Click here to Skip to main content
14,027,799 members
Click here to Skip to main content
Add your own
alternative version

Tagged as


1 bookmarked
Posted 8 Sep 2016
Licenced CPOL

Connecting an Intel® IoT Gateway to Amazon Web Services

, 8 Sep 2016
This guide will walk you through adding the IoT Cloud repository to your Intel® IoT Gateway and adding support for Amazon Web Services so you can begin developing applications for this platform in your programming language of choice.

This article is in the Product Showcase section for our sponsors at CodeProject. These articles are intended to provide you with information on products and services that we consider useful and of value to developers.

Get access to the new Intel® IoT Developer Kit, a complete hardware and software solution that allows developers to create exciting new solutions with the Intel® Galileo and Intel® Edison boards. Visit the Intel® Developer Zone for IoT.


  • Intel® IoT Gateway Technology running IDP 3.1 or above with internet access
  • A development device (e.g., laptop) on the same network as the Intel® IoT Gateway
  • Terminal access to the Intel® IoT Gateway from your development device
  • Amazon Web Services account:

Please see the following documentation for setting up your Intel® IoT Gateway:

Adding the IoT Cloud repository to your Intel® IoT Gateway

  1. Access the console on your gateway using either a monitor and keyboard connected directly, or SSH (recommended).
  2. Add the GPG key for the cloud repository using the following command:
    rpm --import
  3. On your development device (e.g., laptop) open a web browser and load the IoT Gateway Developer Hub interface by entering the IP address of your gateway in the address bar.
    Tip: You can find your gateway’s IP address using the ifconfig command.
  4. Login to the IoT Gateway Developer Hub interface using your credentials. The default login and password are both root.

  5. Add the IoT Cloud repository.

  6. Go to the Packages section and click the Add Repo + button.

  7. Populate the fields with the following information and click Add Repository:

    Name: IoT_Cloud

  8. Finally, click the Update Repositories button to update the package list.

Adding AWS* support to your Intel® IoT Gateway

  1. Click the Add Packages + button to bring up the list of packages you can install.

Search for cloud-aws using the search box at the top of the package window. Click the Install button next to the packagegroup-cloud-aws entry.

Setup your user in AWS* console

  1. In a browser navigate to the AWS* console at and login to your AWS account.
  2. Assign the AWSIoTFullAccess policy to your user.

  3. Click on your account name in the top right corner of the console and select Security Credentials from the drop-down list.

    IF you get the popup message above select Continue to Security Credentials.

  4. Select Users from the left-hand panel to get a list of all users in your AWS account. If there are no users listed click the Create New Users button, enter the usernames you would like to create and click Create. Your AWS users should then be listed as above.

  5. Click on your user to show a summary page. Select the Permissions tab and click on Attach Policy.

  6. Scroll down through the list of policies until you find AWSIoTFullAccess. Select this policy and click Attach Policy to add this policy to your user.
  7. Create an access key for your device

  8. Back on the user summary screen, select the Security Credentials tab and click on Create Access Key.

    At this point, a window will appear showing you your unique access key pair. The Secret Access Key will not be shown again once this window is closed, which means you will need to generate a new access key.

    Warning: Do not close this window before completing the next section!

Configuring your gateway

Tip: It is recommended that you use SSH to connect to your gateway, or access the command line through the Intel Developer Hub interface to make copying access keys easier. If you are accessing the command line of your gateway directly, using a monitor and keyboard, you will need to manually enter the access key and secret access key in the next section.

1. Add your user credentials to the gateway.

Enter the following command to add your user credentials to the gateway:
aws configure
When prompted, enter the following information:

  • AWS Access Key ID: The Access Key ID you just generated.
  • AWS Secret Access Key: The Secret Access Key which pairs the access key you just generated.
  • Default region name: See here for a list of regions (e.g. eu-west-1)
  • Default output format: Default is fine, so hit Enter to continue.

2. Create a thing.

Enter the following commands on your gateway to create an associated thing in your AWS* instance:

aws iot create-thing --thing-name gateway-test-01

If adding the thing is successful, you will get output similar to below.

3. Create a permissive policy

Enter the following command to create a new policy in your AWS instance:

aws iot create-policy --policy-name gateway-policy --policy-document '{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action":["iot:*"], "Resource": ["*"] }] }'

If the policy is successfully added, the console output should be similar to that below.

4. Create keys and certificate for thing.

Enter the following commands on your gateway to create keys and certificates to communicate with AWS*:

wget -O rootCA.pem

aws iot create-keys-and-certificate --set-as-active --certificate-pem-outfile cert.pem --private-key-outfile privkey.pem

You should get output similar to that shown below, followed by a lot of JSON data. For the next step, we need to know only the certificateArn value, which is at the beginning of the console output.

5. Attach the policy to the certificate.

You now need to attach the thing certificate we just generated to the policy you created earlier. Do this with the following command:

aws iot attach-principal-policy --policy-name ${POLICY_NAME} –principal ${CERTIFICATE_ARN}

Be sure to enter the policy name you entered above (e.g. gateway-policy) and the certificateArn from the previous step. For example:

aws iot attach-principal-policy --policy-name gateway-policy --principal arn:aws:iot:eu-west-1:681450608718:cert/122c86b84c6e0b919353882c03ca37385855897e16804438a20d44b3f9934cb3

6. Check device in AWS* IoT Console.

In your browser navigate to the AWS* console home screen by clicking on the AWS icon in the top-left of the page. In the top right-hand corner check that the region you configured your gateway with is selected (e.g. Ireland) and then select the AWS IoT service from the list.

Your AWS IoT dashboard should now contain your thing, policy and certificate you just configured on your gateway.

Sending data to AWS* IoT service using Python

Now that your gateway is configured, you are ready to begin sending data to AWS IoT. There are a number of Python samples included which you can use for testing.

Monitor gateway communication in the AWS* console

  1. From your AWS IoT console select MQTT Client near the top-right of the page.

  2. In the MQTT Client window, enter the thing name for your gateway which you assigned earlier (e.g. gateway-test-01) and click Connect.

    The Connection status indicator will turn green and say Connected if AWS is able to communicate with your gateway.

  3. Select Subscribe to topic from the MQTT Client Actions.

  4. In the Subscription topic field, enter sdk/test/Python and click Subscribe.

    Messages received from the gateway will now appear in the message box on the left.

Send messages from the gateway

  1. Enter the following command to get the endpoint to send messages to AWS:
    aws iot describe-endpoint

    This will return the endpointAddress, which we will need for the next step. So, copy the address in quotes.

  2. Navigate to the directory that contains the AWS samples:
    cd /usr/share/awsiotsdk/samples/python/
  3. Run the sample using the following command:
    • ENDPOINT: This is the endpoint address you discovered in the previous step.
    • ROOTCA_PATH: This is the path to the rootCA.pem file you downloaded earlier.
    • CERT_PATH: This is the path to the cert.pem file you generated earlier.
    • PRIVATE_KEY_PATH: This is the path to the privkey.pem file you generated earlier.

    All of the certificates and keys should have been downloaded or created in the same path. By default this will be /root or $HOME unless you changed directory after logging into the gateway.

    Below is a working example:

    python -e -r $HOME/rootCA.pem -c $HOME/cert.pem -k $HOME/privkey.pem

    If the sample app is running correctly, you will start seeing console output like that shown above, indicating that messages are being sent on the sdk/test/Python topic.

    To verify this, head back to your browser and take a look in the message window. You should see new messages being displayed similar to those in the screenshot below.

    Your gateway is now connected to AWS* IoT and able to send and receive data.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Intel Corporation
United States United States
You may know us for our processors. But we do so much more. Intel invents at the boundaries of technology to make amazing experiences possible for business and society, and for every person on Earth.

Harnessing the capability of the cloud, the ubiquity of the Internet of Things, the latest advances in memory and programmable solutions, and the promise of always-on 5G connectivity, Intel is disrupting industries and solving global challenges. Leading on policy, diversity, inclusion, education and sustainability, we create value for our stockholders, customers and society.
Group type: Organisation

43 members

You may also be interested in...


Comments and Discussions

-- There are no messages in this forum --
Permalink | Advertise | Privacy | Cookies | Terms of Use | Mobile
Web03 | 2.8.190419.4 | Last Updated 8 Sep 2016
Article Copyright 2016 by Intel Corporation
Everything else Copyright © CodeProject, 1999-2019
Layout: fixed | fluid