Android App as AWS IoT Thing
Connecting Raspberry Pis or other hardware devices to the AWS IoT Core is the default but how can we have an Android app acting as an IoT device. This was the challenge that we were having lately because we wanted to include an Android app in the same fashion into our IoT platform as other devices to control content (e.g. remote trigger to play videos).
At first, we thought we should just go the same way as for our other IoT devices: Provision the device and use a certificate to authenticate with AWS. We have already implemented an end-2-end just-in-time provisioning approach for our other devices and we would have loved to reuse it.
Though, we had to find out that for an Android app we should do it differently. So before going into the details on how we did it, here are some of the requirements which we had for our Android app:
- User has to sign-in to our platform before using the Android app (we are using AWS Cognito for that)
- The app should do all the provisioning with AWS IoT in the background after signing in
- After that, the app is ready to receive commands from the cloud
After different trials with certificates, IAM logins, and other ways to connect to AWS IoT from the app we finally went for using Amplify in combination with the Android SDK for AWS IoT. We would have required Amplify anyway for the login of our users and we use the Android SDK to provision our app as an AWS IoT Thing and connect it.
Setup
We need to have the right libraries for Amplify and AWS IoT. Here is a snippet of what we are currently using. Also, note the Amplify Android setup tutorial.
A bit of a tricky part is the setup of the authentication part. For that, you need to add the Amplify configuration files to your Android project as /res/raw/amplifyconfiguration.json and /res/raw/awsconfiguration.json (compare below).
Later your Android app will access the AWS IoT service. For that, you need to grant the authentication provider (in your federated identities) an IAM role that has the rights your app requires for AWS IoT. You should be very careful and restrictive here.
After that, you can initialize Amplify (find a nice place when your app is starting).
Followed by your code to login/logout of the user. Obviously, this should be combined with an activity and a layout for the user to enter his credentials.
Provisioning
After having all the required setup steps executed and your user logged in, it is time to provision your Android app as an AWS IoT thing. For that we considered different approaches:
- Do the provisioning directly from the device
- Do the provisioning via an API in our cloud service
- Do the provisioning manually
We finally decided on the first approach because we wanted our device to act independently.
To do that you need to set up a few policies. First, an IoT policy for your IoT things is required. For example (specific to use AWS IoT shadows):
For doing the initial provisioning from the Android app two things are necessary:
- Create a new thing (we are using the ANDROID_ID as device/thing id because it is unique for each user on an android device)
- Attach the policy which you have created above to your identity id (note that this is the identity id used by the federated identity pool, not the cognito id)
For connecting as an authenticated user to the AWS IoT you require the AWSMobileClient which is provided by Amplify:
Note that this provisioning step is a one-time activity. AWSIoTClient provides more methods that help you to check if the device is already created and the policy attached.
Connect and Subscribe/Publish
After all the setup you are ready to connect your Android app to AWS IoT and start receiving and publishing messages. In the below example we use an AWS IoT shadow and connect to the delta:
Summary
We required a few tries to find this setup because the AWS documentation is not always very precise on how to connect an Android app. Overall AWS IoT is a wonderful platform to connect things and clients. Be careful with the roles and policies and act according to the “need-to-know” guideline.
Enjoy your AWS IoT enabled Android app and I am more than happy to receive your feedback.
