AWS STP IoT On AWS - Technical ForSend

AWS STP: IoT on AWS - Technical
AWS Training and Certification
Iniciamos a las (GMT-3)

Arturo Martínez | AWS Partner Trainer
rturom@amazon.com
We are almost ready!
• Please, check you mic and put in silence.

• Yes, you will receive the presentation when the session ends 
• No, the session will not recorded.
• Participate, ask and answer. The activities and this training are
made for you.
• Important, you need to stay at least 50% of the time to get the
assistance.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights

2
reserved.
Agenda
1 IoT Opportunity and 4 Device Software

Business Landscape Connect microcontrollers and
Choose AWS products and services for microprocessors to AWS IoT
IoT 5 Analytics Services
2 Introduction to IoT Core Collect, organize, store, process, enrich,
and analyze device data
Technologies
Understand common IoT concepts, 6 IoT Deployment
terminology, and protocols Scale, secure, and optimize IoT
3 Connectivity and Control solutions
Services 7 AWS Resources for Partners
Connect IoT devices, protect them, and Find more information about IoT on
handle their data AWS
© 2019 Amazon Web Services, Inc. or its affiliates. All rights
3
reserved.
Module 1: IoT Opportunity
and Business Landscape
Internet of Things opportunity
Devices Data generation Spending

41.5 billion by 2025 74.1 zettabytes (ZB) $1.2 trillion by 2025
Source: IDC #US45066919, May 2019, IDC #US45373120, September 2019

5
reserved.
Business outcomes with IoT
New services, Improved Better customer Increased Intelligent Data-

business products over relations efficiency decision driven
models time making discipline
Revenue growth Operational efficiency

IoT data decreases
IoT data drives business operational expenditure
growth. (opex).

6
reserved.
IoT use cases
Billions of devices require solutions to connect, collect, store, and analyze device data.
Industrial Connected home Commercial

• Predictive quality • Home automation • Traffic monitoring
• Asset condition • Home security and • Public safety
monitoring monitoring • Health monitoring
• Predictive • Home network
maintenance management

7
reserved.
Complex and multidimensional
Devices and Connectivity and Analytics and Applications Change

sensors infrastructure insights and services management
Onboard, Connect, Analyze, Engage, Transform,

provision, communicate, visualize, empower, shift culture
manage secure act delight
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
AWS IoT

reserved.
AWS IoT overview
Broad and deep Multilayered Superior integration

functionality security with AI
Proven experience Transparent

at scale pricing

10
reserved.
IoT virtuous cycle
Telemetry data
Command and control Analytics
services
Events
Organize
Provision
Manage Connectivity Intelligence Device
and control software Connect
Secure services
and outcomes

11
reserved.
Edge to Outcome Partner
Value Chain

reserved.
AWS and APN Partners deliver
AWS helps APN Partners deliver on the IoT promise, with a deep
AWS IoT portfolio that provides:
• Qualified hardware that meets the needs of gateway and edge device
requirements
• Qualified independent software vendor (ISV) vertical focused solutions
• Consulting services through specialized system integrators (SIs)
Hardware, software, and services form a value chain

13
reserved.
Edge to Outcome Partner Value
Chain
Edge to device Connectivity Solution to outcome

ODM/ Network/ Regional Global
Silicon OEM Gateway ISV
CM carrier SI SI

14
reserved.
Chain

CM carrier SI SI

15
reserved.
Chain

CM carrier SI SI

16
reserved.
APN Partner community accelerators
Silicon AWS AWS IoT practices

Acceleration Program Device Qualification Programs for global SIs (GSIs)/SIs

CM carrier SI SI
AWS IoT IoT Solutions

Service Adoption (ISA) Program
17
reserved.
Solution building with partners
From silicon partners
From IHV partners
From ISV, GSI/SI partners
+ + Multiple partners
(IHV, ISV, GSI/SI)
Problem
iDevices wanted to expand their connected home product
portfolio to provide high-value products to consumers at a
reasonable price. In-house engineers and designers
developed the backend infrastructure and industrial design
for a connected light switch early on. The missing link was
a differentiated product that was cost-efficient and
included voice integration.
Solution
iDevices used AWS IoT, which serves as the cloud-based
messaging protocol for their Instinct Amazon Alexa light
switch, night light, and motion-sensing functionality.
Instinct allows users to invisibly integrate the power of
Amazon Alexa throughout their homes, and reap the
benefits of whole-home voice control without sacrificing
valuable counter space.
Impact
Instinct is the first of many innovations driven by the
combination of iDevices’ vast IoT expertise, and Hubbell’s
130-plus years of electrical manufacturing and distribution
experience. By using AWS IoT, iDevices accelerated their
time-to-market, got their product to market in less than 9
Module 1: Match
• Device software
IoT use cases • Connectivity and control
• Analytics services
How AWS helps APN Partners

IoT virtuous cycle deliver on the promise of IoT
• Industrial
Edge to Outcome
• Connected home
Partner Value Chain • Commercial

20
reserved.
Module 2: Introduction to
Internet of Things Core
Technologies
Common IoT protocols
• Message Queuing Telemetry Transport (MQTT)
• Other communication protocols: HTTP/S and
WebSocket
• Common communication patterns
reserved.
MQTT
Protocol for connected devices, designed to minimize
bandwidth and resource requirements while
maintaining reliability and assurance of delivery
• Is a lightweight, message-based protocol

• Uses the publish-subscribe paradigm
• Defines two types of network entities: message broker and number of clients
• Uses Transport Layer Security (TLS) for transport security
• Can be used with certificate-based mutual authentication
• Typically depends on Transmission Control Protocol (TCP) for data integrity
• Supports quality of service (QoS)

23
reserved.
MQTT publish and subscribe model
publish config_change
Administration subscribe config_change
publish sensor_data
Broker Sensor
Data processing subscribe sensor_data
Clients
and storage
1. The client connects to 2. The client publishes 3. The broker forwards the
the broker. It can messages under the messages to all clients
subscribe to any topic. that subscribe to the
message topic. topic.
24
reserved.
MQTT messages and topics
namespace
• Messages have prescribed
group
formats to include topics and
payload. thing name
PUBLISH car/make/model/car_id (qos: 0)
• Topics are case-specific. {
topic
• Topics can be data format or
command format. "timestamp": "2020-03-29T09:15:00",
"speed": 70,
message/data
"speed-violations": 0,
"distance-driven": 79,
"idling-duration": 16,
"fuel-consumed": 1.37,
"alerts": 8
}
25
reserved.
MQTT quality of service
MESSAGE QoS 0
Broker Sensor At most once, “fire and
forget”
MESSAGE(S)
QoS 1
ACK
Broker Sensor At least once, “acknowledged
delivery”
MESSAGE QoS 2
HANDSHAKE
Broker Sensor Exactly once, “assured delivery”
Same reliability as QoS 1, but prevents
reserved. duplicates 26
Other available protocols
WebSocket HTTP/S
 Built for real-time web applications  Use HTTP/S requests in place of

 Achieve push/pull (full duplex) MQTT
communications to a web server  Usually much higher overhead
over a single TCP connection than MQTT
 Higher overhead than TCP  Supported by AWS IoT Core for
 MQTT over WebSocket supported publishing messages
by AWS IoT Core

27
reserved.
Common communication
patterns

reserved.
Direct publishing pattern
PUB: kettle/100
SUB: kettle/100
{
“power”:”on”, Broker Turn on
Mobile app “turbo”:”true”
}

29
reserved.
Fan-out notification
SUB: sn/6753/repair
PUB: sn/6753/repair
{
“part”:”9867”, Schedule
“status”:”shipped” maintenance
} window
Repair service PUB: sn/7530/repair

Broker SUB: sn/7530/repair
{
“part”:”3097”,
“status”:”delayed”
}
Reduce equipment load

30
reserved.
Broadcast pattern
SUB: au/sydney/weather
PUB: au/sydney/weather Reduce speed
Weather {
service “forecast”:”storm”,
“prob”:”85%”. Broker Ignore
“temp”:”14”
}
Turn on headlights

31
reserved.
Fan-in (aggregation) pattern
PUB: bldg/floor1/door101
{“status”:”locked”} RULE SELECT: bldg/floor1/+
{“status”:”locked”}
Rules Security
{“status”:”unlocked”} engin notification
{“status”:”locked”} Broker e service
{“status”:”unlocked”}
32
reserved.
IoT network security
Common device connection and authentication mechanisms
Certificates and keys

reserved.
TLS with mutual authentication
Ensures that traffic is secure and trusted

between client and server
Option 1: Create X.509 certificates (JITR) Option 2: AWS IoT created certificates
1. Register your CA with AWS IoT Core. 1. Use the AWS Command Line Interface
2. Create a certificate signing request (AWS CLI) or API call to AWS IoT Core
(CSR). to create a certificate and private key.
3. Create an X.509 certificate from the 2. Activate the certificate.
CSR. 3. Create an IoT security policy.
4. Activate the certificate (JITR). 4. Attach the policy to the certificate.
5. Create an IoT security policy.
6. Attach the policy to the certificate.

34
reserved.
Create keys and certificate
• AWS CLI
1 Create keys and certificate • AWS Management
Console
• AWS IoT API
Private key
Apply private key and certificate
2 Public key
to the device, and set active X.509
certificate
3
Register the device, and
attach policies IoT policies

reserved.
AWS IoT services segments
Device software
Connectivity and control services
Analytics services

reserved.
Device software
AWS IoT Greengrass

Software that runs local capabilities on connected devices
FreeRTOS
Operating system for microcontrollers
AWS IoT Device SDK

Optional tool for developers

37
reserved.
AWS IoT Core

Securely connect devices with cloud applications and each
other
AWS IoT Device Management

Register, organize, monitor, and remotely manage IoT devices
AWS IoT Device Defender

Monitor and audit IoT configurations, and get alerts about
anomalies

38
reserved.
Analytics services
AWS IoT SiteWise
Collect, organize, and analyze industrial data at scale
AWS IoT Analytics

Run sophisticated analytics on volumes of IoT data
AWS IoT Events

Detect and respond to events from IoT sensors and applications
AWS IoT Things Graph

Connect devices and cloud services to build IoT applications

39
reserved.
AWS IoT with supporting AWS
services

reserved.
Internet of Things with AWS
Edge AWS Cloud
AWS IoT Device

IoT building blocks
Management Build IoT solutions
AWS IoT
Industrial
Greengrass
Amazon Amazon
AWS IoT Device SageMaker QuickSight
Defender
Amazon Amazon
AWS IoT Timestream Redshift
Things SiteWise
Connector AWS IoT AWS IoT
Amazon Amazon
Core Analytics
Kinesis S3
AWS Amazon
AWS IoT Lambda DynamoDB
Events
Amazon Amazon
AWS IoT API Gateway Cognito
Greengrass AWS IoT
Things Graph Amazon Amazon
SQS SNS
FreeRTOS
AWS IoT AWS products and services
41
reserved.
Module 3:
Connectivity and Control
Services
• Identity services and security

AWS IoT Core • Device gateway
• Message broker
• Rules engine
• Device shadow
• Device registry

43
reserved.
Edge AWS Cloud
AWS IoT Device

IoT building blocks
AWS IoT
Industrial
Greengrass
Amazon Amazon
Defender
Amazon Amazon
Things SiteWise
Amazon Amazon
Core Analytics
Kinesis S3
AWS Amazon
Events
Amazon Amazon
Greengrass AWS IoT
SQS SNS
FreeRTOS
44
reserved.
AWS IoT Core

45
reserved.
AWS IoT Core
Forms the backbone to connect devices and handle their data
• Securely connect devices to the AWS

Cloud and other devices at scale
• Route, process, and act on data from
connected devices
• Enable applications to interact with
devices, even when they are offline
• Fully integrate with other AWS services
to build more powerful IoT applications

46
reserved.
AWS IoT Core components
Identity service
Provides authentication and
authorization
Device gateway
Securely connects devices to the AWS
Cloud and other devices at scale
Devices Identity Device Message Rules Message broker
service gateway broker engine Processes and routes data messages
to the cloud
Rules engine
Triggers actions on devices or cloud
services
Device shadow
Assists with intermittent connectivity
by persisting device states
Device
Registry shadow Registry
Enables automatic device registration
and tracks identity
© 2020 Amazon Web Services, Inc. or its affiliates. All rights 47
reserved.
Identity service

48
reserved.
AWS IoT Core identity service
Provides authentication and authorization
• Certificates
• Authentication methods
• Provisioning and registration
• IoT policies to control access
• Policy association
• Device authorizations
• Access control

49
reserved.
AWS IoT security
IoT certificate
IoT policies
Device AWS Lambda
AWS security credentials

IAM policies
Amazon DynamoDB
AWS User AWS IoT
-IAM roles
-IAM
policies
Auth provider token + AWS
-AWS
IAM role policies
IoT policies security
credentials Amazon Kinesis
Amazon Cognito identity
50
reserved.
Authentication
Server authentication Custom authorizers

• X.509 certificate chain • Custom device authentication
validated at the TLS layer and authorization
Client authentication
• X.509 client certificates
(typical for devices)
• IAM users, groups, and roles
• Amazon Cognito identities

51
reserved.
Authorization
• Granted permissions based on identity

• Use AWS IoT Core security policies
• Identities can be devices, applications, or users
• AWS IoT Core operations:
• Control plane API to perform administrative tasks
• Data plane API to send and receive data from AWS IoT Core

52
reserved.
Device gateway

53
reserved.
Device gateway
Securely connects devices to the AWS Cloud and other devices at scale
PUBLISH turbines/ev-gen/123 (qos: 0)

• Manage connectivity {
"timestamp": "2016-11-
• Support multiple protocols 29T10:00:00",
• Secure communications "temperature": 125,
"humidity": 95,
• Optimized for devices ”rotor-freq": 6455,
“output”: 480,
“output-freq”: 60
}
Example JSON payload

54
reserved.
Connect a thing
• The control unit publishes commands into the device gateway.

• The light bulb subscribes and listens for relevant commands.

55
reserved.
Connect a thing

• Pressing G on the controller publishes a message with a color change to green.
56
reserved.
Connect a thing

• Pressing B on the controller publishes a message with a color change to blue.
57
reserved.
Connect a thing

• Pressing R on the controller publishes a message with a color change to red.
58
reserved.
Message broker

59
reserved.
Message broker
Processes and routes data messages to the cloud
• Publish-subscribe broker Device connection

• Decouple devices and requirements
applications
• X.509 device
• Topic spaces
certificate
• QoS support
• Security policy
• JSON and binary payloads
• Device connection
• Device registration

60
reserved.
Rules engine

61
reserved.
Rules engine
Triggers actions on your devices or cloud services
Analytics
Amazon Kinesis Compute
Amazon ES • Ingest AWS
AWS IoT Analytics • Transform Lambda
• Filter
• Enrich
Application
Manage • Route Integration
Amazon CloudWatch Amazon SNS
Amazon SQS
Database AWS Step Functions
DynamoDB
62
reserved.
Use rules to:
 Augment or filter data from a device  Send message data to asset properties in AWS IoT
SiteWise
 Insert a message into a DynamoDB table
 Send a message to the Amazon Elasticsearch Service
 Split message into multiple columns of a DynamoDB
table  Send a message to a Salesforce IoT Input Stream
 Republish a message to an AWS IoT topic  Send a message to IoT Analytics
 Store a message in an Amazon S3 bucket  Send a message to an IoT Events Input
 Send a message to an Amazon Kinesis Firehose stream  Send a message to a Lambda function
 Send message data to CloudWatch metric  Send a message as an SNS push notification
 Change the state of a CloudWatch alarm  Send a message to an SQS queue
 Start a Step Functions state machine execution  Send a message to an Amazon Kinesis Stream
 Send message data to CloudWatch logs  Send a message to a downstream HTTPS endpoint
AWS IoT must be granted permissions to access AWS resources

63
reserved.
Example rule
Name
emailWhenHot
1. Supply a name and Description

description.
Send notification when it
gets too hot
Rule query statement

2. Construct a query SELECT * FROM ‘house’ WHERE temperature > 78
statement.
Set one or more actions

3. Select and Send a message as an SNS push notification
configure an autorecover-me
action.
Add action
64
reserved.
Rules engine
The rule:
• Evaluates commands published by the control unit
• Determines whether the command is B
• If the command is B, transforms the message to G and relays G to the light bulb
65
reserved.
Rules engine
The rule:
66
reserved.
Rules engine
The rule:
67
reserved.
Rules engine
The rule:
68
reserved.
Rules actions
The rule:
• Determines whether the command is R
• If the command is R, delivers copies of the message to a DynamoDB database table, a
Lambda compute function, and Amazon Simple Notification Service (Amazon SNS)
69
reserved.
Rules actions
The rule:
70
reserved.
Rules actions
The rule:
71
reserved.
Rules actions
The rule:
72
reserved.
Device shadow

73
reserved.
Device shadow
Interact with a device shadow, even when the device is offline
• Command and control Shadow patterns

• Report last known state
• Change device state • Direct publishing
• Notify about states • Devices going offline
• Communicate with offline • Unordered messages
devices

74
reserved.
Device shadows
When you turn off the light bulb, the device shadow remembers the color of the physical
light bulb.
75
reserved.
Device shadows
When you request a change, the device shadow remembers the desired state.

76
reserved.
Device shadows
When you turn on the light bulb, the device shadow applies the desired state to the physical
bulb.
77
reserved.
Build solutions
The mobile app never

communicates directly to the
light bulb.
78
reserved.
Build solutions

light bulb.
79
reserved.
Build solutions

light bulb.
80
reserved.
Build solutions

light bulb.
81
reserved.
Device registry

82
reserved.
Device registry
Enables device registration and identity tracking
• Define and catalog devices

• Search on device metadata
• Standardize attributes
• Group devices to simplify
management

83
reserved.
Demo: Onboard a device in
AWS IoT Core

84
reserved.

85
reserved.
Onboarding
Register large numbers of devices by using bulk registration
Organizing
Group device fleets into categories or hierarchies
Monitoring
Collect device logs for identification and
troubleshooting
Updating
Send over-the-air (OTA) firmware updates

86
reserved.
Bulk registration
Onboard connected devices in bulk with a few clicks
• Register device information, such as metadata,

certificates, and policies, for the entire fleet
• Upload via the console or API for registering all
devices
• Track registration progress or download reports for
completed tasks
• Register new devices or reregister devices

87
reserved.
Fleet index and search
“Find all
Understand the health and status of the device devices
fleet manufactured
after 2013 with
firmware
version 1.2 that
• Find devices in the fleet based on any are currently
combination of device attributes connected”
• Automate device organization with

dynamically updating groups of devices based “Group all
on queries hardware
version 1.1
• Use one-click activation via console light bulbs
that are in
New York”

88
reserved.
Device logging and monitoring
Collect device logs to identify and remediate problems
• Configure the logging level on a per device basis or

on a group of devices
• To troubleshoot an issue, selectively increase
diagnostic levels across a subset of malfunctioning
devices
• Use Amazon CloudWatch to configure alarms and
search for logs

89
reserved.
Jobs
Organize and trigger actions on groups of

devices
• Receive status updates for monitor updates

• Automatically send continuous jobs to new
devices
• Configure rollout speed
• Protect devices with pre-signed Amazon Simple
Storage Service (Amazon S3) URLs

90
reserved.
Secure tunneling
Securely access devices behind restricted firewalls
• Securely open and close a tunnel using API or the

console
• Access individual devices using remote shell or
remote desktop operations
• Manage device authorization for each tunnel session
using IAM permissions and configurable timeouts up
to 12 hours
• Automatically receive an access token for each device
by MQTT message
91
reserved.

92
reserved.
• Audit
Validate that the IoT configuration is secure
• Security dashboard
Continuously monitor configurations to understand the
security posture
• Detect anomalies
Monitor the device fleet for abnormal behavior
• Alerts
Know when and what to investigate
• Mitigation
Take corrective action and remediate potential issues
93
reserved.
Audit and security dashboard
Validate IoT configuration security

• Audit IoT resources against a set of built-in IoT
security best practices
• Understand how standard audit checks act on
different IoT resources:
• Certificates
• Policies
• Connection settings
• Account settings
• Schedule audits (daily, weekly) or run audits on
demand during vulnerable periods, such as device
reserved.
deployments
94
Detect anomalies
Identify anomalies in device behavior

• Create security profiles for all devices in an
account or a group of devices with similar
behavior characteristics
• Define rule or statistical-based behaviors for
security metrics and data from connected devices,
and AWS IoT Core in the security profile

95
reserved.
Alerts
Know when and what to investigate

• Review alerts generated based on identified
anomalies and audit findings
• Review alerts sent to AWS IoT console, Amazon
CloudWatch, and Amazon SNS
• Examine historical and contextual information for
audit non-compliance or device behavior
anomaly detection
• Review information at the device or resource level
• View recommended actions to minimize the impact
of potential security issues
96
reserved.
Mitigate security issues
Remediate potential issues

• Take mitigation actions that patch potential security
issues and make sense for the devices and use
cases. Use an automated action or build a custom
action:
• Revoke permissions (automated)
• Revoke certificates (automated)
• Quarantine devices (automated)
• Reboot a device
• Push security fixes
• Automate custom actions using Amazon SNS
97
reserved.
AWS IoT Device and Mobile
SDKs

98
reserved.
AWS IoT Device and Mobile SDKs
The AWS IoT Device and AWS IoT Device and Mobile
Mobile SDKs for common SDKs notes:
programming languages: • AWS IoT Core functionality is
• Help connect hardware implemented on topics and
devices and mobile devices reserved topics.
to AWS IoT Core • Full functionality is available
• Help devices interact with without the SDKs.
device gateway and device
shadows
• Support a variety of devices

99
reserved.
Problem
Vantage Power designs and manufactures
technologies that connect and electrify
powertrains in heavy-duty vehicles. Many OEMs
ship products earlier than usual without the years
of testing behind more established product
streams.
Solution
In working with Luxoft, Vantage Power created a
comprehensive telemetry system that provides a
deep technical understanding of how individual
vehicle components perform in real time. Using
AWS IoT and other AWS services, the system
integrates into hybrid and electric powertrains
and vehicle systems, which allows customers to
monitor, model, and adjust the performance of
vehicle components.
Impact
With AWS IoT, Vantage Power enables their
customers to bring innovations to market faster,
provides safety and compliance controls to an
individual vehicle, and reduces costs through
remote diagnostics and edge computing.
Vantage Power
AWS IoT Analytics
Amazon DynamoDB Training Amazon

metadata table dataset SageMake
Pipeline Datastore r Amazon
ECR
Vehicle
data Training Container
Cold path AWS dataset dataset
Channel
source Lambda
Subscriber AWS Summary

notificatio Lambda results
n
101
reserved.
Module 4: Device Software
Objectives
In this module, you will learn how to:

• Describe how FreeRTOS can be used for connecting microcontrollers to
AWS IoT
• Explain how AWS IoT Greengrass extends AWS to edge devices
• Describe how AWS IoT Device and Mobile SDKs help developers build
devices and applications that connect to AWS IoT
• Describe the AWS Partner Device Catalog

103
reserved.
Edge devices that work with AWS
IoT
Microcontroller units
(MCUs)
FreeRTOS or SDK
Microprocessor units
(MPUs) AWS IoT
AWS IoT Greengrass

104
reserved.
AWS IoT device services
FreeRTOS AWS IoT AWS IoT Device AWS Partner

Greengrass and Mobile SDKs Device Catalog
• Use open source • Extend AWS to • Build devices and • Discover qualified
real-time operating edge devices applications to hardware that
system (RTOS) for connect to the AWS works with AWS
• Respond to local
microcontrollers IoT platform services
events
• Access kernel and
• Operate offline
libraries to connect
to AWS IoT Core or
AWS IoT Greengrass

105
reserved.
Edge AWS Cloud
AWS IoT Device

IoT building blocks
AWS IoT
Industrial
Greengrass
Amazon Amazon
Defender
Amazon Amazon
Things SiteWise
Amazon Amazon
Core Analytics
Kinesis S3
AWS Amazon
Events
Amazon Amazon
Greengrass AWS IoT
SQS SNS
FreeRTOS
106
reserved.
FreeRTOS

107
reserved.
FreeRTOS
Open source real-time operating

system for microcontrollers
• 15 years, trusted, and widely distributed
• Over 40 supported architectures, including
RISC-V and ARM v8-M
• Broad ecosystem support
Kernel and libraries to
connect to AWS IoT • Free and open source (MIT license)
Core or AWS IoT • Most popular RTOS
Greengrass

108
reserved.
FreeRTOS libraries
Communicate with
Secure device data Local
Security AWS IoT
and connections connectivity Greengrass devices
FreeRTOS
libraries
Deploy security
Collect and take
updates, bug fixes, Cloud
and firmware Updates action on
connectivity microcontroller-
updates to devices
based devices

109
reserved.
Security
Improve device security

• Secure sockets using Transport
Layer Security (TLS) Security
Local
connectivity
• Certificate-based authentication
• PKCS#11 interface for key
management FreeRTOS
libraries
• Secure Element (SE) support
• No open network ports Cloud
Updates connectivity
• Run only trusted code
• AWS IoT Device Defender library

110
reserved.
Local connectivity
Connect to devices on a local

Local network without a cloud connection
Security connectivit • Local communication with edge
y
gateways
FreeRTOS • AWS IoT Greengrass discovery support
libraries • Wi-Fi management library
Cloud
• Bluetooth LE management library
Updates connectivit • Companion SDKs for iOS and Android
y
• Support for many network topologies
and use cases

111
reserved.
Cloud connectivity
Send data from devices and analyze

it with other AWS services
Local
Security connectivity • Connectivity to AWS IoT Core
• MQTT publish and subscript messaging
FreeRTOS • HTTPS-based file transfers to cloud
libraries storage, such as Amazon Simple Storage
Service (Amazon S3)
Updates
Cloud • Device shadow support
connectivity
• AWS IoT Core benefits, such as AWS IoT
Device Management
• Fast onboarding with vendor-
independent library interfaces
112
reserved.
Updates
Update devices remotely with

feature enhancements and
security patches Security
Local
connectivit
• Control authorship and ensure y
devices run only trusted code
• Stream updates to devices over FreeRTOS
libraries
MQTT or HTTPS
• Use AWS IoT Device Management to Cloud
assign updates to manageable Updates connectivit
groups y
• Use APIs to control installation and

reboot logic
113
reserved.
AWS IoT Greengrass

114
reserved.
AWS IoT Greengrass
• AWS IoT Greengrass Core software and

Greengrass groups
• Message broker
• Local messaging
• Local AWS Lambda functions
• Device shadows
• Security
• Machine learning inference
• Installation requirements

115
reserved.
AWS IoT Greengrass benefits
Physical constraints
• Spotty or low bandwidth connectivity
• Low latency requirements
• Deterministic latency requirements (example: 50 ms or less response)
Economic principles
• Not all data needs to be stored in the cloud
• Local processing might be more economical (example: ML inference)
Legal considerations
• Data sovereignty
• Data anonymizing must occur locally before collected in the cloud

116
reserved.
AWS IoT Greengrass Core software
GREENGRASS GROUP AWS Cloud
AWS IoT Greengrass Core AWS IoT Core

Devices

117
reserved.
Message broker
• Enables messaging between

Greengrass group devices on a local network
• Extends the MQTT pub/sub
paradigm to the edge
• Local AWS Lambda functions
can trigger and respond to
events
Greengrass core
Devices
• Enables offline command
and control operations

118
reserved.
Local messaging
GREENGRASS GROUP • Messaging occurs between

devices on a local network.
• Communication continues,
even with no connection to
AWS.
• Devices process messages
Greengrass core and deliver them to another
Devices device or AWS IoT based on
user-defined rules.

119
reserved.
Local AWS Lambda functions
Run AWS Lambda functions on a device

• Write event-driven AWS Lambda functions in the cloud and
deploy them to devices to run locally
• Invoke AWS Lambda functions with messaging and shadow
Greengrass core updates
• Create and use offline actions and triggers

120
reserved.
Local function capabilities
Run AWS Lambda Access and use devices’ local resources:

functions on a device
• General-purpose input/outputs (GPIOs) to process
sensor and actuator data
• Local file system on a device’s operating system for
local storage
• Graphics processing units (GPUs) for hardware
acceleration for machine learning
• Local databases for data storage

121
reserved.
Device shadows
Operate devices during

GREENGRASS GROUP AWS
Cloud intermittent connectivity and
Greengrass core
synchronize data with the
cloud when connected
• Define a shadow state for a
device – single device, farm, or
resource grid.
Device Device shadow
• Shadow states can be local or
synced in the cloud.
• AWS IoT Greengrass Core
software can update shadow
states through MQTT messages.
122
reserved.
Security
GREENGRASS GROUP AWS

Authenticates and encrypts
Cloud device data communications
Greengrass core
locally and in the cloud
• Supports TLS mutual
authentication
• Associates certificates on
Device
devices to SigV4 credentials in
the cloud
• Encrypts secrets used in local
AWS Lambda functions

123
reserved.
Machine learning inference
AWS Cloud
Perform ML inference locally
• Train models in the cloud
• ML inference works with
Apache MXNet, TensorFlow,
and others
Greengrass core • Transfer trained models onto
device; send data to the cloud
to improve model accuracy
• Integrate with Amazon
SageMaker to reduce model
runtime footprint and improve
inference performance
124
reserved.
AWS IoT Greengrass connectors
AWS IoT AWS services

Greengrass Integrate with
connectors
Third-party applications
services and
protocols by
Device AWS IoT using
Greengrass On-premises software Greengrass
Core
connectors
• Connect edge devices to third-party services, on-premises software, and AWS products and
services
• Use prebuilt integrations with Twilio, ServiceNow, and other software as a service (SaaS)
applications
• Use connectors as building blocks and integrate them into complex applications
• ©For more information about connectors, including a list of available connectors, refer to the
2020 Amazon Web Services, Inc. or its affiliates. All rights
documentation:
reserved.
125
AWS IoT Greengrass Secrets
Manager
AWS Cloud
Deploy secrets to edge
devices
• Store, access, rotate, and
manage secrets – device
credentials, keys, endpoints, and
AWS IoT AWS configurations
Greengrass core Secrets
Greengrass
Manager • Securely manage secrets in the
cloud and deploy locally on
edge devices
• Manage secrets on devices
through AWS Secrets Manager in
the cloud
126
reserved.
Container support
Extends application deployment at the IoT edge

with Docker container support
• Deploy diverse workloads on AWS IoT Greengrass
without rewriting code
• Use one deployment orchestration to deploy Docker
components while still using AWS Lambda at the edge
• Package application dependencies, regardless of size,
into a self-contained image, to ease deployment

127
reserved.
Stream manager
Collect, process, and export

AWS IoT Greengrass AWS Cloud high-volume data streams
from edge devices
Stream manager • Use standardized mechanisms
StreamManagerClient
AWS IoT Analytics for managing local data
processing and retention
policies
Amazon Kinesis • Publish data directly to AWS
Device Lambda Lambda Data Streams IoT Analytics and other AWS
services
• Set policies for data streams
https://docs.aws.amazon.com/greengrass/latest/developerguide/stream-manager.htm

128
reserved.
Greengrass OTA update agent
Update AWS IoT Greengrass devices

• Part of Greengrass core
• Remotely update an AWS IoT Greengrass Core device
with the latest AWS IoT Greengrass software, security updates,
bug fixes, and new features
• Enable bulk updates of many AWS IoT Greengrass devices
at once
• Use fail-safe updates – any breaking change triggers an
automatic revert
• Track status of updates in the AWS IoT console

129
reserved.
Requirements
Minimum requirements for running AWS IoT Greengrass:

• Supported hardware (x86 and ARM systems)
• Linux-based operating systems with kernel version 4.4 or later
• Windows, macOS, and Linux run AWS IoT Greengrass in a Docker
container
• 128 MB disk space for AWS IoT Greengrass Core
• 128 MB RAM for AWS IoT Greengrass Core
• Additional disk and memory for Lambda functions
https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html#gg-
platforms

130
reserved.
FreeRTOS or AWS IoT Greengrass
FreeRTOS AWS IoT Greengrass

• Operates on the edge • Runs local compute, messaging,
• Runs on microcontrollers that data cache, sync, and ML inference
cannot run AWS IoT Greengrass • Runs Lambda functions, Docker
• Typically runs in meters, sensors, containers, or both
automotive control units, fitness • Responds to local events, interacts
trackers, and the like with local resources
• Supports lower hardware • Typically runs in edge devices and
requirements local gateways

131
reserved.
AWS IoT Device and Mobile
SDKs

132
reserved.
AWS IoT Device and Mobile SDKs
Build connected mobile applications using AWS

• AWS Mobile SDK for iOS
• AWS Mobile SDK for Android
SDKs for common programming languages:

• Supports C, C++, Java, JavaScript, Python
• Helps connect hardware devices or mobile devices to AWS IoT Core
• Helps devices interact with device gateway and device shadows
• Supports a variety of devices

133
reserved.
AWS IoT Device SDK for Embedded
C
Enable microcontrollers to connect to AWS IoT
AWS IoT Embedded C SDK enables • Same code as FreeRTOS libraries

customers to connect Receive the same capabilities as
microcontrollers and FreeRTOS
microprocessors using any • Individually distributed
operating system to AWS IoT Integrate individual libraries into
Greengrass or AWS IoT Core projects
https://docs.aws.amazon.com/freertos/latest/userguide/c-sdk.html

134
reserved.
AWS IoT Device Tester

135
reserved.
AWS IoT Device Tester
• AWS IoT Device Tester is a test • AWS IoT Device Tester for
automation tool that lets FreeRTOS
customers test FreeRTOS or AWS Tests if a device will run FreeRTOS and
IoT Greengrass on their choice of interoperate with AWS IoT
https://aws.amazon.com/freertos/device-
devices tester/
• Download AWS IoT Device Tester • AWS IoT Device Tester for AWS IoT
from FreeRTOS and AWS IoT Greengrass
Greengrass product pages Tests if the combination of a device’s CPU
architecture, Linux kernel configuration,
and drivers work with AWS IoT
Greengrass
https://aws.amazon.com/greengrass/device-tester/

136
reserved.
Why AWS IoT Device Tester
Gain confidence Streamline Get listed

• Authenticate AWS testing • Become qualified
IoT services • Set up required cloud through the AWS
• Interoperate with resources Device Qualification
AWS IoT services Program
• Automate compiling
and flashing of test • Submit test results to
cases on the target be listed in the AWS
device for execution Partner Device
Catalog
Partners can submit hardware for technical validation through the AWS Device
Qualification Program (DQP): https://aws.amazon.com/partners/dqp/
137
reserved.
AWS Partner Device Catalog

138
reserved.
Discover qualified hardware
Search for and find devices and

hardware that work with AWS
• Curated catalog of devices from AWS
Partner Network (APN) Partners
• Development kits and embedded
systems
Qualified devices
completed technical
https://devices.amazonaws.com/
validation.

139
reserved.
Amazon Kindle
Problem
The Kindle team sent employees to each country where the
team launched a product because experience has shown that
testing devices in each country uncovers edge cases that are
not encountered in the lab. However, sending individual
employees does not scale well and makes it hard to centrally
capture test results.
Solution
To reduce costs and scale better, the team began building a
device that could be shipped globally and that could enable
them to remotely run tests, as well as allow for dynamic
updates to the test suite. The team chose to use AWS IoT
Greengrass and AWS IoT Core to ensure that the tests could be
reliably run regardless of connectivity.
Impact
Kindle employees now create and deploy test jobs from
continents away by simply writing Lambda functions. The
Kindle team reduced the costs associated with personnel travel
while enabling faster test iteration cycles. AWS IoT provides a
seamless way to handle edge and cloud computing as well as
ensure reliable device connectivity.

140
reserved.
Amazon Kindle
Amazon AWS AWS IoT

SQS Lambda Core
Test job
Amazon AWS Amazon AWS IoT
EC2 Lambda S3 Greengrass
Amazon DynamoDB
Amazon Amazon
ES CloudWatch

141
reserved.
Module 5: Analytics Services
Objectives
In this module, you will learn how to describe how AWS supports
customer needs with the following IoT analytics services:
• AWS IoT SiteWise
• AWS IoT Analytics
• AWS IoT Events
• AWS IoT Things Graph

143
reserved.
IoT analytics services
AWS IoT SiteWise

Collect, organize, and analyze data from industrial equipment at
scale
AWS IoT Analytics
Generate business value from noisy IoT data
AWS IoT Events

Detect and respond to changes across complex industrial
systems
Visually build IoT applications that contain various devices and AWS serv

144
reserved.
Edge AWS Cloud
AWS IoT Device

IoT building blocks
AWS IoT
Industrial
Greengrass
Amazon Amazon
Defender
Amazon Amazon
Things SiteWise
Amazon Amazon
Core Analytics
Kinesis S3
AWS Amazon
Events
Amazon Amazon
Greengrass AWS IoT
SQS SNS
FreeRTOS
145
reserved.
AWS IoT SiteWise

146
reserved.
AWS IoT SiteWise
Collect, organize, and analyze data from industrial equipment at scale
• Collects data from industrial equipment at

scale
• Structures and labels the data
• Generates real-time key performance
indicators (KPIs) and metrics
• Makes better data-driven decisions.

147
reserved.
AWS IoT SiteWise features
Industrial equipment
Ingest
Ingest equipment data into AWS in minutes
Model
Structure data and specify performance metrics for
equipment and processes
Store
Store asset data in a time series optimized data store
Visualize
Create and share dashboards to visualize live and
historical equipment data

148
reserved.
Ingest
Ingest equipment data into AWS
• Read data from devices and

aggregators
• Remotely manage edge gateways
• Natively support data ingestion using
OPC-UA and MQTT protocols

149
reserved.
Model
Create virtual representation of physical assets
• Model equipment
• Model production facilities
• Define properties and formula-based
metrics
• Store equipment data and computed
metrics

150
reserved.
Store
Store data in time series optimized data store
• Store data in a scalable, high performing,

and managed time series data store
• Use the publisher/subscriber interface to
access latest value of properties and
metrics
• Employ query APIs to access historical
values for properties and metrics for
specific time ranges

151
reserved.
Visualize
Manage web applications to visualize equipment data
• Visualize live and historical equipment

data without code or resource
management
• Support single sign-on
• Discover assets
• Create dashboards

152
reserved.
AWS IoT Analytics

153
reserved.
AWS IoT Analytics
Turn noisy raw data into sophisticated IoT analytics
• Use a managed service to collect,

preprocess, enrich, store, and analyze
IoT device data at scale
• Transform raw IoT data with
meaningful structure and context

154
reserved.
AWS IoT Analytics features
Prepare and analyze
Collect
Collect only the data you want to store and analyze
Process
Convert raw data to meaningful information
Store
Store device data in time series data store for analysis
Analyze
Get deeper insight into the health and performance of
assets

155
reserved.
Statistical analysis features
Feature Example use case

• Statistical classification using • Profile device health and state to
logistic regression provide replacement and
replenishment opportunities
• K-means clustering for device • Cluster devices to identify group
segmentation behaviors
• Pre-built notebook templates for • Score anomalies to compare

ML modeling heterogeneous device flights’
health trends

156
reserved.
Collect
Collect equipment data to store and analyze
• Ingest data from AWS IoT Core, Amazon

S3, or Amazon Kinesis, or through PUT
APIs
• Ingest data in binary or JSON format
• Automatically scales based on ingest – no
upfront provisioning needed
• Single-step setup of channels and
pipelines

157
reserved.
Process
Convert raw data to meaningful information
• Conditionally purge messages

• Transform messages
• Enrich data with external data
sources
• Add context to IoT data
• Reprocess raw data

158
reserved.
Store
Store device data in time series optimized data store
• Partitioned by time – supports faster

query response on time series data
• Bring your own Amazon S3 bucket
• Manageable data retention policies

159
reserved.
Analyze
Get deeper insight into asset health and performance
• Query data stores by using standard SQL

• Schedule queries
• Edit and test queries in the console
• Execute custom analysis or use Jupyter
Notebook through scheduled compute
• Visualize results in Amazon QuickSight
dashboards
• Integrate with APIs, console, Jupyter Notebook

160
reserved.
AWS IoT Events

161
reserved.
AWS IoT Events
Monitor, detect change, and trigger responses
• Monitor events from data across

thousands of sensors and other
sources
• Use simple logic to evaluate incoming
telemetry data and detect change
• Trigger responses to optimize
operations

162
reserved.
AWS IoT Events features
Event detector models

Reduce the cost of device maintenance
Integration with analytics tools and other AWS

services
Uncover new insights and trigger actions
Scalability
Automate operations

163
reserved.
Event detector models
Reduce the cost of device maintenance
• Evaluate multiple inputs to derive the state

of processes, equipment, or products
consistently
• Schedule maintenance or send alarms or
alerts before failure occurs
• Improve the efficiency of processes,
products, equipment, and staff

164
reserved.
Integration
Uncover new insights
• Use output from advanced analytics

services to inform better decisions
• Integrate with other AWS services to
trigger actions that optimize operations
and reduce costs
• Use an AWS IoT Events event detector to
provide contextualized data for AWS IoT
SiteWise to evaluate and respond

165
reserved.
Scalability
Automate operations
• Scale is built into AWS IoT Events, as it is

serverless and large scale.
• Scale operations for multiple devices with
a single model.
• Automatically manage all devices of the
models that connect to AWS IoT Events.

166
reserved.

167
reserved.
Visually connect devices and web services to build IoT applications
• Build IoT applications as workflows

• Visually coordinate interactions
between devices and AWS services

168
reserved.
AWS IoT Things Graph features
Connect devices from different manufacturers

Use models to represent devices or web services
Use drag-and-drop user interface (UI)

Visually design applications by connecting devices and services
in the desired workflow sequence
Deploy and monitor in the cloud or at the edge

Execute the workflow in AWS Cloud or on any Greengrass
enabled edge device, and use Amazon CloudWatch to monitor
flows

169
reserved.
Models
escribe the capabilities of a device or service as a set of actions and even
• Models allow interoperability by abstracting low-

level details, such as communication protocols
and message syntax.
• Use prebuilt models for common devices, AWS
services, and logic processing, or build your own.

170
reserved.
Get started with models
1. Create a device model that represents a

generic device type (for example, motion
sensor).
2. Create a device that represents the
capabilities of a manufacturer-specific
model.
3. Associate the thing in the AWS IoT Registry
with a specific device.

171
reserved.
Flows
Sequence of interactions between device models and service models
• Use the design canvas to build applications that visually

represent real-world systems
• Automate processes with branching conditions and
logic with minimal code
• Drag and drop models to connect and define the
running sequence
• Monitor interactions between devices

172
reserved.
AWS IoT Things Graph example

173
reserved.
Deploy flows
Flexible deployment options
• Deploy flows in the AWS Cloud or on

edge devices that run AWS IoT
Greengrass with a few clicks.
• Once deployed, AWS IoT Things Graph
ensures the steps of the flow run in the
desired order.

174
reserved.
Monitor flows
• Monitor cloud workflows with Amazon CloudWatch

• Collect metrics on execution steps, set alarms to
monitor application performance, and troubleshoot
issues

175
reserved.
Problem
In the seed business, breeding research
and supply chain organizations must
gain better and faster visibility into
what’s going on in fields during planting
and harvest.
Solution
AWS IoT helps Bayer Crop Science
manage the collection, processing, and
analysis of seed-growing data. Data
analysts use the new data collection
platform to access data on their mobile
devices via dashboards. The solution
captures multiple terabytes of data from
seed transportation, planting, and
growing in the company’s research fields
across the globe.
Impact
Using AWS IoT, Bayer Crop Science can
provide seed data to analysts in just a
few minutes, instead of a few days. This
helps farmers gain visibility into field
conditions, and provides a robust edge
reserved. processing and analytics framework. 176
Bayer Crop Science
AWS Cloud
AWS IoT Events State management

and analytical actions
Edge
Detec Take Use

AWS IoT SiteWise t action prediction
OPC-UA event s
server s Cross-site views,
AWS IoT Analytics and remote
AWS IoT SiteWise diagnostics
Collection Protocol
gateway conversion
On- Enrichment Batch Asset
premises IoT historian
(edge) pipelines processed modele
historian r GUI
datasets IoT historian (cloud)
Machine learning integration
© 2020 Amazon Web Services, Inc. or its affiliates. All rights Industrial data lake Information models 177
reserved.
Module 6: IoT Deployment
IoT solutions lifecycle
© 2020, Amazon Web Services, Inc. or its affiliates. All rights

179
reserved.
IoT device lifecycle stages
1. Procurement
2. Onboarding
3. Operations
4. Analytics
5. Applications
Each vertical has different procurement and onboarding requirements.

180
reserved.
Procurement

181
reserved.
Industrial IoT
Procurement
AWS IoT Greengrass
Onboarding
Manual onboarding
Operations
Firewalls, networking
Analytics
AWS IoT Analytics
Applications
AWS IoT SiteWise

182
reserved.
Smart home
Procurement
FreeRTOS with AWS SDK
Onboarding
AWS IoT Core and mobile onboarding
Operations
Customer service
Analytics
Usage analytics
Applications
Mobile

183
reserved.
Customer use cases by lifecycle
• What are the customer or APN Partner pain points in

each phase?
• What will your customer use for each phase of the
lifecycle?
• AWS IoT solutions
• AWS services
• Custom solution
• Combinations of these
• Which AWS services best match their use case?

184
reserved.
Procurement
How does the customer pick the right hardware?

Factors to consider:
• Brownfield or greenfield deployment
• Costs
• Capability This is one of the most
consequential phases!
Buying the wrong hardware for a large-
scale deployment or, even worse,
manufacturing the wrong type of device is
hard to undo.

185
reserved.
Procurement
AWS IoT FreeRTOS AWS IoT SDK

Greengrass
AWS Partner Device Catalog

186
reserved.
Onboarding

187
reserved.
Onboarding
How does the device get connected? How do you

know the device’s identity?
• Create a trusted identity for the device
• At manufacturing time:
• Conceal private keys
• Use a factory device certificate to be exchanged with the final cert
• Potential issues
• Manufacturer trust
• Factory connectivity
• Logistics – where and how to provision device certificates

188
reserved.
Onboard a device
Use separate credentials
• Exchange factory certificate for the final certificate
• Provide additional information not known at manufacturing
Connect to regional endpoints

• Use regional endpoints
• Provide endpoint information at bootstrapping
• Use AWS IoT Core Configurable Endpoints
Handle device claiming

• Associate the device to a specific customer account

189
reserved.
Onboard to regional endpoints
Bootstrap Region A
service
2 Determin
1
Get e locality
bootstrap Region B
informatio
CONNEC
n
T
3
Devic AWS IoT
e
Region C

190
reserved.
Onboard devices with AWS IoT
Bootstrap
Devic 1 JITP/JITR/fleet 3
e provisioning Factory
2 Get bootstrap info
CA Cert
(CSR) AWS IoT
5 4
Devic
Bootstra
e cert
p cert Device cert
Product
Create thing,
certificate,
policy
Thing
6 CONNEC
T
ACM Private CA
AWS IoT

191
reserved.
Operations

192
reserved.
Operations
How do you manage a device’s lifecycle?

• Metrics
• Alerting
• Hardware
• Software
• Decommissioning

193
reserved.
Operations: Device side
AWS IoT FreeRTOS AWS IoT SDK

Greengrass

194
reserved.
Operations: Cloud side
AWS IoT Core AWS IoT Device AWS IoT Device

Management Defender

195
reserved.
Device lifecycle management
Ongoing device maintenance Renew or decommission

• Over-the-air (OTA) software • Replace hardware
updates • Decommission device
• Software inventory management • Relocate device
• Configuration changes
• Certificate renewals
• Cost management

196
reserved.
Analytics

197
reserved.
Data lifecycle management
How do customers collect data

from devices?
• Telemetry
• Analytics • Implementing IoT use cases
• Database and storage
leads to big data.
• Big data must be managed to
control operational costs and
maintain the value of the
data.

198
reserved.
Applications

199
reserved.
Applications
How does a customer build applications that interact

with devices? For example:
• Internal or external applications
• Commands
• Visualizations
https://aws.amazon.com/iot-core/resources/

200
reserved.
Companion applications
Customers use companion applications for:

• Real-time notifications Amazon Simple Notification Service
• Real-time monitoring AWS AppSync
• Command/control AWS AppSync or
Amazon API Gateway, AWS Lambda,
and shadow devices
Who/what should applications authenticate?

• External users Amazon Cognito
• Roles

201
reserved.
Companion apps
Product
Lookup
HTTPS 2 device
Companion REST/GraphQL 3 User/device

app API table
Login
1 Update shadow
Amazon Cognito
user pool
4
PUBLISH/SUBSCRIBE
5
Device Device shadow
6 Amazon SNS
mobile
IoT rule notification
7 Push notification
202
reserved.
Design patterns

203
reserved.
Design patterns
• Scale the solution

• Keep and recover messages
• Buffer data
• Process critical events
• Control planes
• Choose data collection protocols and services
• Protect APIs

204
reserved.
Scale IoT solutions
Understand architecture scaling and throttle

points
• Scale endpoints by using AWS IoT
• Explore downstream service scaling options
• Plan message robustness and recovery
• Batch data for efficiency and cost optimization
• Does your data belong on a broker?
Note: AWS IoT services are all built to handle the scaling
of millions of devices and events.

205
reserved.
Message recovery patterns
Understand message failure points and recovery options
• Buffer messages
• Queue messages
Know the difference and explore implementation

options

206
reserved.
Buffer data
Data source
AWS IoT Amazon AWS Lambda

Core Kinesis
buffer
Data source Hold data until it can be processed
• Handle data spikes • Hold data if services are throttled

• Allow downstream services to • Batch and optimize costs
scale
207
reserved.
Backends for resilient event streams
Hold data until the service

can process it:
• Handle data spikes
• Allow downstream services to
Data source AWS IoT Core IoT rule Amazo Processor scale
n
Kinesis
• Hold data if throughput
throttled
Amazo
• Batch data and optimize costs
n SQS
• Process events in parallel
Run multiple event streams, if
needed.
208
reserved.
Critical event processing
Queue data and fan out: Securely hold data until it is
processed.
Integration to event
streams • No limits on
notification and
queuing services
Data source
• Downstream
services that don’t
AWS IoT Amazon AWS Lambda use MQTT to
Core SNS subscribe
• Fast, event-driven
Data source
notification to
retrieve messages
Amazon • Batch and cost
SQS optimization
A fan-out mechanism strengthens the downstream architecture.
209
reserved.
Control plane pattern
Use a control plane to set up high volume telemetry
streaming.
Two-way control channel, MQTT • Not all data belongs on a
broker.
Data source • Control is through broker.
• Telemetry goes directly
AWS IoT Amazon AWS Lambda to buffering service.
Core Kinesis
Buffer
• Can be cost-effective.
Data source • Avoids potential limits.
High-volume telemetry,
video, and similar
The downstream compute component can process from the broker or a stream.
210
reserved.
Device communication protocols
MQTT Basic Ingest HTTPS
Communications Bidirectional MQTT Unidirectional MQTT Unidirectional
Latency Low Low Low
Pub/Sub Yes No Yes
Throughput Low/medium Low/medium High
Processing IoT rules, Lambda IoT rules, Lambda IoT rules, Lambda
CPU Requirements Low Low High
Security Posture Low Medium High
Authentication,
Device IoT policy Device IoT policy Device IoT policy
Authorization
211
reserved.
Data collection service comparison
AWS IoT Analytics Amazon S3 Amazon Kinesis
Communications Unidirectional Unidirectional Unidirectional
Latency Medium High Low
Pub/Sub No No No
Throughput High High Very High
Pipelines, datasets,
Processing Any Analytics
containers
Authentication
Role, IAM policy Role, IAM policy Role, IAM policy
Authorization
212
reserved.
Enhanced device security

reserved.
Protect APIs
Use Amazon API Gateway API protection and identity management
to protect applications.
• Provide a unified entry point for

control systems and applications
Amazon AWS Lambda
• Protect downstream APIs with API
TPS throttling and DDoS Gateway
protection
Enrollment,
• Use platform identity services to recovery
channel
authenticate API requests Amazon
Cognito
Data source AWS IoT Amazon Kinesis

reserved.
Core buffer 214
Security best practices
• Know what is happening with a device

instead of “rotate and pray”
• Do not rotate certificates on an arbitrary
interval
• Have mechanisms for detecting:
• Multiple connections using the same certificate
• Anomalies with device data
• Anomalies with device hardware, unexpected
active interfaces such as SPI/I2C or open ports
Use hardware security
modules/TPMs, PKCS#11 • Detect faulty devices

215
reserved.
Risks of rotating certificates
Know what is happening with devices
• Customer might brick the device and

require physical access to recover it.
• Each time a customer moves certificates
and keys, they risk exposure.
• Rotating certificates does not guarantee
device security.

216
reserved.
• Works in the cloud and on the edge

• Is built into FreeRTOS and AWS IoT Greengrass
• Can be enhanced to match unique device attributes
• Uses predefined models as well as custom, device-
specific ones
• Helps find anomalies in device communications
• Finds policies that are too permissive
• Automates corrective actions

217
reserved.
IoT adoption and deployment
phases
Scaled production
Unlimited number of things
Customer value
Limited production
Up to 1,000 things
Pilot
10–100 things
Prototype
<10 things
IoT adoption over time

218
reserved.
IoT tips and techniques

219
reserved.
With IoT customers, do these things
Start with qualified IoT hardware or AWS IoT device

software
Perform an IoT well-architected review
Send customers to AWS IoT training
Consider with caution how to configure Raspberry Pis
for production – or find more suitable hardware
Help customers get more benefit from AWS than just
AWS IoT

220
reserved.
Edge AWS Cloud
AWS IoT Device

IoT building blocks
AWS IoT
Industrial
Greengrass
Amazon Amazon
Defender
Amazon Amazon
Things SiteWise
Amazon Amazon
Core Analytics
Kinesis S3
AWS Amazon
Events
Amazon Amazon
Greengrass AWS IoT
SQS SNS
FreeRTOS
221
reserved.
Module 7: AWS Resources for
APN Partners
AWS IoT resources

reserved.
AWS IoT resources
https://aws.amazon.com/iot/
224
reserved.
AWS IoT architectural resources
AWS reference architecture

AWS IoT diagrams
Partner and customer Customer

architectures references

225
reserved.
Architecture: AWS Industrial

226
reserved.
Architecture: Connected Home

227
reserved.
AWS IoT solutions
AWS IoT Partner Solutions AWS IoT Solution Repository
AWS IoT – APN Partner Success Stories AWS QuickStarts – IoT

228
reserved.
AWS IoT whitepapers
https://aws.amazon.com/whitepapers
AWS Well-Architected
Core Tenets of IoT
IoT Lens Whitepaper
Securing IoT with AWS Designing MQTT Topics

for AWS IoT Core
229
reserved.
Partner IoT devices
• AWS Device Qualification Program

https://aws.amazon.com/partners/dqp/
• AWS Partner Device Catalog
https://devices.amazonaws.com/

230
reserved.
Hands-on Lab 1
Introduction
to AWS
Internet of
Things
link
231
reserved.
Hands-on Lab 2
Deploy an
end-to-end
IoT
application
link
232
reserved.
APN resources

233
reserved.
Additional training
AWS IoT training
https://aws.amazon.com/partners/training/course-descriptions/
234
reserved.
APN Programs for AWS IoT

235
reserved.
APN Navigate
A prescriptive path to build an AWS business and specialize on AWS
https://aws.amazon.com/partners/navigate/
A prescriptive path to build expertise supporting AWS customer projects for

Internet of Things solutions on AWS

reserved.
AWS Competency Program
Highlight your AWS technical expertise and specialization to differentiate your
business
https://aws.amazon.com/partners/competencies/
Identify, validate, and promote APN Advanced and Premier Tier Partners with
demonstrated AWS technical expertise and proven customer success

reserved.
AWS Service Delivery Program
Demonstrate your AWS service experience
https://aws.amazon.com/partners/service-delivery/
The AWS Service Delivery Program enables AWS customers to identify APN
Consulting Partners with experience and a deep understanding of specific AWS
services.
AWS IoT Partners improve customer experience and outcomes with AWS IoT Core,
AWS IoT Analytics, and AWS IoT Greengrass.
reserved.
Review
1 IoT Opportunity and 4 Device Software

Business Landscape Connect microcontrollers and
Choose AWS products and services for microprocessors to AWS IoT
IoT 5 Analytics Services
2 Introduction to Core IoT Collect, organize, store, process, enrich,
and analyze device data
Technologies
Understand common IoT concepts, 6 IoT Deployment
terminology, and protocols Scale, secure, and optimize IoT
3 Connectivity and Control solutions
Services 7 AWS Resources for Partners
Connect IoT devices, protect them, and Find more information about IoT on
handle their data AWS
239
reserved.
Thank you
© 2020 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior
written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Corrections or feedback on the course, please email
us at: aws-course-feedback@amazon.com. For all other questions, contact us at: https://aws.amazon.com/contact-us/aws-training/. All trademarks are the
property of their owners.

AWS STP IoT On AWS - Technical ForSend

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AWS STP IoT On AWS - Technical ForSend

Uploaded by

Copyright:

Available Formats

AWS STP: IoT on AWS - Technical

AWS Training and Certification

Iniciamos a las (GMT-3)

• Please, check you mic and put in silence.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights

1 IoT Opportunity and 4 Device Software

Devices Data generation Spending

Source: IDC #US45066919, May 2019, IDC #US45373120, September 2019

New services, Improved Better customer Increased Intelligent Data-

Revenue growth Operational efficiency

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

Industrial Connected home Commercial

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

Devices and Connectivity and Analytics and Applications Change

Onboard, Connect, Analyze, Engage, Transform,

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

Broad and deep Multilayered Superior integration

Proven experience Transparent

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

Hardware, software, and services form a value chain

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

Edge to device Connectivity Solution to outcome

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

Edge to device Connectivity Solution to outcome

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

Edge to device Connectivity Solution to outcome

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

Silicon AWS AWS IoT practices

Edge to device Connectivity Solution to outcome

AWS IoT IoT Solutions

From silicon partners

From IHV partners

From ISV, GSI/SI partners

How AWS helps APN Partners

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights

• Is a lightweight, message-based protocol

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

Administration subscribe config_change

 Built for real-time web applications  Use HTTP/S requests in place of

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

Repair service PUB: sn/7530/repair

Reduce equipment load

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

PUB: au/sydney/weather Reduce speed

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

{“status”:”locked”} RULE SELECT: bldg/floor1/+

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

Ensures that traffic is secure and trusted

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

AWS IoT Greengrass

AWS IoT Device SDK

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

AWS IoT Core

AWS IoT Device Management

AWS IoT Device Defender

© 2020 Amazon Web Services, Inc. or its affiliates. All rights

AWS IoT Analytics