In this tutorial, I will tell you how to create a thing in AWS IoT core, generating certificates and policy.
we will also see hat is AWS IoT, What is Thing/ Device. what is a certificate and what is a policy???
So without wasting time, let’s get started.
You can watch the following video or continue to the reading of the below-written article
Introduction to AWS IoT Core:
Internet of Things (IoT) is being integrated with almost every device nowadays. There is a number of hardware and software IoT platforms are available in the market for building IoT based application. In my previous article, I have explained how to interface DHT22 with NodeMCU and post the Temperature and Humidity to the Thingspeak webserver. Likewise, we can interface sensors to the hardware development kits like ESP32, ESP8266, Raspberry Pi, Particleboards( Aargon, Boron, Xenon) and post data to the clouds like Thingspeak, Ubidots, AWS_IoT_Core, Microsoft Azure.
Amazon is not only in e-commerce but also focusing on IoT and providing cloud-based service named as AWS IoT. Here, AWS IOT stands for Amazon Web Service Internet of Things. This service allows us to connect our devices to the internet for processing, operating and exchanging data securely. Along with AWS IoT, the Amazon Web Services also provides tons of other features like virtual machine deployment, web-hosting, etc.
I have also made a tutorial on Temperature Data record on AWS IoT Core with NodeMCU-ESP32 using Arduino IDE and MQTT Protocol.
Requirements for this Tutorial :
- An active account on Amazon Web Services(AWS).
- High-speed Internet connection.
What Is AWS IoT?
AWS_IoT provides secure, bi-directional communication between internet-connected devices such as sensors, actuators, embedded microcontrollers, or smart appliances and the AWS Cloud. This makes it possible for you to collect telemetry data from multiple devices, and store and analyze the data. You can also create applications that enable your users to control these devices from their phones or tablets.
What is Thing/ Device (in the Internet of Things)?
A thing, in the context of the Internet of things (IoT), is an entity or physical object that has a unique identifier, an embedded system and the ability to transfer data over a network.
What is AWS IoT Certificate?
A device must have a certificate to authenticate with AWS_IoT. X.509 certificates are used to authenticate the device,This certificate represents that the particular thing belongs to your AWS Account. This certificate will help AWS to authenticate while your device trying to communicate with it.
There are two main methods for encoding certificate data.
- DER = Binary encoding for certificate data
- PEM = The base64 encoding of the DER-encoded certificate, with a header and footer lines added.
DER: (Distinguished Encoding Rules) is a subset of BER encoding providing for exactly one way to encode an ASN.1 value. DER is intended for situations when a unique encoding is needed, such as in cryptography, and ensures that a data structure that needs to be digitally signed produces a unique serialized representation.
PEM: (Privacy-enhanced Electronic Mail) Simply a US-ASCII by base64 encoded DER certificate, certificate request, or PKCS#7, enclosed between typical PEM delimiters. ie “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“. PEM is an abbreviation for Privacy Enhanced Mail (RFC 1421 – RFC 1424), an early standard for securing electronic mail (IRTF, IETF). PEM never has been widely adopted as Internet Mail Standard but has become a staple standard in x509 pki (also called pkix)
What is the policy?
AWS_IoTpolicies are used to authorize your device to perform AWS_IoT operations, such as subscribing or publishing to MQTT topics. Your device presents its certificate when sending messages to AWS IoT. To allow your device to perform AWS IoT operations, you must create an AWS IoT policy and attach it to your device certificate.
Hopefully, you have understood the basic concepts of AWS IoT Core, let’s move to the next step.
How to create a thing in AWS IoT core, generating certificates and policy.
Setting up the AWS environment for the IoT core devices is pretty simple. visit the following link: Amazon AWS
and login to the AWS Management Console.
search for IoT core in the Amazon Services, Find services search bar, click on the IoT core that will redirect to the AWS IoTConsolepage.
- On the Welcome to the AWS IoT Console page, in the navigation pane, choose Manage.
Register a thing.
- On the You don’t have any things yet page, choose Register a thing.
- On the Creating AWS IoT things page, choose Create a single thing.
- On the Create a thing page, in the Name field, enter a name for your thing, such as
MyIotThing. Choose Next.
Note: Amazon Web Services do not recommend using personally identifiable information in your thing name.
5. On the Add a certificate for your thing page, choose to Create certificate. This generates an X.509 certificate and key pair.
6. On the Certificate created! page, download your public and private keys, certificate, and root certificate authority (CA):
- Choose Download for your certificate.
- Choose Download for your private key.
- Choose Download for the Amazon root CA. A new webpage is displayed. Choose RSA 2048 bit key: Amazon Root CA 1. This opens another webpage with the text of the root CA certificate. Copy this text and paste it into a file named
Most web browsers save downloaded files into a Downloads directory. You copy these files to a different directory when you run the sample applications. Choose Activate to activate the X.509 certificate, and then choose to Attach policy.
7. On the Add a policy for your thing page, choose Register Thing.
After you register your thing, create and attach a new policy to the certificate.
8. On the AWS IoT console, in the navigation pane, choose Secure, and then choose Policies.
Choose to Create.
9. On the Create a policy page:
- Enter a Name for the policy, such as
- For Action, enter
iot:*. For Resource ARN, enter
- Under Effect, choose Allow, and then choose Create.This policy allows your device to perform all AWS IoT actions on all AWS IoT resources.
These settings are overly permissive. In a production environment, narrow the scope of the permissions to those required by your device. For more information, see Authorization.
10. Choose Manage, and then choose your AWS IoT thing.
11. Choose Security.
12. Choose your certificate.
13. In the certificate detail page, choose Actions, and then choose Attach policy.
14. Choose the policy you created (MyIotPolicy), and then choose Attach.
That’s it you have successfully created a thing, generated a certificate and attached policy to it.
If you wanted to connect NodeMCU ESP8266 with AWS IoT Core using Arduino IDE & MQTT follow this tutorial
If you are willing to work on Temperature Data record on AWS IoT Core with NodeMCU-ESP32 using Arduino IDE and MQTT Protocol.