I have developed an electronic device that connects to AWS IoT Core service through MQTT protocol. Now I can connect, publish and subscribe topics.
The device has some inputs (i.e. buttons) and outputs (i.e. relays).
Now I want to develop a mobile or web application to let an authorized user read inputs status and read/write outputs. More than one user could be authorized to control a single device.
What it's not clear to me, but I have no knowledge of backend technologies, is how to manage users, i.e. mobile/web app.
One strategy is to create a new Thing for each User, with its own certificate. The web/mobile app uses MQTT protocol as the electronic device. Topics can be used as a chat channel: the user asks for inputs status and the device answers with updated status.
Another strategy could be to create a HTTP API (maybe with AWS Gateway API) that web/mobile apps use. The API is programmed to publish and subscribe topics. The user should have a IAM access.
I know I could user Device Shadow, but I don't think it's a good soltion in my use case. The status of inputs can change frequently (maybe 1000 times a day), but the user wants to retrieve the status through the mobile/web app only sometimes (one a day or less frequently). It's seems it's useless to send so many messages to keep the shadow updated.
you can use to connect your WebApp with AWS IoT via MQTT(publish and subscribe methods are also available in the system).
Front end library documentation
Please Refer the link and see if this solves your problem https://medium.com/#serverlessguru/serverless-real-time-reactjs-app-aws-iot-mqtt-17d023954045.
Related
I am working on a project wherein a mobile app (Flutter app) should create a unique identity (IOT thing) of my IOT device machine (on AWS) as soon as the user logins onto the app and also it should establish a connection (and subsequent communications) with the isolated IOT device after its configuration (Somewhat similar to Google Home configuration process).
The process starts with user logging onto the app (using AWS Amplify/Congnito to automatically add the user account in the cloud). Subsequently, the app needs to configure the IOT device (ESP32) and send Wifi credentials of home network by connecting to ESP's WiFi AP. However, since both the app and IOT device are isolated from each other (except during the configuration process), I don't have much idea on how exactly will mobile app connect (creating a unique IOT thing automatically) and communicate with the isolated IOT device over AWS IOT cloud.
I have worked with some of the AWS services like AWS Lambda, DynamoDB, AWS IOT for quite a while, hence I am aware of the basics. One of the possible solutions for the above maybe Fleet Provisioning by a Trusted User feature provided by AWS IOT (I did read it's documentation, but still confused). We can also use ESP32's Bluetooth feature for the app to scan nearby devices with which it needs to connect with, but I am not sure how will the connection establish through AWS cloud.
Since I am a beginner to AWS cloud services, it'd be great if someone can provide a possible solution for the above in detail. Also if possible, please provide a solution which would work incase of a large-scale deployment of the above project.
The parts you may be missing are missing are 1) MQTT messaging, which is the IoT message broker service provided by IoT Core, and 2) the need for an application program interface to handle creating and activating devices.
MQTT is a lightweight and widely adopted messaging protocol that is designed for constrained devices.
Your devices (things) will need to communicate back to AWS via MQTT messages, which are captured and processed by the IoT Rules service.
These rules typically trigger Lambda functions, which implement the process logic you need for your application.
See https://mqtt.org/ and https://docs.aws.amazon.com/iot/latest/developerguide/what-is-aws-iot.html
2} you will want to implement a simple API to handle device activation. The AWS API Gateway service makes it easy to implement APIs. For example, you can implement an endpoint for POST /device/ to create a device. That endpoint can trigger a Lambda handles device provisionsing.
I understand Aws IoT from a device perspective that it should connect with a certificate and sync with its shadow and push messages to topics. But I struggle to understand from the perspective of a Web App or a Mobile App. My basic questions are,
How to register an Application with AWS IoT?
What is the Authentication and Authorization mechanism for Applications?
How to grant an App access to a set of devices?
How can the App listen to messages from devices of interest?
How can the App send a command to device? I understand this is by
updating Device's shadow?
Generally, if you want to connect any application (Mobile, Web,...) to any AWS Services, you should consider two things. First, using AWS SDKs which you can find them here. Second, the application should have correct Authentication and Authorization attached to a user/group defined in IAM or Cognito.
In regards to your questions:
For registering an application in AWS IoT, first it should be defined as an IoT thing and with correct policies, it can publish/subscribe to topics. Consider that, you should put certificates into the device. For connecting to AWS IoT services you can use AWS IoT SDKs, more information can be found here.
2 & 3. It depends on your project. You can define your application to have access to a specific thing in AWS IoT or you can define it to access all things in AWS IoT service (using IAM, Cognito or Temporary Security Credentials). You should consider correct policies for your application. You can find more information about authentication and authorization for AWS IoT here.
AWS IoT has MQTT broker which handles the communication between entities that publish or subscribe to a topics. So if the application wants to get data from specific device, it should subscribe to the topic that things publish to.
It can be done by publishing data to a topic which thing has subscribed to.
Thing shadow is actually the digital twin of actual thing so it should contains information which is related to the thing such as available resources, etc.
I'm trying to wrap my head around how AWS Mobile Push Notification works. Specifically I'm building out a web service that will be capable of sending notifications to my mobile app running on my users' devices. After reading all of their docs, it sounds like the high level flow is:
Configuration
I need to go into my respective Push Notification Services (GCM for Android and APNS for iOS) and configure them to get credentials that I configure my backend service to use for connecting to them at runtime
I need to log in to the AWS SNS console and generated a platform application ARN (PlatformApplicationARN) that I also configure my backend to use
Code Flow (Runtime)
When a new user signs up for the first time, or anytime an existing user signs in on a new device, I have the app send my service their device info. One critical piece of this device info is their device token (also referred to as a "registration ID" in the AWS docs). This token is generated by their OS and uniquely identifies their device within their respective Push Notification Services (again either GCM or APNS for me)
When my service receives this new device info, I save it, and I also use the device token to hit the AWS SNS API (along with my configured PlatformApplicationARN) to generate a unique EndpointARN for that particular device
Now, whenever my backend decides it needs to send a notification to that user, I can look up all the devices associated with that user (that I previously stored in my DB), and fetch each device's EndpointARN. Then its just a matter of hitting the AWS SNS API to send my notification message to that EndpointARN, and it sounds like AWS SNS will take care of everything else (and delivering the actual message to the device)
So before I go any further, I'm just looking for someone to help sanity check my understanding and provide any course correction if I've misunderstood anything or am missing any important pieces of the config/flow! Assuming I'm more or less on track...
I'm still not seeing how SNS will be able to connect to GCM and APNS once I send a notification message to an EndpointARN. Do they maintain their own integration/connection with these services? Or do I somehow inject my own GCM/APNS credentials into the AWS SNS API call somehow?
Also, I know push notifications can be fairly configurable, allowing you to do things like:
Determine what sound the device should play when it receives a notification
Determine what color LED to blink on/off when it receives a notification (on my Android phone, different apps cause green, blue even purple LEDs to blink!)
Determine whether the notification is received by the Android/iOS OS itself (in which case if I come back to my phone after being away from it for a few minutes, I can press any button and see a high-level listed summary of any new notifications I've received); or whether the notification is purely an "in-app" notification in which case I'll only see that I received it if I actually open up my app.
I'm wondering where all this configuration takes place? Any ideas?
I can confirm that the high level flow is:
Log into AWS SNS and create 2 different Platform Applications, 1 for Android (FCM -- Firebase Cloud Messaging) and the other for iOS (APNS -- Apple Push Notification Services)
For each Platform Application you'll get a PlatformApplicationArn and you will be asked for credentials so that SNS can connect to your respective FCM/APNS accounts
For FCM you will just need your Server API Key (this can be obtained from Firebase Cloud Manager)
For APNS you will need to go through a really labor-intensive process of creating certificates through the Key Chain Access tool on your Mac, this was not fun...
Add these 2 PlaformApplicationArns to your code's config
When a user registers a new device with your app, they will send you a device token (provisioned by FCM or APNS) that uniquely identifies them to FCM/APNS
Take this device token, combined with your PlatformApplicationArn for FCM or APNS and use the AWS SNS SDK to create an EndpointArn for the device. Store this EndpointArn however you like.
Now you can use the AWS SNS SDK to push messages to your EndpointArn (specific device) anytime you want to.
Brief Solution:
I am storing IOT Device location and Service Provider Cars location in Dynamo DB via AWS Kinesis.
I am mapping One User with a specific service providers Cars and dispatching the Car to user’s shared location.
Problem: I need to track these mapped (service provider car and user location) on real time on service provider dashboard.
1. Does DynamoDB offers any direct API to publish and track these location real time?
2. Do I need to expose these mapped location and track then on dashboard via AWS Kinesis? Does AWS Kinesis offer such APIs?
Any suggestions?
If you are using MQTT IoT Core from AWS you have other options.
Subscribe to MQTT topic directly via WebSockets by AWS JS library.
You can Use Cognito to manage users and to have some acces to AWS services, this way you can get credentials to subscribe to the topic in MQTT using WebSockets like this link describe.
https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html#mqtt-ws
Having own Users manager and using a EC2 Instance.
You can create an EC2 instance and put an AppServer with NodeJs for example and use SocketIO to comunicate to the WebBrowser of users with your own manager, this way they can receive realtime info, whatever you want. You can then use an AWS MQTT IoT NodeJS client and subscribe to the topics you want and just send it by WebSockets of SocketIO server (All this in the same WebApp). This way you need to consider number of users and data in traffic. You can have topics by users for example topics like this "car/tracking/mycarId" where mycarId is an unique Id that identifies this user/car and you canonly subscribe to these you want at the same time, this way you are not subscribed to all topics of your cars and you are not receiving innecesary data and you dont need so much proccess.
I have implemented the second one but now Im migrating my realtime block to Cognito and MQTT via WebSockets.
Regards, Héctor
I'm trying to create a collaborative web application where multiple users can work together on various (shared) projects. So far I have a JavaScript client and one local jWebSocket server.
To remain scalable upon deployment, I thought of two options:
Option 1
I can use AWS IoT instead of multiple jWebSocket servers. Publishing changes of a project is easy, I would just need to publish to e.g. /project/{project-id}. But how would the traditional request-response mechanism work?
The Problem: EC2 instances handling requests would be reachable by publishing to distinct topics (e.g. /server/1). But when the JS client connects to AWS IoT, it does not know of any EC2 instance to send requests to. How could I assign each client to an instance/topic?
Option 2
Run jWebSocket servers on multiple EC2 instances behind an AWS Application Load Balancer. The balancer would simply assign each client to a server and the traditional request-response flow would not be a problem. But what about pushing changes?
The Problem: Because each server has its own set of connected clients, it can not push changes to clients connected to another server.
Remarks
Mixing jWebSocket to send requests to and AWS IoT to receive events from seems like a sloppy solution.
I assume I can programmatically adapt the IoT policies per cognito identity to allow/deny the subscription to specific projects.
Using AWS Lambda and relinquishing servers altogether is not an option due to the high latency introduced by Lambda (if you've made different experiences, please share).
Related posts
IoT request response protocol
Thanks for any thought you could give me on this issue.
I've got it. The first suggestion in this question pointed me into the right direction. The solution allows all clients to maintain a direct WebSocket connection to the server they originally connected to, without subscribing to specific topics.
It works as follows:
When a client connects to a server, the server subscribes to the client's channel
If a server needs to send a message to a client that is not connected, it publishes that message to the client's channel
(you guessed it) The server that is subscribed to the channel can then process the message on the first server's behalf
"Pusher" in the diagram describes this SaaS, but can of course be replaced by any other messaging service.