Industrial Automation Tech Note 50 - TNIA50
This document explains how to get Crimson® 3.1 devices to talk to Amazon Web Services (AWS) using the MQTT Connector. It assumes a basic knowledge of Crimson and its operation, and the ability to read and manipulate JSON. For more details on the Crimson Cloud Connectors, please consult the Crimson User Manual.
CR3000 HMIs / Data Acquisition (DA10 & DA30) / Graphite® HMI / Graphite Controllers
Use Case: AWS Connector
Transferring tag data to Amazon Web Services.
Build 3106.000 or higher
For testing purposes, an outline database can be created as described in the Crimson Cloud Connectors: Creating an Outline Database Tech Note. The outline database will be referenced when configuring the connector.
Step 1 - Creating an Account
If you do not have an AWS account, visit http://aws.amazon.com/free to create a free tier account. The free tier provides more than sufficient capacity for testing and may even be sufficient for limited deployments. If you move to a paid tier, be careful not to leave test devices configured in a manner that will run up your bill.
Step 2 - Accessing the IoT Core
In the Top left side of AWS console next to services click in the search box and type IoT core to find that service. Find and select IoT Core service.
Step 3 - Creating a Policy
AWS uses Policies to control access to its IoT services. We must therefore create a policy that allows our Crimson devices to submit data to the cloud. On the left-hand side once in IoT core section expand security and select Policies. In the center window you will see the button Create Policy, select that.
Set the Policy Name to AllowAll and scroll to the bottom of the page and select Policy examples.
Click the first option under Policy example and select add to policy. This is used to get the correct resource ARN, but we will be adjusting that and using from the example.
- Set Policy Effect to Allow
- Change Policy Action from IOT:Connect to *
- On the Policy Resource delete everything after the colon and put a *
- End result for Policy Resource will look like below.
- Select create at the bottom right of the policy page to create and add this new policy.
This policy allows anyone using a certificate to which it is assigned to perform any supported action on any resource in your IoT account. As you learn more about AWS, you might want to create more sophisticated policies to implement finer-grained control of access to your resources.
Step 4 - Creating a Type
AWS uses Types to group devices into categories. While not strictly necessary, we shall be creating a type to hold all our Crimson-based devices. On the right side of the IOT Core console find and expand All Devices and select Thing Types. Select Create Thing Type button in the upper right.
- Enter a name for the thing type you will be using. This technote will be using CrimsonThings as the thing type.
- Enter a description for the Thing Types being used.
- Select Create Thing Type.
As you learn more about AWS, you might want to create different types to provide a finer-grained grouping of your devices. This will make it easier to search for and manage the devices associated with, for example, a particular site or a particular project.
Step 5 - Creating a Thing
AWS uses Things to represent devices. Each thing corresponds to a device that is pushing data to the cloud, and we shall be creating a Thing to hold the data submitted by our Crimson device. Refer to the left-hand side of the IOTCore Console and select Things under All Devices. Select Create Things button on the top right of the console.
- For testing purposes, we will create a single thing
- Create a thing name for this single thing. For example purposes, we will be using Thing01 for this technote.
- Select a Thingtype. Click the drop down and select the thing type you created in step 4.
- Skip and scroll down to the bottom and select next. A window will be displayed to allow you to configure the thing’s security settings.
- On the next page you will be selecting a certificate to be generated for your thing.
- Select the option Auto-Generate A New Certificate and select next.
- Next you will attach a policy to your thing certificate.
- On the add policy page select the AllowAll policy we created earlier.
- Select Create Thing.
- Once you create the thing a popup will be displayed. Take a screen shot of this popup as it contains information we will need later in the Crimson setup.
- Download the certificate and save to a known location.
- Download the public/private keys and save to a known location
- The thing will be successfully created at this point. There will be a pop up on AWS to select and view the certificate. Select this option to view the certificate and take note of that data there.
We have now created a thing called Thing01 to which we shall be pushing data. The thing has a certificate and a private key to identify it, and we have downloaded the associated files for import into Crimson. The thing’s certificate has been assigned a policy that allows it to perform any operations. We have also downloaded a root certificate that will authenticate the Amazon server to our device.
Step 6 - Finding the Server Host Name
In order for our device to interact with AWS, we need to find the name of the server to which our MQTT requests will be sent. To find the host name, look to the left side console of the IOT core and at the bottom select settings. This will show the end point host name that you will need to use in the Crimson setup.
Step 7 - Configuring the Amazon Connector
We are now in a position to configure and test the Amazon Connector. We shall be configuring it to talk to the thing that we created in earlier sections and pushing four of the data tags that we have created. The fifth tag will be used to display the connection status. Start by returning to the Communications section and select the Amazon MQTT settings in the Connectors section.
- In the Control section, set the Enable Agent property to Yes.
- In the MQTT Server section, set the Host Name 1 property to the hostname from Step 6.
- In the MQTT Server section, set the Client ID property to Thing01
- In the TLS Security section, set the Certificate File to the file you downloaded in Step 5.
- In the TLS Security section, set the Private Key File to the file you downloaded in Step 5.
- In the TLS Security section, set the Server CA File to the file as described below.
When setting the three files, navigate to the correct folder and Crimson should offer you only the files that are appropriate in that context. If you are dealing with many things, you should make sure you select the files that are associated with the thing to which this device will be talking.
The Server CA file is used to validate that Crimson is talking to the correct server. Amazon has recently updated their server certificates, and it is quite a complex task to find the one that is appropriate to the server to which you will be attaching. We thus recommend that you use a file that contains all the possible server certificates that you may encounter. You can download this file from here, or you can copy the text in Appendix A into a text file and save it with the PEM extension. For builds of Crimson including and after the January 2019 Feature Release, you may simply leave the field empty and allow Crimson to use the combined server certificate file by default.
For reference we recommend taking at a look at creating an outline database for cloud connectors. This will help create five tags. Four of those tags will be used to push to the AWS thing01 and the fifth tag will be used for the status field. At the bottom of the Service Tab under diagnostics tie a tag to the MQTT status field.
- Click on Tag Set 1
- Set the update periodic for how often you want us to write data to AWS
- At the bottom of Tag Set 1 you can drag tags that you want to expose to AWS service
You have now configured Crimson to push Tag1 through Tag4 to the cloud once per second. Press F9 to download the database to your device and check the Status tag on your display or via the web browser. A value of 4 should be displayed, indicating that the cloud connection has been established and that data is being pushed. A value of 0 typically indicates an issue with network connectivity or with DNS, while a value of 1 indicates that the server's name was resolved but that the connection could not be established. A value of 3 indicates that the connection has been made, but that data has not been transferred. If you do not see a value of 4, check each item in this note carefully and ensure your Crimson configuration matches your AWS settings.
Step 8 - Interacting with the Device
Now that we have configured Crimson to pass data to the cloud, we can view this data from the Amazon web console and optionally write data back to the device. Return to the IoT Core web page within the console. If you are not already within Thing01, select the Manage option in the left-hand menu and select the Things option under that. Click on Thing01 to display its settings and properties, and select Shadow from the left-hand menu…
Referring to Figure 12, note that the shadow state contains live data representing the tags in your device. The shadow is a persistent object that stores the values sent by the device, whether or not those values are included in the latest message. If you scroll down a little, you will be able to view the shadow more clearly…
As you can see, the shadow is a JSON fragment contains an object called reported. Within this object, a further object called tags contains the data tags being pushed by Crimson, and an object called device acts as a placeholder for yet-to-be-supported device status information. Refer to the Crimson User Manual for details on how the format of this JSON fragment can be adjusted to suit your application.
To write data to the device, we must edit the JSON fragment to contain an object called desired that contains its own tags object that in turn contains the values that we want to write. To modify the shadow, select the Edit option within the AWS console and click on the Shadow State to make the changes…
It is very important that you get the formatting right when editing the shadow. JSON is particularly finicky about commas and other punctuation. The portion that you are creating is shown in red below…
[balance ommitted for brevity]
Note the comma at the end of line immediately before the reported object and note the absence of commas at the end of the other lines. JSON requires commas only when another element follows within the current object. If you get this wrong, a red cross should appear warning you of your error.
Once you have edited the JSON, press click Save to commit the change. The value of Tag1 in your device should be updated both on the device display and in reported object in the shadow, and the corresponding entry in the desired object should be removed. If this does not happen, check your formatting and check that you have writes enabled in the corresponding tag set.
Append A – Combined Server Certificates
It is the customer's responsibility to review the advice provided herein and its applicability to the system. Red Lion makes no representation about specific knowledge of the customer's system or the specific performance of the system. Red Lion is not responsible for any damage to equipment or connected systems. The use of this document is at your own risk. Red Lion standard product warranty applies.
Red Lion Technical Support
If you have any questions or trouble contact Red Lion Technical Support by clicking here or calling 1-877-432-9908.
For more information: http://www.redlion.net/support/policies-statements/warranty-statement