AWS Cloud IoT Core Application on PIC32CM LS60 Curiosity Pro Evaluation Kit

To run the AWS Cloud IoT core solution, an AWS account is required. The following are the steps to configure an AWS account.

Amazon Web Services (AWS) provides computing services for a fee. Some are offered for free on a trial or small-scale basis. By signing up for your AWS account, you are establishing an account to access a wide range of computing services.

Think of your AWS account as your root account for AWS services. It is very powerful and gives you complete access. Be sure to protect your username and password. You control access to your AWS account by creating individual users and groups using the Identity and Access Management (IAM) Console. You also assign policies (permissions) to the group from the IAM Console.

Create your own AWS account

1. Create AWS account. Go to AWS website and follow instructions to create your own AWS account. Additional details can be found at create and activate a new AWS account.

2. Secure root account with MFA (multi-factor authentication)
   This is an important step to better secure your root account against attackers. Anyone logging in not only needs to know the password, but also a constantly changing code generated by an MFA device.
   AWS recommends a number of MFA device options at the following link: https://aws.amazon.com/iam/details/mfa/
   The quickest solution is a virtual MFA device running on a phone. These apps provide the ability to scan the QR code AWS will generate to set up the MFA device.

   a. Return to https://aws.amazon.com/ and click the Sign In to the Console.  
   b. If it asks for an IAM user name and password, select the Sign-in using root account credentials link.  
   c. Enter the email and password for your AWS account.
   d. Under Find Services search for IAM and select it to bring up the Identity and Access Management options.  
   e. Click on Activate MFA (Multi-factor Authentication) on your root account.  
   f. Create an admin IAM user AWS best practices recommend not using your root account for standard administrative tasks, but to create a special admin user for those tasks. See https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials  
   

3. Follow the instructions at https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html for creating an admin user.

4. Enable MFA (multi-factor authentication) for the admin user. See https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users

Configuring the account using CloudFormation Templates

The usage of a custom PKI with TrustFLEX devices uses the Just-In-Time Registration (JITR) feature of AWS IoT Core. This feature requires a number of resources setup with an AWS account to work. The creation of these resources is automated through the AWS CloudFormation service.

1. Sign into the AWS console using the admin user created in the previous section.

2. Change to region to US East (Ohio) (a.k.a. us-east-2). This is done from a dropdown in the top right of the console webpage after logging in.

3. Under Find Services search for CloudFormation and select it to bring up that service.

4. Click Create Stack button.

5. Select Upload a template file from the page of the stack creation.

6. Click Choose file and upload the aws-zero-touch-full-setup.yaml file.
   Note: If running from a China region, you’ll need to select the aws-zero-touch-full- setup-cn.yaml instead. These files are available in ~/.trustplatform folder.

7. Click Next to move on to the stack details.

8. Enter TrustFLEX as the stack name. Actual name isn’t important, just has to be unique.

9. Enter a password for the user that will be created to run the demo under UserPassword.

10. Click Next to move on to the stack options. Nothing needs to be changed here.

11. Click Next to move on to the stack review.

12. Check the acknowledgment box regarding IAM resources at the bottom of the page.

13. Click Create Stack to start the resource creation.

14. Wait until the stack creation completes. This can take a few minutes. Once done, the stack you created will show as CREATE_COMPLETE.

15. Save demo credentials. Click the Outputs tab for the stack to see the credentials to be saved.

16. Save the credentials to aws_credentials.yaml file in ”~/.trustplatform/aws_credentials.yaml” folder.
    Note: ~ Indicates windows home directory is /user/username

If this is the first time you are building/running this version of the demo, you must complete this step before proceeding further. Otherwise, you may skip this step.

1. Install Trust Platform Design Suite version 2 TPDSv2

2. Launch Trust Platform Design Suite v2 from windows search bar, a window launches as shown below

   

3. Select “Trust Platform Design Suite” in webviews and Click on Usecases

   

4. In Select Security Solution, Under Use Cases select AWS IoT Authentication

5. Scroll Down and in Available solution by provisioning flow select AWS IoT Authentication under PIC32CMLS60

   

6. A Usecase gets launched. click on AWS IoT Authentication-PIC32CMLS60 from the Usescases

   

7. AWS Cloud Connect – IoT Authentication page launches as shown below

   

8. Scroll down and select PIC32CMLS60 Curiosity Pro Evaluation kit if not selected
   

9. Connect both the debug and Traget USB to PIC32CMLS60 Curiosity pro evaluation kit to PC running Trust Platform Design Suite.Connect the WINC1500-Xpro to EXT3 of the Kit.

10. Scroll down to transaction diagram

    

11. Click on Icon 1 and wait till a green right mark appears.

    

12. Sequentially Click on Icon 2, 3 and 4

    

13. Note the output in the output window on the right side

14. Once the use case steps are executed successfully, click on C Source Files and navigate to .trustplatform\pic32cmls60_cloud_connect and copy the aws_connect.h file

    

15. Replace the aws_config.h file in the project folder(pic32cm_ls60_aws_iot_core) with the file that was copied in the above step

    

• Navigate to the utilities folder inside the project directory (pic32cm_ls60_aws_iot_core)

  

• Follow the steps in readme.md file inside the folder to do the WINC firmware upgrade.

The following sections describes the steps to run the application.

1. How to setup the PIC32CMLS60 Development Board

• Connect the Debug USB port of PIC32CMLS60 Curiosity pro evaluation kit to the host PC’s USB port to power-up the board.

  

• The board must be connected through a USB port to perform a firmware upgrade

• Connect the WINC1500-Xpro to EXT3 and IO1-Xpro to EXT2 of the PIC32CMLS60 Curiosity pro evaluation kit.

• Use MPLAB X IDE to Program.

• Configure the Wi-Fi Credentials using Wi-Fi configuration through CLI method explained Below.

2. Firmware upgrade and Wi-Fi configuration process

Firmware upgrade through MPLAB X IDE

• Connect the kit to the PC.Open MPLABX IDE and Click on the open project icon as shown below

  

• Open the project file (pic32cm_ls60_cpro_NonSecure.X ) file as shown below

  

• Once the project is opened in the IDE Click on the Make and Program icon as shown below and wait till the Programming complete message.

  

  Note:

  • Windows OS has a maximum path length of 260 characters and a command-line limitation for Windows OS of 8191 characters. For details, see 6.5.5 Path, File and Folder Name Restrictions.
  • The TrustZone based project come with long path name, hence the project build may fail due to exceeding Windows maximum path length.
  • Workaround: Move the project folder to C:/ drive to reduce the project path length then open in MPLAB X IDE to build the project.

Firmware upgrade through MPLAB X IDE

• Most developers usually follow this method to program the .hex file from the MPLAB X IDE environment.(Navigate to hex folder inside the project directory as shown in the below image)

Wi-Fi configuration through CLI

• Open a terminal application on the host PC for the virtual COM port of the connected PIC32CMLS60 Curiossity pro evaluation kit, with 115200-8-None-1 settings.

• Just enter the below command to set the Wi-Fi credentials.
  

  wifi < SSID >,< PASSWORD >,< SECURITY TYPE >
  example : wifi MCHP_test,Asdfghjk,2

  Note:No need of repeating this step every time while running the demo, Device remembers last used WiFi credentials and try to connect to it. If WiFi credentials changes, this step should be performed.

3. Running the demo application

• After a successful connection, the PIC32CMLS60 Curisity Pro Evaluation kit pushes the real-time light and temperature sensors data of the IO1Xpro to the AWS IoT cloud. Toggling of LED0 (Green LED) indicates the same.

  Red LED (LED1) indicates that the WiFi is not connected.

  Note: Only Temperature data is pushed by default.Light data is pushed when SW0 is pressed and pressing SW1 stops the publishing of Light sensor data.

  

  Note : AWS cloud path to visualize the data pushed from the device “AWS IOT > Manage > Things > ThingNAME (ThingNAME = device_serialnumber) > classic Shadow”

AWS Lambda is a service that enables code to be run in the cloud without worrying about things like provisioning, server management, and scalability. It natively supports many different programming languages, and interfaces with a wide range of other AWS services to facilitate cloud development.

we will use AWS Lambda to transfer temperature and light sensor data from SAM-IoT Development Board to cloud watch. The main concept that we will focus on is how to route data between AWS Lambda and AWS IoT Core.

1. Sensor data is sent from connected devices to the AWS Cloud as MQTT messages.
2. The data is forwarded from AWS IoT Core to AWS Lambda, where it is routed to cloud watch for plotting the graph.

Creating a Role in AWS IAM

1. Sign in to the AWS Management Console and select the IAM service.

2. Select Roles under Access Management in the menu on the left-hand side

3. Click Create role.

4. Select AWS service as the trusted entity.

5. Select Lambda as the use case.

6. Click Next: Permissions.

7. Attach the AWSIoTDataAccess, CloudWatchFullAccess and AWSLambdaBasicExecutionRole permission policies by using the search bar and ticking the relevant boxes. This will allow our Lambda function to send data to the AWS IoT Core and use Amazon CloudWatch logs. We will not cover Amazon CloudWatch in this tutorial, but it could be a useful tool for debugging your application later on.

8. Click Next: Tags.

9. Click Next: Review.

10. Enter Lambda_IoT_role as the Role name.

11. Click Create role

Designing an AWS Lambda function

Creating an empty Lambda function

AWS Lambda is a service that enables us to run code in the cloud without worrying about server management. It can be set up to send and receive data from many different services, such as AWS IoT Core, which we will make use of in this tutorial. To create an AWS Lambda function:

1. Sign in to the AWS Management Console and select the Lambda service.

2. Select Functions in the menu on the left-hand side.

3. Click on Create function.

4. Choose Author from scratch.

5. Enter iot_Core_to_CwMetrics as the Function name.

6. Select Python 3.8 as the Runtime.

7. Expand Choose or create an execution role under Permissions and select Use an existing role.

8. Select the Lambda_IoT_role that we defined earlier

9. Click on Create function.

When the AWS Lambda function has been successfully created, the user should be redirected to the Configuration page for the iot_Core_to_CwMetrics function. This page can also be found by selecting Functions in the menu on the left-hand side in AWS Lambda and then selecting the function from the list.

Triggering the Lambda function for relevant MQTT packages

The next step is to configure the Lambda function to trigger when messages containing sensor data are published over MQTT in AWS IoT Core:

1. On the Lambda function’s configuration page, expand the Designer panel.

2. Click on Add trigger.

3. Select AWS IoT as the trigger in the dropdown menu.

4. Select Custom IoT rule.

5. In the Rule dropdown, select Create new rule.

6. Enter RouteSensorData as the Rule name.

7. Enter SELECT * FROM “$aws/things/ThingName/shadow/#” as the Rule query statement.
   NOTE : ThingName is the unique serial number of the device

8. Click Add.

Implementing the Lambda function

1. Ensure that the iot_Core_to_CwMetrics function is selected in the Designer panel.

2. Paste the following Python code in the editor in the Function code panel

    import json # Python library for dealing with JSON objects
    import boto3 # boto3 is the AWS SDK for Python
      
    cloudwatch = boto3.client('cloudwatch')
      
    #Define payload attributes that may be changed based on device message schema
    ATTRIBUTES = ['temperature','light','state','reported']
      
    # Define CloudWatch namespace
    CLOUDWATCH_NAMESPACE = "thingls60/MonitorMetrics"
      
    # Define function to publish the metric data to CloudWatch
    def cw(topic, metricValue, metricName):
        metric_data = {
            'MetricName': metricName,
            'Dimensions': [{'Name': 'topic', 'Value': topic}],
            'Unit': 'None',
            'Value': metricValue,
            'StorageResolution': 1
        }
      
        cloudwatch.put_metric_data(MetricData=[metric_data],Namespace=CLOUDWATCH_NAMESPACE)
        return
      
    # Define the handler to loop through all the messages and looks to see if the message    attributes
    # include light or temp and calls the cw() function if so to publish the custom metrics    to Amazon CloudWatch
    def lambda_handler(event, context):
        my = list(event.values())
        my_list = list(my[0].values())
        print(my_list[0])
      
        for e in my_list[0]:
            print("Received a message: {}".format(str(e)))
            print(e) # Potential test point
      
            # Iterate through each attribute we'd like to publish
            for attribute in ATTRIBUTES:
                # Validate the event payload contains the desired attribute
                if attribute  in e:
                    print("publishing {} to CloudWatch".format(attribute))
                    cw("PIC32CMLS", my_list[0][attribute], attribute)
        return event
   

3. Click Save

Visualizing sensor data in cloudwatch

1. Search CloudWatch in AWS search box and open it
   
2. Click on Dashboard on the right side of the window under CloudWatch
   
3. Click on Create Dashboard
   
4. Enter Dashboard name as pic32cmls60_dashboard and click on Create Dashboard
   
5. Under Add widget Select Number
   
6. Under Add metric graph, select thingls60/MonitorMetrics and then topic
   
   
7. Under Metrics, select BOTH PIC32CMLS temperature and light metrics
   
8. Navigate to Graphed metrics and change the period to 1 second in both temperature and light metrics. Then click on Create widget

9. Click Save dashboard

10. This Dashboard page refreshes every 10 seconds and update the sensor data. Note : ** Your custom dashboard can be found in **CloudWatch > Dashboards > your dash board name (here it is pic32cmls60_dashboard).The non-secure temperature data is shown by default.To view secure light sensor data press SW0 on the PIC32CMLS60 curiosity pro evaluation kit.To stop viewing it press SW1.