Introduction

Q. What is Amazon IoT Core?

Amazon IoT Core is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. Amazon IoT Core can support billions of devices and trillions of messages, and can process and route those messages to Amazon Web Services endpoints and to other devices reliably and securely. With Amazon IoT Core, your applications can keep track of and communicate with all your devices, all the time, even when they aren’t connected.

Amazon IoT Core makes it easy to use Amazon Web Services services like Amazon Kinesis, Amazon S3, Amazon DynamoDB, Amazon CloudWatch, and Amazon CloudTrail, to build IoT applications that gather, process, analyze and act on data generated by connected devices, without having to manage any infrastructure.

Q. What does Amazon IoT Core offer?

Connectivity between devices and the Amazon Web Services cloud. First, with Amazon IoT Core you can communicate with connected devices securely, with low latency and with low overhead. The communication can scale to as many devices as you want. The Amazon IoT service supports standard communication protocols (HTTP, MQTT, and WebSockets are supported currently). Communication is secured using TLS.

  • Connectivity between devices and the Amazon Web Services cloud. First, with Amazon IoT Core you can communicate with connected devices securely, with low latency and with low overhead. The communication can scale to as many devices as you want. The Amazon IoT service supports standard communication protocols (HTTP, MQTT, and WebSockets are supported currently). Communication is secured using TLS.
  • Processing data sent from connected devices. Secondly, with Amazon IoT Core you can continuously ingest, filter, transform, and route the data streamed from connected devices. You can take actions based on the data and route it for further processing and analytics.
  • Application interaction with connected devices. Finally, the Amazon IoT service accelerates IoT application development. It serves as an easy to use interface for applications running in the cloud and on mobile devices to access data sent from connected devices, and send data and commands back to the devices.

Q. How does Amazon IoT Core work?

Connected devices, such as sensors, actuators, embedded devices, smart appliances, and wearable devices, connect to Amazon IoT over HTTPS, WebSockets, or secure MQTT. Included in Amazon IoT Core is a Device Gateway that allows secure, low-latency, low-overhead, bi-directional communication between connected devices and your cloud and mobile applications.

The Amazon IoT service also contains a Rules Engine which enables continuous processing of data sent by connected devices. You can configure rules to filter and transform the data. You also configure rules to route the data to other Amazon Web Services services such as DynamoDB, Kinesis, SNS, SQS, and CloudWatch for further processing, storage, or analytics.

There is also a Device Registry where you can register and keep track of devices connected to Amazon IoT Core, or devices that may connect in the future. The Device Shadows in the Amazon IoT service enable cloud and mobile applications to query data sent from devices and send commands to devices, using a simple REST API, while letting Amazon IoT Core handle the underlying communication with the devices. The shadows accelerate application development by providing a uniform interface to devices, even when they use one of the several IoT communication and security protocols with which the applications may not be compatible. Shadows also accelerate application development by providing an always available interface to devices even when the connected devices are constrained by intermittent connectivity, limited bandwidth, limited computing ability or limited power.

Communication with Amazon IoT Core is secure. The service requires all of its clients (connected devices, server applications, mobile applications, or human users) to use strong authentication (X.509 certificates or Amazon IAM credentials). All communication is encrypted. Amazon IoT also offers fine-grained authorization to isolate and secure communication among authenticated clients.

Similar to other Amazon Web Services services, users can access Amazon IoT Core via the Amazon Web Services Management Console. Applications can access Amazon IoT easily with the Amazon SDKs available for several programming languages. Amazon IoT Core further simplifies development and operations of IoT applications by integrating with Amazon CloudWatch.

To simplify the development of code running on connected devices, Amazon IoT Core provides open-source device SDKs for C, Node.js, and the Arduino Yún platform. Amazon IoT Core has also partnered with hardware manufacturers to make the Amazon IoT Device SDKs available on several IoT, embedded OS, and micro-controller platforms.

Q: Which Amazon regions is Amazon IoT Core service available in?

Please go to Amazon Web Services Services by Region.

You can use Amazon IoT Core regardless of your geographic location, as long as you have access to one of the Amazon Web Services regions with Amazon Web Services IoT service.

Q: How do I get started with using Amazon IoT?

Use the Amazon IoT Core console or refer to the Quickstart section of our developer guide to test drive the Amazon IoT service in minutes. 

Refer to the Amazon IoT Core documentation for further details.

Accessing Amazon IoT Core

Q. What are the ways for accessing Amazon IoT Core?

You can use the Amazon Web Services Management Console, the Amazon SDKs, and the Amazon IoT APIs to access the Amazon IoT service. Connected devices can use the Amazon IoT Device SDKs to simplify the communication with the Amazon IoT service.

The Amazon IoT Core APIs and commands are largely divided into control plane operations and data plane operations. The control plane operations enable you to do tasks such as configuring security, registering devices, configuring rules for routing data, and setting up logging. The data plane operations enable you to ingest data from connected devices into Amazon IoT Core with low latency and high throughput rate at a large scale.

Q. What communication and authentication protocols does Amazon IoT Core support?

For control plane operations, Amazon IoT Core supports HTTPS. For data plane operations, Amazon IoT Core supports HTTPS, WebSockets, and secure MQTT – a protocol often used in IoT scenarios.

HTTPS and WebSockets requests sent to Amazon IoT Core are authenticated using Amazon IAM, which support the Amazon SigV4 authentication. If you are using the Amazon SDKs, the SigV4 authentication is taken care of for you under the hood. HTTPS requests can also be authenticated using X.509 certificates. MQTT messages to Amazon IoT Core are authenticated using X.509 certificates.

Q. Can devices that are NOT directly connected to the Internet access Amazon IoT Core?

Yes, via a physical hub. Devices connected to a private IP network and devices using non-IP radio protocols such as ZigBee or Bluetooth LE can access Amazon IoT Core as long as they have a physical hub as an intermediary between them and Amazon IoT Core for communication and security.

Q. How should applications access Amazon IoT Core?

Applications connecting to Amazon IoT Core largely fall in two categories: 1. companion apps and 2. server applications. Companion apps are mobile or client-side browser applications that interact with connected devices via the cloud. A mobile app that lets a consumer remotely unlock a smart lock in the consumer’s house is an example of a companion app. Server applications are designed to monitor and control a large number of connected devices at once. An example of a server application would be a fleet management website that plots thousands of trucks on a map in real-time.

Amazon IoT Core enables both companion apps and server applications to access connected devices via uniform, RESTful APIs. Applications also have the option to use pub/sub to communicate directly with the connected devices.

Server applications (such as a mapping application running on Amazon EC2) can use IAM roles to access Amazon IoT Core.

Q. Can I get a history of Amazon IoT Core API calls made on my account for security analysis and operational troubleshooting purposes?

Yes, to receive a history of Amazon IoT Core API calls made on your account, you simply turn on CloudTrail in the Amazon Web Services Management Console.

Management Console

Q: What is new with the console?

  • The Amazon IoT Core Console has a new visual design for improved usability and navigation.
  • Things, types, certificates, policies, and rules are easier to find in their respective areas.
  • Account-level metrics are now visible on a new dashboard.
  • The MQTT web client has been streamlined to troubleshoot IoT solutions.
  • A new wizard has been added to connect devices in a few, short steps.
  • Thing details now include a real-time feed of lifecycle events and shadow activity.

Q. How do I send feedback?

To send feedback, click on the “Feedback” link in the footer bar of the console.

Device Gateway

Q: What is the Device Gateway?

The Device Gateway forms the backbone of communication between connected devices and the cloud capabilities such as the Amazon IoT Rules Engine, Device Shadows, and other Amazon Web Services and 3rd-party services.

The Device Gateway supports the pub/sub messaging pattern, which enables scalable, low-latency, and low-overhead communication. It is particularly useful for IoT scenarios where billions of devices are expected to communicate frequently and with minimal delay. Pub/sub involves clients publishing messages on logical communication channels called ‘topics’ and clients subscribing to topics to receive messages. The device gateway enables the communication between publishers and subscribers. Traditionally, organizations have had to provision, operate, scale, and maintain their own servers as device gateways to take advantage of pub/sub. Amazon IoT service has eliminated this barrier by providing the Amazon IoT device gateway.

The Device Gateway scales automatically with your usage, without any operational overhead for you. Amazon IoT Core supports secure communication with the device gateway, Amazon Web Services-account level isolation, as well as fine-grained authorization within an Amazon Web Services account. The device gateway currently supports publish and subscribe over secure MQTT and WebSockets, as well as publish over HTTPS.

Q. What is MQTT?

MQTT is a lightweight pub/sub protocol, designed to minimize network bandwidth and device resource requirements. MQTT also supports secure communication using TLS. MQTT is often used in IoT use cases. MQTT v3.1.1 is an OASIS standard, and the Amazon IoT device gateway supports most of the MQTT specification.

Rules Engine

Q: What is the Amazon IoT Core Rules Engine?

The Amazon IoT Core Rules Engine enables continuous processing of inbound data from devices connected to the Amazon IoT service. You can configure rules in the Rules Engine in an intuitive, SQL-like syntax to automatically filter and transform inbound data. You can further configure rules to route data from the Amazon IoT service to several other Amazon Web Services services as well as your own or 3rd party services.
Here are just a few example use cases of rules:

  • Filtering and transforming incoming messages and storing them as time series data in DynamoDB.
  • Sending a push notification via SNS when the data from a sensor crosses a certain threshold.
  • Saving a firmware file to S3
  • Processing messages simultaneously from a multitude of devices using Kinesis
  • Sending a command to a group of devices with an automated republish

Q. How are the rules defined and triggered?

An Amazon IoT Core rule consists of two main parts:

  • A SQL statement that specifies the pub/sub topics to apply the rule on, data transformation to perform, if any, and the condition under which the rule should be executed. The rule is applied on every message published on the specified topics.
  • An actions list that defines the actions to take when the rule is executed, that is, when an incoming message matches the condition specified in the rule.

Rule definitions use a JSON-based schema. You can directly edit the JSON or use the rules editor in the Amazon Web Services Management Console.
As an example, here is a rule for saving temperature data from a sensor to DynamoDB whenever the temperature is above 50:

Sensors in this example are publishing on their topics under “iot/tempSensors/”. The first line of the rule defines the SQL SELECT statement used to query on the “iot/tempSensors/#” topic. It contains a WHERE clause that extracts the value of a ‘temp’ field in the message’s payload and checks if it passes the condition ‘greater than 50’. If the condition is met, the data is stored in the specified DynamoDB table. The example uses built-in functions for tasks such as traversing the message payload and getting current time.

Q. Where can I learn more about rules?

You can learn more about rule here Amazon IoT Core Rules documentation

Device Registry and Device Shadows

Q. What is the Amazon IoT Core Device Registry and what should I use it for?

IoT scenarios can range from a small number of mission-critical devices to large fleets of devices. The Amazon IoT Device Registry allows you to organize and track those devices. You can maintain a logical handle in the Device Registry for every device you are connecting to Amazon IoT. Each device in the Device Registry can be uniquely identified and can have metadata such as model numbers, support contact, and certificates associated with it. You can search for connected devices in the Device Registry based on the metadata.

Q. What is a Thing Type?

Thing Types allow you to effectively manage your catalogue of devices by defining common characteristics for devices that belong to the same device category. In addition, a Thing associated with a Thing Type can now have up to 50 attributes including 3 searchable attributes.

Q. What is Simplified Permission Management?

This feature allows you to easily manage permission policies for a large number of devices by using variables that reference Registry or X.509 certificate properties. The integration of Registry and Certificate properties with device policies offers the benefits listed below:

  • You can now reference Device Registry properties in device permission policies. Referencing device properties defined in the Device Registry allows your policies to reflect any changes made in the Device Registry. For example, by referencing the Thing Attribute named “building-address” as a variable in the policy, devices will automatically inherit a new set of permissions when they move buildings.
  • You can share a single generic policy for multiple devices. A generic policy can be shared among the same category of devices instead of creating a unique policy per device. For example, a policy that references the “serial-number” as a variable, can be attached to all the devices of the same model. When devices of the same serial number connect, policy variables will be automatically substituted by their serial-number.

Q. What is the Device Shadows?

The Device Shadows enable cloud and mobile applications to easily interact with the connected devices registered in Amazon IoT Core. A Device Shadow in Amazon IoT Core contains properties of a connected device. You can define any set of properties applicable to your use case. For example, for a smart light bulb, you might define ‘on-or-off’, ‘color’, and ‘brightness’ as the properties. The connected device is expected to report the actual values of those properties, which are stored in the Device Shadow. Applications get and update the properties simply by using a RESTful API provided by the Amazon IoT service. The Amazon IoT service and the Amazon IoT Core Device SDKs take care of synchronizing property values between the connected device and its shadow in Amazon IoT Core.

Q. Do I have to use the Registry and the Device Shadows?

You can have applications communicate directly to the connected devices using the Device Gateway and/or the Rules Engine in Amazon IoT Core. However, we recommend using the Device Registry and Device Shadows since they offer richer and more structured development and management experience that lets you focus on the unique value you want to create for your customers rather than having to focus on the underlying communication and synchronization between the connected devices and the cloud.

Q. What is the lifecycle of a device and its Device Shadow in Amazon IoT Core?

  • You register a device (such as a light bulb) in the Registry.
  • You program connected device to publish a set of its property values or ‘state (“I am ON and my color is RED”) to the Amazon IoT Core service.
  • The last reported state is stored in the Device Shadow in Amazon IoT Core.
  • An application (such as a mobile app controlling the light bulb) uses a RESTful API to query Amazon IoT Core for the last reported state of the light bulb, without the complexity of communicating directly with the light bulb.
  • When a user wants to change the state (such as turning the light bulb from ON to OFF), the application uses a RESTful API to request an update, i.e. sets a ‘desired’ state for the device in Amazon IoT Core. Amazon IoT Core takes care of synchronizing the desired state to the device.
  • The application gets notified when the connected device updates its state to the desired state.

Q. Where can I learn more about the Device Registry and the Device Shadows?

For more information on the Registry, see the Amazon IoT Core Device Registry. For more information on the Device Shadow, see the Amazon IoT Device Shadows.

Security and Access Control

Q. Can I configure fine-grained authorization in Amazon IoT Core?

Yes. Similar to other Amazon Web Services services, in Amazon IoT Core you have fine-grained control over the set of API actions each identity is authorized to invoke. In addition, you have fine-grained control over the pub/sub topics that an identity can publish or subscribe to, as well as over the devices and shadows in the Device Registry that an identity can access.

Q. Where can I learn more about Security and Access Control in Amazon IoT Core?

For more information, see Amazon IoT Core Security and Identity.

Amazon IoT Device SDK

Q. What is the Amazon IoT Device SDK?

The Amazon IoT Device SDKs simplify and accelerate the development of code running on connected devices (micro-controllers, sensors, actuators, smart appliances, wearable devices, etc.). First, devices can optimize the memory, power, and network bandwidth consumption by using the Device SDKs. At the same time, Device SDKs enable highly secure, low-latency, and low-overhead communication with built-in TLS, WebSockets, and MQTT support. The Device SDKs also accelerate IoT application development by supporting higher level abstractions such as synchronizing the state of a device with its shadow in the Amazon IoT service.

Amazon IoT Device SDKs are freely available as open-source projects. For more details visit our Developer Resources page.

Q: Which programming languages does the Amazon IoT Device SDK support?

Amazon Web Services currently offers the Amazon IoT Device SDKs for C and Node.js languages, as well as for the Arduino Yún platform.

Amazon IoT Device SDKs are open-source. You can port them to the languages and hardware platforms of your choice if they are not supported already.

Q: Should I use Amazon IoT Device SDK or the Amazon SDKs?

The Amazon IoT Device SDK complements the Amazon SDKs. IoT projects often involve code running on micro-controllers and other resource-constrained devices. However, IoT projects often include application running in the cloud and on mobile devices that interact with the micro-controllers/resource-constrained devices. Amazon IoT Device SDKs are designed to be used on the micro-controllers/resource-constrained devices, while the Amazon SDKs are designed for cloud and mobile applications.

Q: Where can I learn more about Amazon IoT Device SDK?

For more information on the Amazon IoT Device SDKs, see Amazon IoT Device SDKs.