In AWS, the devices that connect to the IoT service are called Things. In order to communicate with the AWS IoT services, we will do the following:
- Create a “Thing” in AWS IOT Core
- Generate Keys and Certificates (we will need these certificates in NodeMCU for communication)
- Attach necessary Policies
Create a “Thing” in AWS IOT Core
To create a “Thing” in AWS IOT Core, open the AWS IOT Core service. Sign in into the AWS Management Console and search for the “IOT” in the Services tab as shown. Then click on IoT Core.
Once the service is open, on the left side panel, open Manage > Things, and then click on “Register a thing.”
In the next screen select “Create a single thing”
We will now be greeted with the options to name the device and select the type and also to add it to a group. We will not be using the type and the group settings. For now, the only thing we need to do is give a name to the device. I have named it “Test_NodeMCU”
Once you have given it a satisfactory name, scroll down and click on “Next”
Generate Keys and Certificates in AWS IOT Core
AWS will now give us the certificate options. The simplest option here is the first one – “Create Certificate.” With this option, AWS creates the necessary certificates for out thing
Once we click on this option, AWS starts generating the certificates and gives us a notification that the certificates are generated.
Download all the certificates and keys. We will need them with NodeMCU. These certificates are used by AWS to authenticate the device that tries to connect to the AWS IoT Core.
The first certificate and the two keys are specific to this device. The fourth thing here is the root CS for AWS. This is common for any device that tries to connect to AWS.
When you clink on the link, you will find many certificate options. Download the one that says “RSA 2048 bit key: Amazon Root CA 1“. the certificate will open in a link. Just copy all the contents to notepad and save it with a “.pem” extension.
Once all the certificates and keys are downloaded, click on “Activate“. This option will activate the certificates for the “Thing” we are creating.
Create Policies for AWS IoT Thing
We have our thing created. Now we need to give it permissions to use the IoT services. Each “Thing” must have the necessary permissions policy attached. The policy describes the actions that the “Thing” is authorized to perform.
To create a policy, click on Secure > Policies on the left side navigation panel and then click on “Create a policy”
In the page that opens, give a name to this policy, mention the Actions and the Resource ARN and select the Allow option.
Actions – iot:* (The star siginfies “all”. what we are saying in the policy is that allow all actions under “iot”)
Resource ARN – * (only a star, signifying that we are allowing the actions on all resources)
Then scroll down and click on “Create policy”
Attach Policy to Certificates in AWS IoT
Once the policy is created, we need to attach it to the certificates which we created earlier. How AWS evaluates this is, whenever a device tries to connect or perform any action on the AWS IoT core, it will –
- Check for the certificates.
- If the certificates are valid, it will check the attached policies for authorized actions.
- If the particular action is authorized, the action is approved.
Click on Secure > Certificates on the left navigation panel and then open the certificate.
On the top right, you will see an option called “Actions” and inside that there is the option to “Attach Policy”
Click on “Attach Policy” and attach the policy which we just created.
Perfect!! We have just created a “Thing” in AWS IoT and attached all the necessary certificates and permissions to it. We will now move on to the next step.
The next step is to Convert Certificates from .pem to .der format
If you are aware of this step, you can move on directly to Connect NodeMCU to AWS IoT Core
I hope this article has been hopeful to you. Do let me know in the comments belw what you think!!
Vivek is a Senior Embedded Engineer at Robert Bosch. He has been working on Embedded Systems for the past 10 years. He loves to share his knowledge and train those who are interested. Nerdyelectronics.com was started out of this interest.