AWS IoT Integration with RAK Creator Pro board

Introduction:

This project is part one of a series of tutorial showcasing the integration of RAK wireless wifi products with AWS Services. In futureparts we will discuss more in depth about AWS IoT Services and the Shadow APIs. We will delve into integrating these services with analytics software as well.

Hardware:

This project requires any of the RAK473 based devices like the Creator pro or the Dash button.

Programming setup

We will be using the arduino IDE to set up our board. Please do follow the tutorial here to get your IDE setup:

https://www.hackster.io/naresh-krish/diy-remote-wifi-switch-using-the-rak-dashbutton-09b0de

Once this is done we are good to go. Lets see what is the AWS IoT services and a little bit about how they work

AWS IoT services:

According to AWS website:

AWS IoT provides secure, bi-directional communication between Internet-connected things (devices such as sensors, actuators, embedded micro-controllers, or smart appliances) and the AWS cloud. This enables you to collect telemetry data from multiple things, and store and analyze the data. You can also create applications that enable your users to control these devices from their phones or tablets.

AWS IoT Components

AWS IoT consists of the following components:

Device gateway

Enables devices to securely and efficiently communicate with AWS IoT.

Message broker

Provides a secure mechanism for things and AWS IoT applications to publish and receive messages from each other. You can use either the MQTT protocol directly or MQTT over WebSocket to publish and subscribe. You can use the HTTP REST interface to publish.

Rules engine

Provides message processing and integration with other AWS services. You can use an SQL-based language to select data from message payloads, process and send the data to other services, such as Amazon S3, Amazon DynamoDB, and AWS Lambda. You can also use the message broker to republish messages to other subscribers.

Security and Identity service

Provides shared responsibility for security in the AWS cloud. Your things must keep their credentials safe in order to securely send data to the message broker. The message broker and rules engine use AWS security features to send data securely to devices or other AWS services.

Thing registry

Sometimes referred to as the device registry. Organizes the resources associated with each thing. You register your things and associate up to three custom attributes with each thing. You can also associate certificates and MQTT client IDs with each thing to improve your ability to manage and troubleshoot your things.

Thing shadow

Sometimes referred to as a device shadow. A JSON document used to store and retrieve current state information for a thing (device, app, and so on).

Thing Shadows service

Provides persistent representations of your things in the AWS cloud. You can publish updated state information to a thing shadow, and your thing can synchronize its state when it connects. Your things can also publish their current state to a thing shadow for use by applications or devices.

Accessing AWS IoT

AWS IoT provides the following interfaces to create and interact with your things:

• AWS Command Line Interface (AWS CLI)—Run commands for AWS IoT on Windows, OS X, and Linux. These commands allow you to create and manage things, certificates, rules, and policies. To get started, see the AWS Command Line Interface User Guide. For more information about the commands for AWS IoT, see iotin the AWS Command Line Interface Reference.

• AWS IoT API—Build your IoT applications using HTTP or HTTPS requests. These API allow you to programmatically create and manage things, certificates, rules, and policies. For more information about the API actions for AWS IoT, see Actions in the AWS IoT API Reference.

• AWS SDKs—Build your IoT applications using language-specific APIs. These SDKs wrap the HTTP/HTTPS API and allow you to program in any of the supported languages. For more information, see AWS SDKs and Tools.

• AWS IoT Device SDKs—Build applications that run on your devices that send messages to and receive messages from AWS IoT. For more information see, AWS IoT SDKs

Now lets see the AWS IoT services internals. Here is a cool diagram explaining the AWS IoT services courtesy of AWS.

Each device connecting to the AWS IoT services is represented by a AWS IoT Thing. The Thing is stored as part of the Things Registry in your account. The Thing can connect with the AWS IoT MQTT broker assigned to the region in which your account exists and all the communication is over MQTT-over-TLS with certificates as the manner of authentication.

Attributes:

Each thing has some attributes that can be associated to it. Attributes are nothing but properties of a thing that define its state. Like its sensor reading, battery status, connectivity status etc.

Shadow services:

Once the Thing connects to the MQTT broker, it is free to send messages to the AWS IoT services to any topic of its choice. However, if the developer wishes, they can also send to a special service API in AWS IoT called Shadow services. Shadow services is a virtual shadow of your device on the cloud. It stores the state of you devices as last seen by the AWS IoT platform and this is the virtual devices that any external 3rd party apps that want the read the attributes of a device would hit.

The rules engine is an extension to the AWS IoT services which can trigger worjkflows in other AWS services that you won via action or messages that come into the AWS IoT services via mqtt messages. We will cover this is detail in Part 2 and 3 of our series.

Things communication; MQTT over TLS:

The physical Thing connects to the AWS IoT services over MQTT over TLS. Hence we choose RAK 473 based products as they can handle this with much ease.

There are certain topics that you can send your data or send requests to get response via MQTT:

Topics

• /update

• /update/accepted

• /update/documents

• /update/rejected

• /update/delta

• /get

• /get/accepted

• /get/rejected

• /delete

• /delete/accepted

• /delete/rejected

We will concern ourselves with the Update service and update/accepted service for now:

/update

Publish a request state document to this topic to update the thing shadow:

$aws/things/thingName/shadow/update/ 

A client attempting to update the state of a thing would send a JSON request state document like this:

{
    "state" : {
        "desired" : {
            "color" : "red",
            "power" : "on"
         }
     }
}

A thing updating its thing shadow would send a JSON request state document like this:

{
    "state" : {
        "reported" : {
            "led" : "1"
        }
     }
}

AWS IoT responds by publishing to either /update/accepted or /update/rejected.

/update/accepted

AWS IoT publishes a response state document to this topic when it accepts a change for the thing shadow:

$aws/things/thingName/shadow/update/accepted 

For more information, see Response State Documents.

Example Policy

The following is an example of the required policy:

{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Action": [
            "iot:Subscribe",
            "iot:Receive"
        ],
        "Resource": ["arn:aws:iot:

Thing Shadows Data Flow

The Thing Shadows services acts as an intermediary, allowing devices and applications to retrieve and update thing shadows.

To illustrate how devices and applications communicate with the Thing Shadows service, this section walks you through the use of the AWS IoT MQTT client and the AWS CLI to simulate communication between an internet-connected light bulb, an application, and the Thing Shadows service.

The Thing Shadows service uses MQTT topics to facilitate communication between applications and devices. To see how this works, use the AWS IoT MQTT client to subscribe to the following MQTT topics with QoS 1:

• $aws/things/myLightBulb/shadow/update/accepted

The Thing Shadows service sends messages to this topic when an update is successfully made to the thing shadow.

• $aws/things/myLightBulb/shadow/update/rejected

The Thing Shadows service sends messages to this topic when an update to the thing shadow is rejected.

• $aws/things/myLightBulb/shadow/update/delta

The Thing Shadows service sends messages to this topic when a difference is detected between the reported and desired sections of the thing shadow. For more information, see /update/delta.

• $aws/things/myLightBulb/shadow/get/accepted

The Thing Shadows service sends messages to this topic when a request for the thing shadow is made successfully.

• $aws/things/myLightBulb/shadow/get/rejected

The Thing Shadows service sends messages to this topic when a request for the thing shadow is rejected.

• $aws/things/myLightBulb/shadow/delete/accepted

The Thing Shadows service sends messages to this topic when the thing shadow is deleted.

• $aws/things/myLightBulb/shadow/delete/rejected

The Thing Shadows service sends messages to this topic when a request to delete the thing shadow is rejected.

• $aws/things/myLightBulb/shadow/update/documents

The Thing Shadows service publishes a state document to this topic whenever an update to the thing shadow is successfully performed.

Now that we have a basic idea about AWS IoT services lets get more practical and start integration our board with AWS.

Set up AWS account:

It is required that you have a working AWS account with you. If you dont have one kindly proceed to create your AWS account here:

https://aws.amazon.com/free/

AWS IoT services:

1) Once your AWS account is setup proceed to the AWS IoT service as shown:

2) Next, Click on Manage -> Things

3) This is where we will create the Things virtual Shadow object

4) Click on the Name area and give a unique name to your device

5) Once a name is given the thing is ready to get some messages from the real world devices.

6) Now let’s set some attributes for this device. Each device can have a set of attributes that it can update by sending MQTT requests to the AWS IoT services. They can be things like led status, sensor readings etc.

7) Click on the Thing you just created and this will take you to a Things config screen like so:

8) Here click on Edit in the top right

9) Now provide some attributes to this device. In this sample we will provide the led attribute with a value of 1 or 0 stating on or off.

10) Leave the type field as it is.

11) Now lets create the certificates and policies for this device. Go to the AWS IoT dash board and on the left pane click Secure -> Certificates

12) Select One-Click certificate creation. Click create and generate your three certificate pairs.

a. Your private certificate

b. Your public client certificate

c. Certificate.pem.key file

d. And the root CA for AWS IoT

13) Once created lets create a policy, again click on Secure -> policy tab and then click “create” at the top right.

14) Here I would generally prefer the advanced mode where you can specify the policy json directly. Enter the following JSON

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:Connect",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Publish",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Subscribe",
"Resource": "*"
}
]
}

15) Here we tell the AWS IoT services to enable this thing to subscribe and public to any ARN topic and allow it to connect to the AWS IoT services

16) Save this policy.

17) Now its time to associate the policy and thing to the certificate:

18) Click on Secure -> certificate

19) In the three dots menu on the certificate card menu, click attach thing and select you TestDevice entry in the dialog that comes up

20) Again click on the three dots menu and click on attach policy and select your policy you just created

21) Now finally activate this certificate by clicking on the Activate menu in the certificate card, just like shown above. Once activated, we can start writing the firmware for the Ameba devices.

This marks the end of the setup of you AWS thing. Now your creator pro has a virtual devices in the coud that is managed by AWS IoT services. Lets see how you can interact with this virtual device state with your Creator pro.

Ameba device firmware:

Here is the ameba device firmware sample that will enable the device to connect to the AWS services

/*
Basic Amazon AWS IoT example
*/
#include <WiFi.h>
#include <PubSubClient.h>
 
 
// Update these with values suitable for your network.
char ssid[] = "xxxx"; // your network SSID (name)
char pass[] = "xxxx"; // your network password
int status = WL_IDLE_STATUS; // the Wifi radio's status
 
WiFiSSLClient wifiClient;
PubSubClient client(wifiClient);
 
#define THING_NAME "xxxxAmeba"
 
char mqttServer[] = "xxxx.iot.ap-southeast-1.amazonaws.com";
char clientId[] = "amebaClient";
char publishUpdateTopic[] = "$aws/things/" THING_NAME "/shadow/update";
char publishGetTopic[] = "$aws/things/" THING_NAME "/shadow/get";
char publishPayload[MQTT_MAX_PACKET_SIZE];
 
 
char *subscribeTopic[5] = {
"$aws/things/" THING_NAME "/shadow/update/accepted",
"$aws/things/" THING_NAME "/shadow/update/rejected",
"$aws/things/" THING_NAME "/shadow/update/delta",
"$aws/things/" THING_NAME "/shadow/get/accepted",
"$aws/things/" THING_NAME "/shadow/get/rejected"
};
 
 
/* root CA can be download here:
* https://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem
**/
char* rootCABuff = \
"-----BEGIN CERTIFICATE-----\n" \
"MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB\n" \
"yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" \
"ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" \
"U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" \
"ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" \
"aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL\n" \
"MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n" \
"ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln\n" \
"biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp\n" \
"U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y\n" \
"aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1\n" \
"nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex\n" \
"t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz\n" \
"SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG\n" \
"BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+\n" \
"rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/\n" \
"NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E\n" \
"BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH\n" \
"BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy\n" \
"aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv\n" \
"MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE\n" \
"p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y\n" \
"5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK\n" \
"WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ\n" \
"4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N\n" \
"hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq\n" \
"-----END CERTIFICATE-----\n";
/* Fill your certificate.pem.crt wiht LINE ENDING */
char* certificateBuff = \
"-----BEGIN CERTIFICATE-----\n" \
"MIIDWTCCAkGgAwIBAgIUE1UsPqN2mfvCGh2DLX2HWs3NOIYwDQYJKoZIhvcNAQEL\n" \
"BQAwTTFLMEkGA1UECwxCQW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20g\n" \
"SW5jLiBMPVNlYXR0bGUgU1Q9V2FzaGluZ3RvbiBDPVVTMB4XDTE2MDYyNzA2MzQ0\n" \
"NVoXDTQ5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTQVdTIElvVCBDZXJ0aWZpY2F0\n" \
"ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANM8/fzFJeZoS2yIf0Yy\n" \
"seFqUlnwNwNsg0G4U+3mUPj47ogs3jLDFA208P85S3qnfDaUY553wYY3BcIlBzpp\n" \
"y7vstrgapTOxH2c/Nrk/QfDqg/gUBSZs24c12WvyqlfDnKcIsRxALbfO0yMWKATB\n" \
"fFfnnZRCOVO6eKcW2O3ptfYDH8tIhrzCAEAAAF6CYmlSzyw9KrWh7ypYCp3AcJ/Y\n" \
"Fp4+SsF6xxLRuLOk37NJL8HfuIappkUIN7seGU9Y6Bo2YgOj9yBXyW/dmV3IxKVW\n" \
"SUSMSdIP+pc/b8lFfnE14yFtfK7jKhdy4XOh9LpOMJYs0i74UVQKJs7NYL8MXHIu\n" \
"FlUCAwEAAaNgMF4wHwYDVR0jBBgwFoAUoTuxNa4LQJd07hfP4se/TevgQ0AwHQYD\n" \
"VR0OBBYEFAQ9fAKopGZ52+f+w0dJMAwTi/hVMAwGA1UdEwEB/wQCMAAwDgYDVR0P\n" \
"AQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQB6YQ+w6YTCZYWOlZfH09D8WhwV\n" \
"zSAzcEUdWH5T7bNK1N5r7/5zVIedseFxPUqtuC8j+C7CWDuLykpI8A2WAnayXOXn\n" \
"UPc/SNIet0nGts50cd4zzg7xMMqseGVdSMLAjFwqI8npJp9Ij8inrsf5f1hY0nhb\n" \
"Zb6FkVghlYhgmWv9p949kBQ6ODrtiyQqAYjzzZa957HwR7ajZfMIWm+HaV6f+NYq\n" \
"O43eQbt14xrRQNjAhSQaoVT64PH1TA6XiyoF25xlnrrxDXGAo5cxVDa1MmXu249X\n" \
"9z2+uzKgCYuugQk+w+8JmC6hR0EH4q4+ydsNkYTC0LK3MndHumA1Dj3OwUfA\n" \
"-----END CERTIFICATE-----\n";
/* Fill your private.pem.key wiht LINE ENDING */
char* privateKeyBuff = \
"-----BEGIN RSA PRIVATE KEY-----\n" \
"MIIEpAIBAAKCAQEA0zz9/MUl5mhLbIh/RjKx4WpSWfA3A2yDQbhT7eZQ+PjuiCze\n" \
"MsMUDbTw/zlLeqd8NpRjnnfBhjcFwiUHOmnLu+y2uBqlM7EfZz82uT9B8OqD+BQF\n" \
"JmzbhzXZa/KqV8OcpwixHEAtt87TIxYoBMF8V+edlEI5U7p4pxbY7em19gMfy0iG\n" \
"vMIAQAAAXoJiaVLPLD0qtaHvKlgKncBwn9gWnj5KwXrHEtG4s6Tfs0kvwd+4hqmm\n" \
"RQg3ux4ZT1joGjZiA6P3IFfJb92ZXcjEpVZJRIxJ0g/6lz9vyUV+cTXjIW18ruMq\n" \
"F3Lhc6H0uk4wlizSLvhRVAomzs1gvwxcci4WVQIDAQABAoIBAQCObSVjdRokzFVu\n" \
"jGokTrIZJrL36Ttul4+4lCwiz5PxCwbp0jbPSzEOPN3xeBQoUx0xP8QbaOuXLyo2\n" \
"yPiirgqsXuKkJ3MT820VFE41gS1Y3wa0EeuXCPbLp8c9PZUVL9ND3Fxui+dHc7Bw\n" \
"i9PXwQ2xx308JZq5lZUcNA93+oixohfoN4kgPfT3je7yPvn0j1rMHfjQPrSvpIvk\n" \
"P2XA66BZf8YS9k6lpJLzslntusHO4ZoqdQxaqa3a79qawUjkJ4G4qx3aDvzqdjXU\n" \
"DTFgTLI8sicWl4Icx3vqCgZfGWYuzRX5Ka5eUZYkwv4PgUOSynVvc6n3fjX/2F1X\n" \
"aPEqLuIBAoGBAO+Akr7F5LnRyLxLEeywjruGxvG5vHS41YvRcHSukrNLoK4mRMRA\n" \
"fTqJe8oZCRuOGsDBkRujgnSEUJhqt2+kGf9dvv5pCS35PFvTzawbpe8HX/JjitDb\n" \
"kKxAd3edsbOo3ZCOwYLFwMPMIMzemqFX67cXyQwOUhcGf6N7YBKhA6JhAoGBAOHK\n" \
"AarQJXo3C69SpWMvei3zmV8pUdVLPiiiNb1q/pustt+hykRhXNrngV3ncB7mJBET\n" \
"Q+36c5F04A6EBSp5Nr8EdiPnsFwk+ILKx7wQ6y0E29xIRLxryyu27rMAGpk8D1Oy\n" \
"8F2mX23qGWQAsMi2sxKk7o+2EGoUF1f/HKeDcOB1AoGBAM5johG8P2rSGYYJuxyY\n" \
"2adIcdCFGp4LWhrvFVW3yruvhHwOhlwIpuH28DIseOjCANPy+rUypoz6KOnvrLwM\n" \
"Ukr54kkjAsIXcahAUZDrEod1d31NwqZRT87gjxMJVcVY0/Zqzt9+wqr4EZv6iI5Z\n" \
"UcuqN5qoDJ3C/+NFwnjLQHKBAoGAQI5zX5VXwdPPQXeN1ggTFORba7vyq9txkEig\n" \
"uOHInlYJi3NE07xKwkQC1wh/JDaFBWTOvVIojOQv07ani3dQ0djCto1d/VqMu0ij\n" \
"RwBHXX3QJvF6xazEUGFjakaTVFC5ySKWWxBgpJqUW+VepmSmWqRRmUFi/BF2gzBr\n" \
"zvFj6qkCgYANcCc6wXqWNwmAnH/bfTRXunUgt3AAxmMXtkakhXAjElgFymgmXhTN\n" \
"Huu00WjTeZqOSl8bE0Ki/bcRojlx2QMMaEHGSVRL28uPJCJ4HeBAH3m22dtceFgF\n" \
"+ZHhF5b6NFe6EeLBcd/TGLtuKvc/jeru8tciNrPj9MTSJR9T0TYxhw==\n" \
"-----END RSA PRIVATE KEY-----\n";
int led_pin = 10;
int led_state = 4;
void updateLedState(int desired_led_state) {
printf("change led_state to %d\r\n", desired_led_state);
led_state = desired_led_state;
digitalWrite(led_pin, led_state);
sprintf(publishPayload, "{\"state\":{\"desired\":{\"led\":\"%d\"}},\"clientToken\":\"%s\"}",
led_state,
clientId
);
printf("Publish [%s] %s\r\n", publishUpdateTopic, publishPayload);
client.publish(publishUpdateTopic, publishPayload);
}
 
 
void checkLedState() {
printf("try to get led_state\r\n");
sprintf(publishPayload, "{\"state\":{\"reported\":{\"led\":%d}},\"clientToken\":\"%s\"}",
led_state,
clientId
);
printf("Publish [%s] %s\r\n", publishGetTopic, publishPayload);
client.publish(publishGetTopic, publishPayload);
// After publish "get" command AWS IoT would send "get/accepted" message and we can check led state in callback
}
 
 
void callback(char* topic, byte* payload, unsigned int length) {
char buf[MQTT_MAX_PACKET_SIZE];
char *pch;
int desired_led_state;
strncpy(buf, (const char *)payload, length);
buf[length] = '\0';
printf("Message arrived [%s] %s\r\n", topic, buf);
if ((strstr(topic, "/shadow/update/accepted") != NULL) || (strstr(topic, "/shadow/get/accepted") != NULL)) {
// payload format: {"state":{"reported":{"led":1},"desired":{"led":0}},"metadata":{"reported":{"led":{"timestamp":1466996558}},"desired":{"led":{"timestamp":1466996558}}},"version":7,"timestamp":1466996558}
pch = strstr(buf, "\"desired\":{\"led\":");
if (pch != NULL) {
pch += strlen("\"desired\":{\"led\":");
desired_led_state = *pch - '0';
if (desired_led_state != led_state) {
updateLedState(desired_led_state);
}
}
}
}
 
void reconnect() {
// Loop until we're reconnected
while (!client.connected()) {
Serial.print("Attempting MQTT connection...");
// Attempt to connect
if (client.connect(clientId)) {
Serial.println("connected");
for (int i=0; i<5; i++) {
printf("subscribe [%s]\r\n", subscribeTopic[i]);
client.subscribe(subscribeTopic[i]);
}
checkLedState();
updateLedState(led_state);
} else {
Serial.print("failed, rc=");
Serial.print(client.state());
Serial.println(" try again in 5 seconds");
// Wait 5 seconds before retrying
delay(5000);
}
}
}
 
 
void setup()
{
pinMode(led_pin, OUTPUT);
digitalWrite(led_pin, led_state);
while (status != WL_CONNECTED) {
Serial.print("Attempting to connect to SSID: ");
Serial.println(ssid);
// Connect to WPA/WPA2 network. Change this line if using open or WEP network:
status = WiFi.begin(ssid, pass);
if (status == WL_CONNECTED) break;
// retry after 1 second
delay(1000);
}
wifiClient.setRootCA((unsigned char*)rootCABuff);
wifiClient.setClientCertificate((unsigned char*)certificateBuff, (unsigned char*)privateKeyBuff);
client.setServer(mqttServer, 8883);
client.setCallback(callback);
// For publish qos1 that server will send ack
client.setPublishQos(MQTTQOS1);
// For subscribe or publish, wait ack can keep command sequence in order
client.waitForAck(true);
// Allow the hardware to sort itself out
delay(1500);
}
 
 
void loop()
{
if (!client.connected()) {
reconnect();
}
client.loop();
}

In this sample project we have just done a few Subscribe topics to the various AWS IoT shadow topics and then publish a desired state of the Led to 1 once we connect successfully to the AWS IoT services.

Here are the edits to this program:

Application on Ameba First fill in the network ssid and password for connection.

Then fill in the "thing" name "ameba". The name is the name you gave for your device on the AWS Things config page.

And the MQTT Broker server address we found earlier in AWS IoT: "xxxx.iot.ap-southeast-1.amazonaws.com". This will change for each of the user as they may have a different region of AWS IoT. Please consult the AWS IoT Things page of your device to know the endpoint address. This will be available in the Interact Menu of you AWS Things config screen.

Next, the root CA used in TLS can be found in AWS IoT services documentation page as shown below:

Download and make sure the downloaded root CA content conforms to the root CA we used in sketch.

Next, fill in the certificate we created in the AWS IoT Console (i.e., client certificate), usually its file name ends with "-certificate.pem.crt" (e.g., "efae24a533-certificate.pem.crt"). Open the certificate with a text editor, and adjust its format as follows to use in the sketch: - Add the new line character "\n" at the end of each line. - Add double-quote at the beginning and the end of each line. - To concatenate each line as a string, add "\" at the end of each line. - The last line ends with semicolon.

And adjust the format of private key in the same way:

Then the modification of sample code is done.

Compile and run

Compile and upload the sample code to Ameba and press the reset button, open the serial monitor:

From the log, you can see Ameba does the following action,

• First connect to AP and acquire an IP Address.

• Ameba tries to connect to MQTT Broker server. This step takes a little longer time to verify the certificate and establish TLS connection. When TLS connection is established, you can see "connected" is printed in the log.

• Then Ameba will publish its current status using topic: "$aws/things/ameba/shadow/update", with payload in AWS IoT Shadow JSON format (ref. http://docs.aws.amazon.com/iot/latest/developerguide/thing-shadow-document-syntax.html). In this example, Ameba has only one attribute, that is led (as we created in AWS IoT Console). In the payload we publish "led" state 1 to light the led. Now, check the thing information of "ameba" shown in AWS IoT console. You should see the published message in "Shadow status".

Troubleshooting:

If during mqtt connection your connection throws rc=-2 error try the following

• Check if all three certifcate info you have entered in the code above are correct and valid certifcates for your AWS IoT things you created

• Check if the certificate is Activated and applied to your AWS IoT policy and the Thing.

If you get rc=-4. This means the connection is mostly timing out. try to set these two values in your code with a higher value by specifying them in a #define block

// MQTT_KEEPALIVE : keepAlive interval in Seconds
#define MQTT_KEEPALIVE 15
// MQTT_SOCKET_TIMEOUT: socket timeout interval in Seconds
#define MQTT_SOCKET_TIMEOUT 15

Node red integration:

As a bonus, lets see how you can get the AWS IoT service integrated with Node-red to run your own workflows when a news message arrives in the AWS IoT things topic

Install node red and setup essentials:

I have this presented in a separate article here:

https://www.hackster.io/naresh-krish/node-red-integration-with-rak-wireless-dash-button-4d2efe

Please do go through the tutroial to get your node-red server up and running

Install the Aws IoT pallete:

Now lets install the AWS iOT plallete in node-red

1) Click the menu on the top left and click on palletes

2) search for 'aws-iot' and you will find the following nodes:

3) install the plugin shown above:

Once installed the nodes will show up like so

Lets go ahead and add a input Aws mqtt node like so:

Connect a debug node to the output of this aws mqtt node so we can see the messages from the mqtt topic

MQTT input node. Connects to a broker and subscribes to the specified topic. The topic may contain MQTT wildcards.

Outputs an object called msg containing msg.topic, msg.payload, msg.qos and msg.retain.

msg.payload is usually a string, but can also be a binary buffer.

Steps to configure

• Double click the aws mqtt node. You will see a screen like so:

• Click on the pencil icon to add details about your AWS IoT things.

• Here give a name to your config node. I generally prefer you give the Thing name as you have regstered in AWS IoT dashboard.

• In Type select the Shadow devices as we will receive the information from the Shadow mqtt topics.

• In the clientID, give you ameba device clientID. it canbe anything like AMebaDevice, RAKDevice etc. just make sure your name is unique to the device in question.

• In the endpoint, give your shadow device endpoint:

It will be available in the Menu side bar under Things -> Your thing -> interact

• Now lets enter our certificate information:

Remember we had downloaded the certificates from AWS when creating the TLS certificates for our Thing. Lets copy those files to a location say /root/.awscerts

Once the files are copied, you need to rename them to match the format needed by the AWS IoT Node Red node. The node expects the files to be named as follows:

/root/.awscerts/
                |--YourUniqueClientIdentifier-private.pem.key
                |--YourUniqueClientIdentifier-certificate.pem.crt
                |--root-CA.crt (downloaded earlier)

Where YourUniqueClientIdentifier is the AWS thing name what you put when creating your thing. You can refer to the other tab that you have open.

• Click Update

Now you will return to the previous menu. Here you need to listen to a particular Shadow service MQTT topic called update/accepted.

• lets enter the following in the topic field:

$aws/things/thingName/shadow/update/accepted 

• Click Done

Now Your node should show connected and start getting messages. Now try tp send an update to the update topic as we had programmed in the RAK473 board. A consequent /update/accepted will shows up in node red and you can now parse the mqtt json data and trigger further jobs. For example, here we try to parse the incoming data and send it to twitter

We can also send the data to an influx db backend for storage and analysis:

I will attach this flow in the code section of this tutorial .