Getting Serious With AWS IoT Core

When we spoke last I introduced you to IoT Core, a service from AWS (Amazon Web Services) that really swept us off our feet. You’ve gotten to know them pretty well, but you’re looking to take this relationship to the next level. Let’s skip the kiddie stuff and start asking the serious questions. What is IoT Core really like? Is this true love?

Provisioning Devices

What about the little ones? How will you support a fleet?

Fleet Provisioning

IoT Core's fleet provisioning feature is a game-changer for managing devices at scale. It automates the setup and configuration process, making it easy to provision devices securely and efficiently. With options like just-in-time registration, bulk registration, and template-based provisioning, you have the flexibility to provision devices on demand, onboard multiple devices simultaneously, or apply predefined configurations. Security is a top priority, and AWS IoT Core delivers with IAM (Identity and Access Management) roles and policies for access control, along with support for X.509 certificates and JWTs (JSON Web Tokens) for secure device authentication.

LoRaWAN Devices

LoRaWAN (Long Range Wide Area Network) devices are a popular choice for long-range IoT (Internet of Things) communication. With AWS IoT Core, integrating LoRaWAN devices into your IoT ecosystem is a breeze. The service provides a fully-managed LoRaWAN Network Server, simplifying network deployment and management. By registering compatible gateways and sensors with the LoRaWAN Network Server, message routing to the cloud becomes automatic. From there, you can leverage various AWS services like Amazon Kinesis, Amazon DynamoDB, and Amazon SageMaker for data processing and analysis. With AWS IoT Core, LoRaWAN devices seamlessly join your IoT infrastructure, enabling efficient and scalable connectivity for your IoT applications.

Device Authorization

Why do you need to talk to other devices? Are they prettier than me?

X.509 Certificate Policies

In AWS IoT Core, X.509 certificates play a vital role in securely authenticating devices connecting to the cloud. These digital certificates contain public keys and important metadata about the device. When a device connects to AWS IoT Core, it presents its X.509 certificate for identity verification. AWS IoT Core uses the certificate's public key to authenticate and authorize the device's access to cloud resources. Managing X.509 certificates is made simple and scalable with AWS IoT Core's Certificate Manager, or you can utilize your own certificate authority (CA). With the support for X.509 certificates in AWS IoT Core, you guarantee the security, integrity, and confidentiality of your IoT data, establishing a robust foundation for your IoT applications.

MQTT topics

MQTT (Message Queuing Telemetry Transport), the lightweight messaging protocol commonly used in IoT applications, relies on MQTT topics to organize and categorize data transmissions. Topics are represented as strings and serve as identifiers for specific data streams or channels. They follow a hierarchical structure, using forward-slashes (/) as separators. AWS IoT Core simplifies the management of MQTT topics with its comprehensive set of features. For instance, the Rules Engine allows you to route and process messages based on their topics, enabling easy data filtering and categorization. Furthermore, AWS IoT Core offers robust security mechanisms, including policies to control topic access for publishers and subscribers, as well as support for X.509 certificates and JWTs for device authentication and resource access control. With AWS IoT Core, you can efficiently control and secure MQTT topics within your IoT infrastructure.

Custom Authorizers

Custom authorizers in AWS IoT Core offer a powerful way to manage access to IoT resources by leveraging external authorization services. When a device or application seeks access to an AWS IoT Core resource (such as an MQTT topic or a device shadow), a custom authorizer, implemented as a Lambda function, is invoked to authenticate the request and provide an authorization decision. Custom authorizers employ a token-based authentication flow, requiring clients to include a JSON Web Token (JWT) in the request header. The custom authorizer validates the JWT and verifies the requester's authorization for the resource. If authorized, the custom authorizer issues an authorization token to the client, granting access to the resource. AWS IoT Core facilitates the creation of custom authorizers using Lambda functions, allowing you to choose the language and integrate with any external authorization service capable of issuing and validating JWTs. With custom authorizers, you can establish fine-grained access control for your IoT resources, ensuring secure and authorized interactions.

Managing Devices

Happy device, happy life.

Device groups

Grouping your device fleet in AWS IoT Core provides powerful capabilities for managing and organizing your devices. Whether based on function, security requirements, or other criteria, these groups enable streamlined access policy management, operational metric monitoring, and device actions across the entire group. With dynamic thing groups, you can automate the organization of devices, automatically adding those that meet specific criteria and removing devices that no longer match. Furthermore, AWS IoT Core offers easy querying of device groups and the ability to aggregate statistics based on device attributes, state, and connectivity indexing. This empowers you to gain valuable insights into your fleet, allowing for better organization and understanding of your devices.

Device Updates

AWS IoT Core offers robust capabilities for efficiently pushing firmware and software updates to IoT devices, allowing for remote and scalable updates. One method is through AWS IoT Jobs, a service that manages remote tasks for devices, including such updates. With IoT Jobs, you can target specific device groups or individual devices, while monitoring real-time progress and status. Another approach is utilizing AWS IoT Device Management, which provides a user-friendly interface for fleet management and update deployments. Device groups can be created, and updates can be deployed to specific devices or sets of devices. AWS IoT Core also offers various APIs (Application Programming Interfaces) and SDKs (software development kits), such as the AWS SDK for IoT and AWS IoT Device SDK, facilitating integration of updates into existing workflows and systems, thus making firmware and software updates a seamless part of your IoT ecosystem.

Secure Tunneling

Secure tunneling is a vital feature in AWS IoT Core that establishes a secure and encrypted communication channel between IoT devices and the cloud. It enables secure connections to devices deployed behind firewalls or in restricted environments, ensuring access to and management of devices in remote or isolated locations. With bidirectional tunnels, data transmission is encrypted, guaranteeing confidentiality and integrity. This feature simplifies secure connection management, eliminating the need for manual firewall configurations or complex VPN (Virtual Private Network) setups. It offers a seamless and scalable solution for securely connecting and managing IoT devices across diverse network configurations.

Testing Devices

How strong is your connection? Put this relationship to the test.

Device Advisor

AWS IoT Device Advisor is a valuable tool for testing and debugging IoT devices, so you can ensure they meet industry standards and specific requirements. With Device Advisor, you can perform comprehensive tests to gain insights into device behavior and performance. It offers a range of test suites covering connectivity, functionality, security, and performance. By selecting the relevant test suites, you can evaluate compliance and reliability. Device Advisor simulates real-world scenarios, sending commands to your devices and providing detailed test reports with actionable recommendations for debugging and issue resolution.

MQTT Test Client

The MQTT Test Client, offered by AWS IoT Device Advisor, is a handy tool for testing MQTT connectivity of IoT devices. It enables you to validate the proper sending and receiving of MQTT messages and the stability of the connection to the MQTT broker. With its user-friendly interface, you can easily configure parameters and simulate device behavior by publishing or subscribing to MQTT topics. By utilizing the MQTT Test Client, you can assess MQTT performance and reliability, monitor message flow, track delivery status, and validate quality of service levels. Real-time logs and error messages aid in quickly identifying and troubleshooting MQTT-related issues, ensuring a stable connection for efficient data exchange and interaction between devices and the MQTT broker.

What Do You Think?

Do you feel the spark? We’ve taken a glimpse at what IoT has to offer. It’s magnificent, sure, but it’s also a lot to handle. And there is so much more we didn’t cover! 

Not to make things awkward, but we already have quite a relationship going with IoT Core here at Promenade Software. We are leveraging many of the fancy features we covered here in our backend-as-a-service for medical devices, CypherMed Cloud. If you are interested in learning more about IoT Core or how we simplify and integrate the service with our own, feel free to drop us a line.

Need help on this topic?
Contact Us
Sam Lucas

Sam is a Principle Engineer at Promenade Software with a fierce passion for building and learning. His expertise lies in building web apps, control systems, and embedded firmware. He first fell in love with medical software while designing particle accelerator controls and firmware at Bridge 12 Technologies, Inc. Following that passion he moved across the country to create COVID detection kiosks and other autonomous safety systems with Loko AI. Now a part of the Promenade family, he is right at home building cutting-edge cloud software and embedded controls for all kinds of medically-oriented pursuits.

linkedin logo
SUBSCRIBE TO
NEWSLETTER
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
ABOUT
PROMENADE SOFTWARE

Promenade Software, Inc. specializes in software development for medical devices and other safety-critical applications.
Promenade is ISO 13485, and CypherMed Cloud is SOC2 Type II certified.