# AWS IoT Core

Easily and securely connect devices to [**AWS IoT Core**](https://aws.amazon.com/iot-core/). AWS IoT Core uses MQTT to transmit and receive messages, a lightweight IoT messaging protocol. This tutorial explain how to set up AWS IoT Core and start sending IoT data from a Raspberry Pi connected over cellular.

<figure><img src="/files/We0s9XDSfuRtlGnttQuy" alt=""><figcaption></figcaption></figure>

### Quick Navigation

* [Create a Thing in AWS](#create-a-thing-in-aws)
* [Connect your device to AWS IoT Core](#connect-your-device-to-aws-iot-core)
* [Create your python script](#create-your-python-script)

### Prerequisites

* [AWS account](https://console.aws.amazon.com/)
* Monogoto SIM
* Raspberry Pi 3 or 4

## Create a Thing in AWS

Start by visiting the [**AWS portal**](https://console.aws.amazon.com/console/home)

Search for the **IoT Core** service

<figure><img src="/files/DPl4jF6sVQ4AzwIaTmxe" alt=""><figcaption></figcaption></figure>

In the left side menu, navigate to **Manage > All devices > Things**&#x20;

Click the button **Create Things** to create your digital Thing.

<figure><img src="/files/kZ1n9j0t9wPgI6XRuGGS" alt=""><figcaption></figcaption></figure>

**Name your thing**, e.g. <mark style="color:red;">`mqtt-thing`</mark>

<figure><img src="/files/RBf5WFSTe48ZNlvoFU9P" alt=""><figcaption></figcaption></figure>

Select **Auto-generate a new certificate**

<figure><img src="/files/tKRS8qj4VI02vXG5uhgU" alt=""><figcaption></figcaption></figure>

Attach an existing policy, or create a new one by clicking “**Create policy**”

<figure><img src="/files/slP31d0b9q47QU68DLuA" alt=""><figcaption></figcaption></figure>

When creating a new policy, add 4 statements allowing the Thing to **Connect**, **Publish**, **Receive** and **Subscribe**. Under Policy resource, add an asterisk <mark style="color:red;">`*`</mark> to allow all topic names to connect to AWS IoT Core.&#x20;

```
Policy effect    Policy action    Policy resource
Allow            iot:Connect      *  
Allow            iot:Publish      *   
Allow            iot:Receive      *  
Allow            iot:Subscribe    * 
```

<figure><img src="/files/bJJWeO6aFG3i8lg6GZ3h" alt=""><figcaption></figcaption></figure>

{% hint style="warning" %}
When using AWS IoT Core in production, restrict the Policy resource to specific topics to increase the security of your application.
{% endhint %}

#### **Download all keys and CA files**

Download and store the **Device certificate**, **Private key file** and **Amazon Root CA 1** in a directory called <mark style="color:red;">`certs`</mark>. Make sure to name the files properly as described in the table below.

| **Device certificate** | device.pem.crt    |
| ---------------------- | ----------------- |
| **Private key file**   | private.pem.key   |
| **Amazon Root CA 1**   | AmazonRootCA1.pem |

<figure><img src="/files/Nn6aUBSMPHJso28PccnF" alt=""><figcaption></figcaption></figure>

## Connect your device to AWS IoT Core

*This section explains how to run a python scrip on a Raspberry Pi, connected to Monogoto. For more information on how to connect the Raspberry Pi to Monogoto, see* [*this tutorial*](/getting-started/general-device-configurations/raspberry-pi.md)*.*

**Access the Raspberry Pi** over ssh or by connecting a screen and keyboard

**Install the required libraries**

Before you install an AWS IoT Device SDK, run these commands in a terminal window on your Linux device to install the required libraries.

```bash
sudo apt-get install cmake
```

```bash
sudo apt-get install libssl-dev
```

Install the **AWS IoT Device SDK** for Python and download the sample apps to your device.

```bash
cd ~
pip3 install awsiotsdk
pip3 install AWSIoTPythonSDK
```

**Add certificates to the Raspberry Pi**

Add the **Device certificate**, **Private key file** and **Amazon Root CA 1** to a folder called <mark style="color:red;">`certs`</mark>.

```
cd ~
mkdir certs
```

{% hint style="info" %}
If you downloaded the certificates to a different machine, move the certificates to the RPI using the below command: <mark style="color:red;">`scp -r ~/certspi@<ip address>:~/certs`</mark>
{% endhint %}

## Create your python script

#### Create a new file called <mark style="color:red;">`publish.py`</mark> containing the below script &#x20;

{% code lineNumbers="true" %}

```python
# publish.py

# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0

import time as t
import json
import AWSIoTPythonSDK.MQTTLib as AWSIoTPyMQTT

# Define ENDPOINT, CLIENT_ID, PATH_TO_CERTIFICATE, PATH_TO_PRIVATE_KEY, PATH_TO_AMAZON_ROOT_CA_1, MESSAGE, TOPIC, and RANGE
ENDPOINT = "<your AWS endpoint>"
CLIENT_ID = "basicPubSub"
PATH_TO_CERTIFICATE = "/home/pi/certs/device.pem.crt"
PATH_TO_PRIVATE_KEY = "/home/pi/certs/private.pem.key"
PATH_TO_AMAZON_ROOT_CA_1 = "/home/pi/certs/AmazonRootCA1.pem"

MESSAGE = "hello world"
TOPIC = "device/RPI"
RANGE = 3

myAWSIoTMQTTClient = AWSIoTPyMQTT.AWSIoTMQTTClient(CLIENT_ID)
myAWSIoTMQTTClient.configureEndpoint(ENDPOINT, 8883)
myAWSIoTMQTTClient.configureCredentials(PATH_TO_AMAZON_ROOT_CA_1, PATH_TO_PRIVATE_KEY, PATH_TO_CERTIFICATE)

myAWSIoTMQTTClient.connect()
print('Begin Publish')
for i in range (RANGE):
    data = "{} [{}]".format(MESSAGE, i+1)
    message = {"message" : data}
    myAWSIoTMQTTClient.publish(TOPIC, json.dumps(message), 1) 
    print("Published: '" + json.dumps(message) + "' to the topic: " + TOPIC)
    t.sleep(0.1)
print('Publish End')
myAWSIoTMQTTClient.disconnect()

```

{% endcode %}

Replace <mark style="color:red;">`<your AWS endpoint>`</mark> with your **AWS endpoint** to the <mark style="color:red;">`publish.py`</mark> file (line 11)

{% hint style="info" %}
**To find your AWS endpoint**, go to the [AWS IoT console](https://console.aws.amazon.com/iot/home), near the bottom of the navigation pane, choose **Settings**.

In the **Settings** page you will find the **Endpoint**, which is unique to your AWS account and looks something like: <mark style="color:red;">`abcdef1234567-ats.iot.eu-west-1.amazonaws.com`</mark>.
{% endhint %}

<figure><img src="/files/GAiOQpgemRGP0VmfqFmf" alt=""><figcaption></figcaption></figure>

In the AWS IoT Portal, open the **MQTT test client** and subscribe to the topic **device/RPI**

<figure><img src="/files/ngAeMN9CUz3617UtXZtL" alt=""><figcaption></figcaption></figure>

**Go back to your Raspberry Pi** and run the <mark style="color:red;">`publish.py`</mark> script using the command:

```bash
python3 publish.py
```

Expected response

```bash
Begin Publish
Published: '{"message": "hello world [1]"}' to the topic: device/data
Published: '{"message": "hello world [2]"}' to the topic: device/data
Published: '{"message": "hello world [3]"}' to the topic: device/data
Publish End
```

When looking at the MQTT test client in AWS IoT Core, you can see the messages:

<figure><img src="/files/M97W4HE1vSmvTNdPX4uk" alt=""><figcaption></figcaption></figure>

{% hint style="success" %}
**Congratulations!** I’ve successfully sent data from a Raspberry Pi connected to Monogoto, to AWS IoT Core using the MQTT protocol.
{% endhint %}

### Next steps

* **Trigger actions using Lambdas** - [learn more](https://docs.aws.amazon.com/iot/latest/developerguide/iot-sql-functions.html#iot-func-aws-lambda)
* **Store data in DynamoDB** - [learn more](https://docs.aws.amazon.com/iot/latest/developerguide/iot-ddb-rule.html)<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.monogoto.io/developer/cloud-integrations/aws-iot-core.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.