Introduction to AWS Internet-of-Things (IoT)
SPL-55 Version 2.1.6
© 2019 Amazon Web Services, Inc. and its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited.
Errors or corrections? Email us at firstname.lastname@example.org.
Other questions? Contact us at https://aws.amazon.com/contact-us/aws-training/
AWS Internet of Things (IoT) is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely. With AWS IoT, your applications can keep track of and communicate with all your devices, all the time, even when they aren't connected.
In today's lab, you will run a simple IoT device simulator on Amazon Elastic Compute Cloud (Amazon EC2) that will send sensor data (temperature) to the AWS IoT device gateway. You will then build a simple rule, using SQL-like syntax, that will publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic when the temperature of the device is within a defined threshold. By connecting your email address with the Amazon SNS topic, you will receive an email notification when the threshold is met. Finally, you will update the device shadow, instructing the device to "turn on the air conditioning," resulting in lowering temperatures. Here is an overview of the tasks that you will complete:
There is a comprehensive Glossary of Terms at the end of this lab. If you come across a term that you are unfamiliar with, take a look at the glossary for more information.
Your goals for this lab are:
- Create AWS IoT certificates and keys
- Run the simulator app and publish data to AWS IoT
- Subscribe to the topic with the MQTT client in the AWS Management Console and watch the data stream in
- Create an AWS IoT rule that will look for records with a temperature above a defined threshold
- Associate a Simple Notification Service action with the rule
- Publish a state change to the device shadow, instructing the simulator app to reduce temperature by "turning on the air conditioning"
Technical Knowledge Prerequisites
To successfully complete this lab, you should be familiar with the Amazon EC2 service and how to connect to a Linux-based EC2 instance using SSH. You should also be familiar with Amazon SNS, in particular, how to create an Amazon SNS topic and subscribe an email address to the topic.
Other AWS Services
Other AWS services than the ones needed for this lab are disabled by IAM policy during your access time in this lab. In addition, the capabilities of the services used in this lab are limited to what's required by the lab and in some cases, are even further limited as an intentional aspect of the lab design. Expect errors when accessing other services or performing actions beyond those provided in this lab guide.
Notice the lab properties below the lab title:
- setup - The estimated time to set up the lab environment
- access - The time the lab will run before automatically shutting down
- completion - The estimated time the lab should take to complete
- At the top of your screen, launch your lab by clicking
If you are prompted for a token, use the one distributed to you (or credits you have purchased).
A status bar shows the progress of the lab environment creation process. The AWS Management Console is accessible during lab resource creation, but your AWS resources may not be fully available until the process is complete.
- Open your lab by clicking
This will automatically log you into the AWS Management Console.
Please do not change the Region unless instructed.
Common login errors
Error : Federated login credentials
If you see this message:
- Close the browser tab to return to your initial lab window
- Wait a few seconds
- Click again
You should now be able to access the AWS Management Console.
Error: You must first log out
If you see the message, You must first log out before logging into a different AWS account:
- Click click here
- Close your browser tab to return to your initial Qwiklabs window
- Click again
What is AWS IoT?
AWS IoT provides secure, bi-directional communication between Internet-connected things (such as sensors, actuators, embedded devices, or smart appliances) and the AWS cloud. This enables you to collect telemetry data from multiple devices and store and analyze the data. You can also create applications that enable your users to control these devices from their phones or tablets.
The Publish/Subscribe Pattern
Here is an example of how the publish/subscribe model works with AWS IoT:
Authentication and Connection Mechanisms
There are three ways to securely connect to AWS IoT and start publishing and subscribing to topics.
First, you can use IAM users, groups and roles with an associated Access Key ID and Secret Key. This is a common way to connect to any AWS service. You can use the AWS keys to invoke APIs in the AWS command line interface (CLI), the AWS Software Development Kits (SDKs) or directly using AWS Signature Version 4. In this approach, you would connect to AWS IoT over HTTP or using WebSockets.
Second, you can generate an X.509 certificate. Not all devices are powerful enough to support HTTP connections. AWS IoT supports MQTT connections using X.509 certificates. This is the approach you will take in today's lab and is the most common approach to securely connect devices to AWS IoT without having to store or generate AWS key pairs on the device. In this approach, you would connect to AWS IoT over an MQTT connection.
Third, you can use an Amazon Cognito Identity. Cognito enables you to use your own identity provider (Sign in with Facebook, Login with Amazon, Cognito User Pools, etc.) to generate temporary key pairs (Access Key ID and Secret Key). You can associate IAM roles with your Cognito Identity to allow granular access to publish and subscribe to AWS IoT topics. In this approach, you would connect to AWS IoT over HTTP or using WebSockets.
For more information on connecting to AWS IoT, see the Developer Guide.
Generate Certificates and Run the Simulator Application
There is a reference version of the code available in the included instruction files. However, the application files will be pre-loaded on the Amazon EC2 instance that was created for you. In this section, you will:
- Connect to the Amazon EC2 instance created for you
- Generate the X.509 certificates using the CLI
- Run the application simulator.js
- View the incoming messages in the AWS IoT Console MQTT client
Join Qwiklabs to read the rest of this lab...and more!
- Get temporary access to the Amazon Web Services Console.
- Over 200 labs from beginner to advanced levels.
- Bite-sized so you can learn at your own pace.