Set up streaming to AWS IoT

Creating a Cloud Connector from ThingSpace to AWS IoT Core

This page describes how to link your ThingSpace account to your AWS account. When you link the accounts, ThingSpace registers your ThingSpace devices as “things” in your AWS account, and streams data from those devices to the AWS account. You can easily use that data in your AWS-based IoT applications.

Prerequisties:

  • A Verizon BillingAccount with CAS devices previously on boarded into it

  • Ability to create the access (user token) and the session (VZ M2M token) to execute the ThingSpace API

  • API reference documentation: https://thingspace.verizon.com/resources/documentation/cloudconnector/API_Reference/

  • Perform the Query Subscription and Query Target API calls to make sure that there are no existing subscriptions and/or targets associated with the Verizon BillingAccountId

  • Delete any previously created subscription on the Verizon BillingAccount

  • Delete any previously created targets on the Verizon BillingAccount

 

Linking a ThingSpace account with an AWS account requires a few steps in both systems:

  1. In ThingSpace, create an external identifier that will be used to provide increased security.
  2. In AWS, create an IAM role for Verizon’s AWS account and give that role permissions to work with the IoT resources in your account.
  3. In ThingSpace, create a target resource that is configured to stream data to AWS, and a subscription that defines the data to send.

1. Create an external ID

ThingSpace uses external identifiers to increase security when sending data to AWS. After creating an external identifier, you will add it to the IAM role in AWS and to the target in ThingSpace. You can create different external IDs if you are using multiple targets to stream to AWS, or you can use the same external ID with all AIM roles and targets.

Use the POST /targets/actions/newextid endpoint to create an external ID.

2. Create an IAM role for ThingSpace in your AWS account

Follow these steps to allow ThingSpace to send device data to your AWS account.

  1. Sign in to AWS.
  2. Browse to IAM (Identity and Access Management).
  3. From the IAM Dashboard, click Roles in the left column.
  4. Click Create role.
  5. Select Another AWS account as the type of trusted identity.
  6. Enter the Verizon Account ID, which is 675479154635.
  7. Check the box to Require external ID.
  8. Copy and paste in the external ID that you created above.
  9. Click Next: Permissions.
  10. Select these permissions:
    • AWSIotDataAccess
    • AWSIoTFullAccess
    • AWSIoTThingsRegistration
  11. Click Next: Tags.
  12. No AWS tags are required. Click Next: Review.
  13. Enter a name for the role, such as “ThingSpace.”
  14. Click Create Role.

AWS displays the role summary page. You will need the Role ARN from that page when you create a target in ThingSpace.

3. Create a target and subscription for AWS in your ThingSpace account

Follow these steps to configure ThingSpace to send device data to your AWS account.

  1. Create a target resource to define where to send device data. An AWS target requires these values:
    • addressscheme must be “streamawsiot”
    • address is the ARN provided by AWS for the role created above.
    • region is the AWS region where your application connects to AWS IoT services. See AWS Regions and Endpoints for a table of regions for the AWS IoT Core service. Note that things and data from one region will not be visible in another region.
    • externalid is the external identifier string generated above.
    • name (and description) are not required, but resource names can be used to query for resources later.
  2. Create a subscription resource that defines the data to send to the target. Use these values for AWS:
    • email is the address to which any error reports should be delivered.
    • streamkind must be ts.event to receive all device data. Alternatively, you can set it to ts.event.diagnostics or ts.event.security to only receive events of those specific types.
    • targetid must be the UUID for the target, which was in the response when the target was created.
    • name is not required, but can be used when querying for the subscription later.

4. View devices and data in AWS

After you have set up AWS and ThingSpace as described on this page, ThingSpace registers devices in the account as “things” in your AWS account, and streams data from those devices to the AWS account.

  • Go to the IoT Core page to see a summary of IoT traffic.
  • Click Manage > Things to see things created by ThingSpace (and from other sources). ThingSpace thing names are comprised of a device identifier (such as the IMEI) prefaced by “ts_“, for example ts_864508030084979.
  • Click a Thing’s name to see more information about that Thing.
  • Click Shadow while viewing a Thing to see the latest data values from the Thing. Critical Asset Sensor data will look similar to this:
{
  "reported": {
    "temperature": "20.7",
    "humidity": "36",
    "light": "0",
    "pressure": "896",
    "battery": "100",
    "acceleration": {
      "x": "0.0133",
      "y": "-1.0394",
      "z": "-0.0328"
    },
    "orientation": {
      "motionInX": "268.0",
      "motionInY": "0.0",
      "motionInZ": "0.0"
    },
    "signalStrength": "-58"
    }
  }
}

When you add new devices to your ThingSpace account, ThingSpace will register them with AWS and stream data from them as defined by your subscriptions.