Skip to content

Instantly share code, notes, and snippets.

@postfalk

postfalk/gist:a4125f9f5da99a99e9c3c9a3b73c7969

Last active May 2, 2019 01:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save postfalk/a4125f9f5da99a99e9c3c9a3b73c7969 to your computer and use it in GitHub Desktop.
Save postfalk/a4125f9f5da99a99e9c3c9a3b73c7969 to your computer and use it in GitHub Desktop.
Download ZIP
AWS IOT 8/23/2016
Raw
gistfile1.md

AWS IOT as a gateway to a lot of AWS services such as RedShift, Delta, DynamoDB, etc.

  • AWS IoT Device SDK (objects) = special device SDK, device Gateways (C, JS, Java, Python, Android, and iOS)

  • MQTT, HTTP, WebSockets

  • AWS Auth + HTTPS or MQTT + Mutual Auth TLS, Websockets: wss:// ... (standard protocol)

  • Rules Engines ==> messenges: SQL type SELECT * FROM 'things/thing-2/color' WHERE color = 'red' => feeds into AWS services

  • Device Shadow ==> stores last messured values, REST API, Intermitted Connections, Persistent Device State (JSON) ==> Applications (Device shadows don't need to have an actual device)

  • Device Registry

###Three ways to analyze data###

Retrospective: Amazon Redshift, Amazon RD, Amazon S3, Amazon R3 ... ...

###MQTT###

  • Publisher, Subscriber protocol ==> supported by AWS IOT (Subscriber service)
  • much more efficient than HTTP
  • concept of hierarchies (compare to path)

###Mutual Auth TLS

  • revoke certs to disconnect devices (e.g. rouge/stolen devices), API calls
  • mutual proof of identity

###AWS IoT Rules Engines

  • SQL-like language
  • SELECT {DATA} FROM {TOPIC} WHERE {FILTER} THEN {ACTION} (from JSON in payload)
  • Substitution templates
  • Topic: FROM mqtt('my/topic')
  • Filter: e.g. expression
  • actions: push to other AWS services: S3, DDB, Amazon Kinessis, SNS, Lambda, SQS
  • republish: send to the rule machine, mqtt
  • Mobile push notifications, SNS, SMS, Email, HTTP Post

###AWS IoT Thing Schadow###

  • devices pushes current state to, shadow persists this state for app access
  • state description JSON
  • mqtt topics: UPDATE, DELTA, GET, DELETE: e.g. $aws/things/{thingName}/shadow/update

###Device Management###

  • automated firmware management

#2nd session#

##Shadows and Rules##

  • exaample a connected wind farm

###Device Shadows###

  • virtual representation of a device in the cloud (decoupling of physical device), automatically syncing device and shadow ==> send commands ==> JSON data store:

{"state": {"desired": {}, "reported": {}, "delta": {}}, "version": 10}

###Rules Engine

  • Filter, Transform, React, Predict

  • Move data into other systems using AWS lambda functions.

  • use Kibana to visualize AWS IoT data (stored in ElasticSearch)

###Best Practices for IoT Security in the Cloud

  • strong thing authentication
  • least possible authorization

AWS uses ECC now, less computational intensive than RSA ==> good for smaller IoT devices ==> saves power

  • Keys can be created through AWS, but might be too sensitive, for testing.
  • Better client generated keys and signing request, key never leaves devices => cert with AWS IoT

####Just-in time registraion

  • use lambda functions to register unknown devices
  • Microchip AWS-ECC508 device handles it out of the box
  • evey device should have cert

Private Key Protection in the Wild

  • Software: chroot, SELinux
  • Hardware: TPMs, Smartcards, OTP Fuses, FIPS-style hardware

https://aws.au1.qualtrics.com/jfe/form/SV_5c1uFNsw2XeMxCZ

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment