Application Security Testing: An Integral Part of DevOps
AWS IoT is a managed Cloud platform that enables interconnected IoT devices to interact securely with Cloud applications and/or other devices. It's an enterprise level platform that can support billions of devices and trillions of messages. Using AWS IoT enables your applications to keep track of and communicate with all your devices.
AWS IoT includes a number of specialized services such as AWS Lambda, Amazon Kinesis, Amazon S3, Amazon Machine Learning, Amazon DynamoDB, Amazon CloudWatch, AWS CloudTrail, and Amazon Elastic search Service with built-in Kibana integration. These may be utilized to build IoT applications that gather, process, analyze, and act on data generated by connected devices, without having to manage any infrastructure.
A number of IoT Platforms made the Codeguru list of "Top IoT Platforms for Developers," including AWS IoT. In evaluating AWS IoT, the structure recommended in "How to Evaluate IoT Platforms for Developers" was used. This will make it easier for you to compare various IoT platforms.
IoT Hardware Support
The AWS IoT Device SDK helps you to easily and quickly connect your hardware and/or mobile devices to AWS IoT. It offers features for interacting with the Device Gateway and Device Shadow rapid development services. The Device SDK supports a variety types of devices, from basic to industrial hardware devices.
The AWS IoT Starter Kits enable you to quickly prototype your ideas. These physical kits are designed to help accelerate prototype development of connected devices and connect securely to AWS IoT. The kits include development microcontroller development boards, sensors and actuators, the AWS IoT Device SDK, and a simple getting started guide so that you can find the best fit for your products. You can either purchase kits from Amazon.com or, if you already have the hardware board, you can just download the SDK and samples for your board type.
- GainSpan Application Development Kit
- STM32 IoT Discovery Node
- SimpleLink™ Wi-Fi® CC3220SF Wireless Microcontroller LaunchPad™ Development Kit
- Digi ConnectCore® 6UL SBC Pro Development Kit
- Digi ConnectCore® 6UL Starter Kit
- Digi ConnectCore® 6 Development Kit
- Avnet BCM4343W
- Marvell EZ-Connect MW302
- MediaTek Linkit One and Grove
- Renesas RX63N
- Dragonboard 410c
- Intel Edison and Grove
- BeagleBone Green and Grove
- Seeeduino Cloud and Grove
- TI LaunchPad
- Wisplet S2W IoT Starter Kit
- AT&T IoT Starter Kit
IoT OS Support
The AWS IoT Device SDK includes open source libraries, the developer guide with samples, and the porting guide so that you can build innovative IoT products or solutions on your choice of hardware platforms.
Supported languages/OSes include:
- Embedded C
- Arduino Yún
Key Sensor Support
The AWS IoT Device Gateway enables devices to securely and efficiently communicate with AWS IoT. The Device Gateway exchanges messages using a publication/subscription model, which enables one-to-one and one-to-many communications. The publication/subscription model makes it possible for a connected device to broadcast data to multiple subscribers. The Device Gateway supports MQTT, WebSockets, and HTTP 1.1 protocols and scales automatically to support over a billion devices without provisioning infrastructure.
Sensor readings flow from devices to the AWS IoT gateway. IoT allows for asynchronous communication between IoT and devices using an always-available "device shadow." As part of the shadow, IoT creates a set of topics with predefined names for each thing and publishes events to the topics.
Here's a real life example:
If you wanted to connect a DHT22 temperature-humidity sensor to the AWS IoT via the AWS IoT Device Gateway, but did not have a driver for it, you could write your own driver without much difficulty by adapting an existing library, such as Adafruit DHT22. You then could bundle the readings from the DHT22 sensor into a simple JSON payload and send it off to the AWS IoT system via the AWS embedded device SDK. The ESP32-DevKitC—available from Amazon for $14.99—comes with a JSON library that makes creating a JSON payload a snap.
IoT Data Considerations
With AWS IoT, you can filter, transform, and act upon device data on the fly, based on business rules that you define. You can update your rules to implement new device and application features at any time.
The AWS IoT platform makes it possible to integrate and control your devices from other AWS services to create more powerful IoT applications. With respect to data, IoT integrates with AWS Lambda, Amazon Kinesis, Amazon S3, Amazon Machine Learning, Amazon DynamoDB, Amazon CloudWatch, and Amazon Elasticsearch Service.
These services may be utilized to analyze and visualize your data. For example, the Hive Editor in Hue could be employed to show your devices' locations for the last fifteen minutes on a map.
AWS offers a comprehensive set of services to handle every step of the analytics process chain, including data warehousing, business intelligence, batch processing, stream processing, machine learning, and data workflow orchestration.
AWS Data Analytics Products include:
- Amazon Athena is a serverless Query Service for analyzing data in Amazon S3, using standard SQL.
- Amazon EMR provides a managed Hadoop framework to process vast amounts of data quickly and cost effectively. It can run open source frameworks such as Apache Spark, HBase, Presto, and Flink.
- Amazon Elasticsearch Service makes it easy to deploy, operate, and scale Elasticsearch on AWS.
- Amazon Kinesis is for working with streaming data on AWS.
- Amazon QuickSight offers fast, Cloud-powered business analytics.
- Amazon Redshift is a fully managed petabyte-scale data warehouse for analyzing your data using your existing business intelligence tools.
- AWS Glue is for preparing and loading data to data stores.
- AWS Data Pipeline helps you reliably process and move data between different AWS compute and storage services, as well as on-premise data sources, at specified intervals.
IoT Security Considerations
There are a number of steps that are required to provision devices in the AWS IoT system. Amazon has put a lot of care into the security of their platform. They have provided a lot of flexibility for both simple use and very complex use of their provisioning system so that it is usable on both a small and large scale.
Communication with AWS IoT is secure. The service requires all of its clients (connected devices, server applications, mobile applications, or human users) to use strong authentication (X.509 certificates, AWS IAM credentials, or third party authentication via AWS Cognito). All communication is encrypted. AWS IoT also offers fine-grained authorization to isolate and secure communication among authenticated clients.
Development and Deployment Considerations
AWS IoT is designed for building IoT end-to-end applications, which will eventually collect data from sensors, store collected data, and then analyze the data. There are several steps to go from development to deployment:
Step 1: Set Up the Environment
- Create an SSH Keypair.
- Deploy the AWS CloudFormation Template.
- Confirmation: Connect to your Instance.
Step 2: Set Up AWS IoT
- Create the AWS IoT Resources.
- Create an IoT Thing.
- Create an IoT Policy.
- Create an IoT Certificate.
- Configure and Run the Device Simulator.
- Create an IoT Rule and Action.
- Confirmation: View Device Messages with the AWS IoT MQTT Client.
Step 3: Process and Visualize Streaming Data
Data from your devices may be persisted in Amazon DynamoDB and then visualized with a real-time dashboard powered by a serverless API built with Amazon API Gateway and AWS Lambda.
Cost and Licensing of IoT Platforms and Solutions
Pricing is based on messages sent and received by AWS IoT. Each IoT interaction can be thought of as a message between a device and a server. Amazon charges per million messages sent or received. There are no minimum fees, and you won't get charged for messages to any of the following AWS services:
- Amazon S3
- Amazon DynamoDB
- AWS Lambda
- Amazon Kinesis
- Amazon SNS
- Amazon SQS
See the Pricing info page for more details.
AWS IoT consists of the following components:
Device gateway: Enables devices to securely and efficiently communicate with AWS IoT.
Message broker: Provides a secure mechanism for things and AWS IoT applications to publish and receive messages to and from each other. You can use either the MQTT protocol directly or MQTT over WebSocket to publish and subscribe. You can use the HTTP REST interface to publish.
Rules engine: Provides message processing and integration with other AWS services. You can use a SQL-based language to select data from message payloads, process, and send the data to other services, such as Amazon S3, Amazon DynamoDB, and AWS Lambda. You also can use the message broker to republish messages to other subscribers.
Security and Identity service: Provides shared responsibility for security in the AWS cloud. Your things must keep their credentials safe to securely send data to the message broker. The message broker and rules engine use AWS security features to send data securely to devices or other AWS services.
Thing registry: Sometimes referred to as the device registry. Organizes the resources associated with each thing. You register your things and associate up to three custom attributes with each thing. You also can associate certificates and MQTT client IDs with each thing to improve your ability to manage and troubleshoot your things.
Thing shadow: Sometimes referred to as a device shadow. A JSON document used to store and retrieve current state information for a thing (device, app, and so on).
Thing Shadows service: Provides persistent representations of your things in the AWS cloud. You can publish updated state information to a thing shadow, and your thing can synchronize its state when it connects. Your things also can publish their current state to a thing shadow for use by applications or devices.
The AWS IoT Device SDKs help you to connect your devices to AWS IoT. The AWS IoT Device SDKs include open-source libraries, developer guides with samples, and porting guides so that you can build IoT products or solutions on your choice of hardware platforms.
There are many AWS starter kits pre-packaged to connect to AWS IoT. In addition, AWS IoT is supported by a wide range of third party tools and gateways.
AWS IoT tools include:
- AWS IoT Management Console
- AWS SDKs
- AWS IoT Device SDKs
- AWS IoT Starter Kits
AWS IoT Device SDKs are employed to connect your hardware device, sensor, mobile app, or a thing.
The AWS Command Line Interface (AWS CLI) runs commands for AWS IoT on Windows, OS X, and Linux. These commands allow you to create and manage things, certificates, rules, and policies.
The AWS CLI is an open source tool built on top of the AWS SDK for Python (Boto) that provides commands for interacting with AWS services. With minimal configuration, you can start using all of the functionality provided by the AWS Management Console from your favorite terminal program, including:
- Linux shells: Use common shell programs such as Bash, Zsh, and tsch to run commands in Linux, macOS, or Unix.
- Windows command line: On Microsoft Windows, run commands in either PowerShell or the Windows CommandProcessor.
- Remotely: Run commands on Amazon EC2 instances through a remote terminal such as PuTTY or SSH, or with Amazon EC2 systems manager.
Many customers' primary reason for choosing Amazon Web Services (AWS) is because it's developer centric and offers a comprehensive set of software development kits (SDKs) for multiple popular programming languages including: .NET, Java and the JVM, Python, Ruby, PHP and Node.js.
Target audience: Intermediate to advanced professional developers
Most recent update/stable release: N/A
Not surprisingly, an end-to-end solution from one of the largest companies in the world entails a very comprehensive array of licensing and service level agreements governing all aspects of their business. These are broken down as follows:
- AWS Customer Agreement: This agreement governs your use of our services
- AWS Service Terms: These additional terms apply to your use of specific services
- AWS Service Level Agreements: These service-level agreements apply to your use of specific services
- AWS Acceptable Use Policy: This policy describes prohibited uses of services
- AWS Trademark Guidelines: This page describes the guidelines for using certain of AWS' trademarks and other designations
- AWS Site Terms: These terms govern your use of the AWS Web site
- AWS Tax Help: This page provides information about taxes applicable to our services
AWS IoT platform takes advantage of existing Cloud services to deliver advanced capabilities. From device management to visualization, AWS has everything that an enterprise needs. Services such as AWS Lambda, Amazon EMR, Amazon DynamoDB, Amazon Redshift, Amazon Kinesis, and Amazon QuickSight sweeten the pot by providing data ingestion, storage, processing, and visualization services.
- Easy to scale
- Many APIs that are already built in that you do not have to build yourself.
- No maintenance of the underlying servers and hardware.
- Existing customers of AWS can integrate easily IoT with their existing Cloud solutions.
- More expensive compared to setting up your own servers.
- Limitations compared to building your own EC2 cluster to handle incoming messages.
- Security provisioning is not as simple as it could be.
The AWS IoT Platform is one of several platforms to make our list. You can find the others in the IoT area of Codeguru!