serverless IoT-Applications BED-Con 2017 Niko Will, innoQ @n1ko_w1ll 

@n1ko_w1ll about me > Developer since 2005 > living in a Smarthome since 2012 > became an IoT Geek > before: worked on Bosch IoT Suite for 2 years > now: Consultant at innoQ > follow me on Twitter: @n1ko_w1ll 

@n1ko_w1ll agenda > microservices approach > AWS, Lambda & IoT > use-cases > JITR | on-boarding | pairing > list / search things | command & control | telemetry > connected / disconnected / LWT > encrypted file transfer | firmware update 

@n1ko_w1ll microservice approach 

@n1ko_w1ll microservices approach > fault tolerance > scalability > agility > visibility > security > cost-efficiency 

@n1ko_w1ll microservices approach thing mobile client browser IoT-application API Gateway MQTT Broker database Users Devices Policies Rules Analytics … 

@n1ko_w1ll microservices approach API Gateway MQTT Broker database Devices … microservices Devices Devices … … Message Broker Service Discovery IAM Keystore API Gateway API Gateway MQTT Broker MQTT Broker Service Discovery Service Discovery Message Broker Message Broker IAM IAM Keystore HSM docker / kubernetes 

@n1ko_w1ll microservices approach Devices microservices docker / kubernetes Alert Manager prometheus Grafana fluentd Kibana elasticsearch operations (DevOps) logging monitoring alerting 

@n1ko_w1ll source: https://www.memecenter.com/fun/5802169/what-could-possibly-go-wrong 

@n1ko_w1ll AWS 

@n1ko_w1ll AWS Amazon S3 Amazon Elasticsearch Amazon Kinesis Amazon SNS Amazon SQS Amazon DynamoDB Amazon Cognito Amazon API Gateway AWS Lambda Amazon CloudWatch AWS IoT State Fast Data 

@n1ko_w1ll AWS Lambda 

@n1ko_w1ll AWS Lambda > Functions-as-a-Service (FaaS) > serverless > „small“ functions > stateless compute containers > event-driven 

@n1ko_w1ll AWS Lambda > advantages > scalable > pay-per-execution / pay-as-you-go > no upfront capacity planning > significantly reduce operational cost 

@n1ko_w1ll AWS Lambda > disadvantages > vendor lock-in > startup latency > testing > debugging > execution duration 

@n1ko_w1ll 

@n1ko_w1ll AWS IoT 

@n1ko_w1ll AWS IoT > managed service > message broker > rules engine > shadows > registry > security 

@n1ko_w1ll message broker > topic based > publish / subscribe > topic wildcards > protocols > MQTT > MQTT + WebSockets > HTTP $aws/events/presence/connected/clientId $aws/events/presence/disconnected/clientId $aws/things/thingName/shadow/update $aws/things/thingName/shadow/update/delta 

@n1ko_w1ll rules engine > SQL-like syntax > augument or filter data > rule actions > state stores > fast data pipelines > CloudWatch > Lambda > republish SELECT *, newuuid() AS requestId, clientId() AS clientId, timestamp() AS timestamp, topic(2) AS deviceId, topic(4) AS sensorId FROM 'device/+/sensor/+/v1' WHERE temperature > 50 AND color <> 'red' 

@n1ko_w1ll shadows > JSON document > current state of thing > connection independent > supports client tokens > supports versioning > MQTT topics > RESTful API { "state" : { "desired" : { "color" : "RED" }, "reported" : { "color" : „GREEN" } }, "metadata" : { "desired" : { "color" : { "timestamp" : 12345 } }, "reported" : { "color" : { "timestamp" : 12345 } } }, "version" : 10, "clientToken" : "UniqueClientToken", "timestamp": 123456789 } 

@n1ko_w1ll registry > manage your things > physical device or sensor > logical entity > attributes > thing types { "version": 3, "thingName": "MyLightBulb", "defaultClientId": "MyLightBulb", "thingTypeName": "LightBulb", "attributes": { "model": "123", "wattage": "75" } } 

@n1ko_w1ll security > mutual authentication with X509 certificates + TLS 1.2 > or SigV4 for HTTPS and WebSockets > bring your own certificate > JITR > Atmel ECC508 > policy based access with dynamic values > role based rules action execution 

@n1ko_w1ll use-cases 

@n1ko_w1ll just in time registration (JITR) thing AWS IoT Device Registry $aws/events/certificates/ registered/caCertificateID IoT Policy IoT Rule AWS Lambda 

@n1ko_w1ll on-boarding thing AWS IoT AWS Lambda custom/clientId/register IoT Rule IoT Policy Device Shadow Amazon DynamoDB 

@n1ko_w1ll thing IoT Policy Device Shadow mobile client AWS Lambda Amazon Cognito Amazon API Gateway AWS IoT thing pairing exchange OAuth token for AWS credentials 

@n1ko_w1ll list / search things things mobile client AWS Lambda Amazon Cognito Amazon API Gateway AWS IoT Amazon DynamoDB 

@n1ko_w1ll command & control thing mobile client AWS Lambda Amazon Cognito Amazon API Gateway AWS IoT Device Shadow 

@n1ko_w1ll command & control thing mobile client Amazon Cognito AWS IoT Device Shadow 

@n1ko_w1ll command & control thing Amazon Cognito AWS IoT Amazon Echo AWS Lambda Alexa Skill Device Shadow 

@n1ko_w1ll telemetry AWS IoT things Amazon Kinesis Amazon DynamoDB telemetry rule telemetry topic Amazon EMR 

@n1ko_w1ll { "state": { "reported": { "connected": true } } } { "state": { "reported": { "connected": true } } } connected / disconnected / LWT Device Shadow thing AWS IoT shadow update topic 

@n1ko_w1ll { "state": { "reported": { "connected": true } } } { "state": { "reported": { "connected": false } } } { "state": { "reported": { "connected": false } } } connected / disconnected / LWT Device Shadow thing AWS IoT shadow update topic 

@n1ko_w1ll { "state": { "reported": { "connected": true } } } { "state": { "reported": { "connected": false } } } connected / disconnected / LWT Device Shadow thing AWS IoT LWT rule custom LWT topic LWT { "state": { "reported": { "connected": false } } } shadow update topic republish 

@n1ko_w1ll encrypted file transfer Amazon S3 thing AWS IoT AWS Lambda AWS KMS 

@n1ko_w1ll firmware update Device Shadow AWS Lambda thing AWS IoT Amazon S3 Amazon DynamoDB 

@n1ko_w1ll summary > scalable plattform > common IoT use-cases > w/o own infrastructure > w/o upfront capacity planning > very secure > very extensible 

@n1ko_w1ll Thank you. Questions? Comments @n1ko_w1ll Niko Will [email protected] innoQ Deutschland GmbH Krischerstr. 100 40789 Monheim am Rhein Germany Phone: +49 2173 3366-0 innoQ Schweiz GmbH Gewerbestr. 11 CH-6330 Cham Switzerland Phone: +41 41 743 0116 www.innoq.com Ohlauer Straße 43 10999 Berlin Germany Phone: +49 2173 3366-0 Ludwigstr. 180E 63067 Offenbach Germany Phone: +49 2173 3366-0 Kreuzstraße 16
 80331 München Germany Phone: +49 2173 3366-0