloud for control There are privacy or regulatory constraints with localized data IoT applications may rely on timely decisions Things have to work even when connectivity is not available Building cloud-enabled devices that work offline required maintaining separate code bases for local and cloud execution Transition slide between Technicolor: customer transforming product with AWS IoT Edge to Rio Tinto: Customer Transforming entire industry ecosystem with AWS IoT + AWS IoT Edge Cloud Service – it’s updated like one! Since launch: -Jokes, Star Trek Nimoy, Rocks paper Scissors, sports scores, Pandora, home automation, ITTT. Do not use the following (COPPA): -Dr. Suess