This week at the AWS re:Invent conference in Las Vegas Amazon Web Services (AWS) publicly announced their new AWS IoT service.
Here's a quick first look.
What is AWS IoT?
AWS IoT is a new service that helps you build and manage scalable Internet of Things applications running on the AWS cloud. It's designed to support billions of devices and trillions of messages.
An Internet of Things application typically involves connected devices containing one or more sensors (e.g. a temperature sensor) and/or one or more actuators (e.g. an electronic lock). The types of sensors and actuators really depends on your specific application and use case.
Sensors tend to generate lots of data, so naturally AWS IoT plays well with other high-scale AWS services such as DynamoDB, Kinesis, Lambda, Machine Learning, and S3.
Note: AWS IoT uses the terms "device" and "thing" somewhat interchangeably, so for now you may see both terms being used.
The Device Gateway allows devices to securely communicate with AWS IoT running in the cloud. It exchanges messages using a publish/subscribe model, often called pub/sub for short.
Communications are based on MQTT (Message Queuing Telemetry Transport) or HTTP 1.1 and other communications protocols may be added in the future. MQTT is a well-established lightweight messaging protocol that's designed to work well in a variety of communications environments.
Communications between devices and AWS IoT are secured using TLS (Transport Layer Security).
The pub/sub model is managed by a Message Broker that handles sending and receiving messages to and from AWS IoT. Messages are addressed using a topic name like "Sensor/motion/zone1".
When a message is sent to a topic name (Publish), the Message Broker sends the message to all clients that have registered to receive messages for that topic (Subscribe).
Authentication and Authorization
AWS IoT provides authentication and encryption for all points of a connection to ensure that each device is identified, authorized for access, and is able to securely communicate data back and forth.
MQTT connections use X.509 certificate based authentication and HTTP connections can use either X.509 certificates or the AWS SigV4 authentication method.
Policies are used to control authorization, i.e. what actions can be performed and what resources can be accessed.
X.509 certificates and authorization policies are created and managed through the AWS console or the AWS API.
The Registry provides a master list of all devices (also called things) along with up to three metadata key/value pairs for each thing that you can customize. Each device gets a unique identity that's in a consistent format regardless of the type of device or how it connects.
Device Shadows allow you to create a "virtual version" of a device that consists of metadata and key/value pairs. When a device is online and connected, the metadata and key/values are synced between the device and the shadow in AWS IoT.
When a device is offline or disconnected, you can still read and write the shadow data, and when the device reconnects it will again be synced between the device and the shadow.
The shadow scheme allows your applications to continue interacting with a device's data even when it's offline and unavailable.
The Rules Engine provides a powerful mechanism for routing, transforming and processing events and data without having to build and manage additional application servers.
The Rules Engine evaluates inbound messages according to a set of rules you define. Rules can route messages to other devices or to various AWS services, as well as transform data in different ways.
Rules are written using a SQL-like syntax that includes SELECT, FROM and WHERE clauses and a variety of functions and operators found in the SQL language.
Each rule can have one or more actions that are performed when the SQL query matches an inbound message. Available actions currently include:
- Insert message into a DynamoDB table
- Send message as SNS notification
- Send message to real-time Kinesis data stream
- Send message to a Lambda function
- Store message in a S3 file
- Republish the message to another AWS IoT pub/sub topic
AWS IoT Starter Kits
AWS has collaborated with several hardware manufacturers to create starter kits that contain processors, sensors and actuators for building your own prototypes that connect into AWS IoT. Ten different models have been announced so far including models based on BeagleBone, Intel Edison, and Arduino Yun. Several of the starter kits use the Grove family of modular sensors and actuators.
The pricing model for AWS IoT is similar to other AWS services where you pay for the amount of resources actually used.
Pricing is based on the number of messages published to AWS IoT (Publishing cost) and the number of messages delivered to other devices or applications (Delivery cost).
AWS IoT does not charge for message deliveries into Amazon S3, Amazon DynamoDB, AWS Lambda, Amazon Kinesis, Amazon SNS, and Amazon SQS, however you still pay the normal costs for those services based on their respective pricing models.
There are a number of IoT frameworks and platforms on the market these days, both commercial products and open source. The space is getting crowded and platform vendors continue to look for ways to differentiate on technical merit, price, features and functions, security, ease of use, availability of pre-built integrations, and other factors.
AWS IoT is now one of the newest players in this space with the added advantage of being directly integrated into the AWS cloud environment. The service is currently marked as beta, so refinements may be made as more and more people start using it.
As usual, AWS seems to be mindful of several key attributes of large-scale IoT applications:
- Pay-as-you go pricing