Learning AWS IoT

By Agus Kurniawan
    What do you get with a Packt Subscription?

  • Instant access to this title and 7,500+ eBooks & Videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Free Chapter
    Getting Started with AWS IoT
About this book

The Internet of Things market increased a lot in the past few years and IoT development and its adoption have showed an upward trend. Analysis and predictions say that Enterprise IoT platforms are the future of IoT. AWS IoT is currently leading the market with its wide range of device support SDKs and versatile management console.

This book initially introduces you to the IoT platforms, and how it makes our IoT development easy. It then covers the complete AWS IoT Suite and how it can be used to develop secure communication between internet-connected things such as sensors, actuators, embedded devices, smart applications, and so on. The book also covers the various modules of AWS: AWS Greengrass, AWS device SDKs, AWS IoT Platform, AWS Button, AWS Management consoles, AWS-related CLI, and API references, all with practical use cases.

Near the end, the book supplies security-related best practices to make bi-directional communication more secure. When you've finished this book, you'll be up-and-running with the AWS IoT Suite, and building IoT projects.

Publication date:
January 2018


Chapter 1. Getting Started with AWS IoT

Deploying multiple Internet of things (IoT) devices on some locations and serving all requests from IoT devices needs more attention in order to obtain high availability and good performance. One of the approaches is to deploy a cloud server with high availability and advanced features. In this chapter, we will get started working with Amazon Web Services (AWS) IoT.

By the end of this chapter, you will know how to:

  • Introduce AWS IoT
  • Introduce IoT devices and platform for AWS IoT
  • Use AWS IoT Management Console
  • Use AWS IoT device SDK
  • Set up AWS IoT for your IoT project
  • Build a program to access AWS IoT

So, let's get started!


Introducing AWS IoT

In recent years, there have been a lot of IoT boards built by either manufacturers or indie makers. Each IoT offers unique features to build IoT applications to address users problems. Sensor and actuator devices are attached to these IoT boards to generate data. There is a lot of sensor data from IoT devices that we can analyze.

Suppose we have various IoT boards that are deployed on some locations. Since these IoT devices generate sensor data, we need a backend server with high availability to serve incoming data. In particular cases, we also need to analyze the data to obtain insights. To perform this scenario, we need more computing engines, such as storage and machine learning engines.

The general design of AWS IoT architecture is illustrated in the following figure. There are several components inside AWS IoT, including its endpoints. IoT devices can access AWS IoT through the AWS message broker with their own SDK. AWS IoT also provides SDK for various IoT device platforms. Using AWS IoT SDK, IoT devices can access AWS IoT directly. We will review some AWS IoT SDK, including its protocol and API, throughout this book. The AWS IoT components are shown in the following image:

From the preceding figure, we can see the following AWS IoT components:

  • Message broker: This is basically an AWS IoT endpoint where IoT devices can access the AWS server through the Message Queuing Telemetry Transport (MQTT) protocol. Message broker also supports primitive protocols, such as the HTTP protocol. Your IoT device can send data with AWS IoT through HTTP REST.
  • Thing Registry: This manages all the IoT device administration. You can register and configure your IoT devices, including configuring certificates and IoT device IDs.
  • Thing Shadows: This refers to a device shadow that has functionalities to keep the current state information for a specific thing in a JSON document.
  • Rules Engine: This provides message processing and integration with other AWS services. If you have deployed AWS services, you can apply a rule engine on those services.

Some AWS IoT components will be explored in this book.


Introducing IoT devices and platforms for AWS IoT

The IoT platform can connect to an internet network and interact with other platforms. Generally speaking, talking about the IoT in terms of a device platform is a huge topic. In this section, we review some IoT platforms that interact with AWS IoT.

Technically, we can describe a connectivity model between IoT devices and the AWS IoT backend. We can categorize the IoT device platform into three models based on their supported connectivity. For an IoT device with network capabilities, if this device has support for all the required AWS IoT devices, then this device can access AWS IoT directly.

Several IoT devices probably have network capabilities, but their supported protocols are not covered by AWS IoT. For this scenario, we need to build a gateway that serves and translates the IoT device protocol to the AWS IoT protocol. This gateway provides some network capabilities, such as Bluetooth, Wi-Fi, XBee, and other RF, in order to serve all exchange of data among IoT devices and AWS IoT servers.

Finally, IoT devices without network capabilities still have a chance to communicate with AWS IoT. There are two methods that we can implement for this scenario. If the IoT device can extend its functionality, we can add a network module with the supported AWS IoT protocol. Another option is to connect this IoT device to a computer. Since a computer usually has capabilities to connect to an external network, we can build a program as a bridge between the IoT device and the AWS IoT backend. The program will interact with the IoT device, for example, by sensing and actuating, and perform a data exchange with the AWS IoT backend.

All the connectivity scenarios that we have so far discussed are illustrated in the following figure:

In the following section, we will explore several IoT device platforms that are widely used on the customer side to communicate with AWS IoT. Amazon also provides a list of AWS IoT starter kits from Amazon partners at https://aws.amazon.com/iot-platform/getting-started/#kits. We will review some devices with the supported AWS IoT platform.


Arduino is a widely used development board. This board is well-known in the embedded community. Mostly, Arduino boards are built using Atmel AVR, but some boards use other Microcontroller Units (MCUs) depending on who is in joint venture with Arduino. Currently, Arduino boards are built by Arduino.

We will review several Arduino boards from Arduino.cc (https://www.arduino.cc/en/Main/Products). We can read a comparison of all the Arduino boards by visiting  http://www.arduino.cc/en/Products/Compare. We will review some Arduino boards, such as Arduino Uno, Arduino 101, and Arduino MKR1000:

  • The Arduino Uno model is widely used in Arduino development. It's built on top of MCU ATmega328P. The board provides several digital and analog I/O pins, which we can attach our sensor and actuator devices to. SPI and I2C protocols are also provided by Arduino Uno.

For further information about the board, I recommend you read the board specification at http://www.arduino.cc/en/Main/ArduinoBoardUno. The Arduino board is shown in the following image:

Since Arduino Uno does not provide network modules, either Ethernet or wireless modules, we should put the network module with the supported AWS IoT to enable it to communicate with other machines.

  • Arduino Yún is a microcontroller board based on the ATmega32u4 and the Atheros AR9331. This board runs OpenWrt Linux, called LininoOS. Arduino Yún can connect through Ethernet and Wi-Fi modules that are built-in features on the board. For further information on Arduino Yún, you can visit https://store.arduino.cc/arduino-yun. You can see a form of Arduino Yún in the following image:

Arduino also provides another model with a small factor. It's Arduino Yún Mini. For more information, refer to https://store.arduino.cc/arduino-yun-mini. This board removes the Ethernet socket from the body to give a smaller board size. You can see Arduino Yún Mini in the following image:

Raspberry Pi

The Raspberry Pi is a low-cost credit-card sized computer, created by Eben Upton. It's a mini computer for educational purposes. To see all Raspberry Pi models, you can refer to https://www.raspberrypi.org/products/. Raspberry Pi 3 Model B and Raspberry Pi Zero are described here:

  • Raspberry Pi 3 Model B: This is the third-generation Raspberry Pi. This board consists of a Quad-Core 64-bit CPU, Wi-Fi, and Bluetooth. It's recommended for your IoT solution:
  • Raspberry Pi Zero: This is a small computer, half the size of model A+. It runs with a single-core CPU and no network module, but it provides micro HDMI to be connected to a monitor. Since there is no network module in Raspberry Pi Zero, you can extend it by adding a module; for instance, Ethernet USB or Wi-Fi USB to connect to a network. You can see a form of Raspberry Pi Zero in the following image:

BeagleBone Black and Green

BeagleBone Black (BBB) Rev.C is a development kit based on an AM335x processor, which integrates an ARM Cortex™-A8 core operating at up to 1 GHz. BBB is more powerful than Raspberry Pi. The BBB board also provides internal 4 GB 8-bit eMMC onboard flash storage.

BBB supports several OS, such as Debian, Android, and Ubuntu. For more information on BBB, refer to https://beagleboard.org/black:

SeeedStudio BeagleBone Green (BBG) is a joint effort by BeagleBoard.org and Seeed Studio. BBG has the same features as BBB, although theHDMI port is replaced by Grove connectors, so the BBG price is lower than BBB. You can find out more and buy this board at http://www.seeedstudio.com/depot/SeeedStudio-BeagleBone-Green-p-2504.html:

IoT boards based on ESP8266 MCU

ESP8266 is a low-cost Wi-Fi MCU with full TCP/IP support. It's built by Espressif, a Chinese manufacturer. For further information about this chip, refer to http://espressif.com/en/products/hardware/esp8266ex/overview.

There are many boards based on the ESP8266 chip. The following is a list of board platforms built on top of ESP8266 MCU:

If you're interested in the ESP8266 chip, I recommend that you join  the ESP8266 forum at http://www.esp8266.com.

Although NodeMCU v2 and SparkFun ESP8266 Thing boards have the same chip, their chip model is different. NodeMCU v2 uses the ESP8266 module. On the other hand,  the SparkFun ESP8266 Thing board uses the ESP8266EX chip. In addition, the SparkFun ESP8266 Thing board provides a LiPo connector, which you can attach to an external battery:

IoT boards based on ESP32

ESP32 is a chip that has two network stacks, Wi-Fi and BLE from Espressif, and is available at http://espressif.com/en/products/hardware/esp32/overview. This chip enables you to connect servers through a built-in Wi-Fi module. Based on my experience, there are a lot of IoT boards based on the ESP32 chip. The following is a list of ESP32 development boards:

You also find various IoT boards based on the ESP32 chip at Aliexpress or online stores. A form of SparkFun ESP32 Thing is shown in the following image:

We can also use Mongoose OS ESP32-DevKitC from Cesanta to build applications for AWS IoT. To communicate with AWS IoT, they provide the Mongoose OS, which runs on ESP32. Several libraries from the Mongoose OS can be used to communicate with AWS IoT. The Mongoose OS ESP32-DevKitC from Cesanta is shown in the image source https://mongoose-os.com/aws-iot-starter-kit/.

IoT boards based on TI CC32XX MCU

TI CC3200 is a Wi-Fi MCU from Texas Instruments (TI). The new version of TI CC3200 is TI CC3220. This chip is based on ARM Cortex-M4 from TI. This board is a complete solution for IoT. This chip is supported for station, Access Point (AP), and Wi-Fi Direct modes. Regarding security, TI CC32XX supports WPA2 personal and enterprise security and Web Processing Service (WPS) 2.0. A comparison of TI CC3200 and TI CC3220 can be found at http://www.ti.com/product/CC3220.

For IoT development, TI provides the SimpleLink Wi-Fi CC32XX LaunchPad evaluation kit. It's a complete kit for development and debugging. The SimpleLink Wi-Fi CC3200 LaunchPad board is shown in the website https://www.conrad.de/de/entwicklungsboard-texas-instruments-cc3200-launchxl-1273804.html

TI CC3200 is also used by RedBear (http://redbear.cc) to develop RedBearLab CC3200 and RedBearLab Wi-Fi Micro boards. These boards have the same functionalities as the SimpleLink Wi-Fi CC3200 LaunchPad board, but exclude the CC3200 debugger tool. The price of these boards is also lower than SimpleLink Wi-Fi CC3200 LaunchPad board's price.


AWS IoT Management Console

AWS IoT Management Console lets you access and manage AWS IoT through a simple and intuitive web-based user interface. This web console can be found at https://console.aws.amazon.com/iotv2/home. If you have an active AWS account, you should access a form of AWS IoT Management Console. A screen of AWS IoT Management Console is shown in the following screenshot:

In AWS IoT Management Console, we can manage all IoT devices. This portal provides several features, as follows:

  • Dashboard: This shows a summary of AWS IoT usage statistics
  • Connect: This provides information on how to connect to AWS IoT
  • Registry: This is used to register your new IoT device or to manage existing IoT devices
  • Security: This configures AWS IoT and IoT devices
  • Rules: This manages all rules for AWS IoT
  • Test: This provides a test tool to evaluate your AWS IoT platform

You can see these menus in the following screenshot:

You will probably get different menus on the dashboard. You can change your AWS region in order to get full menus by clicking the menu on the top-right of the dashboard.

We will work with AWS IoT Management Console to manage our IoT projects in the next section.


AWS IoT Device SDK

The AWS server has several components and features. To minimize complexity in development, AWS provides AWS IoT Device SDK for various IoT device platforms. You can use them directly for your IoT platform. There are a lot of objects/classes that you can apply in your IoT program to access AWS IoT. You can find out more about AWS IoT SDK at https://aws.amazon.com/iot/sdk/.

Currently, AWS IoT Device SDK supports the following SDK:

  • Embedded C
  • Arduino Yún
  • Java
  • JavaScript
  • Python
  • iOS
  • Android

To work with AWS IoT Device SDK, you should verify whether your IoT device supports this SDK or not. We will focus on applying AWS IoT Device SDK in Chapter 2, Connecting IoT Devices to AWS IoT Platform.


Setting up AWS IoT for your IoT project

In this section, you will learn how to set up your IoT project, utilizing the AWS IoT platform. The following is a list of steps to build your AWS IoT project:

  1. Register on AWS
  2. Select the IoT device
  3. Register AWS IoT
  4. Create a security certificate
  5. Configure security access

Let's go through these steps.

Creating an AWS account

AWS provides a complete solution to build your enterprise system, starting from a virtual machine and enterprise application, to machine learning and IoT. At the time of writing, Amazon offers a free one year trial access called AWS Free Tier for a newly registered user. You can access the full features with the limited scheme. You can register a new AWS account and get a free one year trial access at https://aws.amazon.com.

Most AWS can be accessed with the AWS Free Tier scheme. I recommend you do so. The AWS Free Tier registration page is shown in the following screenshot:

Selecting an IoT device

The next step is to select your IoT device. Each IoT device has unique capabilities. I suggest that you use the IoT device platform that is recommended by Amazon to minimize problems while developing and deploying. You can use one of the listed devices from https://aws.amazon.com/iot-platform/getting-started/#kits. Based on my experience, the Raspberry Pi board or IoT board with the Linux platform is easier, because most AWS IoT Device SDKs are supported.

I will show how various IoT device platforms access AWS IoT, with specific scenarios in this book. Register an IoT device for AWS IoT after you have decided what IoT device model is to be implemented. You should register it in order to obtain access rights in AWS IoT. You can register your IoT device on AWS IoT Management Console with the following steps:

  1. Navigate to https://console.aws.amazon.com/iot. You should see a form as shown in the following screenshot:

  1. Select the Onboard option from the left-hand menu. You can click on the Get started button within the Configuring a device section, which is shown by an arrow in the preceding screenshot.

Then, you will get information about connecting IoT device to AWS IoT, as shown       in the following screenshot:

  1. Select the development platform of the IoT device and AWS IoT SDK. In this scenario, I use Linux/OSX with Node.js for AWS IoT SDK:
  1. Now we create our IoT device name. You should define the IoT device type. To do so, you click on the Create a type button:

  1. Fill out the IoT device type and its description. You may define IoT device attributes. For a demo, we define the following two attributes as shown in the following screenshot:
    • name
    • device-value

If done, save this IoT device type.

  1. Then, go back to your IoT device registering. Fill out the IoT device name and its type. I filled macos-computer in the Name field, as shown in the following screenshot:

  1. If done, you should see your IoT device on the Manage | Things menu:

You can add additional IoT devices to simulate the AWS IoT scenario.

Creating a security certificate

Before we use AWS IoT, we should create a security certificate. Then, this certificate will be attached to our registered IoT device. Follow these steps:

  1. On AWS IoT Management Console, open your IoT device. Click on the Security option on the left-hand menu. You should see a form, as shown in the following screenshot:

  1. You should see a Create certificate button. Click on this button. Then, AWS IoT will generate private and public keys for your IoT device. Please download all certificate and key files:

These certificate and key files will be used in our program to access the  AWS IoT server. You should get four files, as follows:

    • Certificate file (*.pem)
    • Certificate public key file (*.key)
    • Certificate private key file (*.key)
    • Root certificate (*.pem) or (*.crt)
  1. Put all these files into a folder. Our program will access these files:

The next step is to write a program. We will do so in the next section.

Configuring security access for AWS IoT

Since AWS IoT applies security to protect its system, we should also comply to configure our AWS IoT security. Some steps are taken to configure our AWS IoT security. We will perform the following tasks:

  1. Create a policy
  2. Attach a policy to the IoT device certificate
  3. Attach the IoT thing to the certificate

To create a policy on AWS IoT, perform the following steps:

  1. Click the Policies sub-menu from the Secure menu, as shown in the following screenshot:

  1. Then, you should see a Create a policy button. Click on this button.
  2. Fill in your policy name. You should add three policy statements, as follows:
    • iot:Connect
    • iot:Subscribe
    • iot:Publish
  1. Don't forget to check the Allow checkbox for all the preceding policy statements:

  1. When done, save your AWS IoT policy. You should see your created policy on the Policies form, as shown in the following screenshot:

  1. The next step is to add our created policy into the IoT device certificate. You can open Secure | Certificates on AWS IoT Management Console. Click on the ellipsis () link so you get a context menu that is shown in the following screenshot. Click on the Attach policy option:

  1. Then, you get a dialog box. Select your created policy. When done, click on the Attach button to execute this task:

  1. The last step is to add our IoT device into a security certificate. Click on the ellipsis () on your certificate so you get a context menu. Select the Attach thing option on context menu:

  1. Select your IoT device and then click on the Attach button to perform this task:

Now your IoT device has a certificate and policy. You can access AWS IoT through the IoT device.


Setting up the development environment

After we have registered all the IoT devices for AWS IoT, we can set up our development environment. Depending on your kind of IoT device, you can install AWS IoT SDK for your device. You can review the details at https://aws.amazon.com/iot/sdk/.

For testing, we use a computer that acts as an IoT thing. The computer will access AWS IoT. To simplify our case, I use JavaScript SDK for AWS IoT, available at https://github.com/aws/aws-iot-device-sdk-js. Since JavaScript SDK for AWS IoT needs Node.js to run the program, your computer should install Node.js runtime. You can download and install Node.js for your platform from https://nodejs.org/.

To install AWS IoT SDK for JavaScript, do so through the npm package. You should install Node.js runtime for your platform. You can type the following command to install AWS IoT SDK for JavaScript:

$ npm install aws-iot-device-sdk

You can probably run this command at an administrator level if you get an error message due to a security issue.

For the development tool, you can use any text editor to write JavaScript scripts. For instance, you can use Visual Studio Code at https://code.visualstudio.com. You can see my sample JavaScript scripts on Visual Studio Code IDE  in the following screenshot:


Building an AWS IoT program

After we have configured our AWS IoT and added the IoT device, we can develop a program to access AWS IoT. In this scenario, our computer is used as an IoT thing. We also used Node.js to access AWS IoT, so we need to install AWS IoT SDK for JavaScript. For testing, we will build a Node.js application to access AWS IoT for such purposes as connecting, sending, and receiving.

Now, create a file called comp-demo.js. Then, write the following Node.js scripts:

var awsIot = require('aws-iot-device-sdk');
var device = awsIot.device({
    keyPath: 'cert/macos-computer.private.key',
   certPath: 'cert/macos-computer.cert.pem',
     caPath: 'cert/root-CA.crt',
       host: 'xxxxxxx.iot.ap-southeast-1.amazonaws.com',
   clientId: 'user-testing',
     region: 'ap-southeast-'
   .on('connect', function() {
     device.publish('topic_1', JSON.stringify({ test_data: 1}));
   .on('message', function(topic, payload) {
     console.log('message', topic, payload.toString());

Please change the path and certificate files from your AWS IoT on parameters such as keyPath, certPath, caPath, host, and region. Save this file.

How to work with the program?

Now we will review our program, comp-demo.js. The following is a list of steps for the program:

  1. Firstly, we apply the required library from AWS IoT SDK for JavaScript. Then, we declare our device based on our IoT thing from AWS IoT:
var awsIot = require('aws-iot-device-sdk');
var device = awsIot.device({
    keyPath: 'cert/macos-computer.private.key',
   certPath: 'cert/macos-computer.cert.pem',
     caPath: 'cert/root-CA.crt',
       host: 'xxxxxxx.iot.ap-southeast-1.amazonaws.com',
   clientId: 'user-testing',
     region: 'ap-southeast-'
  1. We try to connect to AWS IoT. After we are connected, we subscribe a specific topic, for instance, topic_1. Then, we send a message by calling the publish() function:
   .on('connect', function() {
     device.publish('topic_1', JSON.stringify({ test_data: 1}));
  1. To receive an incoming message from AWS IoT, we listen to the message event as follows:
   .on('message', function(topic, payload) {
     console.log('message', topic, payload.toString());

Testing all

After we write a program, comp-demo.js, we can execute this program. Now you can run the program. Type this command:

$ node comp-demo.js

Make sure all certificate files are on the same path with comp-demo.js. If successful, you should see the connected state and receive the incoming message:

You can also verify on AWS IoT Management Console about this transaction:



We have learned what AWS IoT is and explored several IoT device platforms. AWS IoT Management Console and Device SDK were introduced to obtain the essentials of AWS IoT platform.

In the last section, we registered and configured an IoT device. Then, we created a program to access AWS IoT from the IoT device. In the next chapter, we will learn how to connect to AWS IoT from various IoT devices and make interactions.

About the Author
  • Agus Kurniawan

    Agus Kurniawan is an independent technology consultant, author, and lecturer. He has over 18 years' experience working on various software development projects, including delivering training courses and workshops, and delivering technical writing. He has done a few research activities related to wireless networking, software, and security in multiple universities. Currently, he is pursuing a Ph.D. program in Computer Science in Germany. He has previously written five books for Packt.

    Browse publications by this author
Latest Reviews (3 reviews total)
I still waiting for my book... no info about it..
bueno bueno bueno bueno buen precio
Decent intro to the AWS IoT concepts. Could add more content on the data processing side, but maybe that is a different book
Learning AWS IoT
Unlock this book and the full library FREE for 7 days
Start now