How to Create a “Thing” in AWS IoT

  • by
Create a thing in AWS IoT

In AWS, the devices that connect to the IoT service are called Things. In order to communicate with the AWS IoT services, we will do the following:

  • Create a “Thing” in AWS IOT Core
  • Generate Keys and Certificates (we will need these certificates in NodeMCU for communication)
  • Attach necessary Policies

Create a “Thing” in AWS IOT Core

To create a “Thing” in AWS IOT Core, open the AWS IOT Core service. Sign in into the AWS Management Console and search for the “IOT” in the Services tab as shown. Then click on IoT Core.

open AWS IoT Core service

 

Once the service is open, on the left side panel, open Manage > Things, and then click on “Register a thing.

 

AWS IoT create a single thing

 

In the next screen select “Create a single thing

 

 

 

 

We will now be greeted with the options to name the device and select the type and also to add it to a group. We will not be using the type and the group settings. For now, the only thing we need to do is give a name to the device. I have named it “Test_NodeMCU”

Once you have given it a satisfactory name, scroll down and click on “Next”

AWS IoT device name

Generate Keys and Certificates in AWS IOT Core

AWS will now give us the certificate options. The simplest option here is the first one – “Create Certificate.” With this option, AWS creates the necessary certificates for out thing

Once we click on this option, AWS starts generating the certificates and gives us a notification that the certificates are generated.

AWS IoT certificates

Download all the certificates and keys. We will need them with NodeMCU. These certificates are used by AWS to authenticate the device that tries to connect to the AWS IoT Core.

AWS IoT certificate download

The first certificate and the two keys are specific to this device. The fourth thing here is the root CS for AWS. This is common for any device that tries to connect to AWS.

When you clink on the link, you will find many certificate options. Download the one that says “RSA 2048 bit key: Amazon Root CA 1“. the certificate will open in a link. Just copy all the contents to notepad and save it with a “.pem” extension.

Once all the certificates and keys are downloaded, click on “Activate“. This option will activate the certificates for the “Thing” we are creating.

Create Policies for AWS IoT Thing

We have our thing created. Now we need to give it permissions to use the IoT services. Each “Thing” must have the necessary permissions policy attached. The policy describes the actions that the “Thing” is authorized to perform.

AWS IoT Create Policy

 

To create a policy, click on Secure > Policies on the left side navigation panel and then click on “Create a policy”

 

 

 

 

In the page that opens, give a name to this policy, mention the Actions and the Resource ARN and select the Allow option.

Actions – iot:* (The star siginfies “all”. what we are saying in the policy is that allow all actions under “iot”)

Resource ARN – * (only a star, signifying that we are allowing the actions on all resources)

Then scroll down and click on “Create policy

AWS IoT policy actions

Attach Policy to Certificates in AWS IoT

Once the policy is created, we need to attach it to the certificates which we created earlier. How AWS evaluates this is, whenever a device tries to connect or perform any action on the AWS IoT core, it will –

  1. Check for the certificates.
  2. If the certificates are valid, it will check the attached policies for authorized actions.
  3. If the particular action is authorized, the action is approved.

AWS IoT Attach Policy to Certificate

Click on Secure > Certificates on the left navigation panel and then open the certificate.

 

 

 

 

 

On the top right, you will see an option called “Actions” and inside that there is the option to “Attach Policy

Click on “Attach Policy” and attach the policy which we just created.

attach AWS IoT Policy to Certificate

Perfect!! We have just created a “Thing” in AWS IoT and attached all the necessary certificates and permissions to it. We will now move on to the next step.

The next step is to  Convert Certificates from .pem to .der format

If you are aware of this step, you can move on directly to Connect NodeMCU to AWS IoT Core

I hope this article has been hopeful to you. Do let me know in the comments belw what you think!!

Sharing is Caring!!

Leave a Reply

Your email address will not be published. Required fields are marked *