Saturday, September 24, 2022

AWS IoT on Raspberry Pi with 25 MB Buildroot Linux

Six simple steps to get an AWS IoT Device SDK demo running on a Raspberry Pi 4 — using a lightweight custom Linux image built with Buildroot (just under 25 MB).

Quick start

  1. Download sdcard-pi4-aws-iot-demo.img.xz (~25 MB)
  2. Write the image to an SD card using Balena Etcher
  3. Unplug and re-plug the SD card so the boot partition appears on your PC
  4. Open aws-iot-pubsub-agent.conf and set your AWS IoT endpoint
  5. Copy your AWS-generated device certificate (xyz-certificate.pem) and private key (xyz-private.pem.key) to the boot partition
  6. Insert the SD card into the Raspberry Pi 4, power on — the aws-iot-pubsub-agent will start publishing messages to your AWS IoT Core

The following image shows steps 4, 5, and 6 in detail:

SD card configuration — endpoint, certificates, and boot

Steps 4–6: configure endpoint, copy certificates, and boot the Pi.

AWS cloud preparation

Before booting the Pi, set up the following on console.aws.amazon.com:

  1. Create an AWS IoT account (payment details required even for the free tier)
  2. Navigate to IoT Core
  3. Go to Manage → All Devices → Things → Create Thing
  4. Download the device certificate and private key (copy these to the SD card boot partition as described in step 5 above)
  5. Go to Settings and note your Endpoint (needed for step 4 above)
  6. Go to Security → Policies and create a policy with 4 entries as shown below:
AWS IoT security policy configuration

AWS IoT security policy — required permissions for the device.

Building the image from source

Two commands to build the SD card image (detailed instructions in the git repository):

make -C buildroot BR2_EXTERNAL=../ BR2_DL_DIR=../../br-dl O=../../br-output raspberrypi4_aws_iot_defconfig
make -C buildroot BR2_EXTERNAL=../ BR2_DL_DIR=../../br-dl O=../../br-output

Buildroot customizations

Key changes in the Raspberry Pi 4 Buildroot config for this AWS demo image:

  1. Enabled Dropbear SSH for remote debugging without monitor/keyboard
  2. Added Buildroot package for aws-iot-device-sdk-cpp-v2
  3. Added Buildroot package for aws-iot-pubsub-agent
  4. Enabled chrony for time sync (required for TLS handshake)
  5. Enabled SDK dependencies (host-cmake, libcurl, openssl, util-linux)
  6. Included AmazonRootCA1.pem in /etc/
  7. Added aws-iot-pubsub-agent.conf to rootfs for the agent startup script
  8. Added /etc/init.d/S03MountBoot to mount the boot partition at /mnt/certs (contains certificates, key, and config)
  9. Included startup script for aws-iot-pubsub-agent

After booting

  1. Connect the Raspberry Pi 4 to a DHCP network with internet access
  2. Find the Pi on your network using hostname buildroot or its assigned IP
  3. Log in via SSH: ssh root@192.168.x.y (password: brb0x)
  4. Check the publish log: cat /tmp/aws-iot-pubsub-agent.log
  5. To modify the aws-iot-pubsub-agent code, see how to cross-compile and run on target

If everything is configured correctly (SD card and AWS security policies), Hello World! messages will appear on your AWS IoT Core console:

AWS IoT Core showing Hello World messages from Raspberry Pi

AWS IoT Core — Hello World messages arriving from the Raspberry Pi 4.

SOURCE CODE

github.com/hackboxguy/br-wrapper — build instructions and Buildroot config

sdcard-pi4-aws-iot-demo.img.xz — pre-built SD card image (~25 MB)

Related posts

Posted by at 3 comments:
Labels: , , , , , ,
Subscribe to: Comments (Atom)