Connecting to AWS IoT Connecting to Amazon AWS IoT Table of Contents Introduction Prerequisites AWS IoT Core Setup Account Setup Setup a Policy Create a Thing Configure Device for AWS Connection Prerequisites Provisioning the Device Via UART Monitor AWS Messages AWS Topics Introduction The AWS Out-of-Box (OOB) Demo firmware connects to the Ezurio Bluegrass cloud by default. This document will describe how to setup a new AWS IoT core account and reconfigure the firmware to connect to it. Prerequisites AWS OOB demo firmware 3.x or later AWS IoT Core Setup Account Setup Before starting, an AWS account is required. Amazon offers a free account that can be used for evaluation purposes. Setup a Policy In order for the IoT device to connect, a policy needs to be created to assign permissions to the device. Login to the AWS IoT console In the left-hand menu, navigate to Secure -> Policies. Policies Click Create a policy. Give the policy a name. Enter iot:* for the Action. Enter * for the Resource ARN. Check the Allow box. Finally click Create. Note: This policy is extremely permissive. It is recommend to setup policies only be as permissive as necessary. See here Create Policy Create a Thing In the left-hand menu, navigate to Manage -> Things and click Create on the far right. Click Create a single thing. Enter a name and click Next. Note: The OOB demo firmware expects the thing name to be in this format deviceId-<id> where <id> should be replaced by the IMEI of your device (for Pinnacle 100/MG100) or the Bluetooth address (in lower-case) of your device (for BL5340). Thing Name Create a certificate using the One-click certificate creation by clicking Create certificate. Create Cert Download the device certificate, keys, and Amazon Root CA. Activate the certificate and then click attach policy. Download Cert Select the policy that was created previously and click Register Thing. Attach Policy Configure Device for AWS Connection The Pinnacle 100/MG100/BL5340 device can be provisioned to communicate with the Bluegrass AWS demo site via the mobile app. In order to connect to an alternate AWS IoT Core instance, the device can be provisioned via UART. Prerequisites mcumgr CLI (cross platform) Pinnacle 100/MG100/BL5340 device running AWS OOB demo firmware v3.x or greater Terminal program: Putty (Windows,Linux,macOS), Teraterm (Windows), Serial (macOS) Provisioning the Device Via UART Connect a terminal program to the console UART (FTDI UART on the DVK), decommission the device and turn off log messages. Log messages output by the firmware can interfere with the file transfer process. Issue command: attr set commissioned 0 log halt Disconnect the terminal program from the console UART and transfer the credentials to the device using the mcumgr CLI via the console UART. Three files need to be transferred to the device, the root CA, client certificate, and client key. # Linux/macOS mcumgr -t 5 -r 2 --conntype serial --connstring dev=/dev/tty.usbserial-A908JLEI,mtu=2048 fs upload /Users/ryan/Desktop/test_aws/AmazonRootCA1.pem /lfs/root_ca.pem mcumgr -t 5 -r 2 --conntype serial --connstring dev=/dev/tty.usbserial-A908JLEI,mtu=2048 fs upload /Users/ryan/Desktop/test_aws/5d9f1885c1-certificate.pem.crt /lfs/client_cert.pem mcumgr -t 5 -r 2 --conntype serial --connstring dev=/dev/tty.usbserial-A908JLEI,mtu=2048 fs upload /Users/ryan/Desktop/test_aws/5d9f1885c1-private.pem.key /lfs/client_key.pem # Windows mcumgr -t 5 -r 2 --conntype serial --connstring dev=COM4,mtu=2048 fs upload C:\test_aws\AmazonRootCA1.pem /lfs/root_ca.pem mcumgr -t 5 -r 2 --conntype serial --connstring dev=COM4,mtu=2048 fs upload C:\test_aws\5d9f1885c1-certificate.pem.crt /lfs/client_cert.pem mcumgr -t 5 -r 2 --conntype serial --connstring dev=COM4,mtu=2048 fs upload C:\test_aws\5d9f1885c1-private.pem.key /lfs/client_key.pem Re-connect the terminal to the console UART and restart logging. log go Set AWS endpoint To direct the Pinnacle 100 device which AWS instance to connect to, the endpoint must be set. To determine the correct endpoint login to the AWS IoT console and click on the thing that was just registered. Go to the section labeled Interact and copy the endpoint listed under the HTTPS section. AWS Endpoint Connect the terminal program to the console UART and set the endpoint. attr set endpoint a3pefs972vw3m-ats.iot.us-east-1.amazonaws.com Set commissioned flag attr set commissioned 1 Setting commissioning to 1 (true) will trigger the device to connect to the AWS instance. TLS Peer Verification Peer verification isn’t supported when using the self-signed certificates loaded by the mobile application. However, if using custom certs and if CoAP FOTA is not required, peer verification can be turned on from the command line. Peer verification is required to pass the AWS Device Advisor test suite. The setting change will not take effect until the next MQTT connect. attr set peerVerify 2 Monitor AWS Messages With the AWS IoT console, you can watch for MQTT data sent by the device. Got to the left-hand menu in the console and click on test. In Subscription topic, enter $aws/things/deviceId-<id>/shadow/update where <id> is replaced by the IMEI of your device (for Pinnacle 100/MG100) or the Bluetooth address (in lower-case) of your device (for BL5340). Then click Subscribe to topic. JSON data will be displayed once the device sends data. MQTT Data