The Internet of Things on AWS – Official Blog

Bites of IoT – Introduction

Welcome to Bites of IoT, the first post in a series designed to introduce developers to AWS IoT.

In this first bite, we’ll set up a very simple client that can create things in AWS IoT, send messages to those things, subscribe to topics to receive messages from things, and then clean up. The client is available through AWS Labs on GitHub. It’s used in this post to illustrate some IoT concepts, but will be used in later posts in this series, too.

Before we get into the details, let’s cover a few concepts:

AWS IoT is a managed service in the AWS Cloud that enables your devices to easily and securely connect to a rich ecosystem of cloud-based services or your own homegrown systems. The service enables this connectivity while reliably scaling to billions of devices sending trillions of messages. The service includes these building blocks:

Message Broker – Acts as a front door for your device to the AWS Cloud. The message broker exposes publish-and-subscribe messaging capabilities available for use by devices through transport protocols like MQTT, HTTP, and WebSocket.

Rules Engine – This is the point closest to the front door where your solution can make decisions about a device’s messages (for example, message filtering, routing messages to other services, and even a direct processing of messages in your solution). We will explore the facets of the rules engine in later posts.

Device Shadow – Sometimes referred to as a thing shadow, this is a logical representation of a physical device’s reported state or desired future state. Although the concept is a bit abstract, this building block provides a huge benefit for customers who build web- or mobile-based applications that need to interact with real devices at any scale. In later posts, we will explore the ways in which the device shadow is used in these interactions.

AWS APIs and the AWS Management Console – These are the mechanisms used to provision every AWS service. This post and all others in this series will include interaction with AWS through the APIs and AWS Management Console. In all Bites of IoT posts we assume you have an IAM user with developer-level permissions in an AWS account.

The relationships between these building blocks is:

AWS IoT has a message broker, rules engine, and device shadows.
AWS IoT is a part of the AWS Cloud.

Installing ELF

The AWS IoT ELF Python example client demonstrates how you can create things, send messages to things, subscribe to topics to receive messages from things, and clean up things in AWS IoT by using the AWS SDK for Python and the standard AWS IoT device client.

To ensure you have a simple working IoT client for this and subsequent blog posts, follow the Getting Started instructions for your computing environment. Make sure your AWS user can access the AWS IoT console.

Understanding the ELF Client and AWS IoT

We’ll go through the AWS IoT ELF commands to show how a device interacts with the building blocks of AWS IoT.

When you execute the create command, AWS IoT ELF will create a certificate, then a thing, and then attach the thing to the certificate. At this point, the device that possesses the certificate (in this case, IoT ELF) can use the AWS IoT service as if it actually is the logical thing.

Like a driver’s license that identifies a person and conveys the privilege to drive, a certificate identifies the thing and conveys the privilege to use the thing’s AWS IoT building blocks; specifically, the device can interact with the device shadow and message broker.

When you execute the send command, AWS IoT ELF will first create a policy that allows interaction with thing-specific topics for general messaging and device shadow messages. Then AWS IoT ELF will attach the policy to the certificate. The device can now publish and subscribe to messages on topics in the message broker and interact with the device shadow associated with the previously attached thing.

To continue the driver’s license analogy, even after drivers obtain a license, they can only use their car on roads in the country for which they have the privilege to drive. Similarly, when a device has a certificate, it can interact with the AWS IoT service, but the IoT policy dictates which topics or “lanes” the device can use to send and receive messages.

After a policy is configured for a device (or, in this case, AWS IoT ELF) the topics through which messages are sent convey the purpose of each message to a customer’s solution.

For example, messages sent or received on a topic elf/thing_0 are considered general purpose messages for the ELF in the solution. These messages might have a customer-defined format and convey telemetry or commands for use by the customer’s solution. But there are topics in AWS IoT that are reserved for interaction with building blocks of the AWS IoT service itself.

For example, a device named thing_0 can report its current state and subscribe to requests to change state through messages flowing through the thing’s device shadow topic $aws/things/thing_0/shadow/update. Messages sent and received on this topic must follow the format expected by the device shadow and are tracked as state transitions of the thing.

This topic-based interaction keeps messages flowing in the correct lanes of the solution. It is controlled by using AWS IoT to attach policies to the certificate possessed by the device.

Finally, when you execute the clean command, AWS IoT ELF detaches the IoT policy and thing from the certificate, deactivates the certificate, and then deletes the policy, thing, and certificate.

Subscribing to Topics in the AWS Console

Instead of using the subscribe command in AWS IoT ELF, we will now use the ELF to send messages to AWS IoT and then use the AWS IoT console to subscribe to those messages:

  1. Sign in to the AWS Management Console, and then choose the AWS IoT icon.
  2. In the AWS IoT console, choose MQTT Client.
  3. In the Client ID field, type web-elf, and then choose Connect.
  4. Choose Subscribe to topic and in the Subscription topic field, type elf/#. This will subscribe the console’s built-in MQTT client to the default AWS IoT ELF topic.

Note: These steps are similar to those described in View Device MQTT Messages in the AWS IoT Developer Guide.

Execute these commands from the directory in which you installed AWS IoT ELF:

python create
python send --duration 30

Go back the AWS IoT console, and for about 30 seconds, you will see messages being sent by AWS IoT ELF.

Specifically, what you’re seeing in the console is a result of:

  1. The ELF creating messages to send.
  2. The ELF sharing the certificate with AWS IoT to identify itself as a device mapped to a thing.
  3. The ELF using the MQTT protocol to send a message to the elf/thing_0 topic.
  4. The policy previously attached to the certificate being checked and, if the policy allows it, the message being sent on the elf/thing_0 topic.
  5. The AWS IoT console’s built-in MQTT client indirectly subscribing to the elf/thing_0 topic. (The # in elf/# is a wildcard that means “everything from this point in the topic hierarchy and below.”)

Next Topics in the Series

Upcoming Bites of IoT posts will show simple routing examples using AWS IoT ELF and the rules engine. These examples will cover sending notifications, streaming and saving messages, republishing messages, computing on messages, and finally, searching messages.

After that, we’ll explore the not-so-shadowy world of device shadows to show how truly powerful this building block can be when added to an IoT solution designer’s toolbox.

I hope you’ve enjoyed taking your first small bite out of IoT. I look forward to offering up other tasty morsels in the near future.

May your success be swift and your solution scalable. Feel free to leave your feedback in the comments.