Filter results by

AWS IoT

At the edges of the IoT world, you’ll find actuators and sensors. There are plenty of commands to send, and way too much data to deal with. But job #1 is secure management – how do you design a device that you can identify and connect with 100% certainty that it hasn’t been hacked (and never will be)?

ARTIK and AWS IoT together provide an incredibly secure way of doing this.

  • The CA certificate chain is pre-registered to AWS IoT, but individual device certificates do not need to be pre-registered
  • ARTIK sets up an SSL/TLS-secured channel without ever exposing the private key to applications
  • Without ever having seen the device or its certificate, AWS IoT receives the certificate on the initial connection attempt and safely verifies it before proceeding
  • AWS IoT assigns the device a Certificate ID with its just-in-time registration (JITR) feature; the device is now online.

What it means: A “self-managing” secure ecosystem, where “ownership” of the device can be transferred from OEM/ODM to service provider, and from end user to end user, with ease.

Once connected, you have the whole AWS world at your command.
– Send photos from your ARTIK surveillance system to the AWS S3 file bucket.
– Scan the files for unknown objects with AWS Rekognition.
– Upgrade your ARTIK capabilities on-the-fly by sending an AWS Lambda function.
All of this happens with no fear of interception, thanks to ARM® TrustZone® technology and the ARTIK Secure Execution Environment (SEE) – the private key stays private.

AWS IoT Articles

You're ready to begin! We recommend following the articles below in the order shown.

Service Tutorial Description
AWS IoT - Overview Publishing IoT data and receiving commands, using MQTT
AWS IoT - JIT Register Provisioning ARTIK boards with keys and certificates
AWS Lambda - JIT Register Servicing the connection event in the cloud
AWS Greengrass Deployment of encapsulated compute
modules (AWS Lambda functions)

Setting Up AWS Tools

Amazon AWS cloud-based tools can significantly increase the capabilities of ARTIK modules. The article here describes how to get started, by:

  • Setting up your account
  • Installing the AWS CLI
  • Configuring your credentials.

Get AWS Account

Follow the AWS sign-up instructions to be able to access the various AWS services we'll need. All are free for introductory use.

Note that you may need to choose the same geographic area in all your AWS services to guarantee interoperability among them.

Install Amazon AWS CLI

While Greengrass does not require installation of the AWS CLI, you'll find the CLI makes configuration and debug a lot easier.

The AWS CLI wants to operate from a Python 3.5 environment, which will interfere with the normal Python 2.7 environment used by other ARTIK utilities. You could follow the instructions to set up the AWS CLI in a virtual environment, but it may not work the way shown in the AWS article. Here's what worked for us.

1
2
3
4
5
6
apt install python-pip
apt install python3-pip
apt install python3-venv
pyvenv ~/cli-ve
source ~/cli-ve/bin/activate
pip install --upgrade awscli

Type
aws --version
to verify that the AWS CLI installed correctly.

Going forward, you'll use just
source ~/cli-ve/bin/activate
to enter the Python 3.5 environment, and
deactivate
to exit. You can type python in each environment to see whether you're in Python 2.7 or 3.5.

Handling Credentials

Get credentials

Under your account information, find your security credentials. Then create a new access key and keep it and the secret key on the screen for the next step.

Configure credentials

On your ARTIK board, enter:

aws configure

You can now copy and paste your key and secret key. AWS creates a hidden directory and file ~/.aws/credentials with the information, which will be accessed by the CLI, S3, Greengrass, and any other AWS services you have.

For region, you can choose us-west-2 which will be appropriate for the AWS Greengrass article and should work for other articles as well.

Last updated on: