1 Introduction
With the quick development of science and technology, the Internet of Things(IoT) is widely used in various areas, such as industry, agriculture, environment, transportation, logistics, security, and other infrastructure. IoT usage makes our lives more colorful and intelligent. The explosive development of the IoT cannot be separated from the cloud platform. At present, there are many types of cloud services on the market, such as Amazon's AWS, Microsoft's Azure, google cloud, China's Alibaba Cloud, Baidu Cloud, OneNet, etc.
Amazon AWS Cloud is a professional cloud computing service that is provided by Amazon. It provides a complete set of infrastructure and cloud solutions for customers in various countries and regions around the world. It is currently a cloud computing with a large number of users. AWS IoT is a managed cloud platform that allows connected devices to easily and securely interact with cloud applications and other devices.
NXP crossover MCU RT product has launched a series of AWS sample codes. This article mainly explains the remote_control_wifi_nxp code in the official MIMXRT1060-EVK SDK as an example to realize the data interaction with AWS IoT cloud, Android mobile APP, and MQTTfx client. The cloud topology of this article is as follows:
Fig.1-1
2 AWS cloud operation
2.1 Create an AWS account
Prepare a credit card, and then go to the below amazon link to create an AWS account:
https://console.aws.amazon.com/console/home
2.2 Create a Thing
Open the AWS IOT link:
https://console.aws.amazon.com/iot
Choose the Things item under manage, if it is the first time usage, customer can choose “register a thing” to create the thing. If it is used in the previous time, customers can click the “create” button in the right corner to create the thing. Choose “create a single thing” to create the new thing, more details check the following picture.
Fig. 2-1
Fig.2-2
Fig.2-3
2.3 Create certificate
Create a certificate for the newly created thing, click the “create certificate” button under the following picture:
Fig.2-4
After the certificate is built, it will have the information about the certificate created, it means the certificate is generated and can be used.
Fig. 2-5
Please note, download files: certificate for this thing, public key, private key.
It will be used in the mqttfx tool configuration. Click “A root CA for AWS for Download”, download the root CA for AWS IoT, the mqttfx tool setting will also use it.
Open the root CA download link, can download the CA certificate.
RSA 2048 bit key: VeriSign Class 3 Public Primary G5 root CA certificate
Fig. 2-6
At last, we can get these files:
7abfd7a350-certificate.pem.crt
7abfd7a350-private.pem.key
7abfd7a350-public.pem.key
AmazonRootCA1.pem
Save it, it will be used later.
Click “active” button to active the certificate, and click “Done” button. The policy will be attached later.
2.4 Create Policies
Back to the iot view page:
https://console.aws.amazon.com/iot/
Select the policies under Secure item, to create the new policies.
Fig. 2-7
Input the policy name, in the action area, fill: iot:*, Resource ARN area fill: *
Check Allow item, click the create button to finish the new policy creation.
Fig. 2-8
2.5 Things attach relationship
After the thing, certificate, policies creation, then will attach the policy to the certificate, and attach the certificate to the Things.
Fig. 2-9
Choose the certificates under Secure item, in the related certificate item, choose “…”, you will find the down list, click “attach policy”, and choose the newly created policy. Then click attach thing, choose the newly created thing.
Fig. 2-10
Fig. 2-11
Fig. 2-12
Now, open the Things under Mange item, check the detail things related information.
Fig.2-13
Double click the thing, in the Interact item, we can find the Rest API Endpoint, the RT code and the mqttfx tool will use this endpoint to realize the cloud connection.
Fig. 2-14
Check the security, you will find the previously created certificate, it means this thing already attach the new certificates:
Fig. 2-15
Until now, we already finish the Things related configuration, then it will be used for the MQTT fx, Android app, RT EVK board connections, and testing, we also can check the communication information through the AWS shadow in the webpage directly.
3 Android related configuration
3.1 AWS cognito configuration
If use the Android app to communicate with the AWS IoT clould, the AWS side still needs to use the cognito service to authorize the AWS IoT, then access the device shadows. Create a new identity pools at first from the following link:
https://console.aws.amazon.com/cognitohttps://console.aws.amazon.com/cognito
Fig. 3-1
Click “manage Identity pools”, after enter it, then click “create new identity pool”
Fig. 3-2
Fig. 3-3
Fig. 3-4
Here, it will generate two Roles:
Cognito_PoolNameAuth_Role
Cognito_PoolNameUnauth_Role
Click Allow, to finish the identity pool creation.
Fig. 3-5
Please record the related Identity pool ID, it will be used in the Android app .properties configuration files.
3.2 Create plicies in IAM for cognito
Open https://console.aws.amazon.com/iam
Click the “policies” item under “access management”
Fig. 3-6
Choose “create policy”, create a IAM policies, in the Policy JSON area, write the following content:
Fig. 3-7
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Publish"
],
"Resource": [
"arn:aws:iot:us-east-1:965396684474:topic/$aws/things/RTAWSThing/shadow/update",
"arn:aws:iot:us-east-1:965396684474:topic/$aws/things/RTAWSThing/shadow/get"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe",
"iot:Receive"
],
"Resource": [
"*"
]
}
]
}
Please note, in the JSON content:
"arn:aws:iot:<REGION>:<ACCOUNT ID>:topic/$aws/things/<THING NAME>/shadow/update",
"arn:aws:iot:<REGION>:<ACCOUNT ID>:topic/$aws/things/<THING NAME>/shadow/get"
Region:the us-east-1 inFig. 3-5
ACCOUNT ID, it can be found in the upper right corner my account side.
Fig 3-8
Fig 3-9
After finished the IAM policy creation, then back to IAM policies page, choose Filter policies as customer managed, we can find the new created customer’s policy.
Fig. 3-10
3.3 Attach policy for the cognito role in IAM
In IAM, choose roles item:
Fig. 3-11
Double click the cognito_PoolNameUnauth_Role which is generated when creating the pool in cognito, click attach policies, select the new created policy.
Fig. 3-12
Fig. 3-13
Until now, we already finish the AWS cognito configuration.
3.4 Android properties file configuration
Create a file with .properties, the content is:
customer_specific_endpoint=<REST API ENDPOINT>
cognito_pool_id=<COGNITO POOL ID>
thing_name=<THING NAME>
region=<REGION>
Please fill the correct content:
REST API ENDPOINT:Fig 2-14
COGNITO POOL ID:fig 3-5
THING NAME:fig 2-14,upper left corner
REGION:Fig 3-5, the region data in COGNITO POOL ID
Take an example, my properties file content is:
customer_specific_endpoint=a215vehc5uw107-ats.iot.us-east-1.amazonaws.com
cognito_pool_id=us-east-1:c5ca6d11-f069-416c-81f9-fc1ec8fd8de5
thing_name=RTAWSThing
region=us-east-1
In the real usage, please use your own configured data, otherwise, it will connect to my cloud endpoint.
4. MQTTfx configuration and testing
MQTT.fx is an MQTT client tool which is based on EclipsePaho and written in Java language. It supports subscribe and publish of messages through Topic. You can download this tool from the following link:
http://mqttfx.jensd.de/index.php/download
The new version is:1.7.1.
4.1 MQTT.fx configuration
Choose connect configuration button, then enter the connection configuration page:
Fig. 4-1
Profile Name: Enter the configuration name
Broker Address: it is REST API ENDPOINT。
Broker Port:8883
Client ID: generate it freely
CA file: it is the downloaded CA certificate file
Client Certificate File: related certificate file
Client key File: private key file
Check PEM formatted。
Click apply and OK to finish the configuration.
4.2 Use the AWS cloud to test connection
In order to test whether it can be connected to the event cloud, a preliminary connection test can be performed.
Open the aws page: https://console.aws.amazon.com/iot
here is a Test button under this interface, which can be tested by other clients or by itself.Both AWS cloud and MQTTfx subscribe topic: $aws/things/RTAWSThing/shadow/update
MQTTfx publishes data to the topic: $aws/things/RTAWSThing/shadow/update
It can be found that both the cloud test port and the MQTTfx subscribe can receive data:
Fig. 4-2
Below, the Publish data is tested by the cloud, and then you can see that both the MQTTFX subscribe and the cloud subscribe can receive data:
Fig. 4-3
Until now, the AWS cloud can transfer the data between the AWS iot cloud and the client.
5 RT1060 and wifi module configuration
We mainly use the RT1060 SDK2.8.0 remote_control_wifi_nxp as the RT test code:
SDK_2.8.0_EVK-MIMXRT1060\boards\evkmimxrt1060\aws_examples\remote_control_wifi_nxp
Test platform is:MIMXRT1060-EVK
Panasonic PAN9026 SDIO ADAPTER + SD to uSD adapter
The project is using Panasonic PAN9026 SDIO ADAPTER in default.
5.1 WIFI and the AWS code configuration
The project need the working WIFI SSID and the password, so prepare a working WIFI for it. Then add the SSID and the password in the aws_clientcredential.h
#define clientcredentialWIFI_SSID "Paste WiFi SSID here."
#define clientcredentialWIFI_PASSWORD "Paste WiFi password here."
The connection for AWS also in file: aws_clientcredential.h
#define clientcredentialMQTT_BROKER_ENDPOINT "a215vehc5uw107-ats.iot.us-east-1.amazonaws.com"
#define clientcredentialIOT_THING_NAME "RTAWSThing"
#define clientcredentialMQTT_BROKER_PORT 8883
5.2 certificate and the key configuration
Open the SDK following link:
SDK_2.8.0_EVK-MIMXRT1060\rtos\freertos\tools\certificate_configuration\CertificateConfigurator.html
Fig. 5-1
Generate the new aws_clientcredential_keys.h, and replace the old one. Take the MCUXPresso IDE project as an example, the file location is:
Fig. 5-2
Build the project and download it to the MIMXRT1060-EVK board.
6 Test result
Androd mobile phone download and install the APK under this folder:
SDK_2.8.0_EVK-MIMXRT1060\boards\evkmimxrt1060\aws_examples\remote_control_android\AwsRemoteControl.apk
SDK can be downloaded from this link:
Welcome | MCUXpresso SDK Builder
Then, we can use the Android app to remote control the RT EVK on board LED, the test result is
6.1 APP and EVK test result
MIMXRT1060-EVK printf information:
Fig. 6-1
Turn on and turn off the led:
Fig. 6-2
Fig. 6-3
6.2 MQTTfx subscribe result
MQTTfx subscribe data
Turn on the led, we can subscribe two messages:
Fig. 6-4
Fig. 6-5
Turn off the led, we also can subscribe two messages:
Fig. 6-6
Fig. 6-7
In the two message, the first one is used to set the led status. The second one is the EVK used to report the EVK led information.
MQTTfx also can use the publish page, publish this data:
{"state":{"desired":{"LEDstate":1}}} or {"state":{"desired":{"LEDstate":0}}}
To topic: $aws/things/RTAWSThing/shadow/update
It also can realize the on board LED turn on or off.
6.3 AWS cloud shadows display result
Turn on the led:
Fig. 6-8
Turn off the led:
Fig. 6-9
In conclusion, after the above configuration and testing, it can finish the Android mobile phone to remote control the RT EVK on board LED and get the information. Also can use the MQTTFX client tool and the AWS shadow page to check the communication data.
Hi Kerry Zhou,
We want to know what WiFi module you have used.
Regards,
Vasu
Hi Vasudhevan G,
Panasonic PAN9026 SDIO ADAPTER + SD to uSD adapter
The SDK use it in default, you also can use:
- AzurWave AW-NM191MA + Murata uSD M.2 Adapter
- AzurWave AW-NM191NF-uSD
or
- Murata 1DX M.2 module
- Murata uSD M.2 Adapter
Wish it helps you!
Best Regards,
Kerry