Connecting to AWS

Post Reply
Posts: 2
Joined: Mon May 27, 2019 10:02 am

Connecting to AWS

Post by jelena.sehovac » Fri Jun 14, 2019 3:00 pm

Amazon FreeRTOS is a real-time operating system that augments the FreeRTOS kernel with library for connectivity, security and over-the-top updates. Amazon FreeRTOS includes libraries that make it possible to securely connect devices to the AWS IoT Cloud using MQTT. The list of supported devices on Amazon FreeRTOS is given on ... ides.html . This user’s guide provides instructions for getting started with the Espressif ESP32-DevKitC.

Components that are used in this user’s guide are listed below:
  • Raspberry Pi Model B (Figure 1)
  • Shield2Go Dual Adapter V2.0 for WEMOS D1 mini + Trust X (Figure 2)
  • Wemos board, building upon ESP32 microcontroller (Figure 3)
Figure 1: Raspberry Pi Model B

Figure 2: Shield2Go Dual Adapter, backside (left) and frontside (right)

Figure 3: Wemos board, backside (left) and frontside (right)

The first step is to set up the AWS account. For creating an AWS account go to Choose Complete Sign up and then choose Create a new AWS account. When creating of the AWS account is completed, you need to:
  • Create an AWS IoT Policy, which is a set of rules that specify AWS IoT behavior
  • Create a Thing, which is a representation of a specific device
  • Generate certificate
For creating the AWS IoT Policy go to the AWS IoT console: ... obileApp=0. Navigate to the Secure > Policies section and click on the top right Create button. In the Name field type the name of the policy. In the Action field type iot:*. In the Resource ARN field type *. Select the Allow check box and then choose Create. In this user’s guide, the policy used allows full access to all the services. For more details on creating IoT policies, please refer to the: ... olicy.html.

The Thing contains the AWS IoT Policy and device certificate. AWS IoT uses X.509 certificates for an asymmetric-key based authentication. In this user’s guide is used a type of X.509 certificate model in which AWS IoT generates a certificate with Certificate Signing Request (CSR). This means that device certificate is generated by uploading the CSR to AWS IoT during creation of the Thing. After generating, this certificate will be loaded into Trust X. The secret private key is also stored on Trust X. Therefore, it is necessary to generate CSR first.

Generating of CSR and loading the certificate into Trust X will be done using Raspberry Pi 3 and Trust X. Figure 4 explains the electrical connection between Trust X and Raspberry Pi 3.
Figure 4: Connection of Raspberry Pi 3 to Trust X

It is recommended to update the software used on Raspberry Pi. This is done by using the following command after connecting the Pi to an internet connection:

$ sudo apt-get update && sudo apt-get upgrade

Now, to set up the I2C interface to communicate with Trust X, go into Raspberry Configuration Tool with:

$ sudo raspi-config

Then, select Interfacing options, I2C, and yes. Save the settings with ok, and finish and reboot the Pi to aplly them. You can change the baudrate of the I2C-Bus to 1 MHz by opening the file /boot/config.txt and adding the line dtparam=i2c_arm_baudrate=1000000 under dtparam=i2c_arm=on. Reboot the Pi again to apply changes.

The last step of updating software is to update OpenSSL to the latest version for security reasons. With:

$ openssl version

you can check the installed version. If it differs from the latest version found at, you should update it by applying each of the following commands:

$ wget --no-check-certificate
$ tar -xvzf openssl-version.tar.gz
$ cd openssl-version
$ sudo ./config --prefix=/usr --openssldir=usr/local/openssl shared
$ sudo make
$ sudo make test
$ sudo make install

The field version has to be replaced with the current OpenSSL version.

To generate CSR, download the program optiga_generate_csr from link: ... nerate_csr and copy it to the Pi. This program uses three parameters:

-i: specify the path to the configuration file. The configuration file is written in the JavaScript Object Notation (JSON). An example of config.json file you can find in the document at the end of this post.
-o: it defines where the CSR will be stored
-f: specify the device driver

Call the function from the Pi:

$ ./optiga_generate_csr -i config.json -f /dev/i2c-1 -o <name>.csr

Copy CSR from the Pi to your host machine. Now you can create your Thing. From the navigation plane choose Manage > Things and click on the top right Create button. Then choose Create a single thing. Enter a name of your Thing and click on the Next button. After that you need to add a certificate for your Thing. Choose option Create with CSR and upload your .csr file. After that click on Upload file button. Next you need to add a policy for your Thing. Choose from the list the policy that you created and click on Register Thing button.

After these steps, from navigation plane choose Manage > Thing and click on your Thing. Then choose Security and click on the created certificate. Then click on top right Actions button and choose Download to download the device certificate. This certificate
needs to be written in Trust X.

Convert the certificate in DER format, because the program for uploading requires that format:

$ openssl x509 -in <certificate_name>.pem -out <certificate_name>.der -outform DER

Download the program optiga_upload_crt from this link: ... upload_crt in order to write the certificate in the memory of Trust X. Copy it to the Pi. Call the function from the Pi:

$ ./optiga_upload_crt -f /dev/i2c-1 -c <PATH_TO_THE_CERT>/<certificate_name>.der

Now you have all that is necessary to connect your device to the AWS IoT Cloud, therefore you can develop an application on the selected hardware platform. Clone or download the Amazon FreeRTOS from GitHub: ... ga-trust-x. Unzip the package. Open:


where BASE_FOLDER represents the path to the amazon-freertos-optiga-trust-x directory that you downloaded from GitHub. In this file you can set name of the Thing that you use, endpoint, the SSID, password and security type for your Wi-Fi network. To get the endpoint of your Thing go to the AWS IoT console: ... obileApp=0. Choose from the navigation plane Manage > Things and click on your Thing. Then choose Interact. In the first field is located the endpoint.

This user’s guide provides instructions for getting started with the Espressif ESP32-DevKitC board. A code of user’s application is located in:


You need a toolchain to build the application for ESP32 microcontroller. Follow the instructions for your host machine’s operating system:
to setup the toolchain. To use the toolchain for ESP32 microcontroller, which means to make xtensa-esp32-elf available, you need to update PATH environament variable. Run the following command:

$ export PATH=<PATH_TO_THE_ESP_DIRECTORY>/esp/xtensa-esp32-elf/bin:$PATH

Now you can build and run the Amazon FreeRTOS Project. Complete system is shown in Figure 5. Go to the:

Figure 5: Connection of Wemos board to Trust X

Run command make menuconfig to set up your board's configuration and then run make flash monitor to build and flash firmware, and to monitor serial console output.

In AWS IoT console you can use the MQTT client to monitor the messages that device sends to the AWS Cloud. Sign in to the AWS IoT console. In the navigation plane choose Test to open the MQTT client. In Subscription topic enter the name of the topic on which device sends messages and then click on Subscribe to the topic. Received messages will be shown on the MQTT client page.

Note: If you have problem with connection to the AWS Cloud, maybe your endpoint contains string “-ats”. Delete “-ats” part from endpoint and try again.

(731.16 KiB) Downloaded 179 times

Post Reply