Amazon Web Services – IoT

Amazon Web Services IoT architecture

Amazon Web Services, or shortly AWS, has many cloud solutions to offer. For example, there is a service dedicated to IoT applications. The Sizing Servers Lab has the necessary expertise in this specific product line. This webpage explains the most important components.

AWS IoT Components


In this case, the term “things” refers to the (internet) connected device, for example a smart bed. AWS IoT makes it possible to integrate any kind of “thing” with their cloud solution. The linking happens via a so-called software development kit, shortly called an SDK. Meanwhile, the number of available SDK’s (which are open source), has grown dramatically. A list of available SDKs and the source code can be found at GitHub. If there is no SDK available that fits your specific needs, a developer can easily take care of the connection between the application and the cloud service. AWS IoT uses well-known, standardized communication protocols (HTTPS, MQTT). Besides the services correlated to the AWS IoT offering one could easily integrate with other AWS cloud solutions. The idea is the same as with linking a thing, there are different SDK’s available for all the services. Some of those services could be addressed immediately via AWS IoT. For example, you could push received data to some kind of NoSQL database (AWS DynamoDB).

Message broker

A thing connects with the “Message Broker”. This component makes it possible to both send and receive messages. A so-called publish / subscribe (often abbreviated as pub / sub) methodology is used. Messages are published to a particular topic, listening for incoming messages is also done via a topic. More information can be found here

Things registry

As the name itself indicates, this component keeps track of the different things. The registry contains the name among other things, so that the thing is uniquely identifiable. In addition, it makes use of certain certificates belonging to a thing for securing communication between a thing and the AWS IoT service. The registry also keeps track of which topics are used. More information can be found here.

Things shadow

Messages exchanged between a thing and AWS IoT do follow a specific format / notation, more precisely JSON (formatted text following some specifics rules). AWS IoT call this “Thing Shadows”. A message consist of a number of predefined blocks. Note that the payload (the size of the message) is limited to 128KB (at moment of writing). Other important limitations can be consulted here. The way a message should be composed can be found here. A message containing information about a RGB bulb could look like this:

  "state" : {
    "reported" : {
      "color" : {"r" : 10, "g" : 255, "b" : 0},
      "engine" : "ON"

Rules engine

This is the most powerful component in the AWS IoT architecture. This “Rules Engine” processes all the transmitted messages in real-time. A rule is created based on a Structured Query Language (SQL) query. The incoming data will be subject to this query. The result of this operation can be linked to multiple actions. For example, an action could be replicating data to the other things. Another possibility is to trigger an event whenever a certain threshold is reached (e.g. temperature). This event can be linked to some specific actions: one could configure a rule that will send an SMS. In theory, every service that exists within the AWS eco-system can be integrated. For an overview, please consult the following webpage:

AWS IoT Rules Engine

AWS Lamba

AWS Lambda is one of the services linkable to a rule. Rules can become very complex, but sometimes you need even more complexity. In that case, you could use AWS Lambda. This service allows you to run an event trigger that executes a piece of code. The program is started and stopped automatically. The infrastructure required for this is completely abstracted, in other words, the developer does not have to configure any server and / or software. The infrastructure is completely scalable as well.

For example, one could do some real-time analyses. The result can be send back to the AWS IoT service or it can be send to another service that not necessary resides in the cloud. Of course, there are also some services dedicated especially to analyzing real-time data (AWS Kinesis). For more information about AWS Lambda, visit the following webpage:

Security and identity

This component handles the security mechanisms. Other services within the AWS IoT architecture use this (less or more) internal component. The service does examine whenever an action is allowed or not. The security can be tuned very specific, one can configure that a unique thing or a group of things is / are allowed to communicate with AWS Lambda. Finally yet importantly, this component also ensures the secure communication between the things on one side, and on the other side the cloud itself. More information here.

AWS IoT Security & Identity

IoT Applications

The last component is the application itself, for example a web application. This application can be hosted in the AWS cloud (e.g. on AWS EC2 instances, set-up as webserver). To make the integration possible, one can again make use of the several SDK’s. This page is a good starting point to find out which tools and SDKs are available.

Related articles