SlideShare una empresa de Scribd logo

IoT Best Practices & Architecture | AWS IoT

Amazon Web Services
Amazon Web Services

This session was presented in the IoT World 2019 Developer Track covered many of the best practices, "gotchas" and design patterns when building real world IoT solutions.

1 de 29
Descargar para leer sin conexión
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Craig Williams Principal Solutions Architect, IoT Amazon Web Services IoT Best Practices & Architecture
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What to expect with this session?
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Session Agenda • Take a look at patterns that emerge in most IoT solutions • Scaling your solution, how are those down stream services? • Critical message and event processing • Device security best practices • AWS IoT Atlas • Best practice IoT implementation on AWS
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Scaling your IoT solution
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Understanding your scaling architecture and throttle points End-point scaling via a platform architecture Down-stream service considerations Think about message recovery Batching data for efficiency and cost optimization Does you data belong on a broker? Note: AWS IoT services are all built as platforms, handling the scaling of 1-millions of devices and events. Scaling
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Understand message failure points and recovery options Buffering Messages Queuing Messages Known the difference Implementation options Patterns for Message Recovery
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Have a safe way to hold onto data until you can process it Handle data spikes Allow down stream services to scale Hold data if you’re throttled Batch and cost optimization Note: Once data is removed from a stream if cannot be recovered, if it needs to be consider using a queue. Buffering Data Broker Streaming Buffer Data Source Compute Data Source Buffering your data
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Critical event processing
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Have a safe way to hold onto data until you can process it Handle data spikes Allow down stream services to scale Hold data if you’re throttled Batch and cost optimization Note: Having a mechanism to fan out helps prevent a fragile downstream architecture. Queue Data & Fan out Broker Data Source Compute Data Source Critical Event Processing Notification Service Queue Integration to event stream
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark General Designs
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Using a control plane to setup high volume telemetry streaming Not all data belongs on a broker Control is over the broker Telemetry goes directly to your buffering service Can be more cost effective Avoids potential limits Note: The downstream compute component can process from the broker or a stream. Control Plane Broker Streaming Buffer Data Source Compute Data Source Control plane and buffering High volume telemetry, video etc. Two-way control channel, MQTT
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Never expose backend APIs directly and use authentication services Unified entry point for control systems and applications Protect down-stream APIs with TPS throttling and DDOS protection Use platform identity services to authenticate API requests Note: The more AWS services you can put in front of your services an/or APIs the better protection you will have. Protect your APIs BrokerData Source Compute API Protection and Identity Management Enrolment, Recoverychannel API Gateway Streaming Buffer Identity Services
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS IoT Core
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Device Gateway Rules Engine Message Broker Device Shadow Registry Identity Service AWS IoT Core Manage authorization of devices & provision unique identities at scale Fully manage connectivity optimized for IoT workloads Define and catalog device for easy use by AWS services Understand and control the status of your device at any time Reliable and fast communication across your IoT fleet Ingest large amounts of IoT data at a low cost, pre-process it, & make it available to 10+ services for analytics, reporting, & visualization
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark When should you rotate device certificates?
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark You could brick the device and then require physical access to recover it Any time you move certificates and keys you risk exposure You aren’t guaranteeing device security Risks of Certificate Rotation Don’t risk exposure with unnecessary rotation
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Know what’s going on with your device vs rotate & pray Do not rotate certificates on some arbitrary interval Have mechanisms for detecting Multiple connections using the same certificate Anomalies with device data Anomalies with device hardware, unexpected active interfaces such as SPI/I2C or even open ports Faulty device detection, it’s not always a security issue Security Best Practices Know what’s happening with your devices Use hardware security modules/TPMs, PKCS#11
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark How do I ensure my connected devices stay secure?
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Audit Security Dashboard Alerts MitigateDetect Validate IoT configuration is secure Detect anomalies in device behavior Continuously monitor configurations to understand security posture Know when & what to investigate Remediate potential issues AWS IoT Device Defender
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS IoT Atlas ..... A collection of cloud agnostic best practices and patterns https://iotatlas.net/
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark COMMAND A requesting entity reliably asks a device to perform a single action, with acknowledgement of status. 1. A device configures itself to communicate with a protocol endpoint so that Command messages can be sent and received. 2. A component of the solution publishes a Command message targeted at one or more devices. 3. The server uses the protocol endpoint to send the Command message to each previously configured device. 4. Upon completion of the Command’s requested action, the device publishes a command completion message to the server via the protocol endpoint.
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark DEVICE STATE REPLICA A logical representation of a physical device’s reported state, or desired future state. 1. A device reports initial device state by publishing that state as a message to the state/deviceID/update topic. 2. The Device State Replica reads the message from the state/deviceID/update topic and records the device state in a persistent data store. 3. A device subscribes to the delta messaging topic state/deviceID/update/delta upon which device-related state change messages will arrive. 4. A component of the solution publishes a desired state message to the topic state/deviceID/updateand the Device State Replica tracking this device records the desired device state in a persistent data store. 5. The Device State Replica publishes a delta message to the topic state/deviceID/update/delta and the server sends the message to the device. 6. A device receives the delta message and performs the desired state changes. 7. A device publishes a message reflecting the new state to the update topic state/deviceID/update and the Device State Replica tracking this device records the new state in a persistent data store. 8. The Device State Replica publishes a message to the state/deviceID/update/accepted topic. 9. A component of the solution can now request the updated and current state form the Device State Replica.
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark The DSR is the most critical feature to understand.... { "state" : { “desired" : { "lights": { "color": "RED" }, "engine" : "ON" }, "reported" : { "lights" : { "color": "GREEN" }, "engine" : "ON" }, "delta" : { "lights" : { "color": "RED" } } }, "version" : 10 } AWS IoT implements the DSR as a Device Shadow which is managed by AWS IoT in the cloud. State Replica Example APIs
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark These are the issues the DSR is helping to avoid { Direct Publishing, Typically developers want to do this but be aware of the pitfalls. Devices are offline, devices are never always online, be careful of only testing lab environments. Messages can be un-ordered, at high volume your IoT messages may arrive un-ordered. Remember, using the shadow for command and control means we have solved the issues of message timing and reliable delivery for you, for consistent state changes. DSR Patterns APIs
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark GATEWAY A device acts as an intermediary between local devices as well as devices and the cloud. IoT solutions use the Gateway design to overcome the common constraints experienced by endpoints. In doing so a gateway enables reliable and secure communication with otherwise inaccessible endpoints. Additionally a gateway enables continued isolation between the local endpoints and cloud connectivity.
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark IoT Atlas – Contributions Welcome ...We welcome community contributions via our public GitHub repository and pull requests.
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark IoT on AWS
Amazon Kinesis Amazon S3 Bucket Endpoints Gateway/Hub/PLC Long-range Comms Local Comms © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Lambda Amazon DynamoDB Amazon API Gateway Amazon SNS Amazon SQS Amazon Cognito IoT Building Blocks Amazon SageMaker Amazon QuickSight Amazon Redshift Amazon Timestream Applications EnterpriseAWS Cloud Risk Mitigation Detection Profiles Alerts Scheduled or Ad-hoc Audit AWS IoT Device Defender AWS IoT Device Mgmt. Over-the- air (OTA) Updates Batch Fleet Provisioning Real-time Fleet Index & Search AWS IoT Core Device shadow Rules Engine Certificate Authority Message Broker AWS IoT Events Event Detection Take Action Use Predictions AWS IoT Things Graph Device Orchestration Edge Channels Data Pipelines Analytics Data Store Timeseries AWS IoT Analytics MQTT AWS IoT SiteWise Snowball Edge Collection Gateway Protocol Conversion opc-ua mqtt http modbus Certificate Private Key Local Resources OTA Integrated Client WiFi BLE Amazon FreeRTOS IoT SDK PKCS#11 AWS IoT Greengrass Device Shadow Lambda Functions Message Router Local Resources OTA Secret Manager Custom Gateway PKCS#11 MQTT Industrial OPC-UA Server On- premises Historian Things AFR IoT SDK 3rd Party Internet of Things with MQTT, HTTP, WebSockets – TLS 1.2 – x509 MQTT, TLS 1.2 – x509
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark thank you

Recomendados

AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
Amazon Web Services
 
Introduction to AWS IoT
Introduction to AWS IoTIntroduction to AWS IoT
Introduction to AWS IoT
Amazon Web Services
 
Introduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web ServicesIntroduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web Services
Amazon Web Services
 
AWS Storage services
AWS Storage servicesAWS Storage services
AWS Storage services
Nagesh Ramamoorthy
 
AWS 101
AWS 101AWS 101
AWS 101
Amazon Web Services
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
Ian Massingham
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Amazon Web Services
 
Overview of AWS by Andy Jassy - SVP, AWS
Overview of AWS by Andy Jassy - SVP, AWSOverview of AWS by Andy Jassy - SVP, AWS
Overview of AWS by Andy Jassy - SVP, AWS
Amazon Web Services
 

Recomendados

AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
Amazon Web Services
 
Introduction to AWS IoT
Introduction to AWS IoTIntroduction to AWS IoT
Introduction to AWS IoT
Amazon Web Services
 
Introduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web ServicesIntroduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web Services
Amazon Web Services
 
AWS Storage services
AWS Storage servicesAWS Storage services
AWS Storage services
Nagesh Ramamoorthy
 
AWS 101
AWS 101AWS 101
AWS 101
Amazon Web Services
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
Ian Massingham
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Amazon Web Services
 
Overview of AWS by Andy Jassy - SVP, AWS
Overview of AWS by Andy Jassy - SVP, AWSOverview of AWS by Andy Jassy - SVP, AWS
Overview of AWS by Andy Jassy - SVP, AWS
Amazon Web Services
 
Basics AWS Presentation
Basics AWS PresentationBasics AWS Presentation
Basics AWS Presentation
Shyam Kumar
 
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Amazon Web Services
 
금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...
금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...
금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...
Amazon Web Services Korea
 
Aws VPC
Aws VPCAws VPC
Aws VPC
Abhishek Amralkar
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Amazon Web Services
 
AWS & Cloud Foundations
AWS & Cloud FoundationsAWS & Cloud Foundations
AWS & Cloud Foundations
Amazon Web Services
 
IoT Made Easy | AWS IoT
IoT Made Easy | AWS IoTIoT Made Easy | AWS IoT
IoT Made Easy | AWS IoT
Amazon Web Services
 
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
Amazon Web Services Korea
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
Amazon Web Services Korea
 
AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나
AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나
AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나
Amazon Web Services Korea
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environment
Amazon Web Services
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWS
Amazon Web Services
 
Introduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingIntroduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud Computing
Amazon Web Services
 
Introducing Azure Arc
Introducing Azure ArcIntroducing Azure Arc
Introducing Azure Arc
Mohamed Wali
 
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
Amazon Web Services Korea
 
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
Amazon Web Services Korea
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies
 
Building a Better Business Case for Migrating to Cloud
Building a Better Business Case for Migrating to CloudBuilding a Better Business Case for Migrating to Cloud
Building a Better Business Case for Migrating to Cloud
Amazon Web Services
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
Amazon Web Services
 
AWS IoT: servizi costruiti per migliorare le performance di business
AWS IoT: servizi costruiti per migliorare le performance di businessAWS IoT: servizi costruiti per migliorare le performance di business
AWS IoT: servizi costruiti per migliorare le performance di business
Amazon Web Services
 
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...
금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...
금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...
Amazon Web Services Korea
 
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
Amazon Web Services Korea
 
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
Amazon Web Services Korea
 
AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나
AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나
AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나
Amazon Web Services Korea
 
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
Amazon Web Services Korea
 
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
Amazon Web Services Korea
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies
 

La actualidad más candente (20)

Basics AWS Presentation
Basics AWS PresentationBasics AWS Presentation
Basics AWS Presentation
 
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
 
금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...
금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...
금융권 최신 AWS 도입 사례 총정리 – 신한 제주 은행, KB손해보험 사례를 중심으로 - 지성국 사업 개발 담당 이사, AWS / 정을용...
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
AWS & Cloud Foundations
AWS & Cloud FoundationsAWS & Cloud Foundations
AWS & Cloud Foundations
 
IoT Made Easy | AWS IoT
IoT Made Easy | AWS IoTIoT Made Easy | AWS IoT
IoT Made Easy | AWS IoT
 
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
[Bespin Global 파트너 세션] 분산 데이터 통합 (Data Lake) 기반의 데이터 분석 환경 구축 사례 - 베스핀 글로벌 장익...
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
 
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
 
AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나
AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나
AWS 기반 데이터 레이크(Datalake) 구축 및 분석 - 김민성 (AWS 솔루션즈아키텍트) : 8월 온라인 세미나
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environment
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWS
 
Introduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud ComputingIntroduction to AWS Services and Cloud Computing
Introduction to AWS Services and Cloud Computing
 
Introducing Azure Arc
Introducing Azure ArcIntroducing Azure Arc
Introducing Azure Arc
 
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
 
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
KB국민은행은 시작했다 -  쉽고 빠른 클라우드 거버넌스 적용 전략 - 강병억 AWS 솔루션즈 아키텍트 / 장강홍 클라우드플랫폼단 차장, ...
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
 
Building a Better Business Case for Migrating to Cloud
Building a Better Business Case for Migrating to CloudBuilding a Better Business Case for Migrating to Cloud
Building a Better Business Case for Migrating to Cloud
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
 

Similar a IoT Best Practices & Architecture | AWS IoT

AWS IoT_Connected Home Solutions
AWS IoT_Connected Home Solutions AWS IoT_Connected Home Solutions
AWS IoT_Connected Home Solutions
Amazon Web Services
 
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS SummitConnecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
Amazon Web Services
 
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Amazon Web Services
 
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
Amazon Web Services
 
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Amazon Web Services
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
Amazon Web Services
 

Similar a IoT Best Practices & Architecture | AWS IoT (20)

AWS IoT: servizi costruiti per migliorare le performance di business
AWS IoT: servizi costruiti per migliorare le performance di businessAWS IoT: servizi costruiti per migliorare le performance di business
AWS IoT: servizi costruiti per migliorare le performance di business
 
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
 
AWS Learning Series: Harnessing the Power of Data | An Introduction to IoT
AWS Learning Series: Harnessing the Power of Data | An Introduction to IoTAWS Learning Series: Harnessing the Power of Data | An Introduction to IoT
AWS Learning Series: Harnessing the Power of Data | An Introduction to IoT
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
 
AWS IoT_Connected Home Solutions
AWS IoT_Connected Home Solutions AWS IoT_Connected Home Solutions
AWS IoT_Connected Home Solutions
 
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS SummitConnecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
Connecting your devices at scale, ft. Discovery - SVC205 - New York AWS Summit
 
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019 Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
Securing the edge with AWS IoT services - FND330 - AWS re:Inforce 2019
 
AWS Outposts Update
AWS Outposts UpdateAWS Outposts Update
AWS Outposts Update
 
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
IoT at scale - Monitor and manage devices with AWS IoT Device Management - SV...
 
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
Building IoT Applications for a Smart Home, ft. Vestel (IOT306-R1) - AWS re:I...
 
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
 
Detect Abnormal Device Behavior with AWS IoT Device Defender (IOT313-R3) - AW...
Detect Abnormal Device Behavior with AWS IoT Device Defender (IOT313-R3) - AW...Detect Abnormal Device Behavior with AWS IoT Device Defender (IOT313-R3) - AW...
Detect Abnormal Device Behavior with AWS IoT Device Defender (IOT313-R3) - AW...
 
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksHow to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
 
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
 
Introduction to the AWS Cloud - AWSome Day 2019 - Toronto
Introduction to the AWS Cloud - AWSome Day 2019 - TorontoIntroduction to the AWS Cloud - AWSome Day 2019 - Toronto
Introduction to the AWS Cloud - AWSome Day 2019 - Toronto
 
Introduction to the AWS Cloud - AWSome Day 2019 - Denver
Introduction to the AWS Cloud - AWSome Day 2019 - Denver Introduction to the AWS Cloud - AWSome Day 2019 - Denver
Introduction to the AWS Cloud - AWSome Day 2019 - Denver
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

IoT Best Practices & Architecture | AWS IoT

  • 1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Craig Williams Principal Solutions Architect, IoT Amazon Web Services IoT Best Practices & Architecture
  • 2. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What to expect with this session?
  • 3. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Session Agenda • Take a look at patterns that emerge in most IoT solutions • Scaling your solution, how are those down stream services? • Critical message and event processing • Device security best practices • AWS IoT Atlas • Best practice IoT implementation on AWS
  • 4. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Scaling your IoT solution
  • 5. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Understanding your scaling architecture and throttle points End-point scaling via a platform architecture Down-stream service considerations Think about message recovery Batching data for efficiency and cost optimization Does you data belong on a broker? Note: AWS IoT services are all built as platforms, handling the scaling of 1-millions of devices and events. Scaling
  • 6. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Understand message failure points and recovery options Buffering Messages Queuing Messages Known the difference Implementation options Patterns for Message Recovery
  • 7. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Have a safe way to hold onto data until you can process it Handle data spikes Allow down stream services to scale Hold data if you’re throttled Batch and cost optimization Note: Once data is removed from a stream if cannot be recovered, if it needs to be consider using a queue. Buffering Data Broker Streaming Buffer Data Source Compute Data Source Buffering your data
  • 8. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Critical event processing
  • 9. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Have a safe way to hold onto data until you can process it Handle data spikes Allow down stream services to scale Hold data if you’re throttled Batch and cost optimization Note: Having a mechanism to fan out helps prevent a fragile downstream architecture. Queue Data & Fan out Broker Data Source Compute Data Source Critical Event Processing Notification Service Queue Integration to event stream
  • 10. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark General Designs
  • 11. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Using a control plane to setup high volume telemetry streaming Not all data belongs on a broker Control is over the broker Telemetry goes directly to your buffering service Can be more cost effective Avoids potential limits Note: The downstream compute component can process from the broker or a stream. Control Plane Broker Streaming Buffer Data Source Compute Data Source Control plane and buffering High volume telemetry, video etc. Two-way control channel, MQTT
  • 12. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Never expose backend APIs directly and use authentication services Unified entry point for control systems and applications Protect down-stream APIs with TPS throttling and DDOS protection Use platform identity services to authenticate API requests Note: The more AWS services you can put in front of your services an/or APIs the better protection you will have. Protect your APIs BrokerData Source Compute API Protection and Identity Management Enrolment, Recoverychannel API Gateway Streaming Buffer Identity Services
  • 13. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS IoT Core
  • 14. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Device Gateway Rules Engine Message Broker Device Shadow Registry Identity Service AWS IoT Core Manage authorization of devices & provision unique identities at scale Fully manage connectivity optimized for IoT workloads Define and catalog device for easy use by AWS services Understand and control the status of your device at any time Reliable and fast communication across your IoT fleet Ingest large amounts of IoT data at a low cost, pre-process it, & make it available to 10+ services for analytics, reporting, & visualization
  • 15. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark When should you rotate device certificates?
  • 16. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark You could brick the device and then require physical access to recover it Any time you move certificates and keys you risk exposure You aren’t guaranteeing device security Risks of Certificate Rotation Don’t risk exposure with unnecessary rotation
  • 17. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Know what’s going on with your device vs rotate & pray Do not rotate certificates on some arbitrary interval Have mechanisms for detecting Multiple connections using the same certificate Anomalies with device data Anomalies with device hardware, unexpected active interfaces such as SPI/I2C or even open ports Faulty device detection, it’s not always a security issue Security Best Practices Know what’s happening with your devices Use hardware security modules/TPMs, PKCS#11
  • 18. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark How do I ensure my connected devices stay secure?
  • 19. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Audit Security Dashboard Alerts MitigateDetect Validate IoT configuration is secure Detect anomalies in device behavior Continuously monitor configurations to understand security posture Know when & what to investigate Remediate potential issues AWS IoT Device Defender
  • 20. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS IoT Atlas ..... A collection of cloud agnostic best practices and patterns https://iotatlas.net/
  • 21. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark COMMAND A requesting entity reliably asks a device to perform a single action, with acknowledgement of status. 1. A device configures itself to communicate with a protocol endpoint so that Command messages can be sent and received. 2. A component of the solution publishes a Command message targeted at one or more devices. 3. The server uses the protocol endpoint to send the Command message to each previously configured device. 4. Upon completion of the Command’s requested action, the device publishes a command completion message to the server via the protocol endpoint.
  • 22. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark DEVICE STATE REPLICA A logical representation of a physical device’s reported state, or desired future state. 1. A device reports initial device state by publishing that state as a message to the state/deviceID/update topic. 2. The Device State Replica reads the message from the state/deviceID/update topic and records the device state in a persistent data store. 3. A device subscribes to the delta messaging topic state/deviceID/update/delta upon which device-related state change messages will arrive. 4. A component of the solution publishes a desired state message to the topic state/deviceID/updateand the Device State Replica tracking this device records the desired device state in a persistent data store. 5. The Device State Replica publishes a delta message to the topic state/deviceID/update/delta and the server sends the message to the device. 6. A device receives the delta message and performs the desired state changes. 7. A device publishes a message reflecting the new state to the update topic state/deviceID/update and the Device State Replica tracking this device records the new state in a persistent data store. 8. The Device State Replica publishes a message to the state/deviceID/update/accepted topic. 9. A component of the solution can now request the updated and current state form the Device State Replica.
  • 23. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark The DSR is the most critical feature to understand.... { "state" : { “desired" : { "lights": { "color": "RED" }, "engine" : "ON" }, "reported" : { "lights" : { "color": "GREEN" }, "engine" : "ON" }, "delta" : { "lights" : { "color": "RED" } } }, "version" : 10 } AWS IoT implements the DSR as a Device Shadow which is managed by AWS IoT in the cloud. State Replica Example APIs
  • 24. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark These are the issues the DSR is helping to avoid { Direct Publishing, Typically developers want to do this but be aware of the pitfalls. Devices are offline, devices are never always online, be careful of only testing lab environments. Messages can be un-ordered, at high volume your IoT messages may arrive un-ordered. Remember, using the shadow for command and control means we have solved the issues of message timing and reliable delivery for you, for consistent state changes. DSR Patterns APIs
  • 25. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark GATEWAY A device acts as an intermediary between local devices as well as devices and the cloud. IoT solutions use the Gateway design to overcome the common constraints experienced by endpoints. In doing so a gateway enables reliable and secure communication with otherwise inaccessible endpoints. Additionally a gateway enables continued isolation between the local endpoints and cloud connectivity.
  • 26. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark IoT Atlas – Contributions Welcome ...We welcome community contributions via our public GitHub repository and pull requests.
  • 27. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark IoT on AWS
  • 28. Amazon Kinesis Amazon S3 Bucket Endpoints Gateway/Hub/PLC Long-range Comms Local Comms © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Lambda Amazon DynamoDB Amazon API Gateway Amazon SNS Amazon SQS Amazon Cognito IoT Building Blocks Amazon SageMaker Amazon QuickSight Amazon Redshift Amazon Timestream Applications EnterpriseAWS Cloud Risk Mitigation Detection Profiles Alerts Scheduled or Ad-hoc Audit AWS IoT Device Defender AWS IoT Device Mgmt. Over-the- air (OTA) Updates Batch Fleet Provisioning Real-time Fleet Index & Search AWS IoT Core Device shadow Rules Engine Certificate Authority Message Broker AWS IoT Events Event Detection Take Action Use Predictions AWS IoT Things Graph Device Orchestration Edge Channels Data Pipelines Analytics Data Store Timeseries AWS IoT Analytics MQTT AWS IoT SiteWise Snowball Edge Collection Gateway Protocol Conversion opc-ua mqtt http modbus Certificate Private Key Local Resources OTA Integrated Client WiFi BLE Amazon FreeRTOS IoT SDK PKCS#11 AWS IoT Greengrass Device Shadow Lambda Functions Message Router Local Resources OTA Secret Manager Custom Gateway PKCS#11 MQTT Industrial OPC-UA Server On- premises Historian Things AFR IoT SDK 3rd Party Internet of Things with MQTT, HTTP, WebSockets – TLS 1.2 – x509 MQTT, TLS 1.2 – x509
  • 29. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark thank you