Saturday, September 24, 2022

Raspi-4 Lightweight Custom Linux with AWS IoT Device SDK demo

This blog explains 6 simple steps to have a running AWS-IoT-Device-Sdk Demo in few minutes.

  1. Download sdcard-pi4-aws-iot-demo.img.xz (image size is just under 25MB)
  2. Write sdcard-pi4-aws-iot-demo.img.xz to sdcard using Balena-Etcher-Application
  3. After writing the sdcard image, un-plug/re-plug the sdcard to see the boot partition on your windows PC(e.g D or E drive)
  4. Open aws-iot-pubsub-agent.conf using text editor and set your endpoint(see picture below).
  5. Copy aws-console generated iot certificates to boot partition of the sdcard(e.g xyz-certificate.pem and xyz-private.pem.key)
  6. Insert the sdcard in rpi-4 hw and power-ON, after boot, aws-iot-pubsub-agent binary would start publishing the custom message to your AWS-IoT-Core.

Following image shows the steps 4/5/6 in detail,


















How to build the sdcard image from sources?
Following are the 2 simple steps required to build the image, but detailed instructions are found at this git-repository:

  1. make -C buildroot BR2_EXTERNAL=../ BR2_DL_DIR=../../br-dl O=../../br-output raspberrypi4_aws_iot_defconfig
  2. make -C buildroot BR2_EXTERNAL=../ BR2_DL_DIR=../../br-dl O=../../br-output

What is the purpose of this lightweight Linux image?
For those evaluating AWS-IoT connectivity, this demo image gives required kickstart to have a working aws-iot-endpoint in few simple steps.


What other preparations are required on the aws-cloud?
  1. Create an AWS IoT account (Note: Payment details are still required for 1year free account)
  2. Login to console.aws.amazon.com ==> IoT Core
  3. Console.Aws==>Manage ==> All Devices ==> Things ==> Create Thing
  4. After creating your Demo-Thing, you will be asked to download the device-certificate and private-key file(keep these 2 files in a safe location - as mentioned in step-5 above, these 2 files are to be copied to the boot partition of the sdcard)
  5. Console.Aws==> Settings, look for Endpoint, this will be required as shown in the step-4 above.
  6. Console.Aws==> Security ==> Policies, create a sample policy with 4 entries as shown below















What are the customizations done in the rpi-4 buildroot config to have this aws-demo-image?
  1. Enabled dropbear for remote debugging without monitor/keyboard
  2. Added buildroot package for aws-iot-device-sdk-cpp-v2
  3. Added buildroot package for aws-iot-pubsub-agent
  4. Enabled chrony daemon for time sync(required for tls-handshake)
  5. Enabled aws-iot-device-sdk-cpp-v2 dependencies(host-cmake/libcur/openssl/util-linux)
  6. Included AmazonRootCA1.pem in the rootfs(/etc/)
  7. Added aws-iot-pubsub-agent.conf file to rootfs which is required by the agent startup script.
  8. During linux boot, added /etc/init.d/S03MountBoot startup scirpt for mounting boot partition in /mnt/certs, this partition will have required certificate, key, and aws-iot-pubsub-agent.conf files
  9. Included startup script for aws-iot-pubsub-agent.

My raspi-4 board is now running from newly created sdcard, Whats next?
  1. Ensure that your raspi-4 hw is connected to the dhcp network where internet access is possible.
  2. Raspi-4 will receive an ip on your local network, you can reach this using hostname buildroot or using the ip(I assume you know how check which ip address is assigned Raspi-4)
  3. Login using ssh (e.g: ssh root@192.168.x.y - when asked for pw, enter brb0x )
  4. To see what message was published upon startup, do: cat /tmp/aws-iot-pubsub-agent.log
  5. Incase If you would like to modify included aws-iot-pubsub-agent code with your own changes, and see how your changes would work on Raspi-4 target, here are the details on how to compile and run your local changes using a cross-toolchain provided with this image.

How do I know if my raspi-4 is publishing "Hello world!" messages on AWS cloud?
If everything is configured correctly on your sdcard(and your security policies are set correctly on console.aws.amazon.com), Hello World! publish messages can be seen on  your console.aws.amazon.com as shown below.


3 comments:

Unknown said...

Very informative.

AB33 said...

Thanks for this information.

Mega888 Free Credit said...

Thank you for taking the time to create this article. It's greatly appreciated, and I've learned a lot from it.