AWS IOT as a gateway to a lot of AWS services such as RedShift, Delta, DynamoDB, etc.
-
AWS IoT Device SDK (objects) = special device SDK, device Gateways (C, JS, Java, Python, Android, and iOS)
-
MQTT, HTTP, WebSockets
-
AWS Auth + HTTPS or MQTT + Mutual Auth TLS, Websockets: wss:// ... (standard protocol)
-
Rules Engines ==> messenges: SQL type SELECT * FROM 'things/thing-2/color' WHERE color = 'red' => feeds into AWS services
-
Device Shadow ==> stores last messured values, REST API, Intermitted Connections, Persistent Device State (JSON) ==> Applications (Device shadows don't need to have an actual device)
-
Device Registry
###Three ways to analyze data###
Retrospective: Amazon Redshift, Amazon RD, Amazon S3, Amazon R3 ... ...
###MQTT###
- Publisher, Subscriber protocol ==> supported by AWS IOT (Subscriber service)
- much more efficient than HTTP
- concept of hierarchies (compare to path)
###Mutual Auth TLS
- revoke certs to disconnect devices (e.g. rouge/stolen devices), API calls
- mutual proof of identity
###AWS IoT Rules Engines
- SQL-like language
- SELECT {DATA} FROM {TOPIC} WHERE {FILTER} THEN {ACTION} (from JSON in payload)
- Substitution templates
- Topic: FROM mqtt('my/topic')
- Filter: e.g. expression
- actions: push to other AWS services: S3, DDB, Amazon Kinessis, SNS, Lambda, SQS
- republish: send to the rule machine, mqtt
- Mobile push notifications, SNS, SMS, Email, HTTP Post
###AWS IoT Thing Schadow###
- devices pushes current state to, shadow persists this state for app access
- state description JSON
- mqtt topics: UPDATE, DELTA, GET, DELETE: e.g. $aws/things/{thingName}/shadow/update
###Device Management###
- automated firmware management
#2nd session#
##Shadows and Rules##
- exaample a connected wind farm
###Device Shadows###
- virtual representation of a device in the cloud (decoupling of physical device), automatically syncing device and shadow ==> send commands ==> JSON data store:
{"state": {"desired": {}, "reported": {}, "delta": {}}, "version": 10}
###Rules Engine
-
Filter, Transform, React, Predict
-
Move data into other systems using AWS lambda functions.
-
use Kibana to visualize AWS IoT data (stored in ElasticSearch)
###Best Practices for IoT Security in the Cloud
- strong thing authentication
- least possible authorization
AWS uses ECC now, less computational intensive than RSA ==> good for smaller IoT devices ==> saves power
- Keys can be created through AWS, but might be too sensitive, for testing.
- Better client generated keys and signing request, key never leaves devices => cert with AWS IoT
####Just-in time registraion
- use lambda functions to register unknown devices
- Microchip AWS-ECC508 device handles it out of the box
- evey device should have cert
Private Key Protection in the Wild
- Software: chroot, SELinux
- Hardware: TPMs, Smartcards, OTP Fuses, FIPS-style hardware