> For the complete documentation index, see [llms.txt](https://docs.monogoto.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.monogoto.io/developer/cloud-integrations/aws-iot-core.md).

# AWS IoT Core

Easily and securely connect devices to [**AWS IoT Core**](https://aws.amazon.com/iot-core/). AWS IoT Core uses MQTT to transmit and receive messages, a lightweight IoT messaging protocol. This tutorial explain how to set up AWS IoT Core and start sending IoT data from a Raspberry Pi connected over cellular.

<figure><img src="/files/We0s9XDSfuRtlGnttQuy" alt=""><figcaption></figcaption></figure>

### Quick Navigation

* [Create a Thing in AWS](#create-a-thing-in-aws)
* [Connect your device to AWS IoT Core](#connect-your-device-to-aws-iot-core)
* [Create your python script](#create-your-python-script)

### Prerequisites

* [AWS account](https://console.aws.amazon.com/)
* Monogoto SIM
* Raspberry Pi 3 or 4

## Create a Thing in AWS

Start by visiting the [**AWS portal**](https://console.aws.amazon.com/console/home)

Search for the **IoT Core** service

<figure><img src="/files/DPl4jF6sVQ4AzwIaTmxe" alt=""><figcaption></figcaption></figure>

In the left side menu, navigate to **Manage > All devices > Things**&#x20;

Click the button **Create Things** to create your digital Thing.

<figure><img src="/files/kZ1n9j0t9wPgI6XRuGGS" alt=""><figcaption></figcaption></figure>

**Name your thing**, e.g. <mark style="color:red;">`mqtt-thing`</mark>

<figure><img src="/files/RBf5WFSTe48ZNlvoFU9P" alt=""><figcaption></figcaption></figure>

Select **Auto-generate a new certificate**

<figure><img src="/files/tKRS8qj4VI02vXG5uhgU" alt=""><figcaption></figcaption></figure>

Attach an existing policy, or create a new one by clicking “**Create policy**”

<figure><img src="/files/slP31d0b9q47QU68DLuA" alt=""><figcaption></figcaption></figure>

When creating a new policy, add 4 statements allowing the Thing to **Connect**, **Publish**, **Receive** and **Subscribe**. Under Policy resource, add an asterisk <mark style="color:red;">`*`</mark> to allow all topic names to connect to AWS IoT Core.&#x20;

```
Policy effect    Policy action    Policy resource
Allow            iot:Connect      *  
Allow            iot:Publish      *   
Allow            iot:Receive      *  
Allow            iot:Subscribe    * 
```

<figure><img src="/files/bJJWeO6aFG3i8lg6GZ3h" alt=""><figcaption></figcaption></figure>

{% hint style="warning" %}
When using AWS IoT Core in production, restrict the Policy resource to specific topics to increase the security of your application.
{% endhint %}

#### **Download all keys and CA files**

Download and store the **Device certificate**, **Private key file** and **Amazon Root CA 1** in a directory called <mark style="color:red;">`certs`</mark>. Make sure to name the files properly as described in the table below.

| **Device certificate** | device.pem.crt    |
| ---------------------- | ----------------- |
| **Private key file**   | private.pem.key   |
| **Amazon Root CA 1**   | AmazonRootCA1.pem |

<figure><img src="/files/Nn6aUBSMPHJso28PccnF" alt=""><figcaption></figcaption></figure>

## Connect your device to AWS IoT Core

*This section explains how to run a python scrip on a Raspberry Pi, connected to Monogoto. For more information on how to connect the Raspberry Pi to Monogoto, see* [*this tutorial*](/getting-started/general-device-configurations/raspberry-pi.md)*.*

**Access the Raspberry Pi** over ssh or by connecting a screen and keyboard

**Install the required libraries**

Before you install an AWS IoT Device SDK, run these commands in a terminal window on your Linux device to install the required libraries.

```bash
sudo apt-get install cmake
```

```bash
sudo apt-get install libssl-dev
```

Install the **AWS IoT Device SDK** for Python and download the sample apps to your device.

```bash
cd ~
pip3 install awsiotsdk
pip3 install AWSIoTPythonSDK
```

**Add certificates to the Raspberry Pi**

Add the **Device certificate**, **Private key file** and **Amazon Root CA 1** to a folder called <mark style="color:red;">`certs`</mark>.

```
cd ~
mkdir certs
```

{% hint style="info" %}
If you downloaded the certificates to a different machine, move the certificates to the RPI using the below command: <mark style="color:red;">`scp -r ~/certspi@<ip address>:~/certs`</mark>
{% endhint %}

## Create your python script

#### Create a new file called <mark style="color:red;">`publish.py`</mark> containing the below script &#x20;

{% code lineNumbers="true" %}

```python
# publish.py

# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0

import time as t
import json
import AWSIoTPythonSDK.MQTTLib as AWSIoTPyMQTT

# Define ENDPOINT, CLIENT_ID, PATH_TO_CERTIFICATE, PATH_TO_PRIVATE_KEY, PATH_TO_AMAZON_ROOT_CA_1, MESSAGE, TOPIC, and RANGE
ENDPOINT = "<your AWS endpoint>"
CLIENT_ID = "basicPubSub"
PATH_TO_CERTIFICATE = "/home/pi/certs/device.pem.crt"
PATH_TO_PRIVATE_KEY = "/home/pi/certs/private.pem.key"
PATH_TO_AMAZON_ROOT_CA_1 = "/home/pi/certs/AmazonRootCA1.pem"

MESSAGE = "hello world"
TOPIC = "device/RPI"
RANGE = 3

myAWSIoTMQTTClient = AWSIoTPyMQTT.AWSIoTMQTTClient(CLIENT_ID)
myAWSIoTMQTTClient.configureEndpoint(ENDPOINT, 8883)
myAWSIoTMQTTClient.configureCredentials(PATH_TO_AMAZON_ROOT_CA_1, PATH_TO_PRIVATE_KEY, PATH_TO_CERTIFICATE)

myAWSIoTMQTTClient.connect()
print('Begin Publish')
for i in range (RANGE):
    data = "{} [{}]".format(MESSAGE, i+1)
    message = {"message" : data}
    myAWSIoTMQTTClient.publish(TOPIC, json.dumps(message), 1) 
    print("Published: '" + json.dumps(message) + "' to the topic: " + TOPIC)
    t.sleep(0.1)
print('Publish End')
myAWSIoTMQTTClient.disconnect()

```

{% endcode %}

Replace <mark style="color:red;">`<your AWS endpoint>`</mark> with your **AWS endpoint** to the <mark style="color:red;">`publish.py`</mark> file (line 11)

{% hint style="info" %}
**To find your AWS endpoint**, go to the [AWS IoT console](https://console.aws.amazon.com/iot/home), near the bottom of the navigation pane, choose **Settings**.

In the **Settings** page you will find the **Endpoint**, which is unique to your AWS account and looks something like: <mark style="color:red;">`abcdef1234567-ats.iot.eu-west-1.amazonaws.com`</mark>.
{% endhint %}

<figure><img src="/files/GAiOQpgemRGP0VmfqFmf" alt=""><figcaption></figcaption></figure>

In the AWS IoT Portal, open the **MQTT test client** and subscribe to the topic **device/RPI**

<figure><img src="/files/ngAeMN9CUz3617UtXZtL" alt=""><figcaption></figcaption></figure>

**Go back to your Raspberry Pi** and run the <mark style="color:red;">`publish.py`</mark> script using the command:

```bash
python3 publish.py
```

Expected response

```bash
Begin Publish
Published: '{"message": "hello world [1]"}' to the topic: device/data
Published: '{"message": "hello world [2]"}' to the topic: device/data
Published: '{"message": "hello world [3]"}' to the topic: device/data
Publish End
```

When looking at the MQTT test client in AWS IoT Core, you can see the messages:

<figure><img src="/files/M97W4HE1vSmvTNdPX4uk" alt=""><figcaption></figcaption></figure>

{% hint style="success" %}
**Congratulations!** I’ve successfully sent data from a Raspberry Pi connected to Monogoto, to AWS IoT Core using the MQTT protocol.
{% endhint %}

### Next steps

* **Trigger actions using Lambdas** - [learn more](https://docs.aws.amazon.com/iot/latest/developerguide/iot-sql-functions.html#iot-func-aws-lambda)
* **Store data in DynamoDB** - [learn more](https://docs.aws.amazon.com/iot/latest/developerguide/iot-ddb-rule.html)<br>
