F T

Internet of Things at AWS Cloud

A
part 1: Connectivity

R
D
Lukasz Malinowski
Internet of Things Advisor and Trainer
Table of Contents
Introduction 1
About me 2
The Internet of Things 3
Areas of IoT 4
Information ow 5
IoT Lab environment 6

T
Starting the SDK session 8
Representation of Devices in the AWS Cloud 10

F
Billing Groups 13
IoT Thing 17
Thing Type 19

R A
D
ThingRex.com I
fl
Introduction

S tarting the Internet of Things (IoT) journey might be intimidating. IoT is

not a “single thing” but a blend of multiple technologies and concepts.

I prepared this book as an introduction to the Internet of Things domain,

covering various aspects of connectivity and device management using AWS
Cloud.

What makes this book unique? It will use Python source code to guide you
through the world of IoT and manage relevant AWS infrastructure.

T
Does it mean you must be an experienced Python developer to understand
this book?

F
No programming or AWS knowledge is required to start your IoT journey. I
prepared a sample Python code with easy-to-understand comments and

A
explanations.

I explained every AWS service mentioned in this book, so no cloud

experience is needed.

R
You do not need any software to execute sample Python calls to manage
your IoT infrastructure. There is no need to purchase any hardware devices.

D
You can leverage the interactive ThingRex IoT Lab environment1 to follow
along; the only prerequisites are owning an AWS account2 and a web
browser.

Topics covered in this book:

The fundamental principles of the Internet of Things (IoT),
How to represent devices in the AWS IoT Core device registry,
How to establish trust in a distributed IoT environment,
How to use the Private Key and X.509 Certi cate as proof of identity for
devices,
The basics of the MQTT protocol, the various connectivity options it
provides, and the best practices in designing the MQTT Topic structure,
How to ensure end-to-end message delivery in distributed IoT
environment,
Important limits and quotas of AWS IoT services.

1 https://www.thingrex.com/lab/
2 https://aws.amazon.com/account/

ThingRex.com Page 1
fi
About me

H ello! My name is Lukasz Malinowski. I am the Internet of Things Advisor

and Trainer.

I have over 15 years of experience in various IT projects.

I engaged in many roles: Project Manager, Team Leader, Solution Architect,
Security Auditor, and Developer. That experience gave me a deep
understanding of IoT technology and its applications.

For the last four years, I worked at Amazon Web Services, where I helped the

T
world's largest corporations design, implement and secure global IoT
solutions.

F
Currently, I conduct independent consulting and training activities helping
companies achieve business goals by leveraging modern technologies.

A
Feel free to contact me with any IoT-related questions at lmtx@thingrex.com.

D R

ThingRex.com Page 2
The Internet of Things

A ccording to the Wikipedia:

“The Internet of things (IoT) describes physical objects (or groups of such
objects) with sensors, processing ability, software and other technologies that
connect and exchange data with other devices and systems over
the Internet or other communications networks.” 1

I prefer to avoid that perspective on IoT as it focuses on technology,

neglecting the business aspects.

T
I saw multiple Proof of Concept (PoC) initiatives that failed for that exact
reason. In my opinion, the Internet of Things is a capability that should

F
support delivering business value. Whenever you start a new engagement,
please focus on the business outcomes and design a technological solution
to provide them.

A
Before we continue, I need to note that the "Internet" (in the Internet of
Things phrase) stands for communication protocols devices use to exchange
information, not for the "Public Internet" we use daily. Many systems use

R
private networks and still are considered IoT solutions.

D
1 https://en.wikipedia.org/wiki/Internet_of_things

ThingRex.com Page 3
 Areas of IoT

W e can de ne three areas of IoT deployment:

F T
A
Areas of IoT deployment

Devices - are typically small, resource-constrained hardware equipped

with sensors (such as thermometers) to collect data from the environment

R
and actuators (such as fans) to interact with the surroundings.
Edge Gateway - a larger device with ample resources, including CPU,
RAM, and storage; capable of receiving data from multiple
connected Devices, processing it, and sending it to the Backend.

D
Backend - the on-premise or cloud infrastructure utilized for storing and
analyzing the vast amount of data the connected Devices collect.

Note: The Edge Gateway area is optional. In many use cases, Devices are
connected directly to the Backend infrastructure.

Throughout this book, we will use simulated Devices and AWS Cloud
Backend.

ThingRex.com Page 4
fi
Information ow

T he typical information ow in the Internet of Things system looks as

follows:

F T
A
Information ow

R
Devices collect data using sensors and send it to the Edge Gateway or
Backend.
The Backend analyzes data and sends commands to Devices (potentially to
impact their environment using actuators).

D
Note: From a security perspective, separating the data ow from the
command ow is crucial. Restrict Devices from sending commands to other
Devices or the Backend if the business case does not require that.

ThingRex.com Page 5
fl
fl
fl
fl
fl
 IoT Lab environment

T hroughout this book, I will use the IoT Lab to execute commands. That
is a pre-con gured learning environment designed to dive into the exciting
world of the Internet of Things without the hassle of setting up local
development tools.

You can nd more about the IoT Lab and how to use it on my blog1.

I will use the following convention to note the commands I execute and the

T
outputs they produce:

command

F
output

A
In some cases, I will use comments (starting with the '#' symbol) to describe
some aspects of invoked commands.

R
command # comment

Note: Please mind that comments do not impact the outputs of executed

D
commands.

Those are the versions of software used in this book:

Python2 is easy to learn powerful programming language.

python -V

Python 3.10.10

1 https://www.thingrex.com/lab/
2 https://www.python.org/

ThingRex.com Page 6
fi
fi
AWS SDK for Python1 (Boto3) allows to create, con gure, and manage AWS
services.
pip show boto3

Name: boto3
Version: 1.27.1
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3

Eclipse Mosquitto2 is an open source message broker that implements the

MQTT protocol.

T
mosquitto -h

mosquitto version 2.0.15

AF
D R
1 https://boto3.amazonaws.com/v1/documentation/api/latest/index.html
2 https://mosquitto.org/

ThingRex.com Page 7
fi
 Starting the SDK session
For education purposes, I recommend managing the AWS infrastructure
using the SDK.
This way, you will understand all properties and relations between used AWS
services.
The AWS Web Console sometimes assists users by executing some tasks
"under the hood". While that helps to realize the user's intent, it is counter-
productive during learning.

SDK knowledge is not only bene cial for training purposes. Internet of
Things systems require advanced con guration. Infrastructure management

T
services (like CloudFormation1 or Terraform2) do not support operations
speci c to IoT deployments. I used SDK to deploy and manage production
IoT infrastructure for global companies.

F
Let's start by creating a boto3 session3:

A
# Importing the boto3 package.
import boto3

# Variables store the AWS profile and region to use in further

R
invocations.
PROFILE = 'default'
REGION = 'eu-west-1'

D
# Starting the boto3 session.
session = boto3.Session(profile_name=PROFILE, region_name=REGION)

By leveraging that session, we can create speci c clients to manage the

AWS infrastructure.

# Creating an IoT client, the main boto3 client we will use.

iot_c = session.client('iot')

1 https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html
2 https://www.terraform.io/
3 https://boto3.amazonaws.com/v1/documentation/api/latest/guide/session.html#session

ThingRex.com Page 8
fi
fi
fi
fi
In future calls, we will use your unique AWS Account Id. Obtain this value
using the STS1 client.

# STS client is required to obtain your unique AWS Account Id.

sts_c = session.client('sts')

# Obtaining the AWS Account Id and storing it into a variable for

later use.
ACCOUNT_ID = sts_c.get_caller_identity()['Account']

In the next chapter, we will start managing AWS infrastructure using obtained
iot client.

F T
R A
D
1STS stands for AWS Security Token Service. We will not cover STS in this book. You can read
more about it in the AWS documentation: https://docs.aws.amazon.com/STS/latest/
APIReference/welcome.html

ThingRex.com Page 9
Representation of Devices in the AWS Cloud

A WS IoT1 provides functionalities to connect and manage eets of

Devices. In this book, we will use various services o ered by the AWS IoT
suite.

Let's start by modeling our Devices in the AWS Cloud.

The IoT Thing is a virtual representation of a physical device or logical entity

(for instance: an application) in AWS IoT.

F T
R A IoT Thing

D
The IoT Thing has the following properties:
Thing Name
Thing Type
Thing Attributes
Thing Groups
Billing Group
Device Shadow

1 https://docs.aws.amazon.com/iot/latest/developerguide/what-is-aws-iot.html

ThingRex.com Page 10
ff
fl
 That screenshot presents the location of IoT Things in the AWS Console.

F T
AWS Console

Important: AWS Console screenshots are for reference purposes only.

Amazon constantly updates its web console, so your console will likely look

A
di erent. That is one of the reasons why I use SDK instead of web console in
most examples.

R
A sample invocation of AWS API using boto3 SDK - notice the declaration of
various attributes of the IoT Thing.

# DO NOT EXECUTE

D
iot_c.create_thing(
thingName='string',
thingTypeName='string',
attributePayload={
'attributes': {
'string': 'string'
}
},
billingGroupName='string'
)

ThingRex.com Page 11
ff
Let's start by invoking the following SDK call to list all IoT Things registered
in the AWS IoT Core:

iot_c.list_things()

{'ResponseMetadata': {'RequestId': '8a8abbc7-e646-4024-ae93-

b1a5b3dbf121',
'HTTPStatusCode': 200,
'HTTPHeaders': {'date': 'Fri, 07 Jul 2023 08:35:10 GMT',
'content-type': 'application/json',
'content-length': '30',
'connection': 'keep-alive',

T
'x-amzn-requestid': '8a8abbc7-e646-4024-ae93-b1a5b3dbf121'},
'RetryAttempts': 0},
'things': []}

F
'things': [] indicates no IoT Things in the AWS IoT Core Device
Registry.

A
Before we create our rst IoT Thing, I need to explain an essential aspect -
the cost allocation.

D R

ThingRex.com Page 12
fi
Billing Groups

Knowing infrastructure costs is critical to validate a business case, but there

is no way to assign AWS infrastructure costs generated by connected
Devices directly to IoT Things representing them.

To solve that challenge:

1. Create a Billing Group with desired Tags,

2. Add IoT Things to that Billing Group.

AWS generates a cost allocation report1 with usage and costs aggregated

T
by Tags. Use Tags representing business units and applications to organize
your expenses.

F
Utilize Billing Groups to measure fees generated by Devices using
dimensions like:

A
connectivity
messaging
remote actions

D R
Billing Group

1 https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/con gurecostallocreport.html

ThingRex.com Page 13
fi
I will use the following Tags for all resources created throughout this book:

tags = [
{
'Key': 'training',
'Value': 'intro to iot'
},
{
'Key': 'app',
'Value': 'smart home'
}
]

T
Creation of a Billing Group using boto3 SDK:

F
billing_group = iot_c.create_billing_group(
billingGroupName='training',
billingGroupProperties={
'billingGroupDescription': 'Training Billing Group' #

A
description of the Billing Group.
},
tags=tags
)

R
{'ResponseMetadata': {'RequestId':
'389ac029-8de5-4bcb-973a-9a9973a8bc79',
'HTTPStatusCode': 200,

D
'HTTPHeaders': {'date': 'Fri, 07 Jul 2023 10:34:38 GMT',
'content-type': 'application/json',
'content-length': '164',
'connection': 'keep-alive',
'x-amzn-requestid': '389ac029-8de5-4bcb-973a-9a9973a8bc79'},
'RetryAttempts': 0},
'billingGroupName': 'training',
'billingGroupArn': 'arn:aws:iot:eu-
west-1:693854281758:billinggroup/training',
'billingGroupId': '431a6c53-1f42-4c1a-95bb-f292779d0da1'}

Note: I store the boto3 response in a variable called billing_group. This

way, I can access the properties of this object in the subsequent calls. For
example, use billing_group['billingGroupName']
to retrieve the Billing Group's name.

ThingRex.com Page 14
Describe the Billing Group to examine details:

iot_c.describe_billing_group(
billingGroupName=billing_group['billingGroupName']
)

{'ResponseMetadata': {'RequestId': '1cf367cf-3617-4fdd-becd-

dd67b2dca653',
'HTTPStatusCode': 200,
'HTTPHeaders': {'date': 'Fri, 07 Jul 2023 10:36:04 GMT',
'content-type': 'application/json',
'content-length': '311',
'connection': 'keep-alive',

T
'x-amzn-requestid': '1cf367cf-3617-4fdd-becd-dd67b2dca653'},
'RetryAttempts': 0},
'billingGroupName': 'training',

F
'billingGroupId': '431a6c53-1f42-4c1a-95bb-f292779d0da1',
'billingGroupArn': 'arn:aws:iot:eu-
west-1:693854281758:billinggroup/training',
'version': 1,

A
'billingGroupProperties': {'billingGroupDescription': 'Training
Billing Group'},
'billingGroupMetadata': {'creationDate': datetime.datetime(2023,
7, 7, 12, 34, 38, 167000, tzinfo=tzlocal())}}

R
List Tags assigned to the Billing Group:

D
iot_c.list_tags_for_resource(
resourceArn=billing_group['billingGroupArn']
)['tags'] # limit the output only to values of the 'tags' key

[{'Key': 'app', 'Value': 'smart home'},

{'Key': 'training', 'Value': 'intro to iot’}]

Note: In the list_tags_for_resource invocation1, we must provide the

Billing Group's ARN (Amazon Resource Name2) instead of the Billing
Group's name.

The Billing Group is ready to use. The next chapter describes how to assign
IoT Things to that group.

1 https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iot/client/
list_tags_for_resource.html
2 https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html

ThingRex.com Page 15
This book does not c over details of AWS cost allocation. To read more on
this topic, go to the AWS documentation1.

F T
R A
D
1 https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html

ThingRex.com Page 16
IoT Thing

Let's create an IoT Thing representing a simulated Temperature Sensor

device.

F T
R A
D
IoT Thing

thing_name = "temp-sensor-001"

iot_c.create_thing(
thingName=thing_name, # Name of the IoT Thing
attributePayload={
'attributes': { # Attributes describing the IoT Thing
'fw_version': "1.0",
'hw_version': "1.0",
'vendor': "CleanerABC",
'owner': "Owner12345"
}
},
billingGroupName=billing_group['billingGroupName'] # Billing
Group assignment
)

InvalidRequestException: An error occurred

(InvalidRequestException) when calling the CreateThing operation:
To use more than 3 attributes, a thing must have a type specified.

ThingRex.com Page 17
The error message informs that assigning more than three attributes for IoT
Thing requires de ning Thing Type.

AWS documentation1 provides more details regarding AWS IoT Core limits:

F T
A
AWS IoT Core limits

D R
1 https://docs.aws.amazon.com/general/latest/gr/iot-core.html#thing-limits

ThingRex.com Page 18
fi
Thing Type

Thing Type allows storing a description and attributes common to all

associated IoT Things.

IoT Things with a Thing Type can have up to 50 attributes.

F T
A
Thing Type

“temperature-sensor" is a Thing Type describing our simulated

R
temperature sensors.

I recommend using the following attributes to describe IoT Things:

D
fw_version - rmware version; devices might use di erent rmware
versions which de ne their capabilities; rmware can be upgraded
remotely :)
hw_version - hardware version; devices might use di erent hardware
versions which de ne their capabilities; hardware can not be upgraded
remotely :(
vendor - vendor of a speci c device

Those attributes are essential as they de ne the capabilities of connected

devices and the way to interact with them.

ThingRex.com Page 19
fi
fi
fi
fi
fi
fi
ff
ff
fi
thing_type_name = "temperature-sensor"

temp_sensor_type = iot_c.create_thing_type(
thingTypeName=thing_type_name,
thingTypeProperties={
'thingTypeDescription': 'Temperature Sensor used in the
Virtual Home',
'searchableAttributes': [ # Names of attributes
describing Things of this Type
'fw_version',
'hw_version',
'vendor',
'owner'

T
]
},
tags=tags # Tags describing this AWS resource

F
)

InvalidRequestException: An error occurred

A
(InvalidRequestException) when calling the CreateThingType
operation: Only three searchable attributes are allowed for a
thing type.

R
An IoT Thing associated with the Thing Type can have up to 50 attributes,
but only three can be searchable.

The Fleet indexing service1 overcomes this limitation.

D
The Fleet indexing is a premium service that incurs costs. In this book, I will
demonstrate several techniques for managing your devices without using
that service.

1 https://docs.aws.amazon.com/iot/latest/developerguide/iot-indexing.html

ThingRex.com Page 20
Let's reduce the number of attributes in our Thing Type:

temp_sensor_type = iot_c.create_thing_type(
thingTypeName=thing_type_name,
thingTypeProperties={
'thingTypeDescription': 'Temperature Sensor used in the
Virtual Home',
'searchableAttributes': [
'fw_version',
'hw_version',
'vendor'
]
},

T
tags=tags
)

F
{'ResponseMetadata': {'RequestId':
'cd6fe9ed-4c48-417a-8aa5-46341c15ccf1',
'HTTPStatusCode': 200,
'HTTPHeaders': {'date': 'Mon, 10 Jul 2023 12:07:19 GMT',

A
'content-type': 'application/json',
'content-length': '172',
'connection': 'keep-alive',
'x-amzn-requestid': 'cd6fe9ed-4c48-417a-8aa5-46341c15ccf1'},

R
'RetryAttempts': 0},
'thingTypeName': 'temperature-sensor',
'thingTypeArn': 'arn:aws:iot:eu-west-1:693854281758:thingtype/
temperature-sensor',

D
'thingTypeId': '1789d134-d9c9-4317-9809-3de1900ec9aa'}

The SDK invocation finally succeeded, and Thing Type is ready to

use.

ThingRex.com Page 21