How To Use AWS IoT Core to Build & Scale Your IoT Solution

Getting your devices to communicate with each other is one of the biggest challenges in building an IoT solution. And if that infrastructure isn’t efficient from the beginning? Scaling can be next to impossible. AWS IoT Core offers a simple solution that can enable you to build a solution to scale seamlessly.

What is AWS IoT Core?

AWS IoT Core is a managed cloud service that securely connects your devices, allowing them to communicate not only with other Amazon products but with other cloud applications and devices as well. With AWS IoT Core, you can send, read and process data transferred between your connected devices in real-time through a secure connection. 

AWS IoT Core provides an easy and secure way to manage your devices, especially if you have many of them. Because it can easily connect with other AWS solutions, you can fully manage your devices in the AWS suite.

There are a ton of use for AWS IoT Core, but we’ll give a high-level overview of how to connect your devices and how you can manage your data in this article.

Devices in IoT Core

Register Your Devices

The first step to using AWS IoT Core is to register your device.

In AWS IoT Core, each device is called a thing. A thing can be either a representation of a physical device or a logical representation of a device. The device registry is where you assign your devices as things in AWS IoT Core.

You can register one device at a time, for example, when you have a sensor to keep track of the temperature in one room. Or you can register many devices, for example, when you’re managing a fleet of self-driving cars. You can also create groups in the IoT device registry. This allows you to aggregate devices to apply the same command to many devices at once. 

Configure and Provision Devices

After registering, you need to provision your device, so it's ready to use. You need three resources to provision your device for use in IoT Core:

1. Your IoT thing.
2. An X.509 certificate (a device certificate). An X.509 certificate is a digital certificate that uses the X.509 public key infrastructure to verify that the device contained in the certificate has the correct key.
   If you have already created an IoT thing, you can either have AWS create an X.509 certificate for you or use an existing one.
   This certificate allows the IoT Core device to authenticate and communicate with the device, and you need to copy it to the thing that you created for your device and onto the device itself.
   AWS uses this certificate because it is good for long-term connections, and you’ll only need to copy the certificate onto your device once. 
3. An IoT policy. An IoT policy is essentially a document that specifies whether your device is allowed to send and receive data and from where. Without an IoT policy, your device will not have access to send and receive data. To provision a device in IoT Core, you’ll need to attach the IoT policy to the device certificate. 

This process may work well if you only have one or a few devices you need to provision in IoT Core. However, for many devices, this process is time-consuming and tedious. Thankfully, AWS provides us a way to do this automatically for many devices. 

Just-in-Time Registration (JITR)

It’s tedious and time-consuming to register every single device individually and even more difficult if you’re using your own device management solution. 

JITR allows you to set up a workflow that registers device certificates and automatically attaches IoT policies to them. Just-in-time registration can be used with existing certificates or certificates generated by AWS. Just-in-time is most effective when you already have a device certificate on your device issued by an outside CA (certificate authority). This way, you can automatically register your device without having to copy the certificate onto your device. 

If you use your own CA, you have to register a CA certificate to validate your device certificates first. Usually, device manufacturers have access to this information, although it is difficult for them to register a device. JITR makes this simple and easy so that you can receive your devices pre-registered and ready for use.

Just-in-Time Provisioning (JITP)

JITP does everything JITR does, but it’s more efficient. For example, JITR requires two extra steps: creating a rule and an AWS Lambda function to activate the device certificate and attaching policies to that certificate.

To use JITP, there are only two steps:

1. Attach a provisioning template to the device certificate. A provisioning template is a document that tells IoT Core which other devices your device interacts with.  
2. Attach an IAM role to the device certificate. An IAM role is an object that specifies what AWS services the device has access to.

At a high level, JITP will create the IoT thing and policy in AWS IoT, attach the policy to the certificate, and attach the certificate to the thing. After this, your device is ready to use in IoT Core!

Manage Your Devices

Sending and Receiving Messages

In AWS IoT Core, you can send and receive information from devices in real-time using two protocols:

1. MQTT: this is a lightweight pub/sub protocol commonly used for areas where network bandwidth is limited and sending large amounts of data is not feasible. MQTT is considered a device-to-device protocol and is widely used in IoT solutions.
2. HTTP: this is the protocol used when sending data over the web. HTTP can support more information than MQTT and isn’t as suitable for low-bandwidth areas.
   

Through AWS Message Broker, you can filter, transform, and route data from your devices to any other resource you have connected to AWS IoT Core. AWS Message Broker is a pub/sub service that allows clients to send each other messages by publishing them to a topic. Clients can then receive these messages by subscribing to that topic. 

These clients may be other devices in IoT Core or other AWS resources entirely. Besides sending one message to many different clients, you can also finely tune topics on Message Broker, so clients only receive and send the data you want them to.

AWS IoT Core features

AWS IoT integrates with many existing AWS resources, including Amazon Simple Storage Service (S3), Amazon DynamoDB, Amazon Kinesis, AWS Lambda, Amazon Simple Notification Service, and Amazon Simple Queue Service. 

We won’t go into all of the ways you can configure IoT Core with these resources, but we will highlight some of the services that we think are the most important and useful for your device management.

Device Shadow Service

If you’ve managed an IoT solution, you know that device data isn’t always available, and devices may attempt to communicate at inconvenient times. AWS’s Device Shadow service allows you to store the most recently communicated state of your device. SO, if your device goes offline, resources that are pulling your device’s data can pull the latest device state and don’t need to worry about data interruption.

Jobs Service

Jobs Service is another service that allows you to communicate with many devices regularly effectively. The Jobs Service allows you to schedule and create job actions to send commands to many devices and see a history of jobs on a device. 

Firmware updates are a great Applications for the Jobs Service. You can use the Jobs Service to schedule regular firmware updates and view past updates.

AWS IoT Core is a powerful tool to manage the sometimes complicated process of device communication. JITR and JITP make it easy to configure devices, and Message Broker, the Rules Engine, and Jobs Service all make it seamless to send and schedule commands.

Hopefully, this quick overview helped you see how AWS IoT Core might be helpful to your future deployments. It can be an invaluable tool to connect devices for both large- and small-scale IoT deployments, simple and easy.