AWS has a lot of analytical and storage services that can be used with data generated by IoT devices. However, to leverage these services, the initial step involves transmitting the data generated by IoT devices to AWS. This is where IoT Core comes into play, as it allows us to connect our IoT devices to the AWS ecosystem. Furthermore, it seamlessly integrates with various AWS services, enabling us to efficiently analyze and process the data.
Here are the steps to set up the required IoT Core infrastructure:
First, we need to create an endpoint that the IoT Core will use to receive the data sent by our device. That endpoint is called IoT thing. It acts as a virtual device on the cloud.
To create an IoT thing, we can use the aws iot create-thing
command. This command requires the thing name as an argument, thing-name
. This command is given below with the required argument. Copy this command and use the terminal at the bottom to execute it.
Note: We’ll use the terminal at the bottom to execute all the commands. The start script of the terminal will configure the AWS environment so we can get started right away.
aws iot create-thing --thing-name IoT-thing
To publish messages to the IoT Core, the publishing device first needs to authenticate with the IoT Core. To do that, it is required to use an X.509 certificate. There is an IoT policy attached to this certificate that specifies the permissions that the publishing device has. Before we generate the certificate that we’ll use to authenticate the publishing device, let’s create the IoT policy that we’ll attach with that certificate. We can use the aws iot create-policy
command to create the required IoT policy. With this command, we send the permissions written in JSON format as an argument, policy-document
. Use the command given below to create the IoT policy:
aws iot create-policy --policy-name IoT-policy --policy-document '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "iot:Publish","Resource": "arn:aws:iot:us-east-1:*:topic/IoT-topic"}]}'
This command will create an IoT policy, IoT-policy
, that allows the authenticated device to send the data to the IoT thing we created earlier.
Let’s move to the next step and generate the certificate the device will use for authentication. To generate a certificate, we can use the aws iot create-keys-and-certificate
command. An additional flag set-as-active
sets the certificate as active and ready to be used. Generate the certificate using the command given below:
aws iot create-keys-and-certificate --set-as-active
A certificate will be generated, and you’ll get its metadata in response. Copy the Ctrl+z
to return to the current shell. The ARN will be required to refer to the certificate in the next steps.
We now have the required security resources. The next step is to connect them. Let’s start by connecting the IoT thing with the certificate. To do that, we can use the aws iot attach-thing-pricipal
command. We’ll send the IoT thing name and the certificate ARN using the thing-name
and principal
arguments respectively. Replace <certificate-arn>
with the ARN of your certificate in the command given below and execute this command.
aws iot attach-thing-principal --thing-name IoT-thing --principal <certificate-arn>
Now, we’ll connect IoT-policy
we created earlier with the certificate so that the entity using this certificate gets the required privileges. For that, we can use the aws iot attach-policy
command. We’ll send the IoT thing name and certificate’s ARN as arguments with this command. Replace <certificate-arn>
with the ARN of our certificate in the command given below and execute it to attach the policy with the certificate:
aws iot attach-policy --policy-name IoT-policy --target <certificate-arn>
We’ve successfully configured the required security credentials. Any device that uses the generated certificate for authentication will now be able to publish data to our IoT thing.
Now that everything is set up, let’s publish some data to our IoT thing and effectively to IoT Core. To publish the data, we’ll use the aws iot-data publish
command. This command publishes the data using the MQTT protocol. It requires a topic as an argument. A topic is like a path parameter of a URL used to distinguish between the receivers. It doesn’t need to be configured and can be anything we want. We’ll use IoT-topic
as the topic for our message. Along with the topic name, we’ll send our data as an argument in our command. Replace <payload>
with the data you want to send and execute this command to send data to the IoT Core.
aws iot-data publish --topic IoT-topic --payload "$(echo -n "<payload>" | base64)"
Our data is successfully published to IoT Core. We can now use other AWS services to store, process, and analyze this data.
These are the few simple steps we need to perform to connect our IoT devices with AWS so that we can use other AWS services to process our data as we want.
Run the commands given above using this widget. Enter your AWS access_key_id
and secret_access_key
in the widget below before running any commands. If you don’t have these keys, follow the steps in this documentation to generate the keys.
Note: The IAM user whose credentials are being used must have the permissions to perform all the required actions. In case, you're unfimiliar with how to set up these permission, go through this guide provided by AWS to learn about it.
Free Resources