1. Sign in by entering an AWS Root Access User Account Email and then press “Next”
2. Enter the password for the Root Access User and press “Sign In”
Set Up a Group
1. Log onto the AWS Console, locate the Security, Identify & Compliance Section and select IAM (Identity and Access Management). Or use the search bar and enter IAM.
2. Select “Groups” in the left side menu
3. Click “Create New Group”
4. Enter a name for the group and then press “Next Step”
5. On the Attach Policy screen, select the policies for any buttons you have set up as a root access user and then press “Next Step”
6. Review the policies and then press “Create Group”
7. You are returned to the group home page once you create the group. To add additional policies so the developer can work with both the buttons and the serverless functions that power the buttons, click on the group you just created.
8. On the permissions screen, click “Attach Policy”
9. In the policies screen, find and select the policies below.
10. After you have selected the policies you want to add to the developers group, click “Attach Policy”
Adding the Developer’s User Account
1. After attaching the policies to the group, select “Users” from the left menu bar
2. Click on “Add User”
3. Add a username, then check the boxes “Programmatic Access” and “AWS Management Console Access.” Keep the defaults of “Autogenerated password” and “require password to be reset” when the developer logs in for the first time. Click on “Next Permissions”
4. On the “Set Permissions” screen, click on the checkbox of the developers group you created earlier to add the developer to this group and press “Next Tags”
5. You can add up to 50 key/value pairs to help you find and organize your users. We recommend using the key “Email” and provide the developer’s email address. Press “Next Review”
6. Review all of the details for this user and then press “Create User”
7. Congratulations, you have successfully set up a developer’s account! Download the credentials with the “Download CSV” button, or view the password by clicking on the “Show” link next to the password field. Important! Make sure you copy the password as it will be unavailable after you leave this screen. Click on the “Send Email” link on the right to send an email with a link for your developer to log into your AWS account.
In this example we are using Google Authenticator, which you can download on your phone from the Google Play or Apple’s App Store.
Configuring the Root User For MFA
1. Log into the AWS Console as the Root User. On the dropdown menu attached to the Organization name in the top menu bar, choose My Security Credentials.
2. You will get a popup warning stating that you should set up another user with limited permissions. This step has already been completed; choose “Continue to Security Credentials.”
3. Click on Multi-Factor Authentication (MFA), then click Activate MFA
4. Select the radio button at the top, “Virtual MFA device” and press the “Continue” button.
5. The popup screen shows several choices; since our app for two-factor authentication is already installed, go to Step 2 and press “Show QR Code.”
6. Open the Google Authenticator app and press the “Begin” button.
7. Press the “Skip” button in the lower left hand corner to go straight to the set up.
8. On the next screen choose “Scan a barcode”
9. You will be asked to give permission to use the camera, choose “Allow”
10. Point the camera to your computer with the barcode showing, center the square that appears over the barcode, and the app will scan it automatically.
11. You will now see the account added in the Google Authenticator app. Make a note of the code display and return to the MFA Popup in the AWS console.
12. Enter the code from the authenticator in the MFA Code 1 box, hit the tab key, then return to the authenticator app. The MFA code changes in the App in about 30 seconds, wait for a second code to appear, make a note of it, and enter it in the MFA Code 2 box. Press the “Assign MFA” button.
13. You should see a success message. Press “Close” and log out of the console.
Test Logging In as the Root User with MFA Activated
1. Log into the AWS console with the usual root user email and password credentials and press “Sign In”
2. A second authentication page will appear where you will enter the MFA code.
3. Open the Google Authenticator app on your phone and make a note of the code.
4. Enter the code in the MFA code box on AWS and press “Submit”
5. You are now logged into the AWS console. Congratulations! You have successfully configured and tested your root user account for MFA.
In this day and age of increased security threats it is best to be prepared before disaster strikes! For additional information on increased security methods, contact Revolution11 to schedule a consultation today. Learn what systems we have put in place for businesses of every size.
The Amazon Web Service (AWS) IoT Button Wi-Fi App is an application published by Amazon that allows the end user to set the button’s Wi-Fi network. The application does not allow the end user to change the button’s functionality. An AWS account is NOT required to use this application.
Setting or Changing the Wi-Fi Network on the AWS IoT Button
Open the app on your phone or tablet and press “Setup AWS IoT Button Wi-Fi”
2. On the next screen press “Scan DSN Barcode” (Device Serial Number). This brings up the scanner in your camera app to scan the barcode on the box.
3. Give the app permission to use your camera on first use… Click “OK”
4. Position the scanner box in the camera app at the bottom barcode on the box flap. (See instructions below if you do not have the box with the sticker label).
5. Once the scanner captures the barcode, it will show the DSN in the next screen of the app. Press “Configure Button”
6. Press the physical button on the device for about 6 seconds until it flashes blue. Once it is flashing, press the button at the bottom of the screen that says “Copy Password And Go To Settings”.
7. On the Wi-Fi Settings Screen, under Choose a Network, select the Button Configuration from the Wi-Fi Networks.
8. When prompted for the network password, paste the password that is stored on the device’s clipboard.
9. Return to the app, choose the Wi-Fi network to attach the button to and enter the password for that network.
10. Press “Confirm Wi-Fi”
11. You will see this message while the button is connecting to the new network
12. Once the button has joined the new network you will get a confirmation screen. Press “Done”
Congratulations, you have set up your AWS IoT button on a new Wi-Fi network!
*Instructions For Lost Box Barcode
If you do not have the box with the barcode that the button came in, there is a QR Code on the back of the button itself that represents the Device Serial Number (DSN). The DSN is also printed on the back of the button. Download a QR Scanning App from Apple’s App Store or Google’s Play store if you don’t have a QR Scanning app on your device already.
1. Open your scanning app and scan the QR Code on the right hand side of the back of the button. Once the QR Code is Scanned, copy the DSN.
2. Open the AWS IoT Button Wi-Fi App and press the “Setup AWS IoT Button Wi-Fi” button at the bottom of the screen.
3. Click on “Manually Enter DSN”
4. On the next screen, click into the DSN field
5. Paste the DSN from the clipboard (type it manually if you could not scan it)
6. Click on “Configure Button” and change the Wi-Fi Network by following the instructions above.
Once you receive your Gateway follow these steps to configure:
The Gateway comes with an antennae and a USB charging cable; you supply your own USB charging adapter. The instructions for adding this unit to your Wi-Fi Network are very straightforward and can be found here.
Set Up the Gateway on the AWS IoT Core
1. Log onto the AWS Console and select IoT Core under the Internet of Things heading. Select Get Started the first time you access this screen.
2. To create a Gateway policy, select Secure on the left hand menu, then select Policies on the sub-menu. Press the Create button in the upper right hand corner.
3. On the next screen, name the policy.
Under Add Statements, use the Action box to create a general IoT policy. Start typing I…o…t and then select the first statement:
“IoT:*” from picklist as the value in this field; this is a general policy for all IoT devices.
Clear out the string that auto-populates in the Amazon Resource Name (ARN) field and replace with a wildcard (*). The Resource ARN is the end point for this resource and acts as a general policy for any resource.
Under Effect, choose Allow
Press Create in the lower right hand corner
4. Next Choose Manage → Things on the left menu. Press Create
5. Choose Create a Single Thing
6. Name the Gateway; add types and groups if you will have more than one Gateway and if you would like an attribute key and value. An example type is Wi-Fi Gateway. An example group is Gateways. *See note below on Naming Conventions Click Create a Type and fill in the appropriate information. Press Next.
7. Choose One-Click certificate creation and click Create Certificate
8. This is where you need to pay attention! Download the certificates and place them in a folder.
In the next step we will get the “root certificate.” For now, press Activate
10. Return to the webpage where you activated the certificates and press Attach a Policy
11. Choose the policy you created earlier and press Attach
12. Choose Register Thing.
13. Go back to the main menu and select Manage → Things. Select your gateway and press Interact. This is where you will find the endpoint of your thing in the top field. Copy this value and save it.
14. Make Sure you are on the Gateways Wi Fi; log onto the admin console. Review instructions here. You can download the Android app Fing to help you determine the IP address of the device.
15. Click on the Applications tab and choose MQTT Client under Applications. Enter the endpoint you saved when you set up the gateway on AWS in the Host/IP field and press Save. This will reboot the gateway.
16. Press the advanced tab. Use Choose File to pick the certificate and private key files you saved (Step 8). Press Upload Certificate and Upload Key after choosing the files and then press Reboot.
Checking MQTT Publishing at AWS
On the Applications Services Tab of the Gateway Admin tool you will see the default topic the gateway is publishing to. Change it to: /in/ac233fc01615/status so it is formatted correctly and press Save.
2. Log back on to AWS, choose the IoT Core under Service, choose Manage/Things and select the Gateway
3. Choose Activity on the left menu
3. Click on MQTT Client, paste the default topic into first text box and press Subscribe to Topic
4. This gateway does not send JSON so you will just see the strings for the beacons it is picking up.
It is important to have a naming convention that allows our team to quickly identify the location, type, and manufacturer of the device when working with devices in the cloud. Revolution11 highly recommends the following naming convention, based on the useful information in this blog: https://www.netcraftsmen.com/device-naming-conventions/
The blog makes a great point in describing how your device names need to work easily in a Command Line Interface (CLI).
The only information that we have added to the standard in this blog is the addition of the manufacturer.
A Bluetooth Gateway is a device that scans for, and captures, Bluetooth radio signals. The Gateway is attached to a network either via ethernet or by joining a Wi-Fi Network. They can easily be configured to send the captured data to Cloud Services such as Amazon Web Services (AWS).
This manufacturer produces two versions of the Bluetooth Gateway. Both versions work with the many varieties of Ingics’ sensor beacons, including:
temperature and humidity
sensors that work with magnets
Ingics Sensors do not use the Eddystone or iBeacon protocols. They send their own protocol, which means you will need to be comfortable parsing the custom strings the beacons produce to make use of them.
You can, however use Eddystone or iBeacon sensors with Ingics Gateways. This requires some setup in Advanced/BLE Filter. See details here https://www.ingics.com/doc/iGS01/AP007_iGS01_payload_filter.pdf
IGS01S Wi-Fi BLE Gateway
This is a great choice if you are going to leave your Gateway configured to a Wi-FI Network for long periods of time.
IGS02E Ethernet BLE Gateway
This is a great choice if you will be moving the gateway from place to place. You only need to configure and set it up with AWS once; then you have the ability to plug it into new networks via the ethernet cable.
Minew produces the G1 Wi-Fi BLE Gateway, which is a great system for beginners. It attaches to your Wi-Fi network and supports standard iBeacons. Minew sells a sensor beacon that collects temperature and humidity, and they have a great lineup of beacons in a variety of form factors that use multiple power sources. The JSON that comes out of the Gateway is human readable, and the ability to appropriately match power requirements with your use case in their beacon lineup is a huge plus. And it has fancy flashing disco lights!