aws re:invent 2016: introduction to aws iot in the cloud (iot204)

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

IOT204

Introduction to IoT in the CloudLearn about AWS IoT and listen to Amway’s story on

its journey to a leading connected company

What to Expect from the Session

Overview of the AWS IoT Service

What’s new this year

- The Console

- Operational Analytics

- Security

Learn from our customers. Here with us:

Beginning of a Massive Disruption

Data generation and access are changing fast

Human generated data

Sporadic interactions

Partial view of the world

Machines generated data

Continuous interactions

Complete view of the world

The beginning needs strong foundations

Three pillars for IoT

Simplicity Scale Security

AWS IoT Platform

All in one service

Message Broker

+ Rules Engine

+ Shadow

+ Registry

All for $5/M Msg*

Managed service

No installation

Automatic scaling

No pre-provisioning

Redundant across AZ

Pay as you go

* Varies by Region

Simple Pay as you go and Predictable Pricing

AWS IoT

• No minimum fees

• $5 per million messages published to, or delivered

in US East (N. Virginia), US West (Oregon), Ireland,

Germany, $6/M in Korea, Australia, $8/M in Asia

Pacific (Tokyo, and Singapore),

Free Tier250,000 Messages Per Month Free for first 12 Months

Enterprise Discounts AvailableFor large volumes our Enterprise Sales team is engaged

Working backward from customers

Pace of innovation

AWS IoT Beta

MQTT, HTTP

Rule Engine

Registry

C, Node SDK

Shadow

GA Launch

IPv6 Support

iOS SDK

• New Region: FRA, SIN

• Bring Your Own Certificate

• AWS CloudTrail Integration

• Amazon Machine Learning

• 24h WebSocket cnx

• Rule Engine versions

• ECC Support (w/ forward

secrecy)

• Binary payloads support

• Simulator ref design

• Real-time alerts in console

• QoS1 for shadow

• MQTT over

WebSocket

• MQTT client in Console

• Custom Keep Alive

intervals

• Logging configuration

in Console

• Amazon CloudWatch

integration

• Android SDK

• New Rule Actions

• CloudWatch Logs

• CloudWatch Alarms

• Amazon

Elasticsearch Service

• Thing Types

• Thing Shadow attributes in

Rule Engines

• Device Presence

• Security: JITR

• New Console

• New IoT at the Edge

(limited preview)

• Variable attributes in

Policies

• New Operational

Dashboards

OCT 15

2015 2016

DEC 15

New Onboarding Wizard: Connect in 9x faster

Choose how you want to

connect

And what language you

need

Configure in 3 steps

We create everything you need for you

Including Registry objects, certificates,

permissions, setup files, testing scripts

Validate. It Works!

Complete Console Redesign

Clear navigation

Operational dashboards

Onboarding experience

Deep Dive on Operational Dashboards

Operational Analytics platform and things level

Connection success counts

Protocol usage and traffic types

Messages publish counts

Rules execution counts

General Dashboard

Life cycle events

Messages directions

Custom Metrics!

Things Metrics

Certificate Metrics

Failed Authentications

Failed Authorizations

Security

X509 Certificates + TLS1.2

Security with AWS IoT

• Mutual Authentication using X509 Certificate, or

SigV4 for HTTPS and WebSocket

• Bring your own CSR or Certificate (BYOC) and

Just-In-Time Registration

• Support for RSA and ECC w/ Forward Secrecy

• 18 TLS Cipher Suites (incl. AES128-GCM-SHA256)

• Policy based access with dynamic values

• Role based Rules Action execution

• Partnership in Security with Atmel on the

ECC508

We turned one of the hardest security problem of securing

IoT devices into a BOM of a few cents

Everette Binger, Sr. IoT Solution Architect

Mike Gartner, Sr. IoT Platform Architect

26

WHO ARE WE?

27

AT A GLANCE

Everette Binger

12 Years at Amway

6 Years Solution Architecture

Mike Gartner

5 Years at Amway

12 Years Platform Architect

28

WHY IoT?

29

WHY IoT?

“In 2016, 5.5 million new things will get connected every day.” - Gartner, Inc.

30

Creating value for the One , the Many , the Al l

31

HOW?

32

How Did We Do This?

Adding a brand new business capability to our organization requires the understanding that key areas within the organization need to change.

“A connected device

requires a connected

organizat ion .”

33

Connected Organization

34

Agi le Approach

AN EMPOWERED TEAM consists of everything needed to create a product, including a

single point of contact for defining and prioritizing the tasks within the team.

35

REALLY HOW?

36

Architecture

Command and Control

mobile client

Amway

“Thing”

AWS

IoT

Device

Shadow

Historian

Topic

IoT

Topic

AWS

LambdaAmazon

DynamoDB

Historian

Rule

IoT

Rule

Amazon

Kinesis

Firehose

Amazon

EMR

Amazon

S3

Amazon

DynamoDB

JITR

Amazon

Cognito

Amazon API

Gateway

AWS

Lambda

Telemetry

Firmware Update

Thing Pairing

JITR

37

Just In T ime Registrat ion

Amway

“Thing”

Device

Registry

$aws/events/certific

ates/registered/caC

ertificateID

IoT

actionAWS

Lambda

Amazon

DynamoDB

Custom/{SHA256}IoT

actionAWS

Lambda

Amazon

DynamoDB

Robust IoT

policy

2

3 4 5

67

1

6

9

9

AWS

IoT

8

Basic IoT

policy

IoT

shadow

Custom/accepted

X

38

Connected Experience - DEMO

• Remote controlling the device On/off | Modes | Fan Speed

• Seeing the device status Fan Speed | Mode | Dust Levels

• View filter status Filter Life | Filters Installed

• Indoor Air Quality Monitor (AQI)Outdoor Air Quality Coming Soon!

Thank you!