Amazon Cloud Development
What is Amazon Cloud Development?
Amazon Web Services (AWS) is a commercial public cloud maintained and developed by Amazon since 2006. It provides subscribers with services both according to the infrastructure model (virtual servers, storage resources) and the platform level (cloud databases, cloud middleware, cloud server less computing, development tools). There are a lot of AWS services. For example, in condition of January 2020, there were 147 services allocated in 25 groups. See Table 1 where all the services available are shown.
EC2, Lightsail, ECR, ECS, EKS, Lambda, Batch, Elastic Beanstalk, Server less Application Repository, AWS Outposts, EC2 Image Builder
S3, EFS, FSx, S3 Glacier, Storage Gateway, AWS Backup
RDS, DynamoDB, ElastiCache, Neptune, Amazon Redshift, Amazon QLDB, Amazon DocumentDB, Managed Cassandra Service
Migration & Transfer
AWS Migration Hub, Application Discovery Service, Database Migration Service, Server Migration Service
AWS Transfer for SFTP, Snowball, DataSync
Networking & Content Delivery
VPC, CloudFront, Route 53, API Gateway, Direct Connect, AWS App Mesh, AWS Cloud Map, Global Accelerator
CodeStar, CodeCommit, CodeBuild, CodeDeploy, CodePipeline, Cloud9, X-Ray
AWS IQ , Support, Managed Services
Amazon Managed Blockchain
Management & Governance
AWS Organizations, CloudWatch, AWS Auto Scaling,
CloudFormation, CloudTrail, Config, OpsWorks, Service Catalog, Systems Manager, AWS AppConfig, Trusted Advisor, Control Tower, AWS License Manager, AWS Well-Architected Tool, Personal Health Dashboard,
AWS Chatbot, Launch Wizard, AWS Compute Optimizer
Elastic Transcoder, Kinesis Video Streams, MediaConnect, MediaConvert, MediaLive, MediaPackage, MediaStore, MediaTailor, Elemental Appliances & Software
Amazon SageMaker, Amazon CodeGuru, Amazon Comprehend, Amazon Forecast, Amazon Fraud Detector, Amazon Kendra, Amazon Lex, Amazon Machine Learning, Amazon Personalize, Amazon Polly, Amazon Rekognition, Amazon Textract, Amazon Transcribe, Amazon Translate,AWS DeepLens
AWS DeepRacer, Amazon Augmented AI
Athena, EMR, CloudSearch, Elasticsearch Service, Kinesis, QuickSight, Data Pipeline, AWS Data Exchange, AWS Glue, AWS Lake Formation, MSK
Security, Identity & Compliance
IAM, Resource Access Manager, Cognito, Secrets Manager, GuardDuty, Inspector, Amazon Macie,
AWS Single Sign-On, Certificate Manager, Key Management Service, CloudHSM, Directory Service
WAF & Shield, Artifact, Security Hub, Detective
AWS Cost Management
AWS Cost Explorer, AWS Budgets, AWS Marketplace Subscriptions
AWS Amplify, Mobile Hub, AWS AppSync,Device Farm
Augmented & Virtual Reality
Step Functions, Amazon EventBridge, Amazon MQ, Simple Notification Service, Simple Queue Service, SWF
Amazon Connect, Pinpoint, Simple Email Service
Alexa for Business, Amazon Chime, WorkMail
End User Computing
WorkSpaces, AppStream 2.0, WorkDocs, WorkLink
Internet Of Things
IoT Core, Amazon FreeRTOS, IoT 1-Click, IoT Analytics, IoT Device Defender, IoT Device Management, IoT Events, IoT Greengrass, IoT SiteWise, IoT Things Graph
It is neither possible nor necessary to implement all AWS cloud services in one application. In this article, the AWS cloud development will be considered as part of the Internet of Things (IoT). Arshon Technology specializes in the electronic design of different devices which can form elements of the IoT https://arshon.com/internet-things-iot .
AWS Cloud Development Sample
Figure 1 below illustrates the AWS application which was realized by our company. Our project included the following Amazon services:
AWS IoT Core for communications with IoT devices;
AWS DynamoDB (NoSQL database) for keeping data received from the devices and information regarding the data users;
AWS Cognito for user access control;
AWS EC2 for providing virtual sever in the cloud.
Let’s consider the participation of each Amazon service in the project.
AWS IoT Core
The AWS IoT group of Amazon IoT services includes nine members (see the table above). The main service among them is AWS IoT Core. AWS IoT Core manages electronic devices which are involved in the Internet of Things. AWS IoT Core connects the devices, secures the device connections and data, processes the device data, reads and sets the device states.
The Device Shadow service provides persistent representations of the devices in the AWS Cloud. The device can publish updated state information to a device’s shadow, and the device can synchronize its state when it connects. The devices can also issue their current state to a shadow for use by applications or other devices.
As one can see from Figure 2, the device shadow document consists of the parts: “desired”, “reported” and “delta”. “Reported” part presents the current state of the device, “desired” part expresses the required state of the device, “delta” part is the difference between desired and reported state.
The communications between the devices and the AWS Cloud are realized by means of the publication of MQTT (MQ Telemetry Transport) protocol messages. These messages are protected using X.509 certificates.
AWS IoT Core generates a certificate the user. The certificate must be registered and activated with AWS IoT, and then copied onto the device. When the device communicates with AWS IoT Core, it presents the certificate to AWS IoT as a credential.
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. AWS DynamoDB is one of the services related with AWS IoT. AWS IoT integrates directly with the AWS DynamoDB by means of the AWS IoT rules.
Rules give the connected devices the ability to interact with AWS services. Rules are analyzed and actions are performed based on the MQTT topic stream. For example, rules write data received from a device to an Amazon DynamoDB database. The Figure 3 below demonstrates a rule created in AWS IoT Manager Console. This rule writes the data received from IoT device to DynamoDB table by means of the SQL statement. The data is contained in the MQTT messages which update the device shadows.
The Figure 3 below demonstrates a rule created in AWS IoT Manager Console. This rule writes the data received from IoT device to DynamoDB table by means of the SQL statement. The data is contained in the MQTT messages which update the device shadows.
Figure 4 presents a fragment of the table created by the rules. One can see the primary key (the unique device identifier) and the sort key (recorded epoch time). Also, AWS DynamoDB can be used for keeping the information about users which apply the devices.
DynamoDB tables allow to match users to the devices and provide the access to the devices which the user owned.
Amazon Cognito provides authentication, authorization, and user management for web and mobile apps. The two main components of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for application users. Identity pools enable you to grant your users access to other AWS services.
User authentication is necessary in order to provide secure access to the device shadows and device recorded information. Also, in combination with AWS DynamoDB, the AWS Cognito allows to create different levels of permission (for instance: administrator, agent, member roles).
AWS SDK .NET
The AWS SDK for .NET is a single downloadable package that includes Visual Studio project templates, the AWS .NET library, C# code samples, and documentation. The SDK for .NET supports development on any platform that supports the .NET Framework 3.5 or later and can be applied with Visual Studio 2010 or later. Therefore, high-level web application can be designed by means of AWS SDK .NET with composition with ASP.NET. This web application provides the member authentication by means of AWS Cognito (AWSSDK.CognitoIdentityProvider.dll and AWSSDK.Extention.CognitoAuthtentication.dll libraries), database manipulation by means of AWS DynamoDB (AWSSDK.DynamoDBv2.dll library) and device data monitoring by means of AWS IoT Core (AWSSDK.Core.dll, AWSSDK.IoT.dll and AWSSDK.IotData.dll libraries). High-level web application provides the data processing and presents them for the customers (see Figure 7 as data chart sample).
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. This service allows the creation of a virtual web server and the deployment of the web application on it.
Amazon Cloud Applications
Let’s look at Figure 1 again in order to explain the interaction of all the Amazon cloud project parts in more details.
Devices 1,2,3 are involved in the Internet of Things by Wi-Fi communication. They exchange the MQTT messages with AWS IoT Core using Embedded C SDK library. In real time, the devices update their shadows, which report the device status. Also, the current parameters of the devices are recorded by means of AWS IoT rules in the AWS DynamoDB database. Each device has a unique name in AWS IoT (in our case MAC address).
Users sign up by themselves or can be registered by Admin in the application using AWS Cognito which is responsible for the user authentication. For the registration they use web portal which runs on the virtual web server located in AWS EC2. Their personal information (like name, address, phone number, device ownership) is kept in AWS DynamoDB. AWS SDK .NET provide all interactions between the users and the Amazon services.
Registered users can monitor their devices remotely on desktop computers, laptops and smart phones. They can see the reported attributes and modify desired parameters.
The Admin performs the user control (for example regulates the user-device subscription). They will have access for all devices and can provide the troubleshooting if necessary.