Amazon Web Services applies its cloud clout to the IoT

October 09, 2015

Stephen.Evanczuk-October 09, 2015

Amazon Web Services (AWS) announced the beta release of its IoT platform, adding device-specific services to its extensive cloud services infrastructure. In combination with its recently announced AWS Mobile Hub for app services, AWS is now offering a complete device-to-app solution (Figure 1).

Figure 1. In a functional view of the newest Amazon Web Service (AWS) offering, AWS IoT links data messages from IoT devices to AWS services that now include specific support for mobile apps via AWS Mobile Hub. (Source: AWS)

AWS IoT already finds immediate support in end-device starter kits for BeagleBone, Intel Edison, Renesas RX63N, Microchip PIC32-based WiFi Client Module, and TI Launchpad CC3200, among others. While configuration of the associated AWS products remains the task of the developer, these new starter kits include platform-specific support for AWS IoT. Along with their respective hardware complement, a key feature of these starter kits includes a port of the AWS IoT SDK for the AWS service APIs needed by IoT devices to authenticate, access, and communicate with AWS IoT services in the cloud. For example, TI's AWS IoT starter kit integrates the AWS SDK with TI-RTOS and the SimpleLink Wi-Fi API -- as well as the AWS security certificates in the CC3200 security framework, according to Gil Reiter, TI Director of Strategic Marketing for IoT.

"There is no reason why a knowledgeable customer couldn’t take the AWS IoT SDK and port it to a LaunchPad, but it would probably just take them a large amount of time to do so (a few weeks)," said Reiter. "What TI’s solution with AWS does is save developers that initial porting effort by having the APIs pre-ported and pre-tested on the SimpleLink Wi-Fi CC3200 LaunchPad."

IoT devices communicate with each other, mobile apps, and other end points through a service chain that operates as follows in the functional view shown above in Figure 1 (Amazon provides an interactive version of Figure 1, login required; See also the corresponding services-oriented view in Figure 2 below):

  1. Using the AWS IoT SDK, devices (, in Figure 1) that pass authentication checks use HTTP or MQTT protocols to communicate with the AWS IoT message broker () using a publish/subscribe. For example, a lighting control using (device 2, above) could publish commands to which the luminaire (device 1, above) subscribes. Authentication utilizes the existing AWS Identity and Access Management (IAM) service used throughout AWS. Messaging between an IoT device and the AWS cloud is handled on the device side through the AWS IoT SDK and on the cloud side by the AWS Device Gateway (see figure below). AWS IAM provides very fine-grained control over the actions an authenticated device (or user or system) can perform on recognized endpoints such as an IoT device in the AWS IoT Device Registry or any other authorized entity within or connected to the AWS cloud.
  2. As messages pass through the message broker, an AWS IoT service called the Rules Engine () applies a set of custom rules associated with the application to route specific sets of data to specific resources (AWS endpoints). To select data of interest, engineers use a SQL-like syntax. In contrast to conventional SQL, where select statements retrieve data from tables, AWS IoT SQL select statements filter data from JSON-formatted data payload carried in an IoT device message. Along with IoT SQL statements, the custom rules, written in JSON, specify the target ARN (globally unique Amazon Resource Name) corresponding to an Amazon SNS (Simple Notification Service) "topic" to send an SMS notification to a user (), package of code () in an AWS Lambda function, or an AWS Dynamo database ().
  3. AWS IoT retains state of an IoT device through the AWS Device Shadow capability. If a shadowed device loses its connection to the cloud, AWS services can use the persistent virtual shadow (). In fact, developers can set the state of the virtual image to a desired state to reflect expected changes in device state.
  4. An authorized mobile app () can use AWS Mobile Hub to participate in the IoT application -- transmitting commands to control devices, displaying data, and visualizing analytics (using another recently announced AWS capability, called QuickSight, for big data visualization).

Figure 2 presents a services view of this message-based IoT architecture and its relationship to IoT devices, other AWS services, and user applications.

Figure 2. AWS IoT services combine existing AWS offerings such as AWS AIM, SNS, S3, Lamba, and more with IoT-specific capabilities for communications (Device Registry and Device Gateway), persistent state (Device Shadows), and rule-based behaviors (Rules Engine). (Source: AWS)

AWS IoT is priced at $5/million messages for operations in the AWS US East, US West, and EU regions and $8/million messages for operation in the AWS Asia Pacific region. AWS offers pricing examples for specific message rates and loads. AWS IoT is included in the AWS Free Tier offering, which provides access to a baseline-level of service for one year.


Loading comments...