Overview

This repository contains a usage example of MICROEJ AWS IoT SDK.

It shows the following features:

• AWS Just In Time Provisioning of an IoT device.
• AWS MQTT TLS Connection Configuration.
• AWS MQTT Publish/Subscribe to a topic.
• AWS Device Shadow management (CRUD).

MICROEJ AWS IoT SDK documentation can be found here.

Requirements

• An AWS account. It can be created from AWS console.

• MICROEJ SDK 6.

• A VEE Port that contains:

  • EDC-1.3 or higher
  • BON-1.4 or higher
  • NET-1.1 or higher
  • SSL-2.2 or higher
  • TRACE-1.1 or higher.

This example has been tested on:

• Android Studio with MicroEJ plugin for Android Studio 0.6.0.
• VEE Port for NXP i.MX RT1170 2.2.0.

Usage

Import project

• Clone this repository.
• Open the project in your IDE.
• Set the VEE Port dependency in the build.gradle.kts file. By default, the sample will use the NXP i.MX RT1170 VEE Port.

Launching the AWS IoT Demo

Getting ready with AWS IoT

• Set up your AWS account by following this AWS guide.

• Generate the authority and device certificates, and the provisioning template. Then, register the authority certificate in AWS IoT Core Service by following this AWS guide.

  • Important notes
    • In the section Create a provisioning template, allow the necessary actions for this example to work. You can put [iot:*] in the Action: field of the template instead of [iot:Connect,iot:Publish] (escape characters omitted) to allow all the actions. The full list of AWS IoT policy actions can be found here.
    • In the section Create a provisioning template, replace the roleArn value by your Role ARN.
      • Your role must have a policy with an iot:RegisterCACertificate permission.
  • The last part using mosquitto_pub to test the connection and the JIT provisioning at the first connection can be skipped as it will be covered by this example.

Getting ready with the certificates

At this step you should have the following files:

• rootCA.pem: Root CA certificate in PEM format.
• deviceCert.crt: Device X509 certificate in PEM format.
• deviceCert.key: Device private key in PEM format.

deviceCert.key needs to be converted to DER format, as this is the format.

• Convert deviceCert.key to DER format using OpenSSL by running the following command:

openssl pkcs8 -inform PEM -in deviceCert.key -topk8 -outform DER -out deviceCert.der -v1 PBE-SHA1-3DES -passout pass:awsdemo

• Place the 3 files into src\main\resources\certificates\device folder.

Note

If the files naming doesn't match this documentation, it can be adapted by changing com.microej.demo.aws.iot.constants.list and com.microej.demo.aws.iot.resources.list files.

Getting ready with the application configuration

• Get the AWS IoT server hostname (endpoint), For that go to:
  • Connect to AWS Console.
  • Go to Iot Core Service.
  • From the left menu, go to Settings.
  • Copy the endpoint from the setting page. It looks something like *.iot.eu-west-3.amazonaws.com.
• Configure the application by changing the following values in src\main\resources\com.microej.demo.aws.iot.constants.list.

###################################################
# AWS IoT Broker Configuration
###################################################
aws.url=<AWS IoT Server Host Name>

Run on simulator

In IntelliJ IDEA or Android Studio:

• Open the Gradle tool window by clicking on the elephant icon on the right side.
• Expand the Tasks list.
• From the Tasks list, expand the microej list.
• Double-click on runOnSimulator.
• The application starts, the traces are visible in the Run view.

Alternative ways to run in simulation are described in the Run on Simulator documentation.

The following logs can be observed in the Simulator and in the AWS IoT dashboard:

Run on device

Make sure to properly setup the VEE Port environment before going further. Refer to the VEE Port README for more information.

In IntelliJ IDEA or Android Studio:

• Open the Gradle tool window by clicking on the elephant on the right side.
• Expand the Tasks list.
• From the Tasks list, expand the microej list.
• Double-Click on runOnDevice.
• The device is flashed. Use the appropriate tool to retrieve the execution traces.

Alternative ways to run on device are described in the Run on Device documentation.

The following logs can be observed in the console:

AWS IoT dashboard

The AWS IoT console provides some tools to monitor the activity on the broker.

• Go to Monitor section of the AWS IoT console to see graphs of successful connections to the broker and statistics on the messaging.
• You can also subscribe on a topic through the console in order to see arriving messages from your device:
  • go to MQTT test client.
  • in the Subscribe to a topic section, indicate the topic to subscribe to, here awsiot/demo/sample.
  • Click on Subscribe.
  • When the application is running, you should see messages displayed in the AWS IoT console:

Troubleshooting

ERROR javax.net.ssl.SSLHandshakeException: SSL-2.1:E=-129

-129: Verify problem on certificate and check date/time on your device.

This SSL ERROR means that the time is not correctly set on the device. This example automatically set the device time from an NTP server. Please ensure you're using a valid one. It can be configured in src/main/resources/com.microej.demo.aws.iot.properties.list file.

ntp.url=pool.ntp.org
ntp.port=123
ntp.timeout=1000

References

• MicroEJ Developer Portal.
• AWS Console.
• AWS IoT Documentation.
• OpenSSL.

Dependencies

All dependencies are retrieved transitively by MicroEJ Module Manager.

Source

N/A.

Restrictions

None.

---

Markdown
Copyright 2018-2024 MicroEJ Corp. All rights reserved.
Use of this source code is governed by a BSD-style license that can be found with this software.