Professional Documents
Culture Documents
AWS STP IoT On AWS - Technical ForSend
AWS STP IoT On AWS - Technical ForSend
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
AWS IoT
Telemetry data
Command and control Analytics
services
Events
Organize
Provision
Manage Connectivity Intelligence Device
and control software Connect
Secure services
and outcomes
AWS helps APN Partners deliver on the IoT promise, with a deep
AWS IoT portfolio that provides:
• Qualified hardware that meets the needs of gateway and edge device
requirements
• Qualified independent software vendor (ISV) vertical focused solutions
• Consulting services through specialized system integrators (SIs)
+ + Multiple partners
(IHV, ISV, GSI/SI)
Problem
iDevices wanted to expand their connected home product
portfolio to provide high-value products to consumers at a
reasonable price. In-house engineers and designers
developed the backend infrastructure and industrial design
for a connected light switch early on. The missing link was
a differentiated product that was cost-efficient and
included voice integration.
Solution
iDevices used AWS IoT, which serves as the cloud-based
messaging protocol for their Instinct Amazon Alexa light
switch, night light, and motion-sensing functionality.
Instinct allows users to invisibly integrate the power of
Amazon Alexa throughout their homes, and reap the
benefits of whole-home voice control without sacrificing
valuable counter space.
Impact
Instinct is the first of many innovations driven by the
combination of iDevices’ vast IoT expertise, and Hubbell’s
130-plus years of electrical manufacturing and distribution
experience. By using AWS IoT, iDevices accelerated their
time-to-market, got their product to market in less than 9
Module 1: Match
• Device software
IoT use cases • Connectivity and control
• Analytics services
• Industrial
Edge to Outcome
• Connected home
Partner Value Chain • Commercial
publish config_change
publish sensor_data
Broker Sensor
Data processing subscribe sensor_data
Clients
and storage
1. The client connects to 2. The client publishes 3. The broker forwards the
the broker. It can messages under the messages to all clients
subscribe to any topic. that subscribe to the
message topic. topic.
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
24
reserved.
MQTT messages and topics
namespace
• Messages have prescribed
group
formats to include topics and
payload. thing name
PUBLISH car/make/model/car_id (qos: 0)
• Topics are case-specific. {
topic
• Topics can be data format or
command format. "timestamp": "2020-03-29T09:15:00",
"speed": 70,
message/data
"speed-violations": 0,
"distance-driven": 79,
"idling-duration": 16,
"fuel-consumed": 1.37,
"alerts": 8
}
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
25
reserved.
MQTT quality of service
MESSAGE QoS 0
Broker Sensor At most once, “fire and
forget”
MESSAGE(S)
QoS 1
ACK
Broker Sensor At least once, “acknowledged
delivery”
MESSAGE QoS 2
HANDSHAKE
Broker Sensor Exactly once, “assured delivery”
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
Same reliability as QoS 1, but prevents
reserved. duplicates 26
Other available protocols
WebSocket HTTP/S
PUB: kettle/100
SUB: kettle/100
{
“power”:”on”, Broker Turn on
Mobile app “turbo”:”true”
}
SUB: sn/6753/repair
PUB: sn/6753/repair
{
“part”:”9867”, Schedule
“status”:”shipped” maintenance
} window
Weather {
service “forecast”:”storm”,
“prob”:”85%”. Broker Ignore
“temp”:”14”
}
Turn on headlights
PUB: bldg/floor1/door125
{“status”:”locked”}
Rules Security
{“status”:”unlocked”} engin notification
{“status”:”locked”} Broker e service
PUB: bldg/floor1/door157
{“status”:”unlocked”}
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
32
reserved.
IoT network security
Common device connection and authentication mechanisms
Certificates and keys
Option 1: Create X.509 certificates (JITR) Option 2: AWS IoT created certificates
1. Register your CA with AWS IoT Core. 1. Use the AWS Command Line Interface
2. Create a certificate signing request (AWS CLI) or API call to AWS IoT Core
(CSR). to create a certificate and private key.
3. Create an X.509 certificate from the 2. Activate the certificate.
CSR. 3. Create an IoT security policy.
4. Activate the certificate (JITR). 4. Attach the policy to the certificate.
5. Create an IoT security policy.
6. Attach the policy to the certificate.
• AWS CLI
1 Create keys and certificate • AWS Management
Console
• AWS IoT API
Private key
Apply private key and certificate
2 Public key
to the device, and set active X.509
certificate
3
Register the device, and
attach policies IoT policies
FreeRTOS
Operating system for microcontrollers
AWS Amazon
AWS IoT Lambda DynamoDB
Events
Amazon Amazon
AWS IoT API Gateway Cognito
Greengrass AWS IoT
Things Graph Amazon Amazon
SQS SNS
FreeRTOS
AWS IoT AWS products and services
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights
41
reserved.
Module 3:
Connectivity and Control
Services
Connectivity and control services
AWS Amazon
AWS IoT Lambda DynamoDB
Events
Amazon Amazon
AWS IoT API Gateway Cognito
Greengrass AWS IoT
Things Graph Amazon Amazon
SQS SNS
FreeRTOS
AWS IoT AWS products and services
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights
44
reserved.
AWS IoT Core
• Certificates
• Authentication methods
• Provisioning and registration
• IoT policies to control access
• Policy association
• Device authorizations
• Access control
Client authentication
• X.509 client certificates
(typical for devices)
• IAM users, groups, and roles
• Amazon Cognito identities
Securely connects devices to the AWS Cloud and other devices at scale
Analytics
Amazon Kinesis Compute
Amazon ES • Ingest AWS
AWS IoT Analytics • Transform Lambda
• Filter
• Enrich
Application
Manage • Route Integration
Amazon CloudWatch Amazon SNS
Amazon SQS
Database AWS Step Functions
DynamoDB
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
62
reserved.
Use rules to:
Augment or filter data from a device Send message data to asset properties in AWS IoT
SiteWise
Insert a message into a DynamoDB table
Send a message to the Amazon Elasticsearch Service
Split message into multiple columns of a DynamoDB
table Send a message to a Salesforce IoT Input Stream
Republish a message to an AWS IoT topic Send a message to IoT Analytics
Store a message in an Amazon S3 bucket Send a message to an IoT Events Input
Send a message to an Amazon Kinesis Firehose stream Send a message to a Lambda function
Send message data to CloudWatch metric Send a message as an SNS push notification
Change the state of a CloudWatch alarm Send a message to an SQS queue
Start a Step Functions state machine execution Send a message to an Amazon Kinesis Stream
Send message data to CloudWatch logs Send a message to a downstream HTTPS endpoint
The rule:
• Evaluates commands published by the control unit
• Determines whether the command is B
• If the command is B, transforms the message to G and relays G to the light bulb
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
65
reserved.
Rules engine
The rule:
• Evaluates commands published by the control unit
• Determines whether the command is B
• If the command is B, transforms the message to G and relays G to the light bulb
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
66
reserved.
Rules engine
The rule:
• Evaluates commands published by the control unit
• Determines whether the command is B
• If the command is B, transforms the message to G and relays G to the light bulb
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
67
reserved.
Rules engine
The rule:
• Evaluates commands published by the control unit
• Determines whether the command is B
• If the command is B, transforms the message to G and relays G to the light bulb
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
68
reserved.
Rules actions
The rule:
• Evaluates commands published by the control unit
• Determines whether the command is R
• If the command is R, delivers copies of the message to a DynamoDB database table, a
Lambda compute function, and Amazon Simple Notification Service (Amazon SNS)
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
69
reserved.
Rules actions
The rule:
• Evaluates commands published by the control unit
• Determines whether the command is R
• If the command is R, delivers copies of the message to a DynamoDB database table, a
Lambda compute function, and Amazon Simple Notification Service (Amazon SNS)
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
70
reserved.
Rules actions
The rule:
• Evaluates commands published by the control unit
• Determines whether the command is R
• If the command is R, delivers copies of the message to a DynamoDB database table, a
Lambda compute function, and Amazon Simple Notification Service (Amazon SNS)
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
71
reserved.
Rules actions
The rule:
• Evaluates commands published by the control unit
• Determines whether the command is R
• If the command is R, delivers copies of the message to a DynamoDB database table, a
Lambda compute function, and Amazon Simple Notification Service (Amazon SNS)
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
72
reserved.
Device shadow
When you turn off the light bulb, the device shadow remembers the color of the physical
light bulb.
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
75
reserved.
Device shadows
When you request a change, the device shadow remembers the desired state.
When you turn on the light bulb, the device shadow applies the desired state to the physical
bulb.
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
77
reserved.
Build solutions
Onboarding
Register large numbers of devices by using bulk registration
Organizing
Group device fleets into categories or hierarchies
Monitoring
Collect device logs for identification and
troubleshooting
Updating
Send over-the-air (OTA) firmware updates
“Find all
Understand the health and status of the device devices
fleet manufactured
after 2013 with
firmware
version 1.2 that
• Find devices in the fleet based on any are currently
combination of device attributes connected”
• Audit
Validate that the IoT configuration is secure
• Security dashboard
Continuously monitor configurations to understand the
security posture
• Detect anomalies
Monitor the device fleet for abnormal behavior
• Alerts
Know when and what to investigate
• Mitigation
Take corrective action and remediate potential issues
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
93
reserved.
Audit and security dashboard
The AWS IoT Device and AWS IoT Device and Mobile
Mobile SDKs for common SDKs notes:
programming languages: • AWS IoT Core functionality is
• Help connect hardware implemented on topics and
devices and mobile devices reserved topics.
to AWS IoT Core • Full functionality is available
• Help devices interact with without the SDKs.
device gateway and device
shadows
• Support a variety of devices
Solution
In working with Luxoft, Vantage Power created a
comprehensive telemetry system that provides a
deep technical understanding of how individual
vehicle components perform in real time. Using
AWS IoT and other AWS services, the system
integrates into hybrid and electric powertrains
and vehicle systems, which allows customers to
monitor, model, and adjust the performance of
vehicle components.
Impact
With AWS IoT, Vantage Power enables their
customers to bring innovations to market faster,
provides safety and compliance controls to an
individual vehicle, and reduces costs through
remote diagnostics and edge computing.
Vantage Power
Microcontroller units
(MCUs)
FreeRTOS or SDK
Microprocessor units
(MPUs) AWS IoT
AWS IoT Greengrass
AWS Amazon
AWS IoT Lambda DynamoDB
Events
Amazon Amazon
AWS IoT API Gateway Cognito
Greengrass AWS IoT
Things Graph Amazon Amazon
SQS SNS
FreeRTOS
AWS IoT AWS products and services
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
106
reserved.
FreeRTOS
Communicate with
Secure device data Local
Security AWS IoT
and connections connectivity Greengrass devices
FreeRTOS
libraries
Deploy security
Collect and take
updates, bug fixes, Cloud
and firmware Updates action on
connectivity microcontroller-
updates to devices
based devices
Physical constraints
• Spotty or low bandwidth connectivity
• Low latency requirements
• Deterministic latency requirements (example: 50 ms or less response)
Economic principles
• Not all data needs to be stored in the cloud
• Local processing might be more economical (example: ML inference)
Legal considerations
• Data sovereignty
• Data anonymizing must occur locally before collected in the cloud
AWS Cloud
Perform ML inference locally
• Train models in the cloud
• ML inference works with
Apache MXNet, TensorFlow,
and others
Greengrass core • Transfer trained models onto
device; send data to the cloud
to improve model accuracy
• Integrate with Amazon
SageMaker to reduce model
runtime footprint and improve
inference performance
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
124
reserved.
AWS IoT Greengrass connectors
AWS Cloud
Deploy secrets to edge
devices
• Store, access, rotate, and
manage secrets – device
credentials, keys, endpoints, and
AWS IoT AWS configurations
Greengrass core Secrets
Greengrass
Manager • Securely manage secrets in the
cloud and deploy locally on
edge devices
• Manage secrets on devices
through AWS Secrets Manager in
the cloud
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
126
reserved.
Container support
https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html#gg-
platforms
https://docs.aws.amazon.com/freertos/latest/userguide/c-sdk.html
• AWS IoT Device Tester is a test • AWS IoT Device Tester for
automation tool that lets FreeRTOS
customers test FreeRTOS or AWS Tests if a device will run FreeRTOS and
IoT Greengrass on their choice of interoperate with AWS IoT
https://aws.amazon.com/freertos/device-
devices tester/
• Download AWS IoT Device Tester • AWS IoT Device Tester for AWS IoT
from FreeRTOS and AWS IoT Greengrass
Greengrass product pages Tests if the combination of a device’s CPU
architecture, Linux kernel configuration,
and drivers work with AWS IoT
Greengrass
https://aws.amazon.com/greengrass/device-tester/
Partners can submit hardware for technical validation through the AWS Device
Qualification Program (DQP): https://aws.amazon.com/partners/dqp/
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
137
reserved.
AWS Partner Device Catalog
Qualified devices
completed technical
https://devices.amazonaws.com/
validation.
Test job
Amazon AWS Amazon AWS IoT
EC2 Lambda S3 Greengrass
Amazon DynamoDB
Amazon Amazon
ES CloudWatch
In this module, you will learn how to describe how AWS supports
customer needs with the following IoT analytics services:
• AWS IoT SiteWise
• AWS IoT Analytics
• AWS IoT Events
• AWS IoT Things Graph
AWS Amazon
AWS IoT Lambda DynamoDB
Events
Amazon Amazon
AWS IoT API Gateway Cognito
Greengrass AWS IoT
Things Graph Amazon Amazon
SQS SNS
FreeRTOS
AWS IoT AWS products and services
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
145
reserved.
AWS IoT SiteWise
Industrial equipment
Ingest
Ingest equipment data into AWS in minutes
Model
Structure data and specify performance metrics for
equipment and processes
Store
Store asset data in a time series optimized data store
Visualize
Create and share dashboards to visualize live and
historical equipment data
• Model equipment
• Model production facilities
• Define properties and formula-based
metrics
• Store equipment data and computed
metrics
Collect
Collect only the data you want to store and analyze
Process
Convert raw data to meaningful information
Store
Store device data in time series data store for analysis
Analyze
Get deeper insight into the health and performance of
assets
Scalability
Automate operations
Automate operations
Solution
AWS IoT helps Bayer Crop Science
manage the collection, processing, and
analysis of seed-growing data. Data
analysts use the new data collection
platform to access data on their mobile
devices via dashboards. The solution
captures multiple terabytes of data from
seed transportation, planting, and
growing in the company’s research fields
across the globe.
Impact
Using AWS IoT, Bayer Crop Science can
provide seed data to analysts in just a
few minutes, instead of a few days. This
helps farmers gain visibility into field
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
conditions, and provides a robust edge
reserved. processing and analytics framework. 176
Bayer Crop Science
AWS Cloud
© 2020 Amazon Web Services, Inc. or its affiliates. All rights Industrial data lake Information models 177
reserved.
Module 6: IoT Deployment
IoT solutions lifecycle
1. Procurement
2. Onboarding
3. Operations
4. Analytics
5. Applications
Procurement
AWS IoT Greengrass
Onboarding
Manual onboarding
Operations
Firewalls, networking
Analytics
AWS IoT Analytics
Applications
AWS IoT SiteWise
Procurement
FreeRTOS with AWS SDK
Onboarding
AWS IoT Core and mobile onboarding
Operations
Customer service
Analytics
Usage analytics
Applications
Mobile
2 Determin
1
Get e locality
bootstrap Region B
informatio
CONNEC
n
T
3
Devic AWS IoT
e
Region C
Devic 1 JITP/JITR/fleet 3
e provisioning Factory
2 Get bootstrap info
CA Cert
(CSR) AWS IoT
5 4
Devic
Bootstra
e cert
p cert Device cert
Product
Create thing,
certificate,
policy
Thing
6 CONNEC
T
ACM Private CA
AWS IoT
https://aws.amazon.com/iot-core/resources/
• Buffer messages
• Queue messages
Data source
The downstream compute component can process from the broker or a stream.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights
210
reserved.
Device communication protocols
MQTT Basic Ingest HTTPS
Processing IoT rules, Lambda IoT rules, Lambda IoT rules, Lambda
Authentication,
Device IoT policy Device IoT policy Device IoT policy
Authorization
© 2020, Amazon Web Services, Inc. or its affiliates. All rights
211
reserved.
Data collection service comparison
AWS IoT Analytics Amazon S3 Amazon Kinesis
Pub/Sub No No No
Pipelines, datasets,
Processing Any Analytics
containers
Authentication
Role, IAM policy Role, IAM policy Role, IAM policy
Authorization
© 2020, Amazon Web Services, Inc. or its affiliates. All rights
212
reserved.
Enhanced device security
to protect applications.
Scaled production
Unlimited number of things
Customer value
Limited production
Up to 1,000 things
Pilot
10–100 things
Prototype
<10 things
AWS Amazon
AWS IoT Lambda DynamoDB
Events
Amazon Amazon
AWS IoT API Gateway Cognito
Greengrass AWS IoT
Things Graph Amazon Amazon
SQS SNS
FreeRTOS
AWS IoT AWS products and services
© 2020, Amazon Web Services, Inc. or its affiliates. All rights
221
reserved.
Module 7: AWS Resources for
APN Partners
AWS IoT resources
https://aws.amazon.com/iot/
© 2019 Amazon Web Services, Inc. or its affiliates. All rights
224
reserved.
AWS IoT architectural resources
AWS Well-Architected
Core Tenets of IoT
IoT Lens Whitepaper
Introduction
to AWS
Internet of
Things
link
© 2019 Amazon Web Services, Inc. or its affiliates. All rights
231
reserved.
Hands-on Lab 2
Deploy an
end-to-end
IoT
application
link
© 2019 Amazon Web Services, Inc. or its affiliates. All rights
232
reserved.
APN resources
https://aws.amazon.com/partners/training/course-descriptions/
© 2020 Amazon Web Services, Inc. or its affiliates. All rights
234
reserved.
APN Programs for AWS IoT
Identify, validate, and promote APN Advanced and Premier Tier Partners with
demonstrated AWS technical expertise and proven customer success
The AWS Service Delivery Program enables AWS customers to identify APN
Consulting Partners with experience and a deep understanding of specific AWS
services.
AWS IoT Partners improve customer experience and outcomes with AWS IoT Core,
AWS IoT Analytics, and AWS IoT Greengrass.
© 2019 Amazon Web Services, Inc. or its affiliates. All rights
reserved.
Review
© 2020 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior
written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Corrections or feedback on the course, please email
us at: aws-course-feedback@amazon.com. For all other questions, contact us at: https://aws.amazon.com/contact-us/aws-training/. All trademarks are the
property of their owners.