Send yourself a text message from a MQTT.fx software client using AWS IoT and SNS
IoT, or the Internet of Things, is starting to become a “thing”. Network-enabled gadgets are popping up all over the place in home automation and wearable accessories. Low cost kits like the Raspberry Pi make it easy for anyone to start tinkering with a DIY solution or test out a product idea.
The Internet part of IoT introduces new possibilities. Say that your basement is flooded — an appliance could beep if it senses moisture on the floor. But for times you’re not within earshot, it would be nice if it also sent you a text message.
AWS IoT makes it easy to connect your devices to the cloud. There are certain challenges specific to IoT, and AWS takes care of these for you:
- Device security: Each device identifies itself and authenticates to the cloud using a certificate. You use policies to control what devices have access to.
- Service integration: You can link up to other AWS services like SNS (Simple Notification Service), SQS (Simple Queue Service), and Lambda. IoT Rules can take you pretty far without writing code.
- Two-way communication: Not only can devices send messages to the cloud, you can push state changes to a device — even if it’s offline at the moment.
In this tutorial, you’ll get your hands dirty with AWS IoT. You don’t need any hardware — which means you can get some practice with AWS IoT without having to buy sensors, breadboards, or buttons. Instead, you’ll use a desktop software client to mock out a hardware device.
Using the basement moisture alarm scenario, the goal of this tutorial is to get a software client to send you a text message:
- A software client sends an MQTT message to AWS IoT. (MQTT is a protocol commonly used in IoT)
- An IoT Rule sends an event to SNS
- SNS sends you a text message.
You’ll learn how to work with the following:
- SNS: Send text messages to yourself to make sure things are working end-to-end.
- IoT Rules: Wire up AWS IoT to services like SNS.
- IoT setup: Configure a Certificate, Policy, and Thing for each IoT device.
- MQTT.fx: Import your certificate to a software client.
What you need before you begin
You need an AWS account for this tutorial. You can sign up for the free tier at aws.amazon.com.
You also need to download and install an MQTT software client, which is free. This tutorial assumes you are using a Mac, but the client is also available on PC.
- Download the MQTT.fx-1.1.0.dmg file.
- Open the disk image.
- Do not double-click on the Installer icon. Instead, right-click and select Open.
- You should see an alert confirming whether you wish to open software from an unidentified developer. Click Open.
- You should see an install4j Wizard. Accept the defaults and keep clicking Next until you’re finished installing MQTT.fx.
The developer of the MQTT.fx software was kind enough to provide this client for free. But since you’re installing it off the internet, you need to do things a little differently to let your Mac know that you are intentional about running this software.
Send a text message to your phone using SNS
In this section, you’re going to configure SNS to send a text message to your phone. Although you don’t need to know SNS in order to use AWS IoT, it’s worth learning for a couple of reasons:
- Setup is quick, making SNS great for testing IoT Rules.
- Sending text alerts is a practical use case for IoT.
SNS uses something called a topic. A topic is a channel, kind of like the cable TV channel HBO. The TV network broadcasts the latest episode of Silicon Valley, and only subscribers get to watch. Likewise, you can publish a message to a topic, and SNS pushes it out to subscribed users.
In this section, you’ll create a topic for your IoT test messages.
Set up a topic
- Log into AWS and go to the main dashboard.
- Under Mobile Services, click SNS.
- Click past the Get Started screen, if necessary.
- Within the SNS dashboard, click Create topic.
- In the Create new topic modal, type in TutorialTestSNS as the Topic name.
- For the Display name, type in MySensor.
The Display name shows up as a prefix in every message sent to the user.
- Click Create topic.
- You should see a Topic details summary screen:
Now that you have a topic, the next step is to subscribe using your cell phone number.
Create a subscription
- On the Topic details page, click Create subscription.
- In the Create Subscription modal, change the Protocol to SMS.
- In the Endpoint field, type in your cell phone number.
- Click Create subscription.
You may receive a text message asking whether you would like to receive messages from MYSENSOR. Just follow the instructions (e.g. reply with YES MYSENSOR to confirm your subscription).
Now that your cell phone is subscribed to an SNS topic, you can start sending text messages.
Send a test message
- On the Topic details page, click Publish to topic.
- On the Publish a message screen, type something into the Message field, like “your basement is flooded“.Note: The Subject field is used for email, so you can leave it blank.
- Click Publish message.
- You should receive a text message.
Using the SNS console, you are able to send text messages to your phone. The next step is to trigger this SNS topic from the AWS IoT console.
Wire an IoT Rule to SNS
Before you set up any IoT devices, you’re going to first create an IoT Rule. This way, you can test whether things are working along the way. You’ll do more IoT setup (i.e. configure a policy, certificate, and thing) in a later section.
IoT Rules connect AWS IoT to other AWS services, including:
There are two parts to an IoT Rule:
- Rule query statement: Filters through incoming IoT messages so that the rule only runs under specific conditions.
- Action: Forwards the IoT message to another AWS service.
In this section, you’re going to listen for any IoT messages sent to a topic named moisture-level. Then you’ll forward these messages to the SNS topic you created earlier.
Create a Rule
- From the main Dashboard, click AWS IoT.
- On the splash screen, click Get started.
- On the Resources page, click Create a resource.Note: AWS IoT might take you to Create a thing by default. Just skip to the next step.
- Choose Create a rule.
- In the Create a rule form, type TutorialTestRule in the Name field.
This is going to be a pretty long form, so keep on reading!
Create a rule query statement
IoT rules use a rule query statement to filter on relevant IoT messages. The query uses an SQL-like syntax. Don’t worry, you don’t have to write it manually (in fact, the form doesn’t even let you). The form generates syntax for you based on how you fill out the Attribute, Topic filter, and Condition form fields.
- For the Attribute field, type *.
- For the Topic filter field, type moisture-level.
- Leave the Condition field blank.
The generated rule query statement should look like this:
SELECT * FROM 'moisture-level'
This rule listens for any IoT messages sent to the moisture-level topic. The asterisk (*) means every attribute (i.e. the entire message) is forwarded to the action.
Note: AWS IoT uses topics just like SNS. This is because they both use the pub-sub pattern.
Create an action
- For the Choose an action dropdown, select Send message as a push notification (SNS).The form reveals additional fields, depending on which service you choose.
- For the SNS target, select the SNS topic named TutorialTestSNS that you created earlier.
- For the Message format, type in RAW.The form also accepts JSON as an option.
- Next to Role name, click Create a new role.
This creates a role that gives AWS IoT permission to publish messages to your SNS topic.
- For Role name, type in tutorial-test-iot-role, and click Create.
- Click Add action.
- You should see a purple SNS icon next to the words SNS Action. Click the Create button.
Note: if the Create button is still gray, go back and make sure the form is filled out completely.
To recap, you just created an IoT Rule. In the process of filling out this form, you created three things:
- Rule query statement: Listens on an IoT topic named moisture-level.
- Action: Relays the message to an SNS topic named TutorialTestSNS.
- Role: Grants AWS IoT permission to call SNS.
Test the rule
In order to test the rule, you need to publish IoT messages to the moisture-level topic. Fortunately, you can do this using the MQTT Client built right into the AWS console.
- In the navigation bar, click MQTT Client.
- Under MQTT Client Actions, click Generate client ID.
- Once the client ID is generated, click Connect.
- Click Publish to topic.
- In the Publish topic field, type in moisture-level.
- Under Payload, type in the following message: “your berber is ruined”.
- Click Publish.
- You should receive a text message.
The built-in MQTT Client is very convenient for sending test messages. All you had to do was click the Generate client ID button, and AWS automatically creates a virtual client for you.
But for physical IoT devices (or in our case, a software client), you’ll have to manually configure certificates, policies, and things. This is the subject of the next section.
Configure AWS IoT
A good portion of AWS IoT configuration relates to security. These devices could unlock a door, or stream a baby monitor feed, so it’s important to get security right.
In this section, you’re going to configure three components, and then link them together.
- Thing: An instance that represents a physical IoT device.
- Policy: A permission set that authorizes a device to perform actions and access resources.
- Certificate: A set of credentials used to authenticate and identify a device.
Create a Thing
The tutorial is halfway over, and you finally get to create your first Thing!
- Click Create a resource.
- Click Create a thing.
- In the Name field, type TutorialTestThing1.
- Leave the thing type and attributes as their default.
- Click Create.
- You should see a new thing at the bottom of the screen.
A thing represents just a single instance of an IoT device. If you have an entire inventory of devices, AWS IoT provides tools to help you manage them: thing type, thing registry, and search attributes.
Create a Policy
A policy manages the permissions of your IoT device.
- Click Create a policy.
- In the Name field, type TutorialTestPolicy.
- In the Add a statement section, type iot:* in the Action field.
- Type * in the Resource field.
- Check the box next to Allow.
- Click Add statement.
- The Create button should turn blue. Click Create.
- You should see a new Policy at the bottom of the screen.
You just created a policy with a fairly open permission set, which is fine for getting things to work in a tutorial. But you might want to tighten down access in a real application.
Create a Certificate
- Click Create a certificate.
- Under Create a certificate, check the box next to Activate.
Checking this box saves you from having to remember to activate the certificate later on.
- Click the 1-Click certificate create button.
- Click Download public key and note the file’s save location.
- Click Download private key.
- Click Download certificate.
- You should see a Certificate at the bottom of the page, with an ACTIVE status.
- In Finder, you should see three files in your Downloads folder.
Note: Before you navigate to a different page, it’s important to download the private key while the link is still available.
Attach your Thing, Policy, and Certificate
So far, you created a thing, policy, and certificate. Next you need to link them together. You do this by attaching the policy and thing to the certificate.
- Check the box underneath the Certificate you just created (the one with a handshake icon).
- Under the Actions dropdown, select Attach a policy.
- In the pop-up modal, type TutorialTestPolicy in the Policy name field, and click Attach.
- Again, under the Actions dropdown, select Attach a thing.
- In the pop-up modal, type TutorialTestThing1 in the Thing name field, and click Attach.
- Select the Certificate. In the Detail pane on the right, you should see the policy and thing you just attached.
Configure the MQTT Client
MQTT is a lightweight pub-sub protocol that’s popular with IoT. MQTT.fx is a free cross-platform software client that uses this protocol.
In order to use MQTT.fx, you have to configure it with your certificate, private key, and API enpoint — just as you would any IoT device. This means you can use MQTT.fx to mock out a hardware device, and get some practice with AWS IoT even if you don’t own a Raspberry Pi or Amazon IoT button.
Set up the Connection Profile
Note: Make sure MQTT.fx is installed on your computer. Refer to the beginning of this tutorial for installation instructions.
- Launch MQTT.fx from your Applications folder.
- Near the top, click the Gear ⚙ icon to open the Edit Connection Profiles window.
- On the bottom left corner, click the Plus ➕ button to create a new Profile.
- Back in the AWS IoT console, select your thing named TutorialTestThing1. In the right detail pane, look for the REST API endpoint.
- Copy the hostname (e.g. abcdefghjklmno.iot.us-east-1.amazonaws.com).
- Back in the MQTT.fx client, look for the Broker Address field. Replace the default 127.0.0.1 with your REST API endpoint hostname.
- Change the Broker Port from 1883 to 8883, which is MQTT over SSL.
- You can leave the Profile Name and Client ID as the default.
You’re not done yet — you still have to configure your certificate and key in the bottom half of the form.
Set up the Certificates
A certificate authenticates your IoT device to AWS. The private key also identifies your device, because it’s assumed that you alone have that key.
- In the bottom half of the form, switch tabs from General to SSL/TLS.
- Check the box next to Enable SSL/TLS.
- Select the radio button for Self signed certificates.
- Check the box next to PEM Formatted.
- For the CA File, download this file. Open the zip file, and use root-CA.crt as your CA File.
Note: If you prefer, you can create the file yourself using these instructions.
- For the Client Certificate File, use the xxxxxxx-certificate.pem.crt file you downloaded earlier.
- For the Client Key File, use the xxxxxxx-private.pem.key file.
Note: you wont be using the xxxxxxx-public.pem.key.
- Click Apply, and OK.
You’ll find out in the next section whether the configuration worked.
Test the Profile
Now to finally test the entire MQTT setup from end to end. You’ll send an MQTT message to AWS IoT, and hopefully you’ll get a text message from SNS.
- Make sure your New Profile is selected, and click Connect.
- If you see a lock icon and green circle in the top right corner, this means the connection worked.
- Make sure the Publish tab is selected.
- For the topic name, type in moisture-level.
- In the message body, type in “hi from MQTT.fx!”
- Click Publish.
- Wait a few moments, and you should receive a text message.
You sent a text message to yourself using the MQTT.fx software client. Under the hood, you used AWS IoT and SNS to accomplish this.
In this tutorial, you started with SNS and IoT rules, and worked backward from there. There’s a lot that could go wrong, so it’s important to be able to test along the way.
When writing this tutorial, I found these two resources to be particularly helpful:
- Doug Toppin’s Blog: this is the best resource I’ve found on MQTT.fx and AWS IoT.
- AWS IoT documentation: the official documentation is clearly written, and has plenty of screenshots.
The AWS documentation is quite good. But as reference material, it has to be comprehensive. My goal for this tutorial was to provide a quickstart guide to get your feet wet, under the assumption that
Got any tips for using AWS IoT? Have any suggestions for future tutorial topics? Feel free to add your thoughts to the comments.
Like this post? Please share it using the share buttons to the left. Then join our mailing list below and follow us on Twitter – @thorntech – for future updates.