AWS IoT Device SDK
The AWS IoT Device Gateway enables TimTec IoT devices to securely and efficiently communicate with AWS IoT. The Device Gateway can exchange messages using a publication/subscription model, which enables one-to-one and one-to-many communications. With this one-to-many communication pattern AWS IoT makes it possible for TimeTec connected device to broadcast data to multiple subscribers for a given topic. The Device Gateway supports MQTT, WebSockets, and HTTP 1.1 protocols and TimeTec can easily implement support for proprietary or legacy protocols. The Device Gateway scales automatically to support over a billion devices without provisioning infrastructure.
Authentication and Authorization
AWS IoT provides mutual authentication and encryption at all points of connection, so that data is never exchanged between devices and AWS IoT without proven identity. AWS IoT supports the AWS method of authentication (called ‘SigV4’) as well as X.509 certificate based authentication.
Connections using HTTP can use either of these methods, while connections using MQTT use certificate based authentication, and connections using WebSockets can use SigV4. With AWS IoT TimeTec can use AWS IoT generated certificates, as well as those signed by our preferred Certificate Authority (CA). We can map our choice of role and/or policies to each certificate, so that we can authorize devices or applications to have access, or change our mind and revoke access altogether without ever touching the device.
TimeTec can create, deploy and manage certificates and policies for our IoT devices from the console or using the API. Those device certificates can be provisioned, activated and associated with the relevant policies that are configured using AWS IAM. This allows our customers to instantly revoke access for an individual device if they choose to do so. AWS IoT also supports connections from users’ mobile apps using Amazon Cognito, which takes care of all the steps necessary to create a unique identifier for our app’s users and retrieve temporary, limited-privilege AWS credentials.
The Registry establishes an identity for devices and tracks metadata such as the devices’ attributes and capabilities. The Registry assigns a unique identity to each device that is consistently formatted regardless of the type of device or how it connects. It also supports metadata that describes the capabilities of a device, for example whether a sensor reports temperature, and if the data are Fahrenheit or Celsius.
The Registry lets our customers store metadata about their devices at no additional charge, and metadata in the Registry does not expire as long as you access or update your registry entry at least once every 7 years.
With AWS IoT we can create a persistent, virtual version, or "shadow," of each device that includes the device's latest state so that applications or other devices can read messages and interact with the device. The Device Shadows persist the last reported state and desired future state of each device even when the device is offline. TimeTec can retrieve the last reported state of a device or set a desired future state through the API or using the rules engine.
Device Shadows make it easier to build applications that interact with TimeTec devices by providing always available REST APIs. In addition, applications can set the desired future state of a device without accounting for the devices current state. AWS IoT will compare the difference between the desired and last reported state, and command the device to make up the difference.
The AWS IoT Device SDK makes it easy for TimeTec device to synchronize its state with its shadow, and to respond to desired future states set via the shadow.
Device Shadows let our customers store the state of their devices for up to a year for free. Device Shadows persist forever if you update them at least once per year, otherwise they expire.
The Rules Engine makes it possible to build IoT applications that gather, process, analyze and act on data generated by connected devices at global scale without having to manage any infrastructure. The Rules Engine evaluates inbound messages published into AWS IoT and transforms and delivers them to another device or a cloud service, based on business rules you define. A rule can apply to data from one or many devices, and it can take one or many actions in parallel.
The Rules Engine can also route messages to AWS endpoints including AWS Lambda, Amazon Kinesis, Amazon S3, Amazon Machine Learning, Amazon DynamoDB, Amazon CloudWatch, and Amazon Elasticsearch Service with built-in Kibana integration. External endpoints can be reached using AWS Lambda, Amazon Kinesis, and Amazon Simple Notification Service (SNS).
It is easy to author rules within the management console or write rules using a SQL-like syntax. Rules can be authored to behave differently depending upon the content of the message. For example, if a temperature reading exceeds a certain threshold it could trigger a rule to transmit data to AWS Lambda. Rules can also be authored to take into account other data in the cloud, such as data from other devices. For example you could say take an action if this temperature is more than 15% higher than the average of 5 other devices.
The Rules Engine provides dozens of available functions that can be used to transform the data, and it's possible to create infinitely more via AWS Lambda. For example, if we're dealing with a wide range of values we could take the average of incoming numbers. Rules can also trigger the execution of your Java, Node.js or Python code in AWS Lambda, giving the maximum flexibility and power to process device data.