Introduction

Q. What is AWS IoT Core?

AWS IoT Core is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT Core can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely. With AWS IoT Core, your applications can keep track of and communicate with all your devices, all the time, even when they aren’t connected.

AWS IoT Core makes it easy to use AWS services like Amazon Kinesis, Amazon S3, Amazon DynamoDB, Amazon CloudWatch, and AWS CloudTrail, to build IoT applications that gather, process, analyze and act on data generated by connected devices, without having to manage any infrastructure.

Q. What does AWS IoT Core offer?

Connectivity between devices and the AWS cloud. First, with AWS IoT Core you can communicate with connected devices securely, with low latency and with low overhead. The communication can scale to as many devices as you want. The AWS IoT service supports standard communication protocols (HTTP, MQTT, and WebSockets are supported currently). Communication is secured using TLS.

  • Connectivity between devices and the AWS cloud. First, with AWS IoT Core you can communicate with connected devices securely, with low latency and with low overhead. The communication can scale to as many devices as you want. The AWS IoT service supports standard communication protocols (HTTP, MQTT, and WebSockets are supported currently). Communication is secured using TLS.
  • Processing data sent from connected devices. Secondly, with AWS IoT Core you can continuously ingest, filter, transform, and route the data streamed from connected devices. You can take actions based on the data and route it for further processing and analytics.
  • Application interaction with connected devices. Finally, the AWS IoT service accelerates IoT application development. It serves as an easy to use interface for applications running in the cloud and on mobile devices to access data sent from connected devices, and send data and commands back to the devices.

Q. How does AWS IoT Core work?

Connected devices, such as sensors, actuators, embedded devices, smart appliances, and wearable devices, connect to AWS IoT over HTTPS, WebSockets, or secure MQTT. Included in AWS IoT Core is a Device Gateway that allows secure, low-latency, low-overhead, bi-directional communication between connected devices and your cloud and mobile applications.

The AWS IoT service also contains a Rules Engine which enables continuous processing of data sent by connected devices. You can configure rules to filter and transform the data. You also configure rules to route the data to other AWS services such as DynamoDB, Kinesis, SNS, SQS, and CloudWatch for further processing, storage, or analytics.

There is also a Device Registry where you can register and keep track of devices connected to AWS IoT Core, or devices that may connect in the future. The Device Shadows in the AWS IoT service enable cloud and mobile applications to query data sent from devices and send commands to devices, using a simple REST API, while letting AWS IoT Core handle the underlying communication with the devices. The shadows accelerate application development by providing a uniform interface to devices, even when they use one of the several IoT communication and security protocols with which the applications may not be compatible. Shadows also accelerate application development by providing an always available interface to devices even when the connected devices are constrained by intermittent connectivity, limited bandwidth, limited computing ability or limited power.

Communication with AWS IoT Core is secure. The service requires all of its clients (connected devices, server applications, mobile applications, or human users) to use strong authentication (X.509 certificates or AWS IAM credentials). All communication is encrypted. AWS IoT also offers fine-grained authorization to isolate and secure communication among authenticated clients.

Similar to other AWS services, users can access AWS IoT Core via the AWS Management Console. Applications can access AWS IoT easily with the AWS SDKs available for several programming languages. AWS IoT Core further simplifies development and operations of IoT applications by integrating with Amazon CloudWatch.

To simplify the development of code running on connected devices, AWS IoT Core provides open-source device SDKs for C, Node.js, and the Arduino Yún platform. AWS IoT Core has also partnered with hardware manufacturers to make the AWS IoT Device SDKs available on several IoT, embedded OS, and micro-controller platforms.

Q: Which AWS regions is AWS IoT Core service available in?

Please go to https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services .

You can use AWS IoT Core regardless of your geographic location, as long as you have access to one of the AWS regions with AWS IoT service.

Q: How do I get started with using AWS IoT?

Use the AWS IoT Core console or refer to the Quickstart section of our developer guide to test drive the AWS IoT service in minutes. 

Refer to the AWS IoT Core documentation for further details.

Accessing AWS IoT Core

Q. What are the ways for accessing AWS IoT Core?

You can use the AWS Management Console, the AWS SDKs, and the AWS IoT APIs to access the AWS IoT service. Connected devices can use the AWS IoT Device SDKs to simplify the communication with the AWS IoT service.

The AWS IoT Core APIs and commands are largely divided into control plane operations and data plane operations. The control plane operations enable you to do tasks such as configuring security, registering devices, configuring rules for routing data, and setting up logging. The data plane operations enable you to ingest data from connected devices into AWS IoT Core with low latency and high throughput rate at a large scale.

Q. What communication and authentication protocols does AWS IoT Core support?

For control plane operations, AWS IoT Core supports HTTPS. For data plane operations, AWS IoT Core supports HTTPS, WebSockets, and secure MQTT – a protocol often used in IoT scenarios.

HTTPS and WebSockets requests sent to AWS IoT Core are authenticated using AWS IAM, which support the AWS SigV4 authentication. If you are using the AWS SDKs, the SigV4 authentication is taken care of for you under the hood. HTTPS requests can also be authenticated using X.509 certificates. MQTT messages to AWS IoT Core are authenticated using X.509 certificates.

Q. Can devices that are NOT directly connected to the Internet access AWS IoT Core?

Yes, via a physical hub. Devices connected to a private IP network and devices using non-IP radio protocols such as ZigBee or Bluetooth LE can access AWS IoT Core as long as they have a physical hub as an intermediary between them and AWS IoT Core for communication and security.

Q. How should applications access AWS IoT Core?

Applications connecting to AWS IoT Core largely fall in two categories: 1. companion apps and 2. server applications. Companion apps are mobile or client-side browser applications that interact with connected devices via the cloud. A mobile app that lets a consumer remotely unlock a smart lock in the consumer’s house is an example of a companion app. Server applications are designed to monitor and control a large number of connected devices at once. An example of a server application would be a fleet management website that plots thousands of trucks on a map in real-time.

AWS IoT Core enables both companion apps and server applications to access connected devices via uniform, RESTful APIs. Applications also have the option to use pub/sub to communicate directly with the connected devices.

Server applications (such as a mapping application running on Amazon EC2) can use IAM roles to access AWS IoT Core.

Q. Can I get a history of AWS IoT Core API calls made on my account for security analysis and operational troubleshooting purposes?

Yes, to receive a history of AWS IoT Core API calls made on your account, you simply turn on CloudTrail in the AWS Management Console.

Management Console

Q: What is new with the console?

  • The AWS IoT Core Console has a new visual design for improved usability and navigation.
  • Things, types, certificates, policies, and rules are easier to find in their respective areas.
  • Account-level metrics are now visible on a new dashboard.
  • The MQTT web client has been streamlined to troubleshoot IoT solutions.
  • A new wizard has been added to connect devices in a few, short steps.
  • Thing details now include a real-time feed of lifecycle events and shadow activity.

Q. How do I send feedback?

To send feedback, click on the “Feedback” link in the footer bar of the console.

Device Gateway

Q: What is the Device Gateway?

The Device Gateway forms the backbone of communication between connected devices and the cloud capabilities such as the AWS IoT Rules Engine, Device Shadows, and other AWS and 3rd-party services.

The Device Gateway supports the pub/sub messaging pattern, which enables scalable, low-latency, and low-overhead communication. It is particularly useful for IoT scenarios where billions of devices are expected to communicate frequently and with minimal delay. Pub/sub involves clients publishing messages on logical communication channels called ‘topics’ and clients subscribing to topics to receive messages. The device gateway enables the communication between publishers and subscribers. Traditionally, organizations have had to provision, operate, scale, and maintain their own servers as device gateways to take advantage of pub/sub. AWS IoT service has eliminated this barrier by providing the AWS IoT device gateway.

The Device Gateway scales automatically with your usage, without any operational overhead for you. AWS IoT Core supports secure communication with the device gateway, AWS-account level isolation, as well as fine-grained authorization within an AWS account. The device gateway currently supports publish and subscribe over secure MQTT and WebSockets, as well as publish over HTTPS.

Q. What is MQTT?

MQTT is a lightweight pub/sub protocol, designed to minimize network bandwidth and device resource requirements. MQTT also supports secure communication using TLS. MQTT is often used in IoT use cases. MQTT v3.1.1 is an OASIS standard, and the AWS IoT device gateway supports most of the MQTT specification.

Rules Engine

Q: What is the AWS IoT Core Rules Engine?

The AWS IoT Core Rules Engine enables continuous processing of inbound data from devices connected to the AWS IoT service. You can configure rules in the Rules Engine in an intuitive, SQL-like syntax to automatically filter and transform inbound data. You can further configure rules to route data from the AWS IoT service to several other AWS services as well as your own or 3rd party services.
Here are just a few example use cases of rules:

  • Filtering and transforming incoming messages and storing them as time series data in DynamoDB.
  • Sending a push notification via SNS when the data from a sensor crosses a certain threshold.
  • Saving a firmware file to S3
  • Processing messages simultaneously from a multitude of devices using Kinesis
  • Sending a command to a group of devices with an automated republish

Q. How are the rules defined and triggered?

An AWS IoT Core rule consists of two main parts:

  • A SQL statement that specifies the pub/sub topics to apply the rule on, data transformation to perform, if any, and the condition under which the rule should be executed. The rule is applied on every message published on the specified topics.
  • An actions list that defines the actions to take when the rule is executed, that is, when an incoming message matches the condition specified in the rule.

Rule definitions use a JSON-based schema. You can directly edit the JSON or use the rules editor in the AWS Management Console.
As an example, here is a rule for saving temperature data from a sensor to DynamoDB whenever the temperature is above 50:

{
    "sql": "SELECT * from 'iot/tempSensors/#' WHERE temp > 50",
    "description": "Rule to save sensor data when temperature is about 50",
    "actions": [
     {
            "dynamoDB": {
            "tableName": "HighTempTable",
            "roleArn": "arn:aws:iam::your-aws-account-id:role/dynamoPut",
            "hashKeyField": "key",
            "hashKeyValue": "${topic(3)}",
            "rangeKeyField": "timestamp",
            "rangeKeyValue": "${timestamp()}"
            }
        }
    ]
}

Sensors in this example are publishing on their topics under “iot/tempSensors/”. The first line of the rule defines the SQL SELECT statement used to query on the “iot/tempSensors/#” topic. It contains a WHERE clause that extracts the value of a ‘temp’ field in the message’s payload and checks if it passes the condition ‘greater than 50’. If the condition is met, the data is stored in the specified DynamoDB table. The example uses built-in functions for tasks such as traversing the message payload and getting current time.

Q. Where can I learn more about rules?

You can learn more about rule here AWS IoT Core Rules documentation

Device Registry and Device Shadows

Q. What is the AWS IoT Core Device Registry and what should I use it for?

IoT scenarios can range from a small number of mission-critical devices to large fleets of devices. The AWS IoT Device Registry allows you to organize and track those devices. You can maintain a logical handle in the Device Registry for every device you are connecting to AWS IoT. Each device in the Device Registry can be uniquely identified and can have metadata such as model numbers, support contact, and certificates associated with it. You can search for connected devices in the Device Registry based on the metadata.

Q. What is a Thing Type?

Thing Types allow you to effectively manage your catalogue of devices by defining common characteristics for devices that belong to the same device category. In addition, a Thing associated with a Thing Type can now have up to 50 attributes including 3 searchable attributes.

Q. What is Simplified Permission Management?

This feature allows you to easily manage permission policies for a large number of devices by using variables that reference Registry or X.509 certificate properties. The integration of Registry and Certificate properties with device policies offers the benefits listed below:

  • You can now reference Device Registry properties in device permission policies. Referencing device properties defined in the Device Registry allows your policies to reflect any changes made in the Device Registry. For example, by referencing the Thing Attribute named “building-address” as a variable in the policy, devices will automatically inherit a new set of permissions when they move buildings.
  • You can share a single generic policy for multiple devices. A generic policy can be shared among the same category of devices instead of creating a unique policy per device. For example, a policy that references the “serial-number” as a variable, can be attached to all the devices of the same model. When devices of the same serial number connect, policy variables will be automatically substituted by their serial-number.

Q. What is the Device Shadows?

The Device Shadows enable cloud and mobile applications to easily interact with the connected devices registered in AWS IoT Core. A Device Shadow in AWS IoT Core contains properties of a connected device. You can define any set of properties applicable to your use case. For example, for a smart light bulb, you might define ‘on-or-off’, ‘color’, and ‘brightness’ as the properties. The connected device is expected to report the actual values of those properties, which are stored in the Device Shadow. Applications get and update the properties simply by using a RESTful API provided by the AWS IoT service. The AWS IoT service and the AWS IoT Core Device SDKs take care of synchronizing property values between the connected device and its shadow in AWS IoT Core.

Q. Do I have to use the Registry and the Device Shadows?

You can have applications communicate directly to the connected devices using the Device Gateway and/or the Rules Engine in AWS IoT Core. However, we recommend using the Device Registry and Device Shadows since they offer richer and more structured development and management experience that lets you focus on the unique value you want to create for your customers rather than having to focus on the underlying communication and synchronization between the connected devices and the cloud.

Q. What is the lifecycle of a device and its Device Shadow in AWS IoT Core?

  • You register a device (such as a light bulb) in the Registry.
  • You program connected device to publish a set of its property values or ‘state (“I am ON and my color is RED”) to the AWS IoT Core service.
  • The last reported state is stored in the Device Shadow in AWS IoT Core.
  • An application (such as a mobile app controlling the light bulb) uses a RESTful API to query AWS IoT Core for the last reported state of the light bulb, without the complexity of communicating directly with the light bulb.
  • When a user wants to change the state (such as turning the light bulb from ON to OFF), the application uses a RESTful API to request an update, i.e. sets a ‘desired’ state for the device in AWS IoT Core. AWS IoT Core takes care of synchronizing the desired state to the device.
  • The application gets notified when the connected device updates its state to the desired state.

Q. Where can I learn more about the Device Registry and the Device Shadows?

For more information on the Registry, see the AWS IoT Core Device Registry. For more information on the Device Shadow, see the AWS IoT Device Shadows.

Security and Access Control

Q. Can I configure fine-grained authorization in AWS IoT Core?

Yes. Similar to other AWS services, in AWS IoT Core you have fine-grained control over the set of API actions each identity is authorized to invoke. In addition, you have fine-grained control over the pub/sub topics that an identity can publish or subscribe to, as well as over the devices and shadows in the Device Registry that an identity can access.

Q. Where can I learn more about Security and Access Control in AWS IoT Core?

For more information, see AWS IoT Core Security and Identity.

AWS IoT Device SDK

Q. What is the AWS IoT Device SDK?

The AWS IoT Device SDKs simplify and accelerate the development of code running on connected devices (micro-controllers, sensors, actuators, smart appliances, wearable devices, etc.). First, devices can optimize the memory, power, and network bandwidth consumption by using the Device SDKs. At the same time, Device SDKs enable highly secure, low-latency, and low-overhead communication with built-in TLS, WebSockets, and MQTT support. The Device SDKs also accelerate IoT application development by supporting higher level abstractions such as synchronizing the state of a device with its shadow in the AWS IoT service.

AWS IoT Device SDKs are freely available as open-source projects. For more details visit our Developer Resources page.

Q: Which programming languages does the AWS IoT Device SDK support?

AWS currently offers the AWS IoT Device SDKs for C and Node.js languages, as well as for the Arduino Yún platform.

AWS IoT Device SDKs are open-source. You can port them to the languages and hardware platforms of your choice if they are not supported already.

Q: Should I use AWS IoT Device SDK or the AWS SDKs?

The AWS IoT Device SDK complements the AWS SDKs. IoT projects often involve code running on micro-controllers and other resource-constrained devices. However, IoT projects often include application running in the cloud and on mobile devices that interact with the micro-controllers/resource-constrained devices. AWS IoT Device SDKs are designed to be used on the micro-controllers/resource-constrained devices, while the AWS SDKs are designed for cloud and mobile applications.

Q: Where can I learn more about AWS IoT Device SDK?

For more information on the AWS IoT Device SDKs, see AWS IoT Device SDKs.