Filter results by

AWS IoT – Overview

The AWS IoT service provides a clean and simple way for your IoT devices to publish data and receive commands over MQTT. As with most MQTT implementations, basic JSON messaging is used. For example, an AWS IoT button might publish a message like this:

{  
    "serialNumber" : "ABCDEFG12345",  
    "batteryVoltage" : "2000mV",  
    "clickType" : "SINGLE"  
}

to your account AWS IoT MQTT broker
a123456785c3ya.iot.us-west-2.amazonaws.com
with a topic of

foo/bar/59976...9f1613

where the number shown represents a 64-digit AWS-assigned certificate ID for your individual device.

You can use any means to subscribe to and publish to topics that you define on both the ARTIK and AWS IoT cloud sides – NodeJS code, Python code, and Node-RED flows are some examples.

Security Infrastructure

Security is fundamental to AWS IoT, as it is to ARTIK. Before regular MQTT exchanges can occur, you must have already put the following infrastructure in place.

  • Provisioning. The ARTIK device must be provisioned with a key, a CA certificate that has been registered to AWS IoT, and a client certificate (with serial number) that has been derived from the registered one.

  • Retry/backoff. Communications code on the ARTIK device must be designed to attempt an SSL/TLS-secured connection to the AWS IoT MQTT broker, and to continue to retry after an initial attempt is rejected.

  • Just-in-time registration (JITR). The AWS IoT cloud must have a Lambda function that recognizes the connecting device, registers it, attaches a policy, and checks it against a whitelist of serial numbers.

Procedure. The ARTIK device tries to connect. During the mutually-authenticated TLS handshake, AWS IoT receives the device-unique certificate, extracts the serial number, and looks it up in the whitelist. If valid, and since security is otherwise guaranteed by the TLS connect process, AWS IoT enables the device for normal access.

Command Line Example

The Provisioning and JITR setup requirements will take some time, and are prerequisite to communication over MQTT.

However, once you have those out of the way, publishing data couldn't be simpler. We'll do it here from the command line, but you can easily duplicate this using your preferred SDK.

[root@artik ~]# mosquitto_pub --cafile root.cert --cert rsaDevCertAndCACert.crt --key rsaDevCert.key -h  a1234567v5c3ya.iot.us-west-2.amazonaws.com -p 8883 -q 1 -t foo/bar/ -i 5997633e1362650cba3a566faa342cf4a9412665ba297ae40fd96ede8a9f1613  --tls-version tlsv1.2 -m '{"serialNumber":"ABCDEFG"}' -d
Client 5997633e1362650cba3a566faa342cf4a9412665ba297ae40fd96ede8a9f1613 sending CONNECT
Client 5997633e1362650cba3a566faa342cf4a9412665ba297ae40fd96ede8a9f1613 received CONNACK
Client 5997633e1362650cba3a566faa342cf4a9412665ba297ae40fd96ede8a9f1613 sending PUBLISH (d0, q1, r0, m1, 'foo/bar/', ... (26 bytes))
Client 5997633e1362650cba3a566faa342cf4a9412665ba297ae40fd96ede8a9f1613 received PUBACK (Mid: 1)
Client 5997633e1362650cba3a566faa342cf4a9412665ba297ae40fd96ede8a9f1613 sending DISCONNECT

On the AWS IoT MQTT broker console, you would subscribe to foo/bar/# and would see the result like this:

You write various Lambda functions in the AWS IoT cloud to receive this data and send it to any of the many available AWS cloud services for further processing or storage. That's all there is to it!

Using AWS IoT SDK on ARTIK 530/710

Using the AWS IoT SDK on ARTIK 530/530s and 710/710s is straightforward. Since these modules run Ubuntu, you can easily develop applications on ARTIK devices with the SDK. Click on the references below for your chosen SDK.

Last updated on: