I work with companies all over the world who need help building everything from interactive screens to industrial equipment. In recent years, I’ve seen that powering the best customer experiences and most reliable applications means leveraging cloud solutions like AWS IoT Core. Getting started working with cloud services from a hardware background can be an intimidating journey that requires learning a lot of new concepts and best practices. For that reason, I wanted to share my experience and help bridge the gap between those skillsets.
In this tutorial I’ll show you how to connect your Raspberry Pi Device with AWS IoT Core in order to communicate with it securely from the cloud. I’ll cover everything from the hardware and peripherals you need to how to use the AWS IoT Core console UI to control your Raspberry Pi, and everything in between!
Before You Start
Let’s make sure you have all the materials we’re going to be using in this tutorial. For the first section of this guide, you’ll need:
Hardware:
- A Raspberry Pi 4 – I’m using the one found in this kit here which comes with a bunch of useful additions like a fan, enclosure, heat sinks, power cables, and micro SD card and it’s very easy to get started with. I have the 4GB starter kit but any of the three options listed should work.
- A microSD card with 8GB of space or more (included with the kit above)
- A power cable for the Pi (included with the kit above)
- An HDMI to micro HDMI cable (included with the kit above)
- A microSD card reader for your computer (included with the kit above). You can get a USB adapter like the one in the kit or an SD card adapter like this. If you have a new Mac computer you may want to get one like this.
- A USB keyboard
- A USB mouse
- A monitor with an HDMI port to display the Raspberry Pi’s Screen
- Something to integrate with the GPIO pins in your Raspberry Pi later when we configure the Raspberry Pi to interact with the cloud. In my case, I’ll be using a kit like this. That contains everything I need including a breadboard, LEDs, resistors, jumper wires a Raspberry Pi extension board and forty pin cable extension.
Software and Accounts:
- An Amazon Web Services (AWS) Account. It’s free and you can create one here. After you create the account, make sure to save your login details somewhere as we’ll need them later.
Step 1: Setup Your Hardware
Before we get our Raspberry Pi connected to AWS we need to finish the process of booting up the machine and installing some dependencies.
If you’re working with the Raspberry Pi kit I linked above, here is an excellent video on how to get your Raspberry Pi setup inside the enclosure, how to add the heat sinks, install the fan, and get the operating system setup for the first time. One thing to note here is that we will eventually be taking the Raspberry Pi back out of this enclosure later to integrate it with other things such as the bread board and LEDs in the kit I link to above.
You should be able to boot up our Raspberry Pi and finish setting it up as shown in the video. After the operating system installs on the device, we connect to a Wi-Fi network, set the other basic settings, and then we can apply the updates it asks us if we’d like to install. When you’re done, reboot the device.
Step 2: Create an IoT Thing in Your AWS IoT Thing Registry
The next step is to register this IoT Device inside of AWS and get the credentials that will allow you to connect back and forth with the cloud.
Start by signing into your AWS Account while you’re on the Raspberry Pi. You can open up the Raspberry Pi OS web browser and go to aws.amazon.com before clicking “create account” or “sign in”.
On the create an account page there should be an option to sign into an AWS Account where you can enter in your credentials.
- The Allow checkbox means that this policy will allow specific actions on AWS cloud resources. You could also set a policy that explicitly denies permissions to AWS but by default AWS denies all actions unless granted explicitly.
- The “iot:*” action means that you are talking about ALL actions under the AWS IoT service umbrella. The asterisk indicates the “all” part here.
- The Resource ARN indicates what specific AWS resources you can perform these IoT actions on. In this case, you’re referring to any AWS resource.
- One-click certificate creation (recommended) – AWS generates a public/private key that we’ll be using for your device. It then takes the public key and makes a Certificate Signing Request or CSR that it signs with its own CA Private Key to generate a certificate we can use on our device. This all happens in the background and then AWS allows us to download the public/private key and the certificate it created for us so we can authenticate our device later on. We also download a Root CA certificate from AWS that we use to authenticate our connection with AWS.
- Create with Certificate Signing Request – With this approach, we have our own public and private key already, either on our laptop or maybe provisioned already on our IoT device. We then use our keys to create a certificate signing request on our end before sending that CSR to AWS. AWS will then send us back a certificate which we can use in combination with our private key on the device. But like the first option, this requires us to have permissions to call AWS APIs for every new certificate we want to generate.
- Use my Certificate – Alternatively, we can register our own certificate authority certificate so that we can sign one or many kinds of devices. Then, we can use that certificate to sign new certificate requests without having to make a request to AWS. This is the most common approach when working on production services where we are creating a large number of devices where we want to provision a unique certificate for each.
pip3 install awsiotsdk
--cert <your-certificate-name>-certificate.pem.crt \
--key <your-certificate-name>-private.pem.key \
--root-ca AmazonRootCA1.pem \
--thing-name raspi \
--shadow-property light
--cert fdd885eb3a-certificate.pem.crt \
--key fdd885eb3a -private.pem.key \
--root-ca AmazonRootCA1.pem \
--thing-name raspi \
--shadow-property light
- A breadboard
- A Raspberry Pi GPIO Extension Board
- A 40-pin extension cable
- One red LED
- One 10K Ohm resistor
- Two jumper wires
>>> setup()
>>> turn_on()
>>> turn_off()
>>> destroy()
--cert fdd885eb3a-certificate.pem.crt \
--key fdd885eb3a -private.pem.key \
--root-ca AmazonRootCA1.pem \
--thing-name raspi \
--shadow-property light