亚马逊AWS IoT概述

AWSIoTAWSIoTSubtitleHereSpeakerNameSubtitleHereSpeakerNameWhattoExpectfromthisSession•OverviewofAWSIoT•MessageBroker•RulesEngine•Shadow•RegistryandSecurity•DeviceSDK•AWSIoTHardwareProgramThingsareBecomingConnectedNowNottoolongfromnowSoonAfterSource:PrettymucheveryoneChallengeswithConnectedThings•Connecteddoesnotnecessarilymeanuseful•NoisetoSignal•EventDrivenComputing•StreamProcessing,BigDataandAnalytics•SECURITY!AWSIoTDEVICESDKSetofclientlibrariestoconnect,authenticateandexchangemessagesMESSAGEBROKERCommunicatewithdevicesviaMQTTandHTTPAUTHENTICATIONAUTHORIZATIONSecurewithmutualauthenticationandencryptionRULESENGINETransformmessagesbasedonrulesandroutetoAWSServicesAWSServices-----3PServicesSHADOWPersistentthingstateduringintermittentconnectionsAPPLICATIONSAWSIoTAPIREGISTRYIdentityandManagementofyourthingsAWSIoTMessageBrokerMESSAGEBROKERCommunicatewithdevicesviaMQTTandHTTPAWSIoTMessageBrokerStandardProtocolSupport(nolock-in)MillionsofdevicesandappscanconnectoveranyprotocolstartingwithMQTTandHTTP1.1Long-livedbi-directionalmessagesClients(DevicesandApps)canreceivecommandsandcontrolsignalsfromthecloudSecurebyDefaultConnectsecurelyviaX509CertsandTLS1.2ClientMutualAuthTopicBasedArchitecture(lights/thing-2/color)HighlyScalableMessageBrokerMQTTMQTTvsHTTPS:•93xfasterthroughput•11.89xlessbatterytosend•170.9xlessbatterytoreceive•50%lesspowertokeepconnected•8xlessnetworkoverheadSource:•OASISstandardprotocol(v3.1.1)•Lightweight,pub-sub,transportprotocolthatisusefulforconnecteddevices•MQTTisusedonoilrigs,connectedtrucks,andmanymoresensitiveandresource-sensitivescenarios.•Customershaveneededtobuild,maintainandscaleabrokertouseMQTTwithcloudapplicationsAWSIoTMessageBroker:ManagedServiceHighlyScalableMessageBrokerMillionsofdevicessendingbillionsofmessagesSubscribersPublishersAWSIoTMessageBroker:ManagedServiceHighlyScalableMessageBrokerMillionsofdevicessendingbillionsofmessagesSubscribersPublishersAWSIoTSecurity:AuthenticationandAuthorizationAUTHENTICATIONSecurewithmutualauthenticationandencryptionAUTHENTICATIONAUTHORIZATIONSecurewithmutualauthenticationandencryptionOneService,TwoProtocolsMQTT+MutualAuthTLSAWSAuth+HTTPSServerAuthTLS+CertTLS+CertClientAuthTLS+CertAWSAPIKeysConfidentialityTLSTLSProtocolMQTTHTTPIdentificationAWSARNsAWSARNsAuthorizationAWSPolicyAWSPolicyNEWMutualAuthTLSSecurity•SecureCommunicationswithThings•-SingleAPIcalltoCreateKeysAndCertificate()•-ClientGeneratedCreateCertificateFromCSR(CSR)•Fine-grainedAuthorizationfor:•ThingManagement•Pub/SubDataAccess•AWSServiceAccess{Version:2012-10-17,Statement:[{Effect:Allow,Action:[iot:Publish],Resource:[arn:aws:iot:us-east-1:123456972007:topic/foo]},{Effect:Allow,Action:[iot:Subscribe],Resource:[arn:aws:iot:us-east-1:123456972007:topicfilter/foo/bar/*]}]}AWSIoTRulesEngineRULESENGINETransformmessagesbasedonrulesandroutetoAWSServicesSimple&FamiliarSyntax-SQLStatementtodefinetopicfilter-OptionalWHEREclause-AdvancedJSONsupportFunctionsimprovesignal:noise-Stringmanipulation(regexsupport)-Mathematicaloperations-Contextbasedhelperfunctions-Cryptosupport-UUID,Timestamp,rand,etc.AWSIoTRulesEngineBasicsSELECT*FROM‘things/thing-2/color’WHEREcolor=‘red’AWSIoTRulesEngine’sFlexibilitySELECT*,clientId()asMQTTClientIdFROM'one/rule'WHEREstartsWith(topic(2),'IME33')AND(state='INIT'ORhydro_tempsurface_temp),actions:[{republish:{topic:controllers/${substring(topic(3),3,5)},}]AWSIoTRulesEngineComplexEvaluationsRespondtothefleet,notjustasingleunit.Dozensoffunctions()availableMultiple/SimultaneousActionsSometimesasituationrequiresyoutotakemanyactionsAWSIoTRulesEngineActionsRULESENGINETransformmessagesbasedonrulesandroutetoAWSServicesAWSServices-----3PServicesAWSServices-----3PServices1.AWSServices(DirectIntegration)RulesEngineActionsAWSIoTRulesEngineLambdaSNSSQSS3KinesisDDBRDSRedshiftGlacierEC23.ExternalEndpoints(viaLambdaandSNS)RulesEngineconnectsAWSIoTtoExternalEndpointsandAWSServices.2.RestofAWS(viaKinesis,Lambda,S3,andmore)AWSIoTRulesEngineRulesEngineevaluatesinboundmessagespublishedintoAWSIoT,transformsanddeliverstotheappropriateendpointbasedonbusinessrules.ExternalendpointscanbereachedviaLambdaandSimpleNotificationService(SNS).InvokeaLambdafunctionPutobjectinanS3bucketInsert,Update,ReadfromaDynamoDBtablePublishtoanSNSTopicorEndpointPublishtoaKinesisstreamActionsAmazonFirehoseRepublishtoAWSIoTAWSIoTRulesEngine&StreamDataN:1InboundStreamsofSensorData(SignaltoNoiseReduction)RulesEnginefilters,transformssensordatathensendsaggregatetoAmazonKinesisKinesisStreamstoEnterpriseApplicationsSimultaneouslystreamprocesseddatatodatabases,applications,otherAWSServicesOrderedStreamAWSIoTRulesEngine&AmazonSNSPushNotificationsAppleAPNSEndpoint,GoogleGCMEndpoint,AmazonADMEndpoint,WindowsWNSAmazonSNS-HTTPEndpoint(OrSMSorEmail)CallHTTPbased3rdpartyendpointsthroughSNSwithsubscriptionandretrysupportSNS2AWSIoTThingShadowTHINGSHADOWPersistentthingstateduringintermittentconnectionsSHADOWPersistentthingstateduringintermittentconnectionsAPPLICATIONSAWSIoTThingShadowShadow