Connecting Intel Edison to AWS IoT Cloud

In this blog we will connect edison to AWS IoT Cloud and use MQTT to post Accelerometer readings to the cloud.

AWS uses certification based authentication, so  first we need generate a certificate for our device.

Install AWS CLI:

You need to pip to install AWS cli, if pip is not installed, run these commands

curl -O https://bootstrap.pypa.io/get-pip.py

sudo python get-pip.py

pip install awscli
wget http://ftp.gnu.org/gnu/groff/groff-1.22.3.tar.gz
tar -zxvf groff-1.22.3.tar.gz
cd groff-1.22.3
make
make install
export PATH=$PATH:/usr/local/bin/
cd ~
mv /usr/bin/less /usr/bin/less-OLD
wget http://www.greenwoodsoftware.com/less/less-458.zip
unzip less-458.zip
cd less-458
chmod 777 *
./configure
make
make install
cd ~

you can check you installation by running aws iot help

Get AWS Credentials:

get credentials from AWS console.

Open IAM Console, click on users

 

Create new user

 

give a name and click on create

download the credentials once you created the user.

The downloaded file will have username, access key id and secret key

You need add permissions to the newly created user. Click on the newly created user

 

Goto permissions tab, click on attach new policy

 

Select AWSIoTFullAccess policy and click on attach policy button

 

Now switch back to edison console and configure the aws cli.

aws configure

Create certificate :

cd ~

mkdir awsCert

cd awsCert

openssl genrsa -out privateKey.pem 2048

openssl req -new -key privateKey.pem -out cert.csr

you can leave the values to their defaults

aws iot create-certificate-from-csr --certificate-signing-request file://cert.csr --set-as-active > certOutput.tx

cat certOutput.tx

get the certificateid from certOutput.tx and place it in the following command

aws iot describe-certificate --certificate-id <certificate ID> --output text --query certificateDescription.certificatePem > cert.pem

We need to attach a policy to the certificate we have created.

touch policy.doc

nano policy.doc

paste the following into the editor

{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action":["iot:*"],
"Resource": ["*"]
}]
}

Create the policy with the following command

aws iot create-policy --policy-name EdisonPubSubToAnyTopic --policy-document file://policy.doc

aws iot attach-principal-policy --principal <principal arn> --policy-name "EdisonPubSubToAnyTopic"

Get Principal arn from certOutput.tx

We can validate our certificates by trying to publish/subscribe to MQTT

curl http://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem > rootCA.pem

mosquitto_sub --cafile rootCA.pem --cert cert.pem --key privateKey.pem -h "abc.iot.us-west-2.amazonaws.com" -p 8883 -q 1 -d -t "/iot/edison/" -i "edisonSub"

Please note that the host will be different for each AWS account. You can find it in the things details on AWS console.

We need to  open another session to publish a message to the channel

cd ~

cd awsCert

mosquitto_pub --cafile rootCA.pem --cert cert.pem --key privateKey.pem -h "abc.iot.us-west-2.amazonaws.com" -p 8883 -q 1 -d -t "/iot/edison/" -i "edisonPub" -m "Hello Edison"

To see how to connect accelerometer and send data to AWS IoT , check this blog

you need to update your mosquitto client if your are getting openSSL error

Updating mosquitto clients on edison:

mkdir msq

cd msq

wget http://mosquitto.org/files/source/mosquitto-1.4.8.tar.gz
tar -zxvf mosquitto-1.4.8.tar.gz

cd mosquitto-1.4.8
make WITH_SRV=no
cp client/mosquitto_pub /usr/bin

cp client/mosquitto_sub /usr/bin

cp lib/libmosquitto.so.1 /usr/lib