Connecting Intel Edison to AWS IoT Cloud

In this blog we will connect edison to AWS IoT Cloud and use MQTT to post Accelerometer readings to the cloud.

AWS uses certification based authentication, so  first we need generate a certificate for our device.

Install AWS CLI:

You need to pip to install AWS cli, if pip is not installed, run these commands

curl -O https://bootstrap.pypa.io/get-pip.py

sudo python get-pip.py

edison_awscli_install

pip install awscli
wget http://ftp.gnu.org/gnu/groff/groff-1.22.3.tar.gz
tar -zxvf groff-1.22.3.tar.gz
cd groff-1.22.3
make
make install
export PATH=$PATH:/usr/local/bin/
cd ~
mv /usr/bin/less /usr/bin/less-OLD
wget http://www.greenwoodsoftware.com/less/less-458.zip
unzip less-458.zip
cd less-458
chmod 777 *
./configure
make
make install
cd ~

you can check you installation by running aws iot help

Get AWS Credentials:

get credentials from AWS console.

Open IAM Console, click on users

AWS_IAM_User

 

Create new user

AWS_IAM_CreateNewUser

 

give a name and click on create

AWS_IAM_CreateNewUser_1

download the credentials once you created the user.

The downloaded file will have username, access key id and secret key

You need add permissions to the newly created user. Click on the newly created user

AWS_USer_attach_policy_0

 

Goto permissions tab, click on attach new policy

AWS_USER_permissions

 

Select AWSIoTFullAccess policy and click on attach policy button

AWS_USer_attach_policy

 

Now switch back to edison console and configure the aws cli.


aws configure

Create certificate :

cd ~

mkdir awsCert

cd awsCert

openssl genrsa -out privateKey.pem 2048

openssl req -new -key privateKey.pem -out cert.csr

you can leave the values to their defaults

aws iot create-certificate-from-csr --certificate-signing-request file://cert.csr --set-as-active > certOutput.tx

cat certOutput.tx

get the certificateid from certOutput.tx and place it in the following command

aws iot describe-certificate --certificate-id <certificate ID> --output text --query certificateDescription.certificatePem > cert.pem

We need to attach a policy to the certificate we have created.


touch policy.doc

nano policy.doc

paste the following into the editor


{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action":["iot:*"],
"Resource": ["*"]
}]
}

Create the policy with the following command


aws iot create-policy --policy-name EdisonPubSubToAnyTopic --policy-document file://policy.doc

aws iot attach-principal-policy --principal <principal arn> --policy-name "EdisonPubSubToAnyTopic"

Get Principal arn from certOutput.tx

We can validate our certificates by trying to publish/subscribe to MQTT


curl http://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem > rootCA.pem

mosquitto_sub --cafile rootCA.pem --cert cert.pem --key privateKey.pem -h "abc.iot.us-west-2.amazonaws.com" -p 8883 -q 1 -d -t "/iot/edison/" -i "edisonSub"

Please note that the host will be different for each AWS account. You can find it in the things details on AWS console.

We need to  open another session to publish a message to the channel


cd ~

cd awsCert

mosquitto_pub --cafile rootCA.pem --cert cert.pem --key privateKey.pem -h "abc.iot.us-west-2.amazonaws.com" -p 8883 -q 1 -d -t "/iot/edison/" -i "edisonPub" -m "Hello Edison"

Edison_mqtt_pub_sub

To see how to connect accelerometer and send data to AWS IoT , check this blog

you need to update your mosquitto client if your are getting openSSL error

Updating mosquitto clients on edison:

mkdir msq

cd msq

wget http://mosquitto.org/files/source/mosquitto-1.4.8.tar.gz
tar -zxvf mosquitto-1.4.8.tar.gz

cd mosquitto-1.4.8
make WITH_SRV=no
cp client/mosquitto_pub /usr/bin

cp client/mosquitto_sub /usr/bin

cp lib/libmosquitto.so.1 /usr/lib

4 Comments

Add a Comment

Your email address will not be published. Required fields are marked *