Getting Started with AWS IoT using the Console

June 13, 2021 |  | IoT

AWS | AWS Console | Getting Started | IoT | MQTT | Node.js | X.509

Photo by Compare Fibre on Unsplash  

This post walks you through how to get started using AWS IoT using the AWS Console. You will need to setup an AWS account to follow along with these steps. By the end of this blog post you would have simple program sending data from your local machine (that is acting like an IoT device) to AWS IoT Core. Additionally, at the end of the steps you will get to read an overview of what is happening under the hood when you follow these steps.

We will use the Asia Pacific (ap-south-1) region for this post – as you can see from the image below “Mumbai” has been selected in the top right corner of the console. The steps will apply to all other regions as well. Next to the region is the username and account number that is blocked from these images for security and privacy. This post assumes you are familiar with basic Internet of Things (IoT) principles and know what MQTT protocol is.

  1. After logging on to your AWS console, select the “IoT” service, on the AWS IoT console, in the side bar menu click on “Onboard” and then “Get Started”. You will see a screen similar to the one below.

Onboarding a device is setting up an IoT device in AWS IoT. This is also referred to as provisioning or registration. The screen shows two options to onboard a single device, and to onboard many devices at the same time. Click on the “Get started” in the “Onboard a device”.

2. Clicking on the Get started will get you to the following step in the AWS IoT Console:

The page provides an overview of the steps that will be carried out.

3. When you click on “Get started” on the last page (the image above), you will be at page where it will prompt you to select what operating system, and programming language you would like to use. This blog post was put together on Linux/Mac system using Node.js as you can see from the image below.

Note that for Node.js – you need to have the Node and NPM installed. Also note that the machine or PC that you will use to connect to AWS IoT should be able to access the public internet on port 8883.

4. In this step we are ready to register a new thing, and first step is to give it a name. As you can see from the image below, the name given is “virtualdevice”. We not choosing an existing thing or setting any optional configuration for this simple tutorial.

5. After clicking “Next Step” in the image above – AWS IoT will set everything up and will create the resources shown on this page. You can observe the green status bar indicating that the ‘thing’ was created successfully. Proceed to download the package that AWS IoT has put together by clicking on the “Linux/OSX” button.

Notice the “Preview Policy” – clicking that would show you the access control permissions granted to this “virtualdevice” that will connect to AWS IoT Core. If you preview the policy, you will notice that it has 3 main sections – granting permission to this device to connect, subscribe, publish and receive.

6. After you have downloaded the Zip file with all the resources – you should have a file “connect_device_package.zip” on your local machine. The next screen after downloading the zip files provides instructions on what to do next. You will have to run three steps – unzip the file, make the shell script (start.sh) executable and then run the script.

Review Step 8 to get the details on setting up, installing and running the package.

7. When you click done and go to your terminal to run the script – the next screen would show you that everything was a success.

Review Step 8 to get the details on setting up, installing and running the package.

8. Let us dive little deeper on running the sample package.

In your terminal window, switch to the folder where you have the Zip file downloaded, and unzip the package (the -d option creates a folder called ‘virtualdevice’ and puts the files in that folder. After unzipping change to the ‘virtualdevice’ folder and then make the ‘start.sh’ executable.

>>>>>Code Start

❯ unzip connect_device_package.zip -d virtualdevice
Archive:  connect_device_package.zip
inflating: virtualdevice.private.key
inflating: virtualdevice.public.key
inflating: virtualdevice.cert.pem
inflating: start.sh

❯ ls virtualdevice
start.sh
virtualdevice.cert.pem
virtualdevice.private.key
virtualdevice.public.key

❯ cd virtualdevice

❯ chmod +x start.sh

<<<<< Code End

Now you are ready to run the script – ‘start.sh’. Running the script will result in installing the AWS IoT SDK for Node.js along with sample program as shown in the image below:

You will observe at the end of the image above – the “Running pub/sub sample application” and the ‘connect’ message. That ‘connect’ message is output after a successful connection to AWS IoT Core.

In order for the sample program to connect with AWS IoT Core – it needs the following:

  • An AWS IoT Root CA Certificate which is downloaded by the certificate. This certificate allows the sample program (pretending to be the IoT device, and hence we are calling it virtual) to authenticate the AWS IoT Core endpoint.
  • It needs the Private Key (the file virtualdevice.private.key) and the X.509 certificate (the file virtualdevice.cert.pem) in order for AWS IoT Core to accept the device and allow connections or data from it.
  • Remember the policy in Step 5 above? Besides needing the certificates and keys in Step A & B – the Policy has to be attached to the certificate in AWS, and the policy has to grant permissions in order for the device to connect, publish, subscribe, receive. If those permissions are not granted, then the device will not be able to perform the operations. For example, in the policy shown in Step 5 – in the last section where you setup the connect permission – if the “Effect” permission in the policy is changed from Allow to Deny – the device will not be able to connect.

The following images show how the ‘virtualdevice’ shows up in the “Things” menu of AWS IoT Console, and clicking in the ‘virtualdevice’ will show you the details of this particular device. And the third image shows the certificate attached to the virtualdevice. An important point to note AWS IoT holds the public key for this device, and when you downloaded the package you had the private key.

9. The important question to ask is the sample program sending any data or not, and how do we see if the data is making it to AWS IoT. The way to check the data is simple – in AWS IoT Console on the left-hand menu bar – click on “Test” and then on the “MQTT Client” – this sets up a test client in AWS Console. In “Subscribe to a topic” field at the top of the page as shown in the image – type in the hash symbol “topic_2” and click subscribe. The ‘topic_2’ is where the sample program is publishing the data. You can then see data coming in from the ‘virtualdevice’ into AWS IoT Core.

You have successfully connected your device to the AWS IoT Core and published messages to it. Stay tuned, future blog posts will be demonstrate how to setup a device or a thing with AWS IoT Core programmatically using Python, AWS IoT SDK and the Boto3 library.