Amazon Launches IoT Platform Beta
At Amazon’s recent re:Invent developer conference in Las Vegas, the company announced a new Internet of Things (IoT) platform called AWS IoT. This platform is currently in beta and is available to AWS subscribers.
Dr. Matt Wood, general manager, product strategy at AWS describes the AWS IoT platform as a way “to connect devices to the AWS cloud. It also allows your company to collect, store, analyze and take action against the large volumes of data that is streaming from your connected devices.”
Underneath the IoT platform is a collection of SDKs and AWS services including:
Authentication and Authorization is addressed through the use of mutual authentication using either self-signed certificates or the AWS SigV4 process. In addition to using Transport Layer Security 1.2 (TLS), certificate to role mapping exists where policies govern a device’s ability to perform actions based on the certificate that is presented. Certificates and policies can be managed via the management console or using a management API. Certificate revocation can also be achieved through the AWS Identity and Access Management service (IAM) for instantly denying devices access to the platform.
Devices are not expected to know what backend services may be interested in the message that it is about to be sent out. As a result, the Device Gateway, which allows for communication over MQTT and HTTP, uses a publish/subscribe model to distribute, or broadcast, messages to interested subscribers through the use of an AWS messaging Topic and Rules Engine.
Image Source: https://aws.amazon.com/iot/how-it-works/
A Rules Engine can be used to evaluate both the context and content of a message for filtering and routing messages. Rules are authored using a SQL-like syntax. An example of a rule is processing a device's temperature reading. If the temperature exceeds a specific threshold, you may want to insert that event into a Dynamo Db instance as illustrated in the following image.
Image Source: Amazon re:Invent Session MBL303
Dynomo Db is not the only service that can subscribe to events being published to the IoT platform. Messages can also be routed to other AWS services including:
- Kinesis/Kinesis Firehose (data streaming)
- Simple Storage (S3)
- Lambda (code execution)
- Simple Notification Services (push notifications)
Communication does not only flow into the AWS IoT platform. Command and control scenarios are also possible where events are sent down to the IoT device. Amazon calls this functionality Device Shadows, where a virtual version of the device is maintained in the platform. This virtual version will have the last reported state of the device and also maintain the desired future state of the device. Since some devices may rely upon battery power, devices may not be online at all times. Having the last reported state recorded allows customers to determine the health of the device prior to it going offline. Using Device Shadows also allows organizations to push state changes to the device and upon the device being brought online. Upon the device being brought online, the desired state will be pushed down to the device using publish/subscribe messaging. The device will then receive this message and execute the instructions that were sent from the IoT platform.
Amazon will see competition in this space from the likes of IBM, Microsoft and Salesforce. At Microsoft’s recent AzureCon, they released their Azure IoT Suite and at the annual Dreamforce conference Salesforce announced their intentions to enter this market as well. What is consistent across all of these platforms is that they are interested in the entire IoT spectrum in order to plug devices into other downstream cloud services.
Lydia Leong, vp distinguished analyst at Gartner, in a recent tweet positions both Amazon and Microsoft as the platforms to beat. “Worth noting that Microsoft also put out a blizzard of announcements at AzureCon recently. Competitors need to beat AWS *and* Microsoft.”