Building Scalable IoT Applications

AWS IoT Platform

David Reines
VP of Technology
Object Partners, Inc.



  • David Reines, VP of Technology at Object Partners

  • Eighteen years of industry experience

    • Sixteen years at Object Partners

    • Nine years telematics experience


Development, Architecture, Technology Leadership

Cloud Services, Distributed Systems, Microservices, Distributed Data Stores, Messaging Systems

Object Partners

  • Building and Delivering Custom Software Solutions

    • Since 1996

    • ~100 Full-time Consultants

  • Minneapolis, Omaha, Chicago

    • Clients Nationwide

Modern Platforms

  • JVM

  • JavaScript

  • DevOps and Continuous Delivery

  • Real-time Data

  • Mobile

  • Solution Delivery

IoT @ Object Partners

  • Clients

    • Telematics

    • Home Automation

    • And More…​

  • Cloud IoT Platforms

IoT Blogs @ Object Partners

AWS IoT Platform

Managed platform for internet connected devices.

AWS IoT Provides

  • Fully Managed Service

  • Readily Available

  • Highly Scalable

  • Secure

  • Standard Protocol Support

  • Device Management Services

  • Simplified Integrations

Presentation Overview

  • Creating a Device

  • Understanding the Broker

  • Publishing Data via a Device

  • Capturing Data in the Cloud

  • Consuming Data via a Device

  • Managing Device State

  • Monitoring

Creating a Device (Thing)

Create a Thing Type

  • Up to three attributes

  • Searchable

  • Simplifies management

  • Not required

Create a Thing

Thing type and non-searchable attributes optional.

Create and Activate a Certificate

Download private key and certificate for device communication.

Create a Policy

Associate Certificate

To a device and policy.

Understanding the Broker

AWS IoT Message Broker

Pub/Sub message broker supporting MQTT, MQTT/WebSockets and HTTP (pub only).


An ISO standard (ISO/IEC PRF 20922) publish-subscribe-based "lightweight" messaging protocol for use on top of the TCP/IP protocol. It is designed for connections with remote locations where a "small code footprint" is required or the network bandwidth is limited.

MQTT Concepts

  • Clients connect with a "ClientId".

  • Clients publish messages to a "Topic".

  • Clients subscribe to "TopicFilters".

Topics and TopicFilters

// topics are divided into levels

// topic filters allow single (+) and multi-level (#) wildcards

// topic filter matching all west coast speed messages

// topic filter matching all abccompany messages in all regions

// topic filter matching all speed messages

Quality of Service

  • QOS 0 (at most once)

  • QOS 1 (at least once)

  • QOS 2 (exactly once)

    • not supported

Last Will and Testament (LWT)


  • TLS Encryption

  • Authentication

    • X.509 Certificate (MQTT, HTTPS)

    • AWS IAM (HTTPS, WebSockets)

    • AWS Cognito (HTTPS, WebSockets)

  • AWS Policy Based Authorization

Broker Policy Actions

iot:Connect, iot:Publish, iot:Subscribe, iot:Receive

Allow Connect

    "Effect": "Allow",
    "Action": [
    "Resource": [

Allow Subscribe

    "Effect": "Allow",
    "Action": [
    "Resource": [

Allow Receive

    "Effect": "Allow",
    "Action": [
    "Resource": [

Allow Publish

    "Effect": "Allow",
    "Action": [
    "Resource": [

MQTT 3.1.1 Deviations

cleanSession = false

  • Device Shadows

  • Application Level Acknowledgements

  • Lifecycle Events (Connect/Disconnect)

Publishing Data

via a Device

Device SDKs

Embedded C, JavaScript, Arduino Yún
Java, Python, iOS, Android

Java SDK MQTT Connection

CertificateUtils.KeyStorePasswordPair pair = CertificateUtils.getKeyStorePasswordPair(
    clientConfig.certificateFile, clientConfig.privateKeyFile

awsIotMqttClient = new AWSIotMqttClient(
    clientConfig.clientEndpoint, clientConfig.clientId, pair.keyStore, pair.keyPassword


Java SDK Publish

// sample speed publisher (see sample application)
awsIotMqttClient.publish("speed/" + clientId, AWSIotQos.QOS1, payload);

Capturing Data


Rules Engine

Provides SQL-like syntax for selecting messages and performing various actions.

Selecting Messages

  FROM 'speed/+'
 WHERE speed > 55

Available Actions

AWS ElasticSearch, Firehose, Kinesis, Lambda, SQS, S3, DynamoDB, Republish, CloudWatch, SNS

Rules Engine Demo

Send speeding messages to SQS.

Consuming Data

via a Device

Device Subscription Demo

public void subscribe() throws AWSIotException {"Subscribing to sample topic.");
  AWSIotTopic topic = new AWSIotTopic("sample/" + clientId, AWSIotQos.QOS1) {

    @Override public void onMessage(AWSIotMessage message) {

      log.debug("Received message: {}", message.getStringPayload());

Device State Management

Device Shadows

Provides service for managing device state.

Example Device State

  "desired": {
    "minSpeed": 20
  "reported": {
    "minSpeed": 20

Device Shadow Demo

How’s this working?

Shadow Topics

$aws/things/thingName/shadow/update/documents (previous/current)

Device Helper Classes

// Java Helper
public class SampleShadowDevice extends AWSIotDevice {


  private volatile int minSpeed;

  public int getMinSpeed() {
    return minSpeed;

  public void setMinSpeed(int minSpeed) {
    this.minSpeed = minSpeed;

Device Shadow Policies

  • iot:DeleteThingShadow

  • iot:UpdateThingShadow

  • iot:GetThingShadow

Monitoring the System


Metrics, Alarms, Logs, Events

CloudWatch Dashboard