AWS IOT SERVICES &

SOLUTIONS
Supplementary Reading /Practice Material for AWS Restart

JUNE 28, 2022

AWS IOT Core Overview

AWS IoT Core provides secure, bidirectional communication between internet-

connected devices, such as sensors, actuators, embedded microcontrollers, or
smart appliances, and the AWS Cloud. Using AWS IoT Core, you can collect,
store, and analyze telemetry data from multiple devices. You can also create
applications where your users can control these devices from their phones or
other mobile devices. AWS IoT Core is composed of six main components: 

Identity Service Provides authentication,

authorization, and device
provisioning

Device Gateway Securely connects IP-connected

devices and edge gateways to the
AWS Cloud and other devices at scale

Message Broker Processes and routes data messages

to the AWS Cloud
Rules Invokes actions in the AWS Cloud
Device Shadow Service Maintains a shadow of your device so
the device can be accessed and
controlled at any time
Registry Stores information about devices and
their attributes

Identity
AWS IoT Core provides a secure communication channel for devices to
communicate with each other and other services. AWS IoT provides
authentication by offering the following options: 

 Certificates for mutual authentication by using MQTT over Transport

Layer Security (TLS) v1.2 
 Signature Version 4 (SigV4) signed requests over HTTP 
 MQTT over WebSocket, which is similar to other AWS services
You can also use custom authentication tokens that are provided by your
authentication or authorization service. AWS IoT also provides flexible
authorization options and fine-grained access control through JavaScript
Object Notation (JSON) policies.

Device Gateway
The device gateway serves as the secure entry point for IoT devices connecting
to AWS IoT Core. The device gateway manages all active device connections
and implements semantics for multiple protocols to ensure that devices are
able to securely and efficiently communicate with AWS IoT Core.

Message Broker
The message broker processes and routes data from your devices into AWS IoT
Core. The message broker is scalable, has low latency, and provides reliable
message routing. It also uses a publish and subscribe model to decouple
devices and applications using MQTT, a lightweight publish/subscribe protocol
commonly used on resource-constrained devices.

The message broker supports two-way message streaming between devices

and applications, including the use of AWS IoT rules and topics. It also provides
an opportunity for data transformation, rerouting, and enhancement with
external data sources.

Rules
AWS IoT Core processes rules and finds incoming messages that match the rule
query. When a matching message is received, the rule action is initiated such
as writing data to an Amazon Simple Storage Service (Amazon S3) bucket,
invoking an AWS Lambda function, or sending a message to an Amazon Simple
Notification Service (Amazon SNS) topic. 
Device Shadow Service
A device shadow can also be referred to as an AWS IoT thing shadow. The
Device Shadow service maintains a device shadow for each device you connect
to AWS IoT. You can use the shadow to access a device's state whether the
device is connected to AWS IoT or not. 

Registry
The registry is a database of devices. Using the registry for your devices is
optional; however, the registry helps you manage your device ecosystem
effectively and acts as a repository for device certificates. Using the registry,
you can search your registered devices based on attributes and tags.

Things and Devices

If you are new to AWS IoT, the fluctuating use of the terms AWS IoT thing,
or thing, and device may prove to be a challenge. These terms are used
interchangeably and these terms are seen throughout the AWS IoT console
and documentation. During this course and throughout the Foundations Series,
we use the term device to refer to the physical entity. We use the
term thing to refer to its virtual representation.

A thing is a representation of a specific device or logical entity. It can represent

a physical device or sensor, such as a light bulb or a switch on a wall. It can also
represent a logical entity, such as an instance of an application or a physical
entity not directly connected to AWS IoT Core but related to devices that do
connect to AWS (for example, a car that has engine sensors or a control panel).

Information about a thing is stored in the AWS IoT Core registry as JSON data.
Examine the following block of JSON data. You can view the name-value pairs
within the file.  

To learn more about some of the name-value pairs associated with a thing,
choose each numbered marker.
Thing types and attributes

A thing type is a method to organize AWS IoT things into logical categories,
such as light bulbs, thermostats, and motion sensors. These are groups of
things that share common attributes.

To learn more about thing types, expand each of the following three
categories.

Thing Type and Attribute Limits

 Thing types can have up to 50 attributes.

 Things that aren't associated to a thing type can have up to three
attributes.
 A thing can only be associated with one thing type.
 There is no limit on the number of thing types you can create in your
account. 

Naming

Names for thing types do not require a universally unique name. However,
they must be unique within your account. 

Standardize your naming convention before the number of devices in your

fleet grows too large. Doing so simplifies management, communication, and
access rights. The standardization eliminates confusion when maintaining a
large device fleet. 

Managing Thing Types

Thing types are immutable, which means the thing type name can't be
changed after it's created. If you need to change a thing type, first you
deprecate the existing thing type so no new things can be associated with it.
Then, disassociate all things from the existing thing type. Finally, you create a
new thing type that reflects the changes you want to make, and associate the
things with this new thing type. You can then delete a thing type with no things
associated with it.

Thing Groups
Use thing groups to manage several things at once by categorizing them into
groups. You can also create a hierarchy of groups—groups containing other
groups.

To learn more about the different aspects of thing groups, expand each of the
following four categories.

Types

There are two types of thing groups.

 Static thing groups organize devices into groups that you specify. Things
are added to a static thing group by using the console, AWS Command
Line Interface (AWS CLI), or the AWS IoT API. For more information,
see Static thing groups.

 Dynamic thing groups update group membership through search

queries. Using dynamic thing groups, you can change the way you
interact with things depending on their connectivity, registry, shadow, or
Device Defender violations data. Because dynamic thing groups are tied
to your fleet index, you must turn on fleet indexing to use them. For
more information, see Dynamic thing groups.

Hierarchy

Thing groups can have parent–child relationships that allow policies to be

attached to a parent group and inherited by their children. Attaching policies
with parent-child relationships simplifies controlling permissions for large
numbers of things.

Dynamic thing groups can't be part of a hierarchy.

Group Limits

You can associate things with up to 10 groups at the same time. However, you
can't add a thing to more than one group in the same hierarchy.

Naming

Similar to thing types, thing groups do not require a universally unique name
and their name cannot be changed. However, you can attach and detach things
from a group. Thing groups must be empty before you can delete them.
Connecting to AWS IOT Core

Device software

You can choose from different device software to connect your device to AWS
IoT Core, depending on your use case and type of device. Review the following
table for a brief explanation of three examples.

Device Software Scenario Device Hardware

FreeRTOS Small highly constrained Microcontroller
and purpose-built IOT
devices and sensors
AWS IOT Device IOT Devices Running Microprocessor
Software Development Linux distributions
Kit (distros) for basic IOT
applications and
prototyping
AWS IOT Greengrass IOT applications Microprocessor
managed from the
cloud that perform
machine learning
inference, process data,
and are able to handle
intermittent
connectivity
Run
Mstsc
Ip:3389