In the first part of this Getting started with IoT button post, we configured the WiFi connection and set up certificates for secure communication with AWS cloud. The data sent with every button press looks like that:
Besides sending, the device has to do operations with this data like publishing it on a MQTT topic. Since all actions in AWS are tightly controlled for security purposes, the device needs a permission to perform actions. Policy is a form of such permission.
Create a policy
Creating a policy starts with clicking Create a resource and choosing Create a policy tab.
In order to publish to a particular topic, select iot:Publish action (it is easy to find it in the drop-down list after typing the first few letters). The content of the resource field depend on the selected action. Since we selected Publish, we need to provide topic identifier as a resource (read more about resources and topics here). Resources follow somewhat complex naming convention:
This is similar to the REST API endpoint, since it contains your AWS account number (endpoint subdomain) and region (for example, us-east-1). We already used the serial number as well when setting up WiFi access. With all previously collected info, it is easy to create the correct ARN:
Check the Allow box, click on Add statement (single policy can contain multiple statements) and Create. The policy is now visible in the list of resources.
Attach the policy and the thing to the device certificate
In order to work properly, the newly created policy has to be attached to the device certificate. Also, the certificate should be associated with the thing we created in the first part. To perform this association, select the certificate in the resource list and click on Actions menu. Attach both the policy and the thing to the certificate. The certificate is finally complete!
If you press a button on the device at this point, it will send the data and publish it to the iotbutton topic. LED indicator should turn solid green for several seconds, indication successful publish outcome. As a test, try to detach the policy – the LED will flash red. Also try detaching the thing. Surprisingly, the thing really does not make a difference – even without it the message is published.
You can subscribe to a topic and receive messages by using the MQTT client built into AWS IoT or with the standalone application like MQTT.fx (more MQTT clients here). Subscribe to the iotbutton/G030JF05XXXXXXXX topic to view messages for a specific device or iotbutton/+ if you have multiple buttons.
Create and configure a rule
AWS IoT can perform actions when a messages is published through the use of rules. Creating a rule is similar to creating any other resource. In the Create rule dialog, fill in the name and description fields first. We need to create an SQL query that will be used to monitor published messages. This is done by specifying the Attribute field and the Topic filter. Since we are interested in the IoT button topic, type in the familiar iotbutton/G030JF05XXXXXXXX. Attribute can be a specific field of the payload, such as clickType or batteryVoltage, but we can also use * for all fields. Condition is not required and can be left blank, unless we want to trigger the rule only when battery voltage falls below a certain threshold, for example.
Finally, we need to select an action from the expansive list of available actions. We are currently interested in the sending a text message or an email as the click notification, so select the SNS service.
We have not selected any targets for the notification. Let’s follow Create a new resource link to create a target for the AWS Push Notification Service (SNS). Targets for the rules are called topics in the SNS parlance.
Create SNS topic
Hit Create new topic button on the newly opened SNS dashboard and input name and display name of your topic.
Create the topic and click on its ARN in the list of topics. This should display topic details. As you see, the topic currently has no subscriptions – i.e. addresses or phone numbers to send notifications to. You can add a number or an email address by creating new subscription.
This process is straightforward, as Topic ARN field gets auto-populated, all you need to do is to choose the desired protocol (SMS, email or AWS Lambda function to name a few), enter the endpoint (cell number, email address, etc) and create the subscription. With the subscription and topic in place, lets go back to the IoT dashboard and continue with the rule creation.
SNS target is now the topic name. Message format field is not required and the only remaining thing to do is to specify the Role name. Click Create a new role and specify role name – this is all. AWS will automatically add a new role into the Identity and Access Management (IAM) system and grant it a permission to push IoT notifications. With the role in place, Add action and Create the rule. Notice that a rule can have multiple assigned actions.
Rules are independent of a particular device or certificate. They do not have to be attached to anything. AWS IoT rules engine will continuously monitor the messages and push notifications if the message matches SQL query specified in the rule.
Press the IoT button and receive text message
With all steps now complete, pressing a button sends a text message withing a few seconds. There are three distinct click types: single, double and long. In addition, the button sends voltage, which can be monitored over time. Counting clicks is another interesting project for learning AWS basics.