In this lab an ESP32 with camera will connect to IoT Core, subscribe to a topic, obtain pre-sign url to S3 object for an upload, then upload the picture to S3.

Services Covered

  • IAM IAM
  • S3 S3
  • IoT-Core IoT Core
  • lambda AWS Lambda
  • Rekognition Amazon Rekognition

Lab description

In this lab an ESP32 with camera will connect to IoT Core, subscribe to a topic, obtain pre-sign url to S3 object for an upload, then upload the picture to S3. Two Rules in IoT Core will trigger two Lambda functions, one that will generate mentioned presigned url, second will get the S3 object and send it to rekognition and publish the result to IoT topic

  • Creating Things, Roles, attaching certificates and policies
  • Creating S3 buckets
  • Changing CORS configuration of S3 buckets
  • Creating Lambda function and giving them necessary permissions
  • Creating presigned urls for S3 objects

Lab diagram

image

Lab date

24-09-2021

Prerequisites

  • ESP32-CAM (Ai-Thinker ESP32-S in this project)
  • FTDI cable for connecting device through USB
  • AWS account
  • Visual Studio Code with PlatformIO IDE extension installed or Arduino IDE
  • POSTMAN to make API calls

Lab source

The Internet of Things on AWS – Official Blog

Lab steps

  1. Create a thing in IoT Core, either in Console or through CLI
  2. Get your IoT device data endpoint (AWS IoT Core -> Settings) or through CLI
    aws iot describe-endpoint --region <YOUR REGION>
  3. Reformat you certificates with ” and n, it’s time consuming but necessary for the device to connect. It’ll look like that:
    "-----BEGIN CERTIFICATE-----n"
    "MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFn"
    "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6n"
    "b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELn"
  4. Create a policy for the device, policy.json
    {
    ...
      {
        "Effect": "Allow",
        "Action": "iot:Connect",
        "Resource": "arn:aws:iot:eu-central-1:797321539388:client/ESP32-cam"
      },
      {
        "Effect": "Allow",
        "Action": "iot:Subscribe",
        "Resource": "arn:aws:iot:eu-central-1:797321539388:topicfilter/esp32/sub/data"
      },
    ...
    }
  5. Create S3 Bucket
    • under permissions add bucket policy allowing “s3:getObject” and “s3:PutObject” for your IAM User
    • add CORS configuration
      [
        {
            "AllowedHeaders": [
                "*"
            ],
            "AllowedMethods": [
                "GET",
                "PUT",
                "POST",
                "DELETE"
            ],
            "AllowedOrigins": [
                "*"
            ],
            "ExposeHeaders": []
        }
      ]
  6. Create two Lambda functions:
    • one to generate presigned url in S3 called esp32-request-url.py and change it’s policy and allow publishing in IoT and getting objects from S3 [esp32-request-url-policy.json]()
    • second called esp32-request-rekognition.py will get the object from S3 when triggered by IoT Rule and send it to Rekognition, then it’ll publish result to topic ‘esp32/sub/data’
  7. Create two Rules in IoT Core:
    • one with query statement:
      SELECT * FROM 'esp32/pub/url'

      and action to send message to esp32-request-url Lambda function

    • second with query statement:
      SELECT * FROM 'esp32/pub/data'

      action will be send message to esp32-request-rekognition Lambda function

  8. Test if your permissions allow for posting to topics and if Lambda generate url and response from Rekognition (you can use Postman for API calls and sending pictures)
  9. The AWS part is complete. Since this is an AWS Challenge I won’t be going in to the details of programming ESP32 here. Please refer to Nathan Glovers GitHub page for more details.

Lab files

  • thing_policy.json – policy granting ESP32-Cam necessary allowed actions in IoT Core
  • esp32-request-rekognition.py – Lambda function code to generate presigned url in S3
  • esp32-request-url-policy.json – execution policy for Lambda function
  • esp32-request-rekognition.py – Lambda function triggered by IoT set on topic, gets picture from S3, sends it to Rekognition
  • esp32-request-url-policy.json – execution policy for Lambda function
  • esp32-request-rekognition-policy.json

Acknowledgements

Tags:

Leave a Reply