Wilson Mar bio photo

Wilson Mar

Hello. Hire me!

Email me Calendar Skype call 310 320-7878

LinkedIn Twitter Gitter Google+ Instagram Youtube

Github Stackoverflow Pinterest

Touch and it talks for you

Overview

This article is hands-on tutorial on how to hook up IoT devices to Amazon’s IoT (Internet of Things) cloud services. After each step, concise yet deep commentary in PROTIPs are offered.

Amazon’s own low cost IoT

Amazon’s IoT cloud works with AWS’s own buttons and those of its partners:

aws-iot trojan button 20180810-168x196-i11.png

  1. Amazon began in IoT by selling brand-name “Dash” buttons on Amazon.

    They’re “free” for Amazon Prime members in that after you buy one for $4.99, you receive a credit of the same amount with your first purchase using it. (Hold on while waiting for it to arrive)

    NOTE: This guy brags he re-purposed the Dash by intercepting its ARP request, but doesn’t show how.

    This is perhaps the lowest-cost IoT device.

  2. A $19.95 “Limited Release” Programmable AWS IoT Button is customizable. Mine came August 3, 2016. A 2nd generation one became available in 2017.

  3. For bulk orders with custom artwork, use Amazon’s Enterprise IOT program (since January 2017)

  4. Amazon also has a little-known $50 wand to scan barcodes and listen to you begging for stuff. An Apple/Android phone is needed to activate the device.

  5. In 2017 Amazon sells a black “IoT Enterprise” button https://www.amazon.com/dp/B075FPHHGG only works with the AWS IoT 1-Click service at https://aws.amazon.com/iot-1-click

WiFi limitations

PROTIP: Amazon’s own devices use port 8443 through WiFi. Click here to test if it’s open on your network.

If you’re hoping to use IoT devices within an enterprise environment, there is a fundamental mental and technical paradigm that needs to be shifted for IoT use.

Most companies have been structuring their WiFi network security around people to use, not other computers.

That means there are usually just two types of wifi: one for employees who have access to the whole internal network; and another for guests who have no access to anything within the company, just enough to surf the public web and send emails, not send emails to company employees. Guest access is usually limited to a short time such as a day.

But IoT devices such as a panic button for receptionists or a service required button in bathrooms require continued access that doesn’t expire.

So a third category of wifi is needed for IoT devices. If the devices capture data used by internal systems, that data needs to be treated like it’s coming from an adversary and not from a trusted internal source. So there are many precautions nessary, such as encryption and authentication, and authorization to a very limited set of functionality.

Rather than direct access to databases, IoT devices should communicate with an intermediate source, with the assumption that data on that system will be hacked.

Signal Range

QUIZ: Which type of transmission has further range? Bluetooth or WiFi?

The standard range of “class 1” Bluetooth devices (transmitting at 100mW) is about 100 meters or 328 feet, which is comparable to that of an 802.11b WLAN device.

A typical wireless (wi-fi) router in an indoor point-to-multipoint arrangement using 802.11n and a stock antenna might have a range of 32 metres (105 ft).

Battery life

As with any electronics, the current limitation is battery life and hassles with charging.

WARNING: Amazon’s Dash button uses wi-fi (2.4 Ghz) so its battery may not last as long as other buttons using Bluetooth Low Energy data transmission.

PROTIP: Battery status (remaining voltage) is sent to Amazon every time you press their button. When the device battery runs out of charge, there is no way to recharge or replace the battery. The battery on 1st gen. devices is rated to last for 1,000 presses. That’s over 2 years if you press it once a day.
The battery on 2nd gen. devices is rated to last for 2,000 presses.

This teardown video shows Dash buttons contain an Energizer brand AAA Lithium battery.

PROTIP: The “brains in the 1st gen. Dash button is a 32-bit, 120MHz 64-pin ARM Cortex M3 microprocessor from ST Microelectronics (STM32F205RG6), containing 128 KB of RAM, 1 MB of flash memory, and 16 MB of SPI flash.

  • http://techblog.en.klab-blogs.com/archives/10318260.html

ATT’s 4G LTE-M cellular IoT button

iot-lte-m-200x200.jpg In April 2017 ATT announced its LTE-M button for $29.99 (“regularly” $34.99) plus $11.20 shipping. Custom labels have a 500 unit minimum order ($14,995). The “1-click” button’s communication via ATT’s LTE-M (lower-band 30) cellular network in the US and Mexico sidesteps the corporate wi-fi security problem with IoT devices.

The lower bandwidth means each device can last up to 1,500 clicks or 36 months. LTE-M chips were tested going into Capstone smart water meters, RM2 pallets, Pepsi fountains, ATT’s IoT team handling pricing and availability is at 877-265-2118.

For technical discussions, small businesses (under 100 employees) call 800.321-2000 and enterprises call 877.438-0041. You get through the voice robots at 800.660-3000 faster if you type in an established ATT account number for your region. The Mobility team is 866.288-7629, option 5 for tech support of devices that don’t include the button. BTW ATT people can’t send texts to non-ATT phone numbers.

ATT’s coverage map shows many locations in the West where LTE isn’t available

http://serviceguidenew.att.com/sg_flashPlayerPage/LTEM_BUTTON

PDF

Other IoT Competitors

If you want additional capability in a button, look at the $49 “Internet Button” from Particle.io. It uses the same Broadcom 802.11b/g/n wi-fi chip as in Amazon Dash, Nest Protect, and LIFX. It has 4 tactile (directional) buttons to issue outbound events, and receives inputs to control 11 RGB LEDs, plus a ADXL362 3-axis accelerometer. All without any wires or soldering.

Kwik (lock makers) is also making IoT buttons.

Flic.io offers four buttons for $99. They may be worth $25 each if you consider that they are powered by repleaceable watch batteries, and connect via Bluetooth to their mobile apps (by Shortcut Labs AB). So no nerdy setup like AWS requires. Their buttons also have a removeable sticky film that’s removeable for cleaning. However, this puts the buttons within a closed ecosystem. To choose an action, Click, Double click, and Hold. (Too bad it doesn’t act like a locator beacon as well)

Single-device use cases

  • Panic button. “I fell down and can’t get up!” Press it and it sends an SMS text to pre-configured phone numbers. As in http://www.epanicbutton.com

    VIDEO The Amazon button has a loop so it can be warn at the end of a lanyard around the neck. But that loop needs to be glued on the device.

  • Hackster.io AWS IoT button starter project

  • This bathroom needs attention, Yuck!

    PROTIP: The trouble with any re-programmable unit is there is incentive for it to be stolen. But (at $5) is the worth the $500 it take to put it behind a wall?

  • ReOrder supply item for delivery (multiple clicks creates multiple deliveries).
  • Order your favorite pizza for delivery

  • Honey I’m home! Send a signal to IFTTT.com’s Maker Channel, though which you can specify all manner of actions (send voicemail, SMS text, Skype, etc.). Setup instructions below.

  • Track task (chore) completion time so if it’s not done a reminder can be sent out via Slack, Facebook, Twilio, or an internal company’s application.

  • Switch a smart light bulb on and off (party mode).

    The Philips Hue light requires a hub.
    LIFX bulbs do not.

  • Voting machine (what’s for lunch?)
  • Start the coffee maker from your bedstand

  • Mute TV without the delay of figuring which of 20 buttons to press on the remote
  • Remote control appliances
  • Remote control Netflix

  • Hail a Uber or Lyft car

  • Honk the horn on your Tesla from inside your house

  • Make a smart watch with AWS IoT

See https://www.hackster.io/amazonwebservices/products/aws-iot-button

PROTIP: Regardless of the technology, when a button is pushed, there should, ideally, be some confirmation, such as a bell or Raspberry Pi with a screen above the button that says “Thank you. Button xyz213 below was emailed to Joe Smith at 13:23 today.”.

Always-on but limited

If you’re hoping to use IoT devices within an enterprise environment, there is a fundamental mental and technical paradigm that needs to be shifted for IoT use.

Most companies have been structuring their networks for people to use. That means there are usually just two types of wifi: one for employees who have access to the whole internal network; and another for guests who have no access to anything within the company, just enough to surf the public web and send emails, not send emails to company employees. Guest access is usually limited to a short time such as a day.

But IoT devices such as a panic button for receptionists or a service required button in bathrooms require continued access that doesn’t expire.

So a third category of wifi is needed for IoT devices. If the devices capture data used by internal systems, that data needs to be treated like it’s coming from an adversary and not from a trusted internal source. So there are many precautions nessary, such as encryption and authentication, and authorization to a very limited set of functionality.

Rather than direct access to databases, IoT devices should communicate with an intermediate source, with the assumption that data on that system will be hacked.

Support from AWS?

People at AWS will answer technical questions only if you pay for a subscription of a minimum $29 a month or 3% on top of monthly usage costs. See:

https://console.aws.amazon.com/support/plans/home#

Amazon’s Dash Servicesprovides services to help others include Dash into their products.

Those without a subscription can just read the documentation at https://docs.aws.amazon.com/iot/latest/developerguide/configure-iot.html

Below is an enhanced versio of that minimal page.

Configuration

Each device has a different procedure and tool to configure.

Both AWS’s own button and ATT’s button can use AWS IoT 1-Click cloud service which works through “IoT Core” to trigger AWS Lambda functions. iot-aws-lte-831x1024.png

To accomodate large scale loads, a Load Balancer distributes traffic through the Route53 DNS service. SNS AWS Connect ? Amazon Lex provides text to speech. RDS (Relational Data Service) stores data in SQL schemas. Images are stored in S3. SES handles.

Dash config using mobile app

Dash buttons are pre-defined for specific uses.

VIDEO Jun 11, 2017 How to configure an AWS IoT Button Use the Amazon mobile app to configure them:

  • https://www.amazon.com/gp/help/customer/display.html?nodeId=201746340

AWS IoT config using mobile app

The 2nd generation customizable devices were announced with a mobile app to help with configuration.

PROTIP: Pressing the AWS IoT button for 15 seconds until a blue blinking light appears resets the configuration.

CAUTION: Amazon’s IoT Buttons is authenticated to run as a server with its own direct access to the public internet.

  1. PROTIP: Be on a wi-fi network that is always on. Not one that times out like at airports.
  2. PROTIP: Sign up for an AWS account.
  3. In Play Store or Apple Store, search for AWS BTN Dev.

    Create and use IAM credentials

  4. Login to the AWS Console at https://console.aws.amazon.com/console/home
  5. If you are new to AWS, follow these instructions to create a new AWS account root account and configure security for master billing.
  6. Create an AWS User account to configure the device and sign in with that.
  7. NOTE: Add this role

  8. In the app: Click “Login” and provide your AWS IAM email and password.

    There is a link to “Sign in using root account credentials”, but it’s strongly not recommended.

  9. Notice “Oregon (us-west-2)” at the bottom of the page. Tap the region to select other regions support the button.
  10. Click “Setup AWS IoT Button”.
  11. Press “+” at the upper-left corner if you see a list of “AWS IoT Buttons”.
  12. If one is shown, slide the button to your left to reveal options:
    • Press the Lambda icon to Change Button action.
    • Press the red delete icon to redo configuration.
    • Press the wi-fi icon to Change Wi-Fi.

  13. Click “Agree & get started”.
  14. Click “Tap here to scan DSN barcode” and hold the barcode of the box or the back of the device within the border lines. Hold it still. It will advance to the next screen on its own.
  15. PROTIP: You can change the Friendly NAME automatically assigned to something unique to you.
  16. Press the blue “Register Button”.
  17. Do as it requests and press the AWS IoT button for 5 seconds until a blue blinking light appears.
  18. Press “Copy password and go to settings” to be sent to the Settings page.
  19. In the Settings page, press “Wi-Fi” and select “Amazon ConfigureMe” while the blue light appears.
  20. Select the wi-fi network both your phone and the device will be using.
  21. Click on the Password entry field and Paste from before. (You don’t need to remember the password).
  22. Return to the previous screen by swiping left on the bottom of your iPhoneX.
  23. Click Join. The light on the thing should flash when your Wi-Fi starts with “Button ConfigureMe”.
    But if you took too long, cancel and start over.

    BLAH: “No internet connection” appears.

  24. In a browser, navigate to http://192.168.0.1/index.html

  25. The first email sent requests permission for the addressee to receive email.

Dear Amazon Web Services Customer,

We have received a request to authorize this email address for use with Amazon SES and Amazon Pinpoint in region US West (Oregon). If you requested this verification, please go to the following URL to confirm that you are authorized to use this email address:

https://email-verification.us-west-2.amazonaws.com/?Context=565610606804&X-Amz-Date=20180308T092118Z&Identity.IdentityName=wilsonmar%40gmail.com&X-Amz-Algorithm=AWS4-HMAC-SHA256&Identity.IdentityType=EmailAddress&X-Amz-SignedHeaders=host&X-Amz-Credential=AKIAJJHD5MBOFZDF5APA%2F20180308%2Fus-west-2%2Fses%2Faws4_request&Operation=ConfirmVerification&Namespace=Bacon&X-Amz-Signature=b5e21f07fbbd42db8cb8dc704ec97fd239251a655c7f3f483814fab4f9ed74ad

Your request will not be processed unless you confirm the address using this URL. This link expires 24 hours after your original verification request.

If you did NOT request to verify this email address, do not click on the link. Please note that many times, the situation isn’t a phishing attempt, but either a misunderstanding of how to use our service, or someone setting up email-sending capabilities on your behalf as part of a legitimate service, but without having fully communicated the procedure first. If you are still concerned, please forward this notification to aws-email-domain-verification@amazon.com and let us know in the forward that you did not request the verification.

To learn more about sending email from Amazon Web Services, please refer to the Amazon SES Developer Guide at http://docs.aws.amazon.com/ses/latest/DeveloperGuide/Welcome.html and Amazon Pinpoint Developer Guide at http://docs.aws.amazon.com/pinpoint/latest/userguide/welcome.html.

Sincerely,

https://aws.amazon.com/ses/verifysuccess/

ATT LTE-M button install

  1. I bought two LTE-M buttons from ATT’s Marketplace at https://marketplace.att.com/products/att-lte-m-button.

  2. While I waited the 4 days for the package to arrive, I got an email from AT&T Marketplace Customer Service (starterkit-support@iotservices.att-mail.com).

    The email said “Please use claim code: C-NQ3MEXAMPLE in your AWS Console”.

    But what’s the URL? There was no instructions included in the package shipped to me.

    So I signed in using my ATT Developer account and asked a question there.

  3. The response to my email from “LTE-M.Button” email g11389@att.com

    AWS IoT 1-Click is an AWS-provided service, purchased separately, that makes it easy for devices like the AT&T LTE-M Button to trigger AWS Lambda functions that execute a specific action. To learn more about AWS 1-Click visit https://aws.amazon.com/iot-1-click

    AWS provides rich documentation on getting you started and in programming the lambda functions.

    Should you need more assistance for AWS related services, please contact AWS Support Center - https://console.aws.amazon.com/support/home - as they would be best equipped to provide you with up to date information on AWS services.

  4. You don’t need to visit https://aws.amazon.com/iot-1-click, which is the marketing page.

  5. Click the yellow “Try AWS IoT 1-Click” button or go directly to https://console.aws.amazon.com/iot1click “Onboard”.

    NOTE: You are taken to your default region in the https://.

    Let’s return to this page after setting up a user for each device.

    PROTIP: Make sure the account being used is not be able to instantiate EC2 instances that can cost thousands of dollars.

  6. Sign-in using an AWS administrator account with permissions to work with Amazon’s IAM service.

  7. Define a User Group “att-lte” and associate it with policy “AWSIoT1ClickFullAccess” for use during configuration.

  8. Click “Add User” to define an IAM user for each device, such as User Name “att-lte-01” so that activity logs can be precise about actions being associated with a specific device/user.

    PROTIP: Add more zeros to accomodate the number of devices you plan on getting.

  9. For Access Type, check “Programmatic access” when the user runs and “Management Console access” for setup.

  10. Keep “autogenerated password”.

  11. Uncheck “User must create a new password at next log in”. Click “Next: Permissions”.

  12. Check to select the “att-lte” Group. Scroll down to click “Next: Review”.

  13. Click “Create User”. Reduce AWS accounts for each device using

    NOTE: The ARN (Amazon Resource Name) is a combination field:

    arn:aws:iam::103265058630:user/att-lte-01
  14. Click “Download.csv” and save the file “credentials.csv” to your Downloads folder.

    NOTE: Every user’s file is stored with that same name, but the operating system automatically increments a number in the name, such as “credentials (2).csv”.

  15. In Finder, open the newest credentials ?.csv file with Microsoft Excel.

  16. PROTIP: Save the first credentials.csv file as a master Excel speadsheet file or Google Sheets instance in the Google cloud used to tracks every device. Name the sheet “att-lte-inventory”. The columns are:

    • user name
    • password (when AWS Management Conole is selected)
    • Access Key ID (for programmatic REST API access)
    • Secret Access Key
    • Console login link
  17. PROTIP: Add column headings in row 1 under column headings F and G:

    • Serial - the device serial number on the device and its box
    • Added - date put in service (format yyyy-mm-dd such as 2018-12-31)
    • Assigned - the person assigned responsibility for the device.
  18. Click the column heading G for the Added column to format the date in yyyy-mm-dd format (also known as ISO format).

  19. In new credentials.csv files, click the line number of the row containing information about the device, press Command/Control + C to copy the line into your machine’s Clipboard. Click a blank line in the master spreadsheet and press Command/control +V to paste it in the master speadsheet.

  20. PROTIP: Into the master spreadsheet type the ATT LTE-M device serial number on the side of the device and also in the box it came in. In a later step below, copying the device serial number from the spreadsheet to the registration website ensures that typos are caught.

  21. Use a permanent marker to write the AWS User name on the device (to the right of the serial number), then add today’s date.

  22. If you know, add the name of the person Assigned to be in charge of the device.

    Claim devices

    Instead of following the manual steps below, many run a script.

  23. In a new browser window, visit the “Console login link” URL AWS generated for all users created by the same admin. account, such as:

    https://103265058630.signin.aws.amazon.com/console
  24. Copy the “IAM User Name” from the inventory spreadsheet and paste it in the “IAM user name”.

  25. Copy the “Password” from the inventory spreadsheet and paste it into the “Password” field.

  26. Click “Sign in”.

  27. Search for and click to open the “IoT 1-Click” service. (Perhaps it is among the quick icons at the top?)

    <img alt=”aws-iot-claim-already-312x183-12874.jpg” width=312” src=”https://user-images.githubusercontent.com/300046/40759392-22646512-644f-11e8-9604-3ea3952b766a.jpg”>

  28. Click “Claim devices”.

  29. Copy the serial number from inventory spreasheet associated with the user name written on the device earlier. This should make the “Claim” icon clickable.

    If the “Claim” icon does not become enabled, you’re SOL because after you click “Contact Support”, there is this:

    aws-iot-no-tech-support-251x47-4506.jpg

    After all, Jeff Bezos can’t be the world’s richest person if he offers support to every idiot in the world. ;)

  30. For phone number, it asks for “E.164” format. Such numbers all begin with a plus sign and a country code</>. An example of a US number begins with “+1” followed by the number.

    +18008675309

    E.164 is the international telephone numbering plan that ensures each device on the PSTN has a globally unique number. It allows a maximum of fifteen digits (including the country code). This is what enables phone calls and text messages to be correctly routed to individual phones in different countries.

Lab to manually install

Amazon once offered a free online self-paced lab on their QwikLab platform named Introduction to AWS Internet-of-Things (IoT) runs a simple therometer IoT device simulator on Amazon EC2 to generate and publish sample sensor data to an AWS device gateway.

Skills taught include building a simple rule to permit publishing of a notification to an AWS SNS topic when the temperature of the device is greater than a defined threshold. Connecting an email address with the SNS topic results in an email notification when the threshold is met. The device shadow is then updated so the device will “turn on the air conditioning”, resulting in lowering temperatures.

The tutorial begins with obtaining a private SSH certificate (PEM for Mac, PPK for Windows) to login into an EC2 instance using PuTTY in Windows or a Terminal command such as this on Mac:

ssh -i “mykey.pem” ec2-uer@ec2-12-12-123-123.compute-1.amazonaws.com

Once in, the simulator in invoked and a certificate is created using a command that begins with:


   aws iot create-keys-and-certificates --set-as-active \
   --certificate-pem-outfile certs/certificate.pem.crt \
   --public-key-outfile certs/public.pem.key \
   --private-key-outfile certs/private.pem.key \
   --region us-east-1
   

PROTIP: Since the above command is done within Amazon’s landscape, it can automatically inform Amazon’s IoT Resources database. This is why it appears when you go to the IoT Resources site.

Configure the IoT Button

  1. PROTIP: Know the SSID name and password to your regular network’s WiFi because the AWS Button is setup like another computer communicating directly to the public internet.

    Generate Thing certificates

  2. Login to Amazon’s own IoT Resources Console at
    https://console.aws.amazon.com/iot/home

    https://console.aws.amazon.com/iot/home?region=us-east-1#/thing/iotbutton_…

  3. Select a location (region) from the upper right corner. Initially “N. Virginia” was the only region supporting Lambda. There is now:
    • US West (Oregon), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo)
    • Jun 23, 2016, Sydney in Asia Pacific
    • Jul 25, 2016, Asia Pacific (Singapore)

  4. Click “Create a resource” for the create panel.



    PROTIP: Remember these icons and what they mean because the Resources page uses them without annotation.

  5. Click “Create a thing”.

    NOTE: Error messages appear on the lower left of the screen.

  6. Specify a name such as “AWS-iot-button-01”.

    PROTIP: Zero-pad numbers because you’ll want more than one ;)

  7. Click “Create” button for the black panel to open at the right.

    If the black part of the screen isn’t visible, click the “?” on the right edge to expand it.

  8. Click “Connect a device”.
  9. Check “NodeJS”. The text on screen:

    First, you will need to create and download security credentials for your device. The following steps will help you to create and download security credentials (a certificate for authentication, and a policy that defines what the device using this certificate is allowed to do).

    You can generate a certificate with 1-click. When you generate a certificate, we will also generate a default security policy named iotbutton_G030......N0AV-Policy. You can modify this security policy at any time through the ‘Resources’ panel of this console.

  10. Click “Generate certificate and policy”.
  11. Click “Download public key” to your Downloads folder.
  12. Click “Download private key”
  13. Click “Download certificate”
  14. Click “Confirm & start connecting”.

    An example:

    {
      "host": "ABCDEFG1234567.iot.us-east-1.amazonaws.com",
      "port": 8883,
      "clientId": "iotbutton_G030....1N0AV",
      "thingName": "iotbutton_G030.....1N0AV",
      "caCert": "root-CA.crt",
      "clientCert": "427c7ac25f-certificate.pem.crt",
      "privateKey": "427c7ac25f-private.pem.key"
    }
    

    NOTE: The first part of the host string (such as “ABCDEFG1234567”) is the Enpoint Subdomain.

    NOTE: Certificate file prefix (example “427c7ac25f”) will be different every time keys are generated.

  15. Highlight the text on the screen and copy it.

  16. When you return to the Thing menu, notice that each certificate key appears above the hand icon.

    Resources page

    Pressing the blue link to the right of “AWS IoT:” for the Resources screen:
    https://console.aws.amazon.com/iot/home?region=us-east-1#/thing/iotbutton_…

    PROTIP: To avoid error messages, deactivate before deletion.

    PROTIP: Check one item at a time to perform an Action.

    Configure Button

    Configure the AWS IoT Button to use your Wi-Fi and these resources to connect to AWS securely:

  17. To place the button into configuration mode, press and hold the button down for 5 seconds until it flashes blue.

    This activates a small web server inside the button.

  18. PROTIP: One teardown video found inside a Dash button a digital microphone (24-bit 12S Analog Devices ADMP441) used for ultrasonic data transmisson during setup. So do setup in a quiet place (away from music, fans, transformers in fishtanks, etc.).

  19. Navigate to your computer’s Network settings page, Open Network Preferences,

    On a Mac, click the network icon on the top menu of icons. to the button’s Wi-Fi network SSID shown, such as:

    Button ConfigureMe - 977

  20. Configure your computer’s Network settings to the button’s Wi-Fi network SSID shown.

  21. Click “Show password” and type the last 8 digits of the device serial number (such as “8351N0AV”) as the WPA2-PSK password. Click Join.



  22. Click the link
    http://192.168.0.1/index.html to open in new tab.



  23. Enter your local network’s Wi-Fi SSID and password.

    PROTIP: This means the Amazon IoT Button communications like another laptop computer, directly connected (exposed) to the public internet.

  24. Click “Browse” next to Certificate and select the …-certificate.pem.crt file you just downloaded above.
  25. Click “Browse” next to Private Key and select the …-private.pem.key file you just downloaded above.

  26. Copy the Endpoint Subdomain from before.

  27. Copy the Endpoint Region from region selected before.

  28. Check the box to agree to the terms and conditions. This should result in an endpoint generated, such as:

    ABCDEFG1234567.iot.us-east-1.amazonaws.com

  29. PROTIP: Copy the end-point generated for your device, such as:

    Save it in a text file along with the certificates.

  30. Click “configure” (tiny button).

    WiFi Router

  31. This isn’t mentioned on the Amazon page: Ignore it if get see a router page (such as “Dlink”, etc.) such as:

    http://192.168.0.1/Status/Device_Info.shtml

    AWS IoT Websites

  32. Make sure your browser can still connect to an external webpage, such as
    https://aws.amazon.com/iot

    NOTE: The AWS IoT service is its own category among other AWS service groupings.

    https://aws.amazon.com/iot/getting-started
    provides a list of URLs related to IoT.

    CONGRATULATIONS!

Now that you can connect to the internet with your “secret decoder ring”, it’s time you know its tremendous power.

Why Amazon IoT?

The real power of Amazon’s IoT is that it is part of the most popular cloud services for enterprises and others.

This diagram from Amazon’s IoT Intro course illustrates the loose coupling of components in Amazon’s cloud. IoT devices publish telemetry data to an IoT Topic. Topics notify its subscribers when a trigger is identified by a IoT rule. Rules can trigger Amazon’s other services.

More importantly, its early start and popularity means AWS has become the most mature of clouds, with the most experienced people who have learned how to work with it.

AWS IoT Rule Actions lists code examples to interact with the services listed above.

How the Button fits in

This provides a description of components described in the Quickstart tutorial
lists system components:

awsiot-how-it-works_howitworks_1-26-650x381-i11.jpg

We’ll be describing how to work with each component below. But for now, here’s a techy overview of each component.

  • Device gateway enables devices to securely and efficiently communicate with AWS IoT. It’s especially needed when there are many devices at a location.

  • Security and Identity service provides shared responsibility for security in the AWS cloud. Your things must keep their credentials safe in order to send data securely to the message broker. The message broker and rules engine use AWS security features to send data securely to devices or other AWS services.

  • Message broker provides a secure mechanism for things and AWS IoT applications to publish and receive messages from each other.

    PROTIP: To publish, use the HTTP REST interface with an Access Key ID and Secret Key from code developed using the SDK or from the AWS CLI or AWS Signature Version 4. Each ID would be associated with IAM users, groups, and roles. Alternately, sign-in via Facebook using Amazon Cognito Identity which generates temporary key pairs (Access Key ID and Secret Key).

    PROTIP: To publish and subscribe, use either the MQTT protocol directly or MQTT over WebSockets, using X.590 certificates. MQTT is more light-weight than HTTP.

  • Rules engine provides message processing and integration with other AWS services. You can use a SQL-based language to select data from message payloads, process the data, and send the data to other services, such as Amazon S3, Amazon DynamoDB, and AWS Lambda. You can also use the message broker to republish messages to other subscribers.

  • Thing registry (aka Device Registry) organizes the resources associated with each thing. You register your things and associate up to three custom attributes with each thing. Associate certificates and MQTT client IDs with each thing to improve management and troubleshooting of things.


  • Thing shadow (aka device shadow) refers to a JSON document which stores the current state information for a thing (device, app, and so on). Note this does NOT contain a history of past statuses (what others call a “digital twin”).

    icon state
    desiredstate desiredstate
    reportedstate reportedstate
  • Thing Shadows service provides persistent representations of things in the AWS cloud. You can publish updated state information to a thing shadow, and a thing can synchronize its state when it connects. Things can also publish their current state to a thing shadow for use by applications or devices.


Email on button click

  1. Get on the AWS Lambda console at
    https://console.aws.amazon.com/lambda/home#/create/configure-triggers?bp=iot-button-email

    The “configure-triggers?bp=iot-button-email” in the URL is equivalent to going to the AWS Lambda console at
    https://console.aws.amazon.com/lambda/home, click “Create a Lambda function”, click “Select blueprint”, then find and select “iot-button-email”. Its description is “An AWS Lambda function that sends an email on the click of an IoT button.””

  2. For IoT Type, select “IoT Button” (model JK76PL),

  3. Type in Device Serial Number (DSN) without spaces from the back of the device.

  4. Type in Rule Name: “AWS-IoT-single-button-email”.

    PROTIP: Use dashes instead of spaces. Specify the type of button pushed in the name (single, double, long).

  5. Check Enable trigger.

  6. Create a SQL statement:

    
    SELECT * FROM 'iotbutton/+'
    
  7. Check “Enable trigger”.
  8. Click “Next”.

  9. Specify a function name such as AWS-IoT-single-button-email

  10. For Description, enter something like “An AWS Lambda function that sends an email on the click of an IoT button.”.
  11. For Runtime, leave it “Node.js 4.3”.

    QUESTION: Where to get Node script to email?

  12. Replace “my_email” with the email address you want to :

    const EMAIL = 'my_email@example.com';  // TODO change me
    
  13. Type a Role Name such as “IoT-AWS”.

    WARNING: No spaces in Role Names.

  14. Scroll down to “Role*” and select “Create new role from template(s)”.

  15. For Policy templates, select “AWS IoT Button permissions”.

    PROTIP: From Permission definitions for templates detailed here, the AWS IoT Button permissions” are:

    {
     "Version": "2012-10-17",
     "Statement": [
         {
             "Effect": "Allow",
             "Action": [
                 "sns:ListSubscriptionsByTopic",
                 "sns:CreateTopic",
                 "sns:SetTopicAttributes",
                 "sns:Subscribe",
                 "sns:Publish"
             ],
             "Resource": "*"
         }
     ]
    }
    
  16. Click Next.

    Testing

  17. Return to this screen by logging into:
    https://console.aws.amazon.com/lambda/home?region=us-east-1#/functions/AWS-iot-button?tab=code



    PROTIP: A big question about many IoT devices is what happens when the network is not available.

    Does the device cache the user action for broacast later?

    Does the system store delayed transmissions with the time of user action rather than the time when data can be transmitted?

    PROTIP: Local storage is done by IoT Gateway servers which are also called fog nodes in a fog network.

    Amazon CloudWatch Settings

  18. Click Settings at the upper-right blue menu.

    NOTE: CloudWatch is disabled by default because IAM permissions are needed.

    https://docs.aws.amazon.com/iot/latest/developerguide/cloud-watch-logs.html

  19. Click Create a new role.
  20. Type in a Role name that’s unique, such as “custom_aws-iot-button-01”.
  21. Select the Debug log level initially.

SNS to SMS

To send an SMS on DOUBLE tap.

  1. Go to SNS in the AWS console and create a SNS topic.

  2. Define the lambda function to send the SMS.

  3. Add a subscription to the topic For SMS delivery to a cell phone number.

See https://www.socialcustomer.com/2016/05/how-to-set-up-an-aws-iot-button.html


Additional things

PROTIP: Once you get the Button working with one third-party API, you can add context from additional sensors and use other APIs.

Other device starter kits specifically for AWS include the $169 Intel Edison and Grove IoT Starter Kit Powered by AWS from Seed with sensors for indoor environments.

If you already have an Arduino board, not listed among Amazon’s Start Kits is the $85 Seeed Starter from the Amazon Store


IFTTT Maker

Take this route on a LONG press of the Button.

IFTTT.com provides a user-interface to specify triggers and actions without programming.

  1. Create your IFTTT Maker Channel at
    https://ifttt.com/maker

    Create an account if necessary.

  2. PROTIP: Copy your IFTTT Maker Channel Key and save it somewhere in a list of AWS IoT Dash buttons.

  3. Create a recipie on
    https://ifttt.com/myrecipes/personal

  4. Click “this”.
  5. Type “maker” in the Search Channels field.
  6. Click on the Maker icon when it appears.
  7. Click “Receive a Web Request”.
  8. Type in Event Name “AWS 1 SINGLE”, then click “Create Trigger”.

    PROTIP: Even if you have don’t have more than one button, you may in the future. Use a black permanent marker to write a large circled number to uniquely identify each button.

  9. Click “that” (action).
  10. Scroll to see all the possibilities, but pick one. In this example, let’s send a simple SMS text to your phone.
  11. Type “sms” in the Search field.
  12. Click “SMS” (not “Android SMS”).
  13. Click “Send me an SMS”.
  14. Replace the sample message text with the following:

    AWS 1 SINGLE pressed. IFTTT Maker Channel  triggered.
    

    Note the “” is substituted with what you typed in.

  15. Click Create Action.

  16. Short the sample Recipe Title to “AWS #1 SINGLE Press”, then click Create Recipe.

  17. Optionally, repeat the above steps to create recipies for DOUBLE and LONG instead of SINGLE press.

    Lambda to IFTTT Forwarder

    Create a Lambda function to forward events from your button to IFTTT. Create a new Lamdba resource named “AWSIoTButton” and add the following code to it:

  18. Get on the Amazon Lambda console for your region at
    https://console.aws.amazon.com/lambda
  19. Click “Create a Lambda function”.
  20. Scroll down among blueprints to click “Skip”.
  21. Click the dotted line box to select.

  22. Type in Rule Name: AWS IoT to IFTT.
  23. For SQL statement: TODO?
  24. Click “Enable trigger”.

  25. In the Configure function page, type (with no spaces) a Name such as “AWS-IoT-to-IFTT”.
  26. For Runtime, leave it “Node.js 4.3”.
  27. Highlight the whole code inline window to erase it, then copy this and paste it:

    AWS.config.update({region:'us-east-1'});
    var IFTTTkey = "YOUR KEY here";
    var request = require('request');
     
    //this is called when the AWS Button is pressed and event data is passed as well
    exports.handler = function(event, context) {
     console.log("Received AWS Button event: " + event.clickType + ". Firing IFTTT Maker Trigger...");
     request('https://maker.ifttt.com/trigger/' + 'AWS-'+ buttonState + '/with/key/' + IFTTTkey, function (error, response, body) {
         console.log("Complete! Response: ", response.statusCode);
     }
    )};
    
  28. Replace “YOUR KEY here” with your key shown above.
  29. In Role, click “Choose and existing role” to “Select new role from template(s)”.
  30. In Role Name, type “AWS-IoT-to-IFTT”.
  31. In Policy templates, select “AWS IoT Button permission”.
  32. Click Next.
  33. Click Finish.

  34. In the AWS IoT Dashboard https://console.aws.amazon.com/iot/ click the ENABLED item named “iotbutton_…“Rule.
  35. In the right pane, click “Lambda Action”.
  36. Select the “AWS-io-button” function we created earlier.

  37. You can leave the first SNS function or remove it if you choose.

Manual Test cases

When you click the AWS Dash IoT button, it sends a signal through your wi-fi, over the public internet, and into the AWS cloud.

The AWS Dash IoT device recognizes 3 click types:

  • SINGLE
  • DOUBLE (press the button twice in quick succession)
  • A LONG clickType is when the first press lasts longer than 1.5 seconds.

  1. Click the button once.

  2. Click the button twice quickly.

  3. Hold down the button.

    Color of lights

    Color Meaning
    Solid Orange No Wi-Fi configured
    Blinking Orange Pre-DHCP error occurred
    Blinking Red Post-DHCP error occurred
    Blinking White Connecting to Wi-Fi, getting IP address, connecting to AWS IoT
    Blinking Blue Soft AP mode
    Solid Green Successfully connected to Wi-Fi and published a message to AWS IoT
    Pulsing Color (rcoybgmp) AWS IoT Shadow User defined Sequence
    Pulsing Red Battery Low
    Solid Red Battery Dead
    Solid Red Fatal internal error occured

    Blinking pattern

    Blinking pattern Error
    Short short short There was an error connecting to the configured wireless network.
    Short short long There was an error obtaining an IP address from the network.
    Short long short There was an error performing the host name lookup. This can be the result of not being able to reach the DNS server or an incorrectly configured AWS IoT endpoint subdomain.
    Short long long Cannot connect to AWS IoT. This can be an issue with the network, but is most likely not an issue with the certificates.
    Long short short Cannot establish a secure connection with the server. This error is most likely due to an unknown or inactive certificate.
    Long short long Received HTTP 403 Forbidden This error is most likely returned because the certificate does not have permission to publish to that topic.
    Long long short There is a problem sending to or receiving from AWS IoT. This is most likely just a networking error.
    Long long long Received an unknown HTTP response from AWS IoT.

    Examine CloudWatch Logs

TBD:


Losant IoT Cloud

https://www.losant.com/blog/getting-started-with-aws-iot-button-losant


Samsung ARTIK Cloud

Samsung provides a vendor-neutral cloud service.

  1. Begin from https://artik.cloud/my/new_device

  2. Select “Amazon Dash Button Proxy”.

    Samsung defines a “Proxy” as “Software running on an always-on computer on the local network of the device”.

    https://artik.cloud/works-with

  3. Click “Connect device”.

  4. Click the name you assigned for a chart menu.

  5. Click “ButtonPressed” for charts about it at https://artik.cloud/my/data

Rules

rule https://docs.aws.amazon.com/console/iot/rules Rules Engine provides the logical thinking

action https://docs.aws.amazon.com/console/iot/rules/create-rule actions

control unit publishes commands

A sample rules which are SQL syntax commands:

   SELECT * FROM 'iotbutton/+' WHERE state='ERROR'
   

NOTE that standard single quotes are used, not the left and right leaning ones.

Simulator

simulator

https://aws.amazon.com/blogs/iot/device-simulation-with-aws-iot-and-aws-lambda/

SDK

https://aws.amazon.com/iot/sdk/

available in several programming languages.

Things (Devices)

The breath of Things imagined from the zip file downloaded from Amazon’s Icons page:

sensor
sensor
servo
servo
topic
topic
thingbank
bank
thinggeneric
generic
thingbifactory
factory
thingutility
utility
medicalemergency
medical
emergency
policeemergency
police
emergency
thingbicycle
bicyle
thingbicar
car
travel
travel
thinghouse
house
thinglightbulb
lightbulb
thermostat
thermostat
windfarm
windfarm

The two standards bodies in IoT are the Thread Group (formed by ARM, Samsung, Qualcomm, and Google Nest) and OCF (Open Connectivity Foundation), formerly the OIC (Open Interconnect Consortium) and the Microsoft-backed AllSeen Alliance.

Microsoft earlier released its open-source IoTivity bridge to connect OIC tools with the AllSeen Alliance’s AllJoyn APIs to talk to OIC-compatible IoT devices.

Protocols

One distinguishing character of each device is the networking protocol it uses.

MQTTprotocol MQTT is AWS's protocol of choice is 30 years old but is fault tolerant, has small footprint, and efficient in bandwidth. AWS GM says in this video. See the MQTT NodeJs sample project.
HTTPprotocol HTTP
HTTP2protocol HTTP2

More on MQTT and HTTP protocols

AWS IoT Endpoint/topics/url_encoded_topic_name?qos=1

A sample WebSockets:

wss://endpoint.iot.region.amazonaws.com/mqtt

BTW, Amazon does not yet support other protocols used with IoT such as CoAP the Constrained Application Protocol defined as RFC 7252. It was designed to carry REST calls for machine-to-machine (M2M) applications such as smart energy and building automation. It can accept XML, JSON, and a derivative of JSON for taggable binary without Base64 encoding, called COBR Concise Binary Object Representation defined as RFC 7049.

SDK

The first page of the AWS IoT Developer Guide has this diagram:

PROTIP: You do not need to Click to Download the AWS IoT Node.js SDK (file aws-iot-device-sdk-js-latest.zip) at
https://github.com/aws/aws-iot-device-sdk-js
because most developers obtain the SDK by using the Node Package Manager which detects and updates versions:

npm install aws-iot-device-sdk

This contains a gulpfile.js and a package.json file for implementation by NPM. That means the Gulp app needs to be installed as well.

Acronyms

PAC = programmable automation controllers (for local “Edge computing”)

QUESTION: Connect to leading SCADA gateways of Schneider, Honeywell, etc.

Social Media

https://aws.amazon.com/blogs/iot/

links to https://aws.amazon.com/about-aws/events/

Articles about this:

  • http://www.computerworld.com/article/3102846/internet-of-things/internet-of-things-early-adopters-share-4-key-takeaways.html

  • https://industrial-iot.com/2016/08/infor-announces-iot-platform-inforum-2016/

  • http://searchaws.techtarget.com/tip/Push-the-AWS-IoT-Button-for-noncritical-tasks

  • http://www.slideshare.net/AmazonWebServices/getting-started-with-aws-iot-september-2016-webinar-series

  • https://www.youtube.com/watch?v=rMUOl-JWcVQ

  • https://www.youtube.com/watch?v=i0ifCaPUhvo AWS IoT Button (2nd Generation) Testing! Feb 4, 2017

  • https://www.youtube.com/watch?v=oIPsQhStbnY How to configure an AWS IoT Button

  • https://www.youtube.com/watch?v=6sLd1MK2CbY Using an AWS IoT button to get your kids to show up for dinner Julien Simon

https://www.twitch.tv/aws/videos/all videos include:

More on IoT

This is one of a series on IoT:

  1. IoT Acronymns and Abbreviations

  2. IoT Apprentice school curriculum
  3. IoT use cases
  4. IoT reminders prevent dead mobile battery
  5. IoT barn feeder

  6. IoT text to speech synthesis
  7. IoT AWS button
  8. Intel IoT
  9. IoT Raspberry hardware
  10. IoT Raspberry installation

  11. IoT Clouds
  12. Samsung IoT Cloud

NOTE: Pages about GE’s Predix have been removed.