1 Introduction

   With the quick development of science and technology, the Internet of Things(IoT) is widely used in various areas, such as industry, agriculture, environment, transportation, logistics, security, and other infrastructure. IoT usage makes our lives more colorful and intelligent. The explosive development of the IoT cannot be separated from the cloud platform. At present, there are many types of cloud services on the market, such as Amazon's AWS, Microsoft's Azure, google cloud, China's Alibaba Cloud, Baidu Cloud, OneNet, etc.

   Amazon AWS Cloud is a professional cloud computing service that is provided by Amazon. It provides a complete set of infrastructure and cloud solutions for customers in various countries and regions around the world. It is currently a cloud computing with a large number of users. AWS IoT is a managed cloud platform that allows connected devices to easily and securely interact with cloud applications and other devices.

   NXP crossover MCU RT product has launched a series of AWS sample codes. This article mainly explains the remote_control_wifi_nxp code in the official MIMXRT1060-EVK SDK as an example to realize the data interaction with AWS IoT cloud, Android mobile APP, and MQTTfx client. The cloud topology of this article is as follows:

Fig.1-1

2 AWS cloud operation

2.1 Create an AWS account

Prepare a credit card, and then go to the below amazon link to create an AWS account:

   https://console.aws.amazon.com/console/home

2.2 Create a Thing

   Open the AWS IOT link:

https://console.aws.amazon.com/iot

   Choose the Things item under manage, if it is the first time usage, customer can choose “register a thing” to create the thing. If it is used in the previous time, customers can click the “create” button in the right corner to create the thing. Choose “create a single thing” to create the new thing, more details check the following picture.

Fig. 2-1

Fig.2-2

Fig.2-3

2.3 Create certificate

   Create a certificate for the newly created thing, click the “create certificate” button under the following picture:

Fig.2-4

   After the certificate is built, it will have the information about the certificate created, it means the certificate is generated and can be used.

Fig. 2-5

Please note, download files: certificate for this thing, public key, private key.

It will be used in the mqttfx tool configuration. Click “A root CA for AWS for Download”, download the root CA for AWS IoT, the mqttfx tool setting will also use it.

Open the root CA download link, can download the CA certificate.

RSA 2048 bit key: VeriSign Class 3 Public Primary G5 root CA certificate

Fig. 2-6

At last, we can get these files:

7abfd7a350-certificate.pem.crt

7abfd7a350-private.pem.key

7abfd7a350-public.pem.key

AmazonRootCA1.pem

Save it, it will be used later.

Click “active” button to active the certificate, and click “Done” button. The policy will be attached later.

2.4 Create Policies

    Back to the iot view page:

https://console.aws.amazon.com/iot/

    Select the policies under Secure item, to create the new policies. 

Fig. 2-7

Input the policy name, in the action area, fill: iot:*, Resource ARN area fill: *

Check Allow item, click the create button to finish the new policy creation.

Fig. 2-8

2.5 Things attach relationship

    After the thing, certificate, policies creation, then will attach the policy to the certificate, and attach the certificate to the Things.

Fig. 2-9

Choose the certificates under Secure item, in the related certificate item, choose “…”, you will find the down list, click “attach policy”, and choose the newly created policy. Then click attach thing, choose the newly created thing.

Fig. 2-10

Fig. 2-11

Fig. 2-12

Now, open the Things under Mange item, check the detail things related information.

Fig.2-13

Double click the thing, in the Interact item, we can find the Rest API Endpoint, the RT code and the mqttfx tool will use this endpoint to realize the cloud connection.

Fig. 2-14

Check the security, you will find the previously created certificate, it means this thing already attach the new certificates:

Fig. 2-15

Until now, we already finish the Things related configuration, then it will be used for the MQTT fx, Android app, RT EVK board connections, and testing, we also can check the communication information through the AWS shadow in the webpage directly.

3 Android related configuration

3.1 AWS cognito configuration

   If use the Android app to communicate with the AWS IoT clould, the AWS side still needs to use the cognito service to authorize the AWS IoT, then access the device shadows. Create a new identity pools at first from the following link:

https://console.aws.amazon.com/cognitohttps://console.aws.amazon.com/cognito

Fig. 3-1

Click “manage Identity pools”, after enter it, then click “create new identity pool”

Fig. 3-2

Fig. 3-3

Fig. 3-4

Here, it will generate two Roles：

Cognito_PoolNameAuth_Role

Cognito_PoolNameUnauth_Role

Click Allow, to finish the identity pool creation.

Fig. 3-5

Please record the related Identity pool ID, it will be used in the Android app .properties configuration files.

3.2 Create plicies in IAM for cognito

  Open https://console.aws.amazon.com/iam

  Click the “policies” item under “access management”

Fig. 3-6

Choose “create policy”, create a IAM policies, in the Policy JSON area, write the following content:

Fig. 3-7

{
 "Version": "2012-10-17",
 "Statement": [
 {
 "Effect": "Allow",
 "Action": [
 "iot:Connect"
 ],
 "Resource": [
 "*"
 ]
 },
 {
 "Effect": "Allow",
 "Action": [
 "iot:Publish"
 ],
 "Resource": [
 "arn:aws:iot:us-east-1:965396684474:topic/$aws/things/RTAWSThing/shadow/update",
 "arn:aws:iot:us-east-1:965396684474:topic/$aws/things/RTAWSThing/shadow/get"
 ]
 },
 {
 "Effect": "Allow",
 "Action": [
 "iot:Subscribe",
 "iot:Receive"
 ],
 "Resource": [
 "*"
 ]
 }
 ]
}‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Please note, in the JSON content:

"arn:aws:iot:<REGION>:<ACCOUNT ID>:topic/$aws/things/<THING NAME>/shadow/update",

"arn:aws:iot:<REGION>:<ACCOUNT ID>:topic/$aws/things/<THING NAME>/shadow/get"

Region：the us-east-1 inFig. 3-5

ACCOUNT ID, it can be found in the upper right corner my account side.

Fig 3-8

Fig 3-9

After finished the IAM policy creation, then back to IAM policies page, choose Filter policies as customer managed, we can find the new created customer’s policy.

Fig. 3-10

3.3 Attach policy for the cognito role in IAM

  In IAM, choose roles item:

Fig. 3-11

Double click the cognito_PoolNameUnauth_Role which is generated when creating the pool in cognito, click attach policies, select the new created policy.

Fig. 3-12

Fig. 3-13

Until now, we already finish the AWS cognito configuration.

3.4  Android properties file configuration

Create a file with .properties, the content is:

    customer_specific_endpoint=<REST API ENDPOINT>

    cognito_pool_id=<COGNITO POOL ID>

    thing_name=<THING NAME>

    region=<REGION>

Please fill the correct content:

REST API ENDPOINT：Fig 2-14

COGNITO POOL ID：fig 3-5

THING NAME：fig 2-14，upper left corner

REGION：Fig 3-5, the region data in COGNITO POOL ID

Take an example, my properties file content is:

 customer_specific_endpoint=a215vehc5uw107-ats.iot.us-east-1.amazonaws.com

 cognito_pool_id=us-east-1:c5ca6d11-f069-416c-81f9-fc1ec8fd8de5

 thing_name=RTAWSThing

 region=us-east-1

In the real usage, please use your own configured data, otherwise, it will connect to my cloud endpoint.

4. MQTTfx configuration and testing

MQTT.fx is an MQTT client tool which is based on EclipsePaho and written in Java language. It supports subscribe and publish of messages through Topic. You can download this tool from the following link:  

http://mqttfx.jensd.de/index.php/download

   The new version is:1.7.1.

4.1 MQTT.fx configuration

    Choose connect configuration button, then enter the connection configuration page:

Fig. 4-1

Profile Name: Enter the configuration name

Broker Address: it is REST API ENDPOINT。

Broker Port:8883

Client ID: generate it freely

CA file: it is the downloaded CA certificate file

Client Certificate File: related certificate file

Client key File: private key file

Check PEM formatted。

Click apply and OK to finish the configuration.

4.2 Use the AWS cloud to test connection

  In order to test whether it can be connected to the event cloud, a preliminary connection test can be performed.

Open the aws page： https://console.aws.amazon.com/iot

here is a Test button under this interface, which can be tested by other clients or by itself.Both AWS cloud and MQTTfx subscribe topic: $aws/things/RTAWSThing/shadow/update

MQTTfx publishes data to the topic: $aws/things/RTAWSThing/shadow/update

It can be found that both the cloud test port and the MQTTfx subscribe can receive data:

Fig. 4-2

Below, the Publish data is tested by the cloud, and then you can see that both the MQTTFX subscribe and the cloud subscribe can receive data:

Fig. 4-3

Until now, the AWS cloud can transfer the data between the AWS iot cloud and the client.

5 RT1060 and wifi module configuration

  We mainly use the RT1060 SDK2.8.0 remote_control_wifi_nxp as the RT test code:

SDK_2.8.0_EVK-MIMXRT1060\boards\evkmimxrt1060\aws_examples\remote_control_wifi_nxp

Test platform is:MIMXRT1060-EVK

Panasonic PAN9026 SDIO ADAPTER + SD to uSD adapter

The project is using Panasonic PAN9026 SDIO ADAPTER in default.

5.1 WIFI and the AWS code configuration

   The project need the working WIFI SSID and the password, so prepare a working WIFI for it. Then add the SSID and the password in the aws_clientcredential.h

#define clientcredentialWIFI_SSID       "Paste WiFi SSID here."

#define clientcredentialWIFI_PASSWORD   "Paste WiFi password here."

The connection for AWS also in file: aws_clientcredential.h

#define clientcredentialMQTT_BROKER_ENDPOINT "a215vehc5uw107-ats.iot.us-east-1.amazonaws.com"

#define clientcredentialIOT_THING_NAME       "RTAWSThing"

#define clientcredentialMQTT_BROKER_PORT      8883

5.2 certificate and the key configuration

Open the SDK following link:

SDK_2.8.0_EVK-MIMXRT1060\rtos\freertos\tools\certificate_configuration\CertificateConfigurator.html

Fig. 5-1

Generate the new aws_clientcredential_keys.h, and replace the old one. Take the MCUXPresso IDE project as an example, the file location is:

Fig. 5-2

Build the project and download it to the MIMXRT1060-EVK board.

6 Test result

Androd mobile phone download and install the APK under this folder:

SDK_2.8.0_EVK-MIMXRT1060\boards\evkmimxrt1060\aws_examples\remote_control_android\AwsRemoteControl.apk

SDK can be downloaded from this link:

Welcome | MCUXpresso SDK Builder 

Then, we can use the Android app to remote control the RT EVK on board LED, the test result is

6.1 APP and EVK test result

MIMXRT1060-EVK printf information：

Fig. 6-1

Turn on and turn off the led:

Fig. 6-2      

                                 Fig. 6-3

6.2 MQTTfx subscribe result

MQTTfx subscribe data

Turn on the led, we can subscribe two messages:

Fig. 6-4

Fig. 6-5

Turn off the led, we also can subscribe two messages:

Fig. 6-6

Fig. 6-7

In the two message, the first one is used to set the led status. The second one is the EVK used to report the EVK led information.

MQTTfx also can use the publish page, publish this data:

{"state":{"desired":{"LEDstate":1}}} or {"state":{"desired":{"LEDstate":0}}}

To topic: $aws/things/RTAWSThing/shadow/update

It also can realize the on board LED turn on or off.

6.3 AWS cloud shadows display result

Turn on the led:

Fig. 6-8

Turn off the led:

Fig. 6-9

In conclusion, after the above configuration and testing, it can finish the Android mobile phone to remote control the RT EVK on board LED and get the information. Also can use the MQTTFX client tool and the AWS shadow page to check the communication data.