Reputation: 353
How to interface AWS API Gateway (handling REST calls) with AWS IoT core
I need to interface few sensors through the AWS API Gateway (no MQTT support) and I would like to use the rules offered by the AWS IoT Core service in order to insert inside the DynamoDB a new device, store data, etc... The generic architecture of the system will be something like this.
Questions:
- Is this kind of architecture the best-practice?
- How can I practically interface the API Gateway with the IoT core? I know that there are the lambdas, but as you can see here, there is no lambda connection between Gateway and IoT core, so I am pretty lost here.
Upvotes: 0
Views: 1696
Answers (2)
Reputation: 1545
I would suggest using the AWS IoT HTTPS endpoint instead of providing your own API Gateway.
https://<iot-endpoint>/topics
iot-endpoint is the same as you would use with MQTT but now with the HTTPS protocol.
| Protocol | Operations supported | Authentication | Port | ALPN protocol name |
|---|---|---|---|---|
| HTTPS | Publish only | Signature Version 4 | 443 | N/A |
| HTTPS | Publish only | X.509 client certificate | 443† | x-amzn-http-ca |
| HTTPS | Publish only | X.509 client certificate | 8443 | N/A |
| HTTPS | Publish only | Custom authentication | 443 | N/A |
†Clients that connect on port 443 with X.509 client certificate authentication must implement the Application Layer Protocol Negotiation (ALPN) TLS extension and use the ALPN protocol name listed in the ALPN ProtocolNameList sent by the client as part of the ClientHello message.
Upvotes: 0
Reputation: 592
Is this kind of architecture the best-practice?
This architecture makes sense and is similar to AWS' Well Architected IOT Lens. Depending on your traffic volume, it may better to ingest the data into firehose first, then aggregate into DDB. https://docs.aws.amazon.com/wellarchitected/latest/iot-lens/welcome.html
How can I practically interface the API Gateway with the IoT core? I know that there are the lambdas, but as you can see here, there is no lambda connection between Gateway and IoT core, so I am pretty lost here.
There are two ways of handling this interaction
a. Model request and response as topics
Device calls:cmd/application/getSomething/deviceId/req
Service publishes: cmd/application/getSomething/deviceId/res
Since you don't have MQTT support, I don't think this will work.
b. Use AWS IOTs assume role functionality. Here, you'll setup a role that has access to your ApiGW that is IAM protected. You'll assume the role and then call ApiGW as you normally would. https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html
Alternatively, you could explore ApiGW's mutual TLS, and use the device certificate to authenticate to the ApiGW.
https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/
Upvotes: 0
Related Questions
- Cant connect to AWS IoT Core via MQTT using AWSIoTPythonSDK
- Amazon AWS IoT Core: sending an MQTT message via WebSocket from the browser
- AWS API Gateway to External REST API
- Connection to AWS IoT with M2MQTT from .net core
- Get AWS IoT MQTT data on my EC2 instance
- API Gateway with MQTT support (IOT)
- Connect gateway to AWS IoT
- Differences between Device Gateway and MQTT broker in AWS IoT
- Is AWS IoT Device Gateway an MQTT broker?
- What is wrong with my configuration? AWS - IoT using MQTT