What is Amazon Cloud Development?

Amazon Web Services (AWS) is a commercial public cloud maintained and developed by Amazon since 2006. It provides subscribers with services both according to the infrastructure model (virtual servers, storage resources) and the platform level (cloud databases, cloud middleware, cloud serverless computing, development tools).

There are a lot of AWS services. For example, in condition of January 2020, there were 147 services allocated in 25 groups. See Table 1 where all the services available are shown.

#

Group Name

Number

Services

1

Compute

11

EC2, Lightsail, ECR, ECS, EKS, Lambda, Batch, Elastic Beanstalk, Serverless Application Repository, AWS Outposts, EC2 Image Builder

2

Storage

6

S3, EFS, FSx, S3 Glacier, Storage Gateway, AWS Backup

3

Database

7

RDS, DynamoDB, ElastiCache, Neptune, Amazon Redshift, Amazon QLDB, Amazon DocumentDB, Managed Cassandra Service

4

Migration & Transfer

7

AWS Migration Hub, Application Discovery Service, Database Migration Service, Server Migration Service,

AWS Transfer for SFTP, Snowball, DataSync

5

Networking & Content Delivery

8

VPC, CloudFront, Route 53, API Gateway, Direct Connect, AWS App Mesh, AWS Cloud Map, Global Accelerator

6

Developer Tools

7

CodeStar, CodeCommit, CodeBuild, CodeDeploy, CodePipeline, Cloud9, X-Ray

7

Customer Enablement

3

AWS IQ , Support, Managed Services

8

Robotics

1

AWS RoboMaker

9

Blockchain

1

Amazon Managed Blockchain

10

Satellite

1

Ground Station

11

Quantum Technologies 

1

Amazon Braket

12

Management & Governance

17

AWS Organizations, CloudWatch, AWS Auto Scaling,

CloudFormation, CloudTrail, Config, OpsWorks, Service Catalog, Systems Manager, AWS AppConfig, Trusted Advisor, Control Tower, AWS License Manager, AWS Well-Architected Tool, Personal Health Dashboard,   

AWS Chatbot, Launch Wizard, AWS Compute Optimizer

13

Media Services

9

Elastic Transcoder, Kinesis Video Streams, MediaConnect, MediaConvert, MediaLive, MediaPackage, MediaStore, MediaTailor, Elemental Appliances & Software

14

Machine Learning

17

Amazon SageMaker, Amazon CodeGuru, Amazon Comprehend, Amazon Forecast, Amazon Fraud Detector, Amazon Kendra, Amazon Lex, Amazon Machine Learning, Amazon Personalize, Amazon Polly, Amazon Rekognition, Amazon Textract, Amazon Transcribe, Amazon Translate,AWS DeepLens

AWS DeepRacer, Amazon Augmented AI

15

Analytics

11

Athena, EMR, CloudSearch, Elasticsearch Service, Kinesis, QuickSight, Data Pipeline, AWS Data Exchange, AWS Glue, AWS Lake Formation, MSK

16

Security, Identity, & Compliance

16

IAM, Resource Access Manager, Cognito, Secrets Manager, GuardDuty, Inspector, Amazon Macie,  

AWS Single Sign-On, Certificate Manager, Key Management Service, CloudHSM, Directory Service

WAF & Shield, Artifact, Security Hub, Detective

17

AWS Cost Management

3

AWS Cost Explorer, AWS Budgets, AWS Marketplace Subscriptions

18

Mobile

4

AWS Amplify, Mobile Hub, AWS AppSync,Device Farm

19

Augmented & Virtual Reality

1

Amazon Sumerian

20

Application Integration

6

Step Functions, Amazon EventBridge, Amazon MQ, Simple Notification Service, Simple Queue Service, SWF

21

Customer Engagement

3

Amazon Connect, Pinpoint, Simple Email Service

22

Business Applications

3

Alexa for Business, Amazon Chime, WorkMail

23

End User Computing

4

WorkSpaces, AppStream 2.0, WorkDocs, WorkLink

24

Internet of Things

9

IoT Core, Amazon FreeRTOS, IoT 1-Click, IoT Analytics, IoT Device Defender, IoT Device Management, IoT Events, IoT Greengrass, IoT SiteWise, IoT Things Graph

25

Game Development

1

Amazon GameLift

Table 1. Amazon Web Services

It is neither possible nor necessary to implement all AWS cloud services in one application. In this article, the AWS cloud development will be considered as part of the Internet of Things (IoT). Arshon Technology  specializes in the electronic design of different devices which can form elements of the IoT https://arshon.com/internet-things-iot .

AWS Cloud Development Sample 

Figure 1 below illustrates the AWS application which was realized by our company. Our project included the following Amazon services:

  • AWS IoT Core for communications with IoT devices;

  • AWS DynamoDB (NoSQL database) for keeping data received from the devices and information regarding the data users;

  • AWS Cognito for user access control; 

  • AWS EC2 for providing virtual sever in the cloud.

Let’s consider the participation of each Amazon service in the project.

Figure 1. Amazon cloud application scheme. 

Figure 1. Amazon cloud application scheme. 

AWS IoT Core

The AWS IoT group of Amazon IoT services includes nine members (see the table above). The main service among them is AWS IoT Core. AWS IoT Core manages electronic devices which are involved in the Internet of Things. AWS IoT Core connects the devices, secures the device connections and data, processes the device data, reads and sets the device states.

Device Shadow

The key element of the AWS IoT Core conception is the device shadow. The device shadow is a JSON (JavaScript Object Notification) document used to store and retrieve current state information for a device. The Device Shadow service provides persistent representations of the devices in the AWS Cloud. The device can publish updated state information to a device's shadow, and the device can synchronize its state when it connects. The devices can also issue their current state to a shadow for use by applications or other devices. 

As one can see from Figure 2, the device shadow document consists of the parts: “desired”, “reported” and “delta”. “Reported” part presents the current state of the device, “desired” part expresses the required state of the device, “delta” part is the difference between desired and reported state.

Figure 2. Device (Thing) shadow document

Figure 2. Device (Thing) shadow document

The communications between the devices and the AWS Cloud are realized by means of the publication of MQTT (MQ Telemetry Transport) protocol messages. These messages are protected using X.509 certificates. AWS IoT Core generates a certificate the user. The certificate must be registered and activated with AWS IoT, and then copied onto the device. When the device communicates with AWS IoT Core, it presents the certificate to AWS IoT as a credential.

Amazon platform provides AWS IoT Device SDKs (using JavaScript or C computer languages) which help the users to easily and quickly connect their devices to AWS IoT. The AWS IoT Device SDKs include open-source libraries, developer guides with samples, and porting guides for different hardware products. For example, Embedded C SDK (Software Development Kit) consists of header and source files for creation of MQTT clients, device shadows, IoT jobs, JSON-format message parsing. AWS IoT jobs are remote operations that are executed on devices connected to AWS IoT. Frequently, IoT jobs are applied for firmware upgrades or security certificate updates.  

AWS DynamoDB 

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. AWS DynamoDB is one of the services related with AWS IoT. AWS IoT integrates directly with the AWS DynamoDB by means of the AWS IoT rules. 

Rules give the connected devices the ability to interact with AWS services. Rules are analyzed and actions are performed based on the MQTT topic stream. For example, rules write data received from a device to an Amazon DynamoDB database. The Figure 3 below demonstrates a rule created in AWS IoT Manager Console. This rule writes the data received from IoT device to DynamoDB table by means of the SQL statement. The data is contained in the MQTT messages which update the device shadows.

Figure 3. IoT rule description

Figure 3. IoT rule description

Figure 4 presents a fragment of the table created by the rules. One can see the primary key (the unique device identifier) and the sort key (recorded epoch time).   

Figure 4. DynamoDB table sample

Also, AWS DynamoDB can be used for keeping the information about users which apply the devices. DynamoDB tables allow to match users to the devices and provide the access to the devices which the user owned.   

AWS Cognito

Amazon Cognito provides authentication, authorization, and user management for web and mobile apps. The two main components of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for application users. Identity pools enable you to grant your users access to other AWS services. 

User authentication is necessary in order to provide secure access to the device shadows and device recorded information. Also, in combination with AWS DynamoDB, the AWS Cognito allows to create different levels of permission (for instance: administrator, agent, member roles).  Figure 5 below shows AWS Cognito User Pool. It uses unique usernames as user identifiers. On the left side of the tool are the general settings for the pool, which define the user pool behavior. These settings include sign-in methods (username, email address or phone number), password strength (minimum password length, require characters), account recovery policy, invitation and verification messages content, allowed client application. 

 

Figure 5. Cognito User Pool sample

AWS SDK .NET 

Amazon platform provides low-level API (Application Programming Interface) actions for all its services. However, instead of making requests to the low-level API directly from customer application, it is recommended to use one of the AWS Software Development Kits (SDKs) for preferable programming language. There are SDKs for following languages: JavaScript, Python, PHP, .NET, Ruby, Java, C++, Node.js, Go. The AWS SDKs take care of request authentication, serialization, and connection management. In our company we opt the AWS SDK .NET with C# computer language. Figure 6 below presents a fragment of AWS SDK for .NET online documentation. 

Figure 6. IoT rule description

Figure 6. IoT rule description

The AWS SDK for .NET is a single downloadable package that includes Visual Studio project templates, the AWS .NET library, C# code samples, and documentation. The SDK for .NET supports development on any platform that supports the .NET Framework 3.5 or later and can be applied with Visual Studio 2010 or later. Therefore, high-level web application can be designed by means of AWS SDK .NET with composition with ASP.NET. This web application provides the member authentication by means of AWS Cognito (AWSSDK.CognitoIdentityProvider.dll and AWSSDK.Extention.CognitoAuthtentication.dll libraries), database manipulation by means of AWS DynamoDB (AWSSDK.DynamoDBv2.dll library) and device data monitoring by means of AWS IoT Core (AWSSDK.Core.dll, AWSSDK.IoT.dll and AWSSDK.IotData.dll libraries).  High-level web application provides the data processing and presents them for the customers (see Figure 7 as data chart sample). 

Figure 7. Sample of IoT data presentation

Figure 7. Sample of IoT data presentation

Amazon EC2

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. This service allows the creation of a virtual web server and the deployment of the web application on it. 

Amazon Cloud Applications

Let’s look at Figure 1 again in order to explain the interaction of all the Amazon cloud project parts in more details. 

Devices 1,2,3 are involved in the Internet of Things by Wi-Fi communication. They exchange the MQTT messages with AWS IoT Core using Embedded C SDK library. In real time, the devices update their shadows, which report the device status. Also, the current parameters of the devices are recorded by means of AWS IoT rules in the AWS DynamoDB database. Each device has a unique name in AWS IoT (in our case MAC address).

Users sign up by themselves or can be registered by Admin in the application using AWS Cognito which   is responsible for the user authentication. For the registration they use web portal which runs on the virtual web server located in AWS EC2. Their personal information (like name, address, phone number, device ownership) is kept in AWS DynamoDB. AWS SDK .NET provide all interactions between the users and the Amazon services. 

Registered users can monitor their devices remotely on desktop computers, laptops and smart phones. They can see the reported attributes and modify desired parameters. 

The Admin performs the user control (for example regulates the user-device subscription). They will have access for all devices and can provide the troubleshooting if necessary.