RediGate to AWS IoT

Owned by Former user (Deleted)
Last updated: Oct 06, 2023 by Jon Tandy
6 min read

Introduction

In this tutorial, we will be demonstrating connectivity to the AWS IoT platform (https://aws.amazon.com/iot/). We will use a RediGate 120e with internet connectivity to demonstrate this connectivity, but this tutorial can be applied to any RediGate device with internet connectivity.

Example 1 : Publishing Simulated Data to AWS IoT

Pre-Requisites

  1. A RediGate 100 or 400 series device with internet connectivity
  2. Completion of the Getting Started Guide for your respective RediGate device (RediGate 100 Series or RediGate 400 Series)
  3. AWS account with the AWS IoT service enabled (https://aws.amazon.com/iot/)
  4. Ability to ping the internet (using DNS, so an address like google.com) from your RediGate

Instructions

  1. Using ACE, Open the default configuration you used in the "Getting Started Guide".
  2. Download and open Elecsys-AWS-Demo.xml from the http://redigate.elecsyscorp.com/examples/ site (AWS IoT Platform example) within the same ACE window.
  3. In your default configuration, enable the DNS Client object by setting its Enabled checkbox.


  4. Disable Virtual Unit 3 by clearing its Enabled checkbox.


  5. Copy and paste the following objects from the Elecsys-AWS-Demo.xml config into your default configuration:
    1. TLS Tunnels  (paste under Networks)


    2. FieldUnitInternalMast2 (paste under NullCircuit)


    3. VirtualRW Unit 4 (paste under NullCircuit)


    4. Data Simulator (paste under Internal Channel 15)


    5. MQTT Client (paste under Clients)

    6. NTP Client (paste under Clients). This insures that your RediGate has the correct system time, which is important for the TLS certificates. 



    7. The ${GATEWAY} parameter in your MQTT Client's "Last Will Topic" references the System → Unit Name value. For this example, change the Unit Name to "RG-AWS".


      Renaming Copied Nodes

      Each node must have a unique name, so ACE automatically appends a timestamp to the name when it is pasted into a configuration. You can rename the nodes by clicking on the name of the node or by right-clicking on the node and selecting the "Rename Node" option (ACE 3.5 or later). The name has no operational significance and is user-definable – just make sure that the name remains unique in this configuration.



  6. Copy Table data from the Elecsys-AWS-Demo.xml Internal Channel 15 → Scan Table into your RediGate Configuration (in Internal Channel 15, open Scan Table, right-click and select Paste, over-write data). 





    Scan Table Info

    The "Scan Table" object tells the RediGate which RTU (Unit 2, the data simulator) to run at an interval (Scan Period) which is set to every 600 seconds. This is how frequently the RediGate will check the data simulator for changes, which will result in data being published every 10 minutes. You can change this to whatever number you would like, however you will want to keep an eye on the number of messages published as most IoT platforms charge on a per message or KB basis.

  7. Edit your TLS Tunnels → STUNNEL Parameters object so that the "Connect To" field matches the end point in your AWS IoT system.
    (In AWS IoT Platform, see "Settings" for the "Custom endpoint" name.)


  8. Create a device (or "Thing") for the RediGate in AWS, and move the Certificate, Private Key, and CA files from the "Thing" to your RediGate configuration:
    1. Create a new "Thing" in AWS IoT Registry:


    2. Give your thing a name, and select "Create Thing"


    3. Select Security → Create Certificate


    4. Download all of the keys and the root CA to your computer.

      Names of key files

      Note: You will need to rename the certificate, private key, and root CA to match the name of the files specified in the TLS Tunnels object (cert.crt, privkey.key, ca.pem  in the screenshot below). By default, Windows does not allow users to view/edit file name extensions, so you may have to change that setting under Control Panel → Folder Options:


      Click the "Activate" button to activate the certificate.




    5. Click on "Attach a policy" and create or attach an authorization policy to this device certificate:


    6. The screenshot below shows a policy that allows the RediGate to publish, subscribe, and connect to any topic:


      Here is the text of the example policy code to include in the policy. Click on "Advanced mode" and copy the following into the Policy statement section (replace existing contents):

      { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Connect", "iot:Subscribe", "iot:Receive" ], "Resource": [ "*" ] } ] }


    7. Confirm that your Thing's certificate has the correct policy attached to it:


    8. Save and upload your configuration, certification, private key, and CA to the RediGate:


    9. Connect to the RediGate as "root" using Putty (email us at idc-support@elecsyscorp.com for the default root password), and move the TLS files from the upload directory to /etc/stunnel. Use the commands:
      cd /home/director
      mv cert.crt /etc/stunnel
      mv ca.pem /etc/stunnel
      mv privkey.key /etc/stunnel

      NOTE: If the files you uploaded are not located in the /home/director  folder, check the  /home/Dirupld  folder.



    10. Finally, reboot the RediGate with the command:  reboot

  9. After the RediGate reboot, log in as "user" and verify that it has connected to the AWS IoT broker using the menu option 3 → 17.


Your RediGate will publish data every ~10 minutes since the scan rate value for "Internal Channel 15" is set to 600 seconds. If you would like to see data updated more quickly (the screenshot below has data updating every 10 seconds), you can lower that value and view the data being published in AWS using the "Test" tool

Select "Test", then "Subscribe to a topic".

Enter "RG/#" for the Subscribe topic, and click the "Subscribe to topic" button.

The data published from the RediGate should appear here whenever it is published, as shown below.

Example 2: Sending Data from AWS to Field Device

Once your RediGate is successfully publishing data to AWS, the next step is to subscribe to commands sent from AWS to the field devices connected to the RediGate. Details on the JSON structure that the RediGate expects to receive can be found in the JSON-RBE MQTT Payload Format document. The steps below outline how to write data to an integer tag under a virtual field unit:

  1. Open AWS IoT "Test" Application and select "Publish to a topic."

  2. Enter following values:

    Publish Topic:   RG/RG-120C/Channel15_VirtualRW/CMD or RG/${GATEWAY NAME}/${CHANNEL NAME}_${DEVICE OR RTU NAME}/CMD

    Payload (replace the text contents with the following:  {"d": {"IntValue": 12345}}

    And click the "Publish to topic" button.



  3. Confirm that the data was written to the RediGate by logging in to the RediGate with Putty and accessing MQTT Client Diagnostic screen (Option 3 → 17). Here you should see a value in the "Last Recv Topic" that looks similar to the screenshot below:

The value that you published should be saved in the Internal Channel 15 → Virtual RTU 4 → RTDB → Register 30001. See Accessing RTDB Data Dump for info on viewing RTDB values in the RediGate



Complete

Congratulations! You can successfully publish data to and subscribe to data from the AWS IoT service with your RediGate. You are now ready to start connecting real field devices to AWS IoT. Check out our "Field Device Quick Starts" found at http://redigate.elecsyscorp.com/examples/ for examples showing how to connect the RediGate to 60+ industrial protocols.