The Internet of Things on AWS – Official Blog

Introducing AWS IoT ExpressLink, making it faster and easier to develop secure IoT devices

Introduction

Developing and deploying secure IoT products can be challenging. It can often take months, or even years to connect a product securely to the cloud in a way that is scalable and easy to maintain for the life of the product. Today, IoT products require developers to handle a complex software stack and master a range of technologies from embedded development, to networking, cryptography and cloud architecture, all of which are rare skills to find in a single developer. An IoT project can quickly snowball into a complex endeavor with long development cycles and high failure rates. Modules that use AWS IoT ExpressLink make it faster and easier for developers of all skill levels to securely connect almost any device to the cloud and seamlessly integrate with over 200 AWS IoT services, including AWS IoT Core.

In this post, we will review the common challenges developers face when building IoT devices. You will learn how modules with AWS IoT ExpressLink help overcome these obstacles so you can securely connect embedded devices in weeks rather than years, lower costs, and accelerate time to market.

Complexity hides cost and vulnerabilities

A typical IoT application adds 50,000 (or more) lines of new embedded C code to a project. This is because many developers start by merging the connectivity code with the product feature code to run on a single microcontroller or microprocessor. The challenge is that this increase in code is difficult to manage and maintain while security vulnerabilities are concealed across hundreds of folders and files. Moreover, the resource-constraints of an embedded application can jeopardize product success. Take for example the tiny processor in a coffee machine. The increase in complexity may force you to rewrite the application from scratch or increase the project scope and budget, significantly increasing costs and delaying time to market. Additionally, the large code base requires ongoing investment to keep the connected product secure by continually analyzing and patching security vulnerabilities which is a costly exercise over the life of the product.

Undifferentiated work

To create a secure IoT device, developers use complex APIs to achieve cloud connectivity:

  1. Connect to a Physical Layer (i.e., Wi-Fi radio)
  2. Establish TCP/IP communication
  3. Connect to an Internet Protocol endpoint
  4. Upgrade to a secure socket interface (TLS) and perform mutual Authentication
  5. Log into an MQTT broker
  6. Subscribe to topics as required

Despite the complexity of each step and amount of time and resources it takes to ensure each one is executed reliably and securely, none of these steps has a material impact on the customer experience, other than simply enabling cloud connectivity. The technical knowledge required to execute these steps is rare to find, forcing companies to either invest in creating a team of connectivity experts, or outsource the work to consulting services. As a result, resources are diverted from building innovative products and instead, spent on repetitive, undifferentiated work.

CEO of ēdn, Ryan Woltz, faced several of these pain points when building his smart indoor gardening devices that featured on Shark Tank. Woltz wanted his team to move quickly and focus on building brand-defining features with machine learning and artificial intelligence. Instead, he found they spent most of their time on the undifferentiated work, trying to reinvent the wheel and worrying about the security of the product. As Woltz notes, “Developing connected firmware is harder than hardware!”

Introducing AWS IoT ExpressLink modules

AWS IoT ExpressLink powers a range of hardware modules developed and offered by AWS Partners, such as Espressif, Infineon, and u-blox. With these connectivity modules, you no longer need to be an expert in networking, cryptography, and authentication protocols to develop secure IoT devices. Now, you can shift the complex but undifferentiated work of cloud connectivity to the module and seamlessly integrate with a range of AWS IoT services in a fraction of the time and cost (see figure 1). Our family of qualified AWS partner modules allow you to choose from a range of form factors and connectivity technologies, such as Wi-Fi and Cellular, to suit your needs.

Figure 1 – Modular design of connected applications with AWS IoT ExpressLink

How it works

Quickly and easily connect to the cloud

AWS IoT ExpressLink helps developers with the complex and security-critical code by packaging it into a single hardware component. With just 3 wires (TX, RX, and GND) you have everything you need to connect any embedded device to the cloud. Three more pins on the host processor provides more control and efficiency in the connection if the host processor can spare them.

Figure 2 – AWS IoT ExpressLink physical interface

Whether you are using a Wi-Fi or a cellular LTE-M module, your application can now be expressed in 10 simple lines of code (see Figure 3). Our Programmers Manual includes a dozen Attention (AT) commands to help you get started. By abstracting away the details of the communication medium and allowing you to send AWS IoT ExpressLink commands as simple as “connect”, “send”, and “subscribe,” you can focus time and resources on the differentiating aspects of your application and the strategic value you provide.

int main()
{
    print("AT+CONNECT\n");
    while(1){
        print("AT+SEND data {\"A\"=%d}", getSensorA());
        delays(1);
    }
}

Figure 3 – AWS IoT ExpressLink pseudo-code example

As a result, your development will not be slowed down by any of the following:

  1. Dependencies on the media layer
  2. Explicit dependencies on the protocols
  3. Dependencies on the cloud security protocols
  4. References to the many (ISO/OSI) stack layers traversed by the application

Security built in

Every module with AWS IoT ExpressLink comes pre-provisioned with security credentials set by qualified AWS Partners. They also include AWS-validated software, enabling you to directly connect to AWS IoT Core and 200+ AWS IoT services. AWS IoT ExpressLink modules implement security best practices, providing:

  • A hardware root of trust, pre-provisioned with unique IDs and pre-signed certificates
  • Secure secrets storage
  • Encrypted communication to and from the cloud
  • Secure Boot
  • Over-the-Air (OTA) updates to the module’s firmware with security patches and feature updates provided and signed by the module manufacturers
  • OTA updates to the host processor, with the ability to transfer any type of file and verify its integrity and authenticity with your signature
  • Built-in support for continuous device health monitoring

AWS provides AWS IoT ExpressLink connectivity software and technical specifications for Partners to use in their modules. AWS also reviews results from qualification tests that Partners run before the modules are approved for listing in the AWS Partner Device Catalog. This helps to validate that security is built into the product from the outset, rather than treated as an afterthought.

Deploy and manage at scale

Every module with AWS IoT ExpressLink comes pre-provisioned with a unique identifier and a certificate to simplify deployment at scale. The modules can be onboarded in a user account using a number of common methods, and make it easy to support late-binding onboarding mechanisms to increase flexibility and reduce manufacturing time and cost. Moreover, with AWS IoT Device Defender you can natively monitor your devices’ health and easily manage your fleets at scale with AWS IoT Device Management.

Getting started

Order your AWS IoT ExpressLink evaluation kits today from the following AWS partners: Espressif, Infineon and u-blox. All three offer different implementations of a Wi-Fi connectivity module. Additionally, u-blox offers a first implementation of AWS IoT ExpressLink with cellular connectivity.

Conclusion

With AWS IoT ExpressLink, developing secure IoT devices is faster and easier than ever before. Whether you’re augmenting an existing application or designing a new one, you can do so in a fraction of the time and cost as compared to a traditional IoT application. With pre-provisioning and direct integration with AWS IoT Core services, you can rapidly deploy in volume, monitor fleet health and provide updates at scale.

About the author

Lucio Di Jasio is a Product Manager at Amazon Web Services. He has held various technical and marketing roles in the semiconductor industry for the past 20 years. He has published numerous articles and technical books on programming for embedded control applications. Lucio is also passionate about flying, and has achieved both FAA and EASA private pilot licenses.