IoT Button Roundup


What is an IoT Button?

An IoT button is a piece of hardware that sends data to the cloud when you press a button; a serverless application then takes an action or series of actions based on the information that is sent when the button is clicked.

What Can I do with an IoT Button?

Your serverless app can run a simple 1-task function, such as:

  • Send an email  
  • Send an SMS  

AWS’s One Click and IoT Button apps make it painless to set up serverless apps that perform seamlessly in the cloud

Create Serverless App Workflows

Your serverless app runs on a series of functions, which creates a workflow  

Common Example Workflow

Imagine that you are a representative for a wine distribution company

One of your customers is running low on stock between your regular visits.

The First Action:

In the stockroom, next to cases of a particular wine, a button tied to the SKU for that wine is positioned on the shelf. When the manager realizes the store is running low on stock, she presses the button – just 1-click!. The wine rep receives an email letting him know that the store is running low on stock for this item.

The rep knows all of the relevant information about the product: the SKU and the typical quantity this customer orders.

The Second Action:

An order is automatically placed in the distributor’s ordering system.

The Third Action:

An SMS is sent back to the customer letting them know the order has been placed and when it will ship.

Create Dynamic Serverless Apps

Using the Twilio API we can ask the customer, via a phone call, how many cases of wine they would like to order.


Demo

What About the Buttons?

Now that we have covered what buttons are and what they can do, let’s review the types of buttons out there.

Wi-Fi Buttons

If you are mainly going to be using your buttons in one place and have a wi-fi network available, the AWS Buttons might be a good bet for you.

AWS IoT Button

Use this button and the AWS ButtonDevApp to develop your serverless apps and test them with the button. You can let your users change the wi-fi Networks the buttons work on with the AWS IoT Button Wi-Fi App.

You can purchase this button from Amazon (Affiliate Link)

AWS Enterprise Button

Once you have developed and tested your Serverless apps, the AWS Enterprise Button is a great choice. It uses the AWS 1-Click infrastructure to keep track of and manage the buttons. The app, available from the Google Play store or Apple’s App store, allows you to easily claim a bunch of buttons at once and enable them.

You can purchase this button from Amazon (Affiliate Link)

Bluetooth Buttons

These buttons require a gateway or a device that captures the bluetooth signals from the buttons and transmits them over the Internet where they can initiate a server less app. You can learn more about gateways in our Bluetooth Gateway Roundup

LTE-M Buttons

The last category of buttons are those that register the button click using the special M2M networks provided by all of the cellular carriers. These devices are much, much cheaper then traditional cellular plans as they are intended for devices that send very small amounts of data.

The AT&T LTE-M Button

This is by far the easiest to set up of the M2M buttons. The button is supported by the AWS 1-Click Service; the cellular service is already included in the cost of this button.

https://marketplace.att.com

Estimote LTE-M Beacon

This product is meant for developers and works with the Estimote’s Events API. The unit runs javascript microapps on the device itself, and can call code for those apps from the cloud via the cellular network. In addition to the button functionality that is described earlier in this video, you can program this device to act as a GPS tracker or a BLE gateway.

You can purchase the Estimote LTE-M Beacon from their website

AT&T LTE-M Starter Kit

Your imagination is your only limit with this unit. Also meant for developers, it has several programmable buttons in addition to heat and humidity sensors as well as an on board accelerometer  You can also use expansion boards with this unit.

You can purchase this unit from AT&T’s IoT Store

Simplify Your Work Tasks with Help from Revolution11

Now that you have a pretty good idea of the varied and fascinating IoT products and services along with a better understanding of what these buttons are and what they can do — there’s bound to be a button for you! WIth so many ways of connecting to the cloud to run important IoT applications let Revolution11 get you started with any project, big or small. Ping us at inquiries@revolution11.com to get going today!

IoT Button Roundup

Beacon Naming Standards

What are Beacons?

Beacons are small devices that transmit Bluetooth radio signals to phones, Bluetooth gateways, and even other beacons. A great article about beacons can be found here: https://www.beaconzone.co.uk/what_are_beacons

Finding Your Beacons

In order to work with beacons, it is important that they are both easily identifiable to your organization, and uniquely named. This makes it easy for your various applications to find your organization’s beacons and differentiate them from one another.

Beacons can transmit Bluetooth radio signals in Google’s Eddystone Format, Apple’s iBeacon Format, a proprietary format from a manufacturer, and in many instances, they can broadcast more than one of these formats at the same time.

Since Eddystone and iBeacon are the most dominant beacon formats, we are going to concentrate on naming standards for these two formats.

A great article about naming conventions for beacons can be found here.

Setting Up Your Beacon’s Identity

Eddystone

The Eddystone format uses two pieces of information to identify the beacon: the Namespace and the Instance.

In our case we are going to use the Namespace to represent the Organization or company, and the Instance will be a random 6 bit, 12 Hex digits (Digits are 0 to 9 or a to f) value.

We used the tool atWaraxe IT Security to convert our domain name into SHA-1 (a cryptographic hash function that takes an input and creates hex values) and used the first 20 characters as the Namespace.

Here is an example of what the name looks like:
Revolution11.com becomes dcfa937051d7f02c4130d170291507d485067271, the first 20 characters are our namespace (dcfa937051d7f02c4130)

iBeacon

The iBeacon format uses three pieces of information to distinguish a beacon’s identity (UUID, Major, Minor)

In our case we are going to use the UUID to represent the Organization or Company and the major and minor will be random values between 1 and 65535

Here is an example of what the name looks like:

d0285c83-2167-42e3-8d11-99a37cb97489   7654 9835

UUID Major Minor

Follow our blog series to understand where and how these naming standards will come into play as you utilize different applications with your beacons!

Download a PDF of this post: Beacon Naming Standards

Beacon Naming Standards

Basic Configuration of Minew Beacons

Basic Configuration of Minew Beacons

Minew makes beacons in a variety of form factors. These instructions cover the basic setup of a tag beacon, but they will apply to most of the beacons in Minew’s product lineup.

Download the BeaconsSet+ App in the Google Play Store or the Apple App Store

Open the BeaconSet+ App. The Minew Beacons in Range should appear. For instructions on the type of beacon you want to configure, see below.

Remove the Plastic Strip attached to the beacon, which enables the battery.

Make note of the Mac Address that is on a sticker on the outside of the beacon, you will use this to identify the beacon so you can configure it.  Also make sure you have your Eddystone namespace and instance values ready, or your iBeacon UUID, Major and Minor Values ready (or both if you will be broadcasting in both formats). You can learn more about beacon naming standards here).

Open the BeaconSet+ App
It should open to a scan screen, press the refresh icon in the lower right hand corner to scan for beacons.

Tap on your beacon in the list. You will be prompted for a password. The default password for Minew Beacons is minew123

EddyStone Configuration

  1. We will use the first slot for Eddystone. Choose Slot 1
  2. For the Frame Type Choose UID from the scrolling “Frame Type” Picker

3. Paste in your InstanceID and NameSpace and press Save

Congratulations, the first slot should now be set-up to broadcast your company or organization’s namespace and the unique instance of this beacon with the Eddystone Format.

On to the next slot!

iBeacon Configuration

  1. We will use the second slot for iBeacon. Choose Slot 2
  2. For the Frame Type Choose iBeacon  from the scrolling “Frame Type” Picker

3. Past in the UUID, Major, and Minor. Note that the field entry has Major at the top rather than UUID.

Hurray!  The Second Slot is now set to broadcast in the iBeacon Format.

URL Configuration

The Third slot is set up with an Eddystone URL. Google has discontinued using this URL with nearby notifications, but it is still useful as it can be viewed by applications built to support it. The URL is set to Minew’s Site by default.

For this example, we will change the url to revolution11.com; you will use your organization’s URL. Once that change has been made, press Save

TLM Configuration

The fourth slot is set-up to broadcast TLM.  This is useful to monitor the health of your beacons with Google’s Beacon Manager Service and the Proximity API.

Leave this slot alone.

Check out our blog (coming soon!) on setting up the Proximity API and using it to add your beacons so they can take advantage of this service.

Info Configuration

The Fifth Slot is for broadcasting information about the beacon. We will leave this one alone for now

Each of the slots has three configurable slider bars:

  1. Adv Interval – The frequency at which the bluetooth signal from this slot will broadcast
    Rss@1m – A Measurement of power used to calculate relative distance
    Radio Txpower- The Strength of the signal this slot will be transmitting at

  2. You can adjust these sliders as you work with apps and gateways that pick up these signals to optimize the usefulness of the beacons.

  3. The last thing we need to do is change the default password. Return to the General tab and press Modify password

You will be asked to supply a new 8 character password.  Type it in and press OK.

That’s it! Your beacon is now set up and ready to be added via Google’s Proximity API to the Beacon Manager. There it is easily managed and anyone assigned to the project with an app built to use the Proximity API can utilize the beacons.

Download a PDF of this blog: Configuration of Minew Beacons

Basic Configuration of Minew Beacons

Configuring the Minew G1 Wi-Fi BLE Gateway

Important! Set up an Amazon Web Service (AWS) Account before beginning Gateway configuration

Minew Gateway Set Up on a Wi-Fi Network

1. Open box and remove the gateway from it’s plastic cover. The gateway comes with a USB cable to plug into your computer, however, we recommend purchasing a charger.

2. Plug in and power up the gateway by pressing the on button, located next to the power plug. Look for the SSID Name in the format of GW-XXXXXXXXXXXX in your Wi-Fi networks (you can change this name later). Choose this network.

3. Open a browser and go to http://192.168.99.1 to connect the gateway. The initial username and password is admin/admin. You will be asked to change the password once you log onto the gateway.

4. Click on the Network tab and enable the “repeater” option by toggling the switch on the right side.

5.  Choose a Wi-Fi Network to repeat, put in the password for that network, and press connect

6.  After this change you will be asked to reboot. Press “Reboot”

Setting up the Gateway on the AWS IoT Core

1. Log onto the AWS Console and select the IoT Core Service

2.  Create a policy to use for the gateway; choose Secure/Policies on the left hand menu and press Create

3.  On the next screen, name the policy and create a general IoT policy as shown in the screenshot. Under Add Statements start typing I..O..T and choose IOT*. Select Allow under Effect and press Create

4.  Next Choose Manage/Things in the menu to the left and press Create

5.  Choose Create a Single Thing

6.  Give the Gateway a Name (you can add types and groups if you will have more than one gateway) and if you would like an attribute key and value and press Next

7.  On the next screen choose One Click Certificate Creation and click “Create Certificate”

8.  This is where you need to pay attention! Download the certificates and put them in a folder. You will also need a “root certificate,” which we explain in the next step. For now, press Activate.

9.  Get the root certificate. Go to https://docs.aws.amazon.com/iot/latest/developerguide/managing-device-certs.html#server-authentication

Choose the first option in the list: RSA 2048 bit key: Amazon Root CA 1. Save the text that comes up in your browser as a file named ca.crt. We use BBEdit to capture the text.

10.  Return to the webpage where you activated the certificates and press Attach a Policy

11.  Choose the policy you created earlier and press Attach

12.  Go to Manage/Things, select your gateway and press Interact. This is where you will find the endpoint of your thing in the top field. Copy this value and save it.

Setting up the Gateway with certificates and MQTT Publishing

1. Save all of the certificate files onto a USB Drive, and insert the USB Drive into the Gateway

2.  Make Sure you are on the Gateways Wi Fi and log onto the admin console at http://192.168.99.1

3.  Choose the Service tab and make sure MQTT is chosen in the dropdown menu

4.  Choose SSL in the URL dropdown and put in the name of the thing endpoint you saved when you set up the gateway on AWS.

5.  Make sure USB is chosen in the “Upload Way” dropdown menu and type in the names of your key, certificate and root certificate.

6.  Press all three upload buttons.  A “Success” confirmation popup appears  after each button press.

7.  Save the changes to the gateway by pressing Apply

8.  A Success popup appears

Checking MQTT Publishing at AWS

1. On the Service Tab of the Gateway Admin tool you will see the default topic the gateway is publishing to. Copy the topic.

2. Log back on to AWS, choose the IoT Service, choose Manage/Things and select the Gateway

3.  Choose Activity

4.  Click on MQTT Client, paste the default topic into first text box and press “Subscribe to Topic”

5.  You should see the JSON coming in from the device, and any beacons it is picking up via MQTT.

Download a PDF of this blog here: Configuring the Minew Gateway

Configuring the Minew G1 Wi-Fi BLE Gateway

Configuring the Ingics iGSO2E Ethernet BLE Gateway

Important! Set up an Amazon Web Service (AWS) Account before beginning Gateway configuration

INGICS Gateway Set Up for Your Wi-Fi Network

Once you receive your INGICS IGS02E Ethernet BLE Gateway follow these steps to configure:

The gateway comes with an antennae and a Power Over Ethernet cable. The cable has a powered ethernet jack and a splitter to plug into the micro-USB input on the gateway to charge it.

It also has an ethernet cable that plugs into the gateway that uses your existing network to send the Bluetooth data it collects to the AWS IoT Core. If you are not using Power Over Ethernet you can still use this gateway by connecting the ethernet jack on the gateway to your router, and powering the gateway via a micro-usb cable and cell phone charging unit.

Set Up the Gateway on the AWS IoT Core

1. Log onto the AWS Console and select IoT Core under the Internet of Things heading. Select Get Started the first time you access this screen.

2.  To create a Gateway policy, select Secure on the left hand menu, then select Policies on the sub-menu. Press Create.

3.  On the next screen, name the policy.

4. Under Add Statements, use the Action box to create a general IoT policy. Start typing I…o…t and then select the first statement: “IoT:*” from picklist as the value in this field; this is a general policy for all IoT devices.

5. Clear out the string that auto-populates in the Amazon Resource Name (ARN) field and replace with a wildcard (*). The Resource ARN is the end point for this resource and acts as a general policy for any resource.

6. Under Effect, choose Allow.

7. Press Create.

8.  Next Choose Manage → Things on the left menu. Press Create.

9.  Choose Create a Single Thing.

10.  Name the Gateway; add types and groups if you will have more than one Gateway and if you would like an attribute key and value. An example type is Ethernet Gateway. An example group is Gateways. *See note below on Naming Conventions.

11. Click Create a Type and fill in the appropriate information.
Press Next.

12.  Choose One-Click certificate creation and click Create Certificate.

13.  This is where you need to pay attention! Download the certificates and place them in a folder. In the next step we will get the “root certificate.” For now, press Activate.

14.  Get the root certificate. Go to: https://docs.aws.amazon.com/iot/latest/developerguide/managing-device-certs.html#server-authentication

15. Click on Amazon Root CA 1 under the Amazon Trust Service Endpoints heading. Save the text that comes up in your browser as a file named ca.crt  Use bbedit to save the file. http://www.barebones.com/products/bbedit/index.html

16. Return to the webpage where you activated the certificates and press Attach a Policy.

17.  Choose the policy you created earlier and press Attach.

18. Choose Register Thing.

19. Go back to the main menu and select Manage → Things. Select your gateway and press Interact. This is where you will find the endpoint of your thing in the top field. Copy this value and save it.

Setting up the Gateway with Certificates and MQTT Publishing

1. Make sure you are on the network the gateway is attached to; log onto the admin console. You can download the Android app Fing to help you determine the IP address of the device to log onto the admin console.

2.  Click on the Applications tab and choose MQTT Client under Applications. Enter the endpoint you saved when you set up the gateway on AWS in the Host/IP field and press Save. This will reboot the gateway.

3.  Press the advanced tab. Use Choose File to pick the certificate and private key files you saved (Step 8). Press Upload Certificate and Upload Key after choosing the files and then press Reboot.

Checking MQTT Publishing at AWS

1. On the Applications Tab of the Gateway Admin tool you will see the default topic the gateway is publishing to. Change it to:  /in/ac233fc01615/status so it is formatted correctly and press Save.

2.  Log back on to AWS, choose the IoT Core under Service, choose Manage/Things and select the Gateway.

3.  Choose Activity on the left menu.

4.  Click on MQTT Client, paste the default topic into first text box and press Subscribe to Topic.

5.  This gateway does not send JSON so you will just see the string.

Congratulations! You have now successfully configured your Gateway. Revolution11 is here to help you through the process of setting up your BLE Gateways, beacons and sensors. We have worked with many clients to automate processes so you can work smarter, not harder!

*Important Note

It is important to have a naming convention that allows our team to quickly identify the location, type, and manufacturer of the device when working with devices in the cloud. Revolution11 highly recommends the following naming convention, based on the useful information in this blog: https://www.netcraftsmen.com/device-naming-conventions/

The blog makes a great point in describing how your device names need to work easily in a Command Line Interface (CLI).

The only information that we have added to the standard in this blog is the addition of the manufacturer.

Best practice for naming looks like this:

ftbr-blewifi-ing-01 represents

  • Location: Fort Bragg,
  • Type of device: ble wi-fi gateway
  • Manufacturer: Ingics
  • Number: first of several devices at this location

Download a PDF of this blog: Configuring the INGICS Gateway

Configuring the Ingics iGSO2E Ethernet BLE Gateway

Customizing the AWS IoT Button

Important!

  1. Set up an Amazon Web Service (AWS) Account for a Root User
  2. Configure the AWS IoT Button
  3. Set up a Developer Account
  4. Have the Developer Download the AWS IoT Button Dev App

Make a Note of Your Account ID

1. Sign in with your AWS Root Access Account, click on the Arrow next to your Organization Name and select “My Account” from the dropdown.

2.  Copy your Account ID from the Account Settings page

The Developer Log-In Process

1. Your developer will have received an email from the AWS Administrator that looks something like the sample below. Make sure you supplied the temporary password; they will click on the link to complete the process of having access to your AWS instance and your button.

2.  The link will open up a sign-in page with your organization ID already repopulated. The developer will supply the username and pre-set password and then sign in.

3.  The developer will be prompted to change the password. Follow the steps and select “Confirm Password Change.”

4.  After changing the password, the developer will land on the AWS Console homepage.

Changing the Action of the AWS IoT Button

1. Log into the Button Dev App as the Developer.  You will need the Account ID to do so. Enter the Account ID, User Name, and Password and select “Sign In”

2. Since we’ve already added a button for this account, and assigned the policy for that button to the developer, the button should show up upon login.

3. Click on the image of the button; this will expose three icons. The icon on the left allows you to change the wi-fi network associated with the button.

4.  The icon on the right deletes this button from the application.

5. The icon in the middle which controls the Lambda, or serverless app, that runs when you press the button. Click on the Lambda icon.

6. The Lambda detail screen opens on the Existing Lambda functions tab. The email function we added when this button was set up appears.

7. We are now going to change the button actions so it sends an SMS. Click on the New Lambda Functions tab. Choose the Send SMS (nodejs) function.

8. Enter the cell phone number you want to send a text to, and press the set button.

9. When you return to the list of actions, the SMS action should be highlighted. Press “Change Action”.

10.  Return to the button image. Notice the action on the button has changed. Wait a minute or two for the action to change up on AWS, then, press the physical button.

11.  You should receive a text message.

Customizing the Serverless Function

1. Log back into the AWS console as the developer, and select the Lambda service.

2.  There should be two functions. One we added as the root user, and the second, the SMS function we just added as the developer. Click on the SMS function.

3.  In the detail screen that pops up, notice how these functions are put together. On the left is the trigger AWS IoT which gets the input from the button. In the center is the meat of the function, usually written in nodejs or python; this accepts input from the AWS IoT trigger on it’s left and runs a little application based on the input. On the right is the output: using Amazon SNS to send the SMS.

4.  Scroll down to the middle of the screen to the function’s code, and navigate within that code to the snippet you see below. This is where the message can be customized.

5.  Change the message, and press Save.

Testing the Serverless Function Change

1. On the menu bar, click on the triangle next to the empty box (Select a Test Event) to the right of the actions menu. Choose configure test events.

2.  Set up here to test the Lambda. Give the test a name. We won’t be using the key value pairs, but these could be used for other functions, like passing the button serial number into the Lambda.

3.  Scroll down to the bottom of the create test popup and press “Create.”

4.  The test dropdown is now populated, press “Test” to run the Lambda.

5.  A success message appears at the top of the screen.

6.  The Text Message should now send. Note the “undefined” in the message. This is because the AWS console was used and did not pass the button serial number into the Lambda.

7.  Now press the button on the AWS IoT Button. You should get a text message that includes the details of the button that were missing from the test.

Congratulations!  You have changed and customized the serverless application that runs on your button. Learn what else you can do with both this button and other smart things by digging into the Revolution11 blogs or YouTube Channel.

Download a PDF version of this: Customizing the AWS IoT Button

Customizing the AWS IoT Button

Setting Up an AWS Developer Account

Important! Set up an Amazon Web Service (AWS) Account before setting up an account for a developer

Sign In as the Root Access AWS User

1. Sign in by entering an AWS Root Access User Account Email and then press “Next”.

2. Enter the password for the Root Access User and press “Sign In”.

Set Up a Group

1. Log onto the AWS Console, locate the Security, Identify & Compliance Section and select IAM (Identity and Access Management). Or use the search bar and enter IAM.

2.  Select “Groups” in the left side menu.

3.  Click “Create New Group”.

4.  Enter a name for the group and then press “Next Step”.

5.  On the Attach Policy screen, select the policies for any buttons you have set up as a root access user and then press “Next Step” .

6.  Review the policies and then press “Create Group” .

7.  You are returned to the group home page once you create the group. To add additional policies so the developer can work with both the buttons and the serverless functions that power the buttons, click on the group you just created.

8.  On the permissions screen, click “Attach Policy”.

9.  In the policies screen, find and select the policies below.

10.  After you have selected the policies you want to add to the developers group, click “Attach Policy”.

Adding the Developer’s User Account

1. After attaching the policies to the group, select “Users” from the left menu bar.

2.  Click on “Add User”.

3.  Add a username, then check the boxes “Programmatic Access” and “AWS Management Console Access.” Keep the defaults of “Autogenerated password” and “require password to be reset” when the developer logs in for the first time. Click on “Next Permissions” .

4.  On the “Set Permissions” screen, click on the checkbox of the developers group you created earlier to add the developer to this group and press “Next Tags”.

5.  You can add up to 50 key/value pairs to help you find and organize your users. We recommend using the key “Email” and provide the developer’s email address. Press “Next Review”.

6.  Review all of the details for this user and then press “Create User”.

7.  Congratulations, you have successfully set up a developer’s account! Download the credentials with the “Download CSV” button, or view the password by clicking on the “Show” link next to the password field. Important! Make sure you copy the password as it will be unavailable after you leave this screen. Click on the “Send Email” link on the right to send an email with a link for your developer to log into your AWS account.

Download a PDF of this blog: Setting Up an AWS Developer Account

Setting Up an AWS Developer Account

Configuring the Root User for Multi-Factor Authentication

Important!

  1. Set up an Amazon Web Service (AWS) Account for a Root User
  2. Set up a Developer Account

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication is a system requirement that utilizes two or more methods of identification to authenticate a user.

For the Root User, one method of authentication is already set up by using the combination of email and password to log on.

A variety of second authentication methods are available from AWS MFA homepage: https://aws.amazon.com/iam/details/mfa/

In this example we are using Google Authenticator, which you can download on your phone from the Google Play or Apple’s App Store.

Configuring the Root User For MFA

1. Log into the AWS Console as the Root User. On the dropdown menu attached to the Organization name in the top menu bar, choose My Security Credentials.

2.  You will get a popup warning stating that you should set up another user with limited permissions. This step has already been completed; choose “Continue to Security Credentials.”

3.  Click on Multi-Factor Authentication (MFA), then click Activate MFA

4.  Select the radio button at the top, “Virtual MFA device” and press the “Continue” button.

5.  The popup screen shows several choices; since our app for two-factor authentication is already installed, go to Step 2 and press “Show QR Code.”

6.  Open the Google Authenticator app and press the “Begin” button.

7.  Press the “Skip” button in the lower left hand corner to go straight to the set up.

8.  On the next screen choose “Scan a barcode”

9.  You will be asked to give permission to use the camera, choose “Allow”

10.  Point the camera to your computer with the barcode showing, center the square that appears over the barcode, and the app will scan it automatically.

11.  You will now see the account added in the Google Authenticator app. Make a note of the code display and return to the MFA Popup in the AWS console.

12.  Enter the code from the authenticator in the MFA Code 1 box, hit the tab key, then return to the authenticator app. The MFA code changes in the App in about 30 seconds, wait for a second code to appear, make a note of it, and enter it in the MFA Code 2 box. Press the “Assign MFA” button.

13.  You should see a success message. Press “Close” and log out of the console.

Test Logging In as the Root User with MFA Activated

1. Log into the AWS console with the usual root user email and password credentials and press “Sign In”

2.  A second authentication page will appear where you will enter the MFA code.

3.  Open the Google Authenticator app on your phone and make a note of the code.

4.  Enter the code in the MFA code box on AWS and press “Submit”

5.  You are now logged into the AWS console. Congratulations! You have successfully configured and tested your root user account for MFA.

In this day and age of increased security threats it is best to be prepared before disaster strikes! For additional information on increased security methods, contact Revolution11 to schedule a consultation today. Learn what systems we have put in place for businesses of every size.

Download a PDF of this blog: Configuring Root User

Configuring the Root User for Multi-Factor Authentication

Using the AWS IoT Button Wi-Fi App

What is the AWS IoT Button Wi-Fi App?

The Amazon Web Service (AWS) IoT Button Wi-Fi App is an application published by Amazon that allows the end user to set the button’s Wi-Fi network. The application does not allow the end user to change the button’s functionality. An AWS account is NOT required to use this application.

Setting or Changing the Wi-Fi Network on the AWS IoT Button

  1. Open the app on your phone or tablet and press “Setup AWS IoT Button Wi-Fi”

2.  On the next screen press “Scan DSN Barcode” (Device Serial Number). This brings up the scanner in your camera app to scan the barcode on the box.

3. Give the app permission to use your camera on first use… Click “OK”

4.  Position the scanner box in the camera app at the bottom barcode on the box flap. (See instructions below if you do not have the box with the sticker label).

5.  Once the scanner captures the barcode, it will show the DSN in the next screen of the app. Press “Configure Button”

6.  Press the physical button on the device for about 6 seconds until it flashes blue.  Once it is flashing, press the button at the bottom of the screen that says “Copy Password And Go To Settings”.

7.  On the Wi-Fi Settings Screen, under Choose a Network, select the Button Configuration from the Wi-Fi Networks.

8.  When prompted for the network password, paste the password that is stored on the device’s clipboard.

9. Return to the app, choose the Wi-Fi network to attach the button to and enter the password for that network.

10.  Press “Confirm Wi-Fi”

11.  You will see this message while the button is connecting to the new network

12.  Once the button has joined the new network you will get a confirmation screen.  Press “Done”

Congratulations, you have set up your AWS IoT button on a new Wi-Fi network!

*Instructions For Lost Box Barcode

If you do not have the box with the barcode that the button came in, there is a QR Code on the back of the button itself that represents the Device Serial Number (DSN). The DSN is also printed on the back of the button. Download a QR Scanning App from Apple’s App Store or Google’s Play store if you don’t have a QR Scanning app on your device already.

1. Open your scanning app and scan the QR Code on the right hand side of the back of the button. Once the QR Code is Scanned, copy the DSN.

2.  Open the AWS IoT Button Wi-Fi App and press the “Setup AWS IoT Button Wi-Fi” button at the bottom of the screen.

3.  Click on “Manually Enter DSN”

4.  On the next screen, click into the DSN field

5.  Paste the DSN from the clipboard (type manually if you could not scan it).

6.  Click on “Configure Button” and change the Wi-Fi Network by following the instructions above.

Download PDF of this: Using AWS IoT Button Wi-Fi App

Using the AWS IoT Button Wi-Fi App

Configuring the Ingics iGS01S Wi-Fi BLE Gateway

Ingics IGS01S Wi-Fi BLE Gateway
Important! Set up an Amazon Web Service (AWS) Account before beginning Gateway configuration

Gateway Set Up for Your Wi-Fi Network

Once you receive your Gateway follow these steps to configure:

  1. The Gateway comes with an antennae and a USB charging cable; you supply your own USB charging adapter. The instructions for adding this unit to your Wi-Fi Network are very straightforward and can be found here.
Ingics IGS01S Package Contents

Set Up the Gateway on the AWS IoT Core

1. Log onto the AWS Console and select IoT Core under the Internet of Things heading. Select Get Started the first time you access this screen.

Choose IoT Core

2.  To create a Gateway policy, select Secure on the left hand menu, then select Policies on the sub-menu. Press the Create button in the upper right hand corner.

Create Policy

3.  On the next screen, name the policy.

4. Under Add Statements, use the Action box to create a general IoT policy. Start typing I…o…t and then select the first statement:

5. “IoT:*” from picklist as the value in this field; this is a general policy for all IoT devices.

6. Clear out the string that auto-populates in the Amazon Resource Name (ARN) field and replace with a wildcard (*). The Resource ARN is the end point for this resource and acts as a general policy for any resource.

7. Under Effect, choose Allow.

8. Press Create in the lower right hand corner.

Name Policy

9.  Next Choose Manage → Things on the left menu. Press Create.

Create

10.  Choose Create a Single Thing.

Create Single Thing

11.  Name the Gateway; add types and groups if you will have more than one Gateway and if you would like an attribute key and value. An example type is Wi-Fi Gateway. An example group is Gateways. *See note below on Naming Conventions
12. Click Create a Type and fill in the appropriate information.
13. Press Next.

Name Gateway Part I
Name Gateway Part II

14.  Choose One-Click certificate creation and click Create Certificate

Create Certificate

15.  This is where you need to pay attention! Download the certificates and place them in a folder. In the next step we will get the “root certificate.” For now, press Activate

Download Certificate

16.  Get the root certificate. Go to: https://docs.aws.amazon.com/iot/latest/developerguide/managing-device-certs.html#server-authentication

17. Click on Amazon Root CA 1 under the Amazon Trust Service Endpoints heading. Save the text that comes up in your browser as a file named ca.crt  Use bbedit (or another text editor) to save the file http://www.barebones.com/products/bbedit/index.html

Root Certificate

18. Return to the webpage where you activated the certificates and press Attach a Policy.

Attach Policy

19.  Choose the policy you created earlier and press Attach.

Add A Policy For Your Thing

20. Choose Register Thing.

21. Go back to the main menu and select Manage → Things. Select your gateway and press Interact. This is where you will find the endpoint of your thing in the top field. Copy this value and save it.

22. Make Sure you are on the Gateways Wi Fi; log onto the admin console. Review instructions here. You can download the Android app Fing to help you determine the IP address of the device.

23.  Click on the Applications tab and choose MQTT Client under Applications. Enter the endpoint you saved when you set up the gateway on AWS in the Host/IP field and press Save. This will reboot the gateway.

MQTT Settings

24.  Press the advanced tab. Use Choose File to pick the certificate and private key files you saved (Step 8). Press Upload Certificate and Upload Key after choosing the files and then press Reboot.

Upload Certificate and Key

Checking MQTT Publishing at AWS

  1. On the Applications Services Tab of the Gateway Admin tool you will see the default topic the gateway is publishing to. Change it to:  /in/ac233fc01615/status so it is formatted correctly and press Save.
Topic Setting

2.  Log back on to AWS, choose the IoT Core under Service, choose Manage/Things and select the Gateway

Select Gateway

3.  Choose Activity on the left menu

Choose Activity

4.  Click on MQTT Client, paste the default topic into first text box and press Subscribe to Topic.

Subscribe to Topic

5.  This gateway does not send JSON so you will just see the strings for the beacons it is picking up.

Message Results


*NOTE

It is important to have a naming convention that allows our team to quickly identify the location, type, and manufacturer of the device when working with devices in the cloud. Revolution11 highly recommends the following naming convention, based on the useful information in this blog: https://www.netcraftsmen.com/device-naming-conventions/

The blog makes a great point in describing how your device names need to work easily in a Command Line Interface (CLI).

The only information that we have added to the standard in this blog is the addition of the manufacturer.

Best practice for naming looks like this:

ftbr-blewifi-ing-01 represents

  • Location: Fort Bragg,
  • Type of device: ble wi-fi gateway
  • Manufacturer: Ingics
  • Number: first of several devices at this location

Download a PDF of this: Configuring Ingics iGS01S Gateway

Configuring the Ingics iGS01S Wi-Fi BLE Gateway