IoT Core: Creating a Thing (Blog #4)

30 Apr 2020

Introduction to AWS IoT Core

The AWS IoT Core is a cloud service that provides IoT devices a gateway to connect and interact with the complete AWS infrastructure. Devices access the IoT Core service through the lightweight, publish-subscribe MQTT (Message Queuing Telemetry Transport) protocol. AWS's MQTT protocol implementation is based on the 3.1.1 version and for reasons unknown to me, AWS deviates from the MQTT protocol specification.

The way devices interact with the IoT core works like this: Devices connect to an AWS MQTT broker (a server that receives all messages from the clients and then routes the messages to the appropriate destination clients) through a secure channel. While connected, devices and brokers can send and receive messages depending on how they are programmed or configured. Rules define how the received messages are handled, for instance by redirecting them to other AWS services.

Lets take a look on how MQTT publishing and subscribing work. Both of these operations are performed on topics, which are like addresses. A published message can only be received by devices that subscribed to the topic to which the message was published. Lets suppose that there are two devices, one uses multiple temperature sensors to measure the temperature of multiple machines in a room, while the other device controls the power of a fan. The fan controlling device is subscribed to the "fan/control" topic to receive control messages. If the temperature measuring device detects that temperature of a sensor is above a certain threshold, it publishes a "turn on fan" message to the "fan/control" topic, this message is then received by the fan controlling device, that then turns the fan on.

Creating a Thing

A Thing is an object that represents an IoT device in the IoT Core platform. It is through this object that IoT devices connect to the IoT Core which acts as a gateway for IoT devices to communicate between each other and with other AWS services.

To create a Thing I selected from the left menu "Manage-Things":

Then I pressed "Register a thing":

Here I can select if I want to create a single Thing or many Things. The IoT Core service supports handling billions of devices and many bulk operations, such as creating many things, but as expected, handling large amount of devices is quite more challenging than handling them individually. I pressed the "Create a single Thing" button:

I called my thing "TestThing". The Thing type is a classifies the Thing, each Thing can be classified only as one Thing type (ie: "SmartCage"). Things can also be grouped (ie: "PSOC6") in as many as 50 groups. Attributes are properties of the devices (ie: "serial number"). Then finally we can set the shadow, which is a special MQTT topic that a Thing can use to notify its current state (or the last state before getting disconnected) to AWS services or other devices, and also allow AWS services to send messages to the device. To make debugging easier its always a good plan to keep things as simple as possible, so I just pressed next without setting anything else but the name of the Thing:

To connect to the AWS MQTT broker I need a certificate, a private key and a root CA. The simplest solution is to let AWS create them by pressing the "Create certificate" button:

These files can only be downloaded while the page is open, if they are not, a new certificate will have to be created, or otherwise the device won't be able to connect to the MQTT broker. The device requires 3 files to connect to the broker: the Thing certificate, the private key, and the root CA. After downloading the files I activated the certificate by pressing the "Activate" button, then I pressed the "Attach a policy" button:

Policies define the certificate access permissions to MQTT topics, but as I didn't have any policy, I pressed "Register Thing" to complete the Thing creation process.

Creating and attaching a policy to a certificate

Now I needed to create a policy so that the device could connect to the MQTT broker. Policies are attached to certificates which are attached to Things. Ideally each Thing should have its own certificate, but policies are usually shared by many Things.

To create a policy I selected "Secure-Policies" from the left menu:

And pressed the "Create a policy" button:

Policies specify the permissions to access MQTT topics, and should be as restrictive as possible, but for debugging purposes I'm gave the policy full access to all MQTT resources. I pressed "Create" and the policy got created.

To attach the Policy to the certificate I selected "Secure-Certficates" from the left menu:

Marked the certificate (which I created while creating the Thing), pressed the "Actions" button and then "Attach policy":

I marked the "TestPolicy" policy and pressed Attach.

And finally I was ready to connect the IoT device to the AWS Core!!!

Top Comments

dubbie over 4 years ago +1

Looks like you are making good progress with ' Things'. Also, the first two images would not load. I tried opening them in a new Tab but the Element14 web site then said they didn't exist. The rest of…

dubbie over 4 years ago

Looks like you are making good progress with ' Things'. Also, the first two images would not load. I tried opening them in a new Tab but the Element14 web site then said they didn't exist. The rest of the images were fine.

Dubbie
- Cancel
- Vote Up +1 Vote Down
- Sign in to reply
- More
- Cancel