AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)
-
Upload
amazon-web-services -
Category
Technology
-
view
163 -
download
3
Transcript of AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)
![Page 1: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
November 30, 2016
IoT401
Serverless IoT Back Ends
Olawale Oladehin, AWS Solutions Architect
Ben Kehoe, iRobot Cloud Robotics Research Scientist
![Page 2: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/2.jpg)
The Things in the Internet of Things…
![Page 3: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/3.jpg)
AWS re:Invent 2016
Olawale “Wale” Oladehin
• Amazon Web Services
Solutions Architect
@oladehin
![Page 4: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/4.jpg)
Assuming you’ve heard of…
AWS
Lambda
Amazon
DynamoDB
AWS IoT
IoT
shadow
AWS IoT
rule
Amazon
SNS
Amazon
API
GatewayAmazon
SQS
Amazon
KinesisAmazon
Elasticsearch
Service
![Page 5: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/5.jpg)
What will you learn in this session
• Benefits of serverless IoT back ends
• Foundations of serverless IoT back ends
• iRobot customer experience
![Page 6: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/6.jpg)
Advantages of
serverless IoT back ends
![Page 7: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/7.jpg)
What are the principles of an IoT architecture?
Fault-tolerant
Decoupled Scalable
Cost-efficient
Visibility
Agility
Secure
Microservices
Distributed
Anti-fragile
DevOps
Low latency
Event sourcing
![Page 8: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/8.jpg)
Advantages of serverless IoT back ends
Scalable Event-drivenDon’t pay for
idle
Stateless
![Page 9: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/9.jpg)
Blueprint for serverless IoT
back ends
![Page 10: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/10.jpg)
Blueprint for serverless IoT back ends
AWS LambdaAWS IoT Amazon API
Gateway
![Page 11: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/11.jpg)
Blueprint for serverless IoT back ends
State management
Amazon
DynamoDB
Amazon
ElastiCache
Amazon
Elasticsearch
Service
AWS IoT
IoT
shadow
Amazon API
GatewayAWS Lambda
![Page 12: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/12.jpg)
Blueprint for serverless IoT back ends
Fast pipeline
AWS IoT Amazon API
GatewayAWS Lambda
Amazon
S3
Amazon
Kinesis
Amazon
SQS
Amazon
SNS
![Page 13: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/13.jpg)
Blueprint for serverless IoT back ends
Operations
Amazon
CloudWatch
AWS
CloudFormation
AWS IoT Amazon API
GatewayAWS Lambda
![Page 14: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/14.jpg)
Blueprint for serverless IoT back ends
State management Operations
Amazon
S3Amazon
DynamoDB
Amazon
ElastiCache Amazon
CloudWatch
AWS
CloudFormation
Amazon
Elasticsearch
Service
Amazon
Kinesis
AWS IoT
IoT
shadow
Amazon
SQS
Amazon API
Gateway
Amazon
SNS
AWS Lambda
Fast pipeline
![Page 15: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/15.jpg)
Example architecture for
serverless IoT back end
![Page 16: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/16.jpg)
Example: smart transportation
Mobile device
Turnstiles
![Page 17: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/17.jpg)
State management
State management Operations
Amazon
S3Amazon
DynamoDB
Amazon
ElastiCache Amazon
CloudWatch
AWS
CloudFormation
Amazon
Elasticsearch
Service
Amazon
Kinesis
IoT
shadow
Amazon
SQS
Amazon
SNS
Fast pipeline
![Page 18: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/18.jpg)
Stateless != state doesn’t matter
• How do we deal with state?
• Store output
• Search index
• Time series
• Structured
![Page 19: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/19.jpg)
Stateless != state doesn’t matter
• How do we deal with state?
• Store output
• Store each event• Analytics
• True system
history
• Arbitrary
projections(x)
![Page 20: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/20.jpg)
Smart transportation – mobile device
Topic:
$aws/events/subscriptions/subscribed/*
API Gateway Lambda Sign up
Events
Lambda AWS IoT
Republish rule
Fault-tolerant
Cost-efficient
Scalable
Agile
Secure
Visibility
IoT
shadow
Offline SNS
Registration
Lambda
![Page 21: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/21.jpg)
Smart transportation – shadow republish
{
"sql": "SELECT topics as state.reported.stationsFROM '$aws/events/subscriptions/subscribed/#'" WHERE eventType = 'subscribed',
"actions": [{
"republish": {
"topic":"$$aws/things/${topic(5)}/shadow/update", "roleArn":"arn:aws:iam::123456789:role/republish"
}
}]
}
![Page 22: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/22.jpg)
Fast pipeline
State management Fast pipeline Operations
Amazon
S3Amazon
DynamoDB
Amazon
ElastiCache Amazon
CloudWatch
AWS
CloudFormation
Amazon
Elasticsearch
Service
Amazon
Kinesis
IoT
shadow
Amazon
SQS
Amazon
SNS
![Page 23: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/23.jpg)
Fast pipeline - components
• AWS Lambda
• Internal
applications
• Amazon Kinesis
• Amazon SQS
• Amazon SNS
• Amazon S3
ConsumerPipeProducer
• AWS IoT rules
• AWS Lambda
• Amazon API
Gateway
![Page 24: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/24.jpg)
When to use a fast pipeline
AWS IoT Republish
Rule
AWS Lambda IoT pipeline
Transactions per
second
Predictable or steady
volume
Infrequent or steady
volume
High or
unpredictable
volume
Communication
pattern
Request/ACK
Publish/Subscribe
Request/ACK
Request/Response
Request/ACK
Request/Response
Ingest
Deployment
pattern
Rule replacement Lambda alias Consumer
replacement
Transformations IoT data
Rules engine context
Contextual
transformation
Aggregations
Event-analysis
![Page 25: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/25.jpg)
Smart transportation – pipeline
Time Series
Traffic
Commuter
Subway
Event
Amazon
Kinesis
Firehose
Time Series
Backup
Commuter
Online Status
Topic: LWT disconnects
Delay Connection
Events
Fault-Tolerant
Cost-efficient
Scalable
Agile
Secure
Visibility
Amazon
Kinesis
Streams
Poller / Worker
Functions
Topic:
train/<line>/station/<sid>
Topic: user/<id>/trip/<tid>
![Page 26: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/26.jpg)
IoT operations
State management Fast pipeline Operations
Amazon
S3Amazon
DynamoDB
Amazon
ElastiCache Amazon
CloudWatch
AWS
CloudFormation
Amazon
Elasticsearch
Service
Amazon
Kinesis
IoT
shadow
Amazon
SQS
Amazon
SNS
![Page 27: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/27.jpg)
IoT operations
• Custom CloudWatch logs and metrics
• Shared library in AWS Lambda code
• Application metrics attached IoT rule
• Enable AWS IoT CloudWatch Logs
• Deployment
• Group functions into services
• Fault-tolerant
• Graceful degradation
• Trigger automatic failover
• Configure CloudWatch alarms
![Page 28: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/28.jpg)
Smart transportation – metrics
Fault-tolerant
Cost-efficient
Scalable
Agile
Secure
Visibility
AlarmCloudWatch
Amazon
KinesisLambda
![Page 29: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/29.jpg)
Smart transportation – operations IoT rule
{
"sql": "SELECT *,newuuid() AS requestId, timestamp() AS timestamp, topic(2) AS subwayId, topic(4) AS stationId FROM 'train/+/station/+/v1' ",
"actions": [{
...
}]
}
![Page 30: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/30.jpg)
Smart transportation – deployment
Service separation:
• Share data
• Interface API
Gateway
• Interface AWS
LambdaSubscription service
Tollgate service
Connections service
![Page 31: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/31.jpg)
Blueprint for serverless IoT back ends
State management Operations
Amazon
S3Amazon
DynamoDB
Amazon
ElastiCache Amazon
CloudWatch
AWS
CloudFormation
Amazon
Elasticsearch
Service
Amazon
Kinesis
AWS IoT
IoT
shadow
Amazon
SQS
Amazon API
Gateway
Amazon
SNS
AWS Lambda
Fast pipeline
![Page 32: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/32.jpg)
AWS re:Invent 2016
Ben Kehoe
• iRobot Cloud Robotics
Research Scientist
@ben11kehoe
![Page 33: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/33.jpg)
The
Consumer
Robot
Company
![Page 34: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/34.jpg)
![Page 35: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/35.jpg)
Just live your life - House does the right thing.
- Automatically configured and maintained.
- Adapts to your preferences.
![Page 36: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/36.jpg)
Foundational Milestone
The Roomba 900 series provides
compelling user benefits today and is a
foundation for expanding the value of
robots in the home.
Key to this step is that Roomba is
connected and it systematically
navigates and maps the home.
In 10 months, we mapped more than 500
million square feet
![Page 37: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/37.jpg)
IoT business
• User pays for device once
• Company pays cloud costs
for life of device
• Subscription models
• Result: without subscription,
minimize cloud cost
![Page 38: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/38.jpg)
Choosing serverless at iRobot
• Experience building devices, not
cloud applications
• Fleet already at scale
• Go straight to serverless to skip
the undifferentiated heavy lifting
step
![Page 39: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/39.jpg)
Serverless architecture @ iRobot
![Page 40: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/40.jpg)
Login &
associate
Robot
registration
Firmware
update
Maintenance
data
MappingRobot
settings
Push
notifications
Mission
history
Robot
reset
![Page 41: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/41.jpg)
Before serverless architecture
def foo(input):
quux = bar(input.baz)
internalState.quux = quux
def bar(input):
# do work
return result
![Page 42: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/42.jpg)
Serverless architecture
def handler(event, context):
quux = Lambda.Invoke(
'bar',
event['baz'])
DynamoDB.PutItem(
'quux',
quux)
def handler(
event,
context):
# do work
return result
Foo
ExternalState
Bar
![Page 43: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/43.jpg)
Serverless architecture
/register Check
cert
Robots to
register Queue
reader
Register
robot
Logging Lifecycle event
PermissionsCreate shadowDead letter queue
![Page 44: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/44.jpg)
Serverless architecture
• Component graph = call graph
• Distributed system thinking:
• Traditionally occurs at system boundaries
• Serverless: must be treated
systematically
• Build robust-by-design systems
![Page 45: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/45.jpg)
Architecture selection
Monolithic/layered Microservices
![Page 46: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/46.jpg)
Microservices: interservice communication
Microservices
![Page 47: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/47.jpg)
Robot history Permissions
Lambda LambdaAPI Gateway DynamoDB
KMS
Service interface: API Gateway backed by Lambda
![Page 48: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/48.jpg)
https://www.prerender.cloud/lambda-latency
![Page 49: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/49.jpg)
Robot history Permissions
Lambda LambdaAPI Gateway DynamoDB
KMS
Alternative: direct resource access through service
SDK
![Page 50: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/50.jpg)
Microservices in code…
![Page 51: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/51.jpg)
…but a monolith in deployment
![Page 52: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/52.jpg)
Red/black deployment
![Page 53: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/53.jpg)
Terminology (arbitrary)
Blue/green: update behind
the load balancer
Red/black: entirely
new copy
![Page 54: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/54.jpg)
Red/black deployment options
Red/black an individual service?
Or the entire application?
![Page 55: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/55.jpg)
Service discovery
![Page 56: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/56.jpg)
Client discovery of endpoints
• How does a client
switch from one
endpoint to another?
Client ?
red.example.com
black.example.com
![Page 57: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/57.jpg)
Client discovery of endpoints
• How does a client
switch from one
endpoint to another?
• DNS?Client
Route53
red.example.com
black.example.com
prod.example.comCNAME
red.example.com
CNAME
black.example.com
![Page 58: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/58.jpg)
Client discovery of endpoints
• How does a client
switch from one
endpoint to another?
• DNS?
• Service discovery
service
• How do we
deploy this
service?
Client
red.example.com
black.example.com
HTTPS GET
svcdisc.example.com
{
"host":
"red.example.com"
}
{
"host":
"black.example.com"
}
![Page 59: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/59.jpg)
Deployment for well-known endpoints
Client
red.svcdisc.example.com
black.svcdisc.example.com
HTTPS GET
svcdisc.example.comCloudFront
![Page 60: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/60.jpg)
Secure file transfer
![Page 61: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/61.jpg)
Request topic
Presigned URL
Symmetric
encryption key
Robot
public key
Response topic
Presigned URL
Object encrypted with
symmetric key
HTTPS call
to presigned URL
S3
KMS
Robot
certificate
S3
bucket
+
symmetric key
encrypted with
robot public key
![Page 62: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/62.jpg)
IoT security: certificates
![Page 63: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/63.jpg)
Robot
certificate
+ signed timestamp
CA certificate
Unauthenticated
HTTPS
Robot
certificate
Authenticated
MQTT
![Page 64: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/64.jpg)
Ops for AWS IoT:
account structure
![Page 65: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/65.jpg)
Account structure
• Shadow and topics are not
namespaced
• If sharing accounts:
• Devs might step on
each other’s toes
• Harder to purge for
testing
• After ~10 accounts, adding
accounts gets amortized via
process
![Page 66: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/66.jpg)
acct 1 acct 2 acct 3
us-east-1 NO NO
us-west-2 YES YES YES
eu-west-1 YES YES YES
Certificates, accounts, and regions
• Certificates in AWS IoT
must be unique in a region
even across accounts
• In another region, certificate
can exist in the same or
another account
• Certificates can be
transferred
![Page 67: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/67.jpg)
Account structure
• Given constraints on
certificates, how do you
provision devices?
• Option 1: Separate CA(s)
for each dev accounts
• Option 2: Single Initial Point
of Contact account (prod or
other), push to other
accounts
![Page 68: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/68.jpg)
Serverless Ops
![Page 69: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/69.jpg)
Serverless ops
• Serverless is not NoOps
• Infrastructure as code
• Build artifacts
• Observability
• Logging
• Auditing
• Security
• Billing
![Page 70: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/70.jpg)
Summary: iRobot’s cloud journey
• iRobot's place in the smart home
• Non-subscription cloud services are cost-sensitive
• Skip heavy lifting with serverless
• Patterns:• Direct resource access
• Full red/black deployments
• Service discovery service with well-known endpoint• CloudFront for deployment
• Enables AWS WAF
• Secure file transfer
• Account structure
• Serverless ops
![Page 71: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/71.jpg)
Summary
![Page 72: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/72.jpg)
Summary
• Goals of IoT architectures
• Benefits of serverless IoT back ends
• Blueprint for serverless IoT back ends
• State management
• Fast pipeline
• IoT operations
![Page 73: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/73.jpg)
Thank you!
![Page 74: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/74.jpg)
Remember to complete
your evaluations!
![Page 75: AWS re:Invent 2016: Serverless IoT Back Ends (IOT401)](https://reader034.fdocuments.us/reader034/viewer/2022052405/586f85271a28ab54768b4fe7/html5/thumbnails/75.jpg)
Related Sessions
• IoT403 Robots: The Fading Line Between Real and
Virtual Worlds
• SRV402 – Operating Your Production API
• SRV303 – Coca-Cola: Running Serverless Applications
with Enterprise Requirements