AWS IoT (Internet of Things) provides secure, bi-directional communication between internet-connected devices such as embedded micro controllers, actuators, sensors, AWS Cloud and smart appliances. The cloud managed platform lets connected devices securely interact with cloud applications and other devices. The platform allows you to collect telemetry data from multiple devices, and store and analyze that data. Applications can be developed that allow your users to control these devices from their phones.

AWS IoT integrates directly with AWS Lambda, Amazon S3, Amazon DynamoDB, Amazon Simple Notification Service, Amazon Simple Queue Service, Amazon CloudWatch, Amazon Kinesis and Machine Learning to build IoT applications that gather, process, analyze and act on data generated by connected devices, without you to manage any infrastructure.

The platform will make it easier for developers to ingest incoming data from devices using standard gateways and protocols like MQTT and HTTPS. It can support billions of devices and trillions of messages.

AWS IoT allows you to easily connect devices to the cloud and other systems. The protocol supports HTTP, WebSockets and MQTT to minimize code footprint on devices and reduce network bandwidth requirement.

Secure service connections and data

The platform provides authentication and end-to-end encryption throughout all points of connection so that data is never exchanged between devices and AWS IoT without proven identity. Access to devices and applications can be secured by applying policies with granular permissions.

Act upon device data

One can filter, transform and act upon device data on the fly. One can also update business rules to implement new device and application features at any time.

Set device state at any time

The platform stores the latest device state so that it can be read or set at any time, making the device appear to your applications as if it were online all the time. The application can read the state of device even when it is disconnected, and implement the device state when it is reconnected.

AWS IoT components

Device Gateway

The device gateway serves as entry point for IoT devices connecting to AWS. The gateway enables devices to efficiently and securely communicate with AWS IoT. It supports MQTT, WebSockets and HTTP 1.1 protocols. It enables the devices to send and receive messages at any time with low latency. It is fully managed and scales automatically to support over a billion devices without requiring you to manage any infrastructure.

Message Broker

It’s a high throughput pub that securely transmits messages from IoT devices and applications with low latency. It provides a mechanism to AWS IoT applications and devices to publish and receive messages from each other. You can use either the MQTT protocol directly or MQTT over WebSocket to publish and subscribe. Setting up of fine grained access control allows you to manage the permissions of individual connections at the topic level. This way, you can ascertain that your applications and devices will only send and receive data that you want them to.

Rules Engine

It provides message processing and integration with other AWS services. It allows you to build applications that gather, process, analyze and act on data generated by the connected devices. One can use an SQL-based language to select data from message payloads, process and send it to other services such as AWS Lambda, Amazon DynamoDB and Amazon S3. You can author rules within the management console or write them using SQL-like syntax. Rules can be authored to behave differently as per the context of the message and take into account other data in the cloud, like data from other devices.

The Rules Engine provides numerous available functions that can be used to transform your data and create more using AWS Lambda. Rules can trigger the execution of your Node.js, Java or Python code in AWS Lambda, giving the developer flexibility and power to process the device data.

Registry

Allows you to register your devices and associate custom attributes, certificates and MQTT client IDs with each device to enhance your ability to manage and troubleshoot them. Registry establishes an identity for devices and tracks metadata such as the device’s attributes and capabilities. A unique identity is assigned to each device that is consistently formatted. It also supports metadata that describes the capabilities of a device. You can build a hierarchy of groups for Group Registry. Any action performed on the parent group will apply to its child groups and to all devices in it.

Authentication and Authorization

Provides shared responsibility for security in the AWS Cloud. Rules Engine and Message Broker use AWS security features to send data securely to AWS services and devices. It provides mutual authentication and encryption at all points of connection so that the data is never exchanged without a proven identity. Connections using HTTP can use certificate based authentication and customer created token based authentication while connections using MQTT certificate based authentication, and connections using WebSockets can use SigV4 or custom authorizers. You can use AWS IoT Core generated certificates or the ones signed by your preferred Certificate Authority.

Policies can be mapped to each certificate so that you can authorize devices or applications to have access or revoke it altogether without ever touching the device. Certificates can be provisioned, activated and associated with the relevant IoT policies configured using AWS IoT. You can also create, deploy and manage certificates and policies for the devices from the console or using the API.

Device Shadow

It’s a JSON document which is used to store and retrieve current state information for a device. You can create a persistent, virtual version or Device Shadow for each device including its latest state so that applications and other devices can read messages and interact with it. The Device Shadow persists the last reported state and desired future state of each device even in offline mode. You can build applications that interact with your devices by providing always available REST APIs. Moreover, the applications can set the desired future state of a device without accounting for its current state.

Device Shadow Service

An IoT app development company will allow for persistent representation of your devices in AWS Cloud. You can publish updated state information to a device’s shadow which will be synchronized by the device when connected. The device can also publish its current state to a shadow for use by other devices and applications.

Device Provisioning Service

Allows you to provision devices for the resources required for your device, like a thing, a certificate, policies etc. A thing contains attributes describing a device. Certificate is used by the device to authenticate with AWS IoT. Policies determine the operations that can be performed in AWS IoT by a device.

Jobs Service

You can define a set of remote operations sent to and executed on multiple devices connected to AWS IoT. For example, you can define a job instructing devices to reboot, rotate certificates or perform remote troubleshooting operations. To create a job, you need to specify a description of the remote operations to be performed and the list of targets performing them. The targets can be individual devices, groups or both.

Custom Authentication Service

You can define custom authorizers to manage your own authentication and authorization strategy using a Lambda function and custom authentication service. Custom authorizers must return policy documents used by the device gateway to authorize MQTT operations.

Accessing AWS IoT

AWS provides following interfaces to create and interact with your devices:

AWS Command Line Interface (AWS CLI): These commands allow you to create and manage things, rules, certificates and policies.

AWS IoT API: You can build your IoT applications using HTTP and HTTPS requests. These API actions allow you to programmatically create and manage things, rules, certificates and policies.

AWS SDKs: Allow you to build Internet of Things (IoT) applications using language specific APIs. These SDKs wrap the HTTP/HTTPS API and allow you to program in any of the supported languages. It supports Java Script, C, Arduino and includes the developer guide, client libraries and porting guide for manufacturers.

AWS IoT Device SDKs: Builds applications to run on devices that send and receive messages from AWS IoT.

Getting Started

There are several ways to get started with AWS IoT Core. You can chose any one of the below depending upon your use cases and how you want to integrate the service.

AWS Management Console

It’s a web based interface for accessing and managing your AWS Iot Core resources. You can conveniently and securely create a thing, associate certificate, publish messages and define actions.

AWS SDK

It helps you take the complexity out of coding by providing APIs for AWS services. This simple, downloadable package includes the code library, code samples and documentation.

AWS IoT Device SDK

Helps you to quickly connect your hardware or mobile device to AWS IoT Core. It supports a variety of device types and allows you to seamlessly connect with device gateway and device shadow to quick start your development.

AWS IoT Core Starter Kits

These physical kits are designed to help accelerate cloud powered prototype development of connected devices. They enable you to move quickly from idea to prototype. The kits include microcontroller development boards, AWS IoT Device SDK, sensors and actuators, and a simple getting started guide.

AWS Greeegrass

The software lets you run local compute, messaging and data caching for connected devices. Connected devices can run Lambda functions and communicate with other devices securely, even when not connected to the internet. It allows the devices to act locally on the data they generate and using the cloud for durable storage, analytics and management.

AWS Greengrass authenticates and encrypts device data at all points of connection using AWS IoT security. This ensures that data is never exchanged between the devices when they communicate with each other and the cloud without proven identity.

AWS IoT Button

This simple Wi-Fi device is designed for developers to get started with AWS IoT, Amazon SNS, Amazon DynamoDB, Amazon Lambda and other Amazon Web Services without writing device-specific codes. You can integrate it with third-party APIs like Facebook, Twitter, Twilio etc. The button’s logic can be coded to start or stop something, send alerts or order services. For example, you can click the button to unlock or start a car, call a customer service representative or remotely control your home appliances.