Embed Size (px)
Citation preview
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
John Burry, Senior Manager, Solutions Architecture
July 13, 2016
Getting Started with AWS IoT
The “Internet of Things”
(plural)
Things are NOT static assets
The customer has many identities
The home is someone’s
enterprise
Disruption is a process, not a
moment in time
“There is nothing in that patent except as a toy.”
William Orton
The “Internet of Things”
(plural)
AWS IoT
Routing noise
Publish / Subscribe
Standard protocol support
MQTT, HTTP, WebSocket
Long-lived connections
Receive signals from the cloud
Secure by default
Connect securely via X.509 certs
and TLS 1.2 client mutual auth
Sensor messages
Standard protocol support
MQTT, HTTP, WebSocket
Topic/channel
Message routing hierarchy
Control over full tree
Payload (JSON)
Customer-defined JSON payload
Finding the signals
Extracting the value from messages
• Filter messages with certain criteria
• Move messages to other topics
• Move messages to other systems
• Transform the payload of messages
• Predict messages based on trends
• React based on messages
Rules engine
new: Elasticsearch Integration
new: Predict function
Adding human computation?
A company does not have to disrupt its core
offering when being disrupted
AWS IoT device shadow
AWS IoT device shadow
1. Device publishes current state
2. Persist JSON data store
3. App requests device’s current state
4. App requests change the state5. Device shadow syncs
updated state
6. Device publishes current state 7. Device shadow confirms state change
AWS IoT device shadow flow
AWS IoT device shadow - Simple yet powerful
{
"state" : {
“desired" : {
"lights": { "color": "RED" },
"engine" : "ON"
},
"reported" : {
"lights" : { "color": "GREEN" },
"engine" : "ON"
},
"delta" : {
"lights" : { "color": "RED" }
} },
"version" : 10
}
Device
Report its current state to one or multiple shadows
Retrieve its desired state from shadow
Mobile app
Set the desired state of a device
Get the last reported state of the device
Delete the shadow
Shadow
Shadow reports delta, desired and reported
states along with metadata and version
Security
Securing devices
Mutual auth TLS
TLS mutual authentication
• Create CSR
• Create X.509 certificate from CSR
• Activate the certificate
• Create policy
• Attach policy to certificate
* Certificate must be issued by AWS IoT
new: Bring your own certificate
• Use certificates issued by your own CA
• Existing certificate issuance infrastructure
• Use certificates already on board
• Limited Internet connectivity from assembly/manufacturing
locations
• Seamless provisioning of devices
• 8 new API calls to support management of certificates
Securing AWS resource access
Creating the trust relationship with AWS IoT
P P
PRole
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": “iot.amazonaws.com”
},
"Action": "sts:AssumeRole"
}
]
}
Securing AWS resource access
Securing user access
• WebSocket support SigV4 authentication
• IAM roles and policies
• Amazon Cognito identity pools
• Anonymous access to iot:Subscribe
• Use your own application-level authentication patterns
Remember to complete
your evaluations!
