AWS IoT for Professionals Series — Part 4
You can jump to other articles of this series from here:
- AWS IoT for Professionals Series — Part 1
- AWS IoT for Professionals Series — Part 2
- AWS IoT for Professionals Series — Part 3
So far, we have seen the first step of device management i.e. Onboarding. In this article, we will go through the next steps i.e. Organize, Monitor and Update. We will work on a use case to explain these steps.
Reference AWS Skill Builder
Use Case
A farmer has multiple cow farms and he wants to monitor the health of his cows remotely. For that he wants to put an IoT device on cows’ necks which gets the health data of cows in real-time and upload it on cloud to view it.
The requirements for the implementation:
- Onboarding numerous devices with the minimum number of steps
- Searching cows by farm no., age, breed, gender etc.
- Monitoring the cow’s heartbeat, ESG, produced milk etc. in real time and also keep historical health records of each cow
- Performing bulk actions on IoT devices, such as activating, deactivating, and updating.
So, let's start with onboarding the devices.
1. Onboarding
We assume that the devices have private keys and X.509 certificates already installed and the farmer doesn’t have any information about devices which are coming from the manufacturer. Since we are going to use large number of devices then according to the below diagram, we have 2 onboarding options: JITR & JITP.
a. JITR
JITR is a good choice when deploying devices that require more configuration options. This added flexibility comes with a higher financial cost. You will do the following:
- Create, register, and activate a CA certificate that will be used to sign your device certificate.
- Enable auto-registration of device certificates.
- Create device certificates signed by the CA and install them on your device.
- Create and attach a rule with an AWS Lambda action that activates the certificate, and then creates and attaches policies to the certificate.
- Connect to AWS IoT using the device certificate.
To avoid reinventing the wheel, I would recommend to follow this article : Just-in-Time Registration of Device Certificates on AWS IoT | The Internet of Things on AWS — Official Blog (amazon.com)
b. JITP
JITP is a good choice when deploying numerous devices that are similar in their functions and attributes. JITP can be used when the customer trusts the entity who will be loading the client certificate onto the devices. When using JITP, auto registration must be turned on. JITP uses a provisioning template that contains the parameters that will be used to activate the certificate and create the IoT resources. It creates an IoT policy and an IoT thing and registers it in the registry. After these things are complete, the device can connect to IoT core.
An employee would receive a box with everything included. They would simply connect to their network and turn the device on. Following the automated provisioning process, data can immediately start flowing for the team to view and monitor in real time.
AWS IoT JITP lets you register devices dynamically. Similar to provisioning in advance, JITP uses a provisioning template.
To use JITP, you need to perform the following steps:
- Register your own CA with AWS IoT
- Activate automatic registration on the Certificate Authority
- Associate the provisioning template to your CA
- Generate your own Public Key Infrastructure (or PKI) keys and certificates, and
then copy them to your devices.
When your device connects to AWS IoT for the first time, AWS IoT automatically calls the RegisterThing API, its certificate is registered, and a notification is published to a reserved topic ($aws/events/certificates/certificateID).
To avoid reinventing the wheel, I would recommend to follow this article :
This way you have provisioned hundreds of devices, which are now up and running and transmitting a flood of data. Now you need to organize those things into an orderly system so that you can track, monitor, and manage them.
2. Organizing (Grouping and searching for devices)
Configuring your devices into thing groups helps you to add another layer of organization to your devices and makes it easier to manage the fleet. Groups can be built in a hierarchy — groups containing other groups.
The Cow Farms thing group comprises three subgroups: Cow Farm1, Cow Farm2, Cow Farm3. The Cattles thing group likewise comprises subgroups as well: Cows, Oxen, and Calves.
For fleet indexing follow: Managing AWS IoT Devices: Fleet Indexing (w3schools.com)
3. Logging
The IoT devices are up and running, sending their sensor data and information about their status to the AWS IoT Core.
But they are also generating a lot of information about their own activities. This information goes into logs, which are essential for troubleshooting, maintenance, and device lifecycle management.
AWS IoT log entries
Each component of AWS IoT generates its own log entries:
- Message broker log entries
- Device Shadow log entries
- Rules engine log entries
- Job log entries
- Device provisioning log entries
- Dynamic thing group log entries
- Fleet indexing log entries
- Common CloudWatch Logs attributes
Each of those component logs has several specific event types.
For example, the Message broker logs the following event types:
- Connect log entry
- Disconnect log entry
- GetRetainedMessage log entry
- ListRetainedMessage log entry
- Publish-In log entry
- Publish-Out log entry
- Subscribe log entry
Reference for logs: AWS Skill Builder