Introduction
In today’s highly connected modern world, Internet of Things (IoT) devices are transforming how we interact with our homes, offices, and industries. Smart technology now extends from homes to cars and industrial equipment. Controlling these devices remotely is essential and offers improved productivity, user experience, and risk management. This blog explores how to send remote commands to AWS IoT devices securely and effectively.
Sending remote actions to IoT devices is a key requirement in building smart solutions. Remote commands enable users, operators, and technicians to control, monitor, and manage devices from distant locations. Users can initiate near real-time actions, such as turning a device on or off, adjusting settings, or retrieving data without being physically present. Sending remote commands is crucial in industries like automotive, healthcare, manufacturing, transportation, and smart homes where remote device management can improve efficiency, reduce costs, and enhance overall operational flexibility.
To achieve this, users often develop custom solutions and creative workarounds to enhance and expand their IoT solutions’ capabilities. However, over a period of time, these one-off solutions become complex, difficult to scale, and increase infrastructure and operational costs. To address these challenges, AWS introduced AWS IoT Device Management commands, a new feature to streamline the lifecycle management of remote actions and their executions.
Overview
The commands feature is a managed remote action capability that leverages the MQTT standard to enable bidirectional cloud-to-device communication. Using the commands feature, you can implement granular access control mechanisms to ensure only authorized users can send commands to specific devices. Common use cases include initiating device actions, updating device state, and modifying device configurations.
The commands feature provides fine-grained access controls and efficient device management tools for delivering remote actions to individual devices. The feature can be accessed from the remote actions section of the AWS IoT console, allowing you to create commands with unique name and customizable data payloads across various data formats including JavaScript Object Notation (JSON), Concise Binary Object Representation (CBOR), Parquet, and plain text. A single command, once defined, can be used multiple times to perform actions on different target devices. You can set specific time out settings for each command execution and monitor their progress through real-time updates and notifications. The following workflow and steps provide an overview of the commands feature.
Figure 1 : AWS IoT Device Management commands feature workflowFigure 1 : AWS IoT Device Management commands feature workflow
Figure 1 : AWS IoT Device Management commands feature workflow
Sending commands to devices using AWS IoT Device Management:
- Create pre-defined and reusable commands and store them in AWS IoT Device Management commands.
- Specify the command payload that will be delivered to the target device(s).
- Choose the device type, an AWS IoT thing or a MQTT client.
- A device subscribes to the command’s topic
$aws/commands/[things|clients]/[upon which IoT commands payload will be delivered.| ]/executions/+/request/[json|cbor] - Through a client application, the user triggers a command that publishes its payload to the respective device’s request topic.
- After receiving the command payload via the request topic, the device is expected to perform the respective actions and send a response back to the cloud.
- The device publishes command execution progress and updates status through
$aws/commands/[things|clients]/[.| ]/executions/ /response/[json|cbor] - Commands service publishes notifications to
$aws/events/commandExecution/and the user receives the notification. (Note: Receiving a notification is optional and can be configured through AWS IoT)./+
Key capabilities of the AWS IoT Device Management commands feature include:
- Concurrency control to initiate multiple commands on a single device.
- Operation support for devices that may not be registered with AWS IoT.
- Configurable time limits to control the maximum duration for each command execution and ensure timely completion.
- Real-time updates on command progress.
- Secure command transmission and granular access control.
Real-world use cases for sending remote actions to IoT devices
AWS IoT Device Management commands simplifies sending cloud-to-device instructions in smart homes, IIoT, and vehicle fleet management applications, eliminating the need to build a custom MQTT solution.
Smart homes
OEM’s and smart home integrators can implement remote command functionality to give homeowners control over comfort, security, and energy systems through their smartphones. For example, they can adjust the thermostat from their smartphone to warm the house before arriving home or turn off forgotten lights after leaving for work. If a security camera detects unusual activity, the homeowner can remotely lock doors, activate alarms, or even speak through connected speakers to deter intruders. During a vacation, they can simulate occupancy by scheduling lights and televisions to turn on and off at specific times. The system can also automatically adjust settings based on weather forecasts, such as closing smart blinds on a hot day to reduce air conditioning costs or adjusting the irrigation schedule because it’s been raining.
Industrial IoT
In a large manufacturing plant, IoT devices that are integrated into machines and systems across the production line enable plant managers to adjust production parameters remotely and in near real-time, responding to changes in demand or supply chain disruptions. When sensors detect equipment performance anomalies, they can initiate remote diagnostics and make necessary adjustments without halting production. During emergencies safety protocols can be activated remotely to stop specific machines or entire sections of the plant. Plant managers can also support predictive maintenance routines with remote commands to schedule maintenance tasks based on near real-time equipment data, minimizing downtime and optimizing overall operational efficiency.
Fleet management
IoT devices in vehicles let logistics companies monitor key metrics remotely. These include real-time location, fuel use, engine health, and driver behavior. Fleet managers can reduce speed limits on vehicles showing mechanical problems to prevent damage. They can redirect navigation systems when drivers go off route. During bad weather, fleet managers can activate safety protocols in affected vehicles. Additionally, they can perform remote diagnostics and over-the-air software updates, reducing the need for physical maintenance. Fleet management solutions built using commands feature enhances operational efficiency, improves safety, and significantly reduces downtime and maintenance costs for the entire fleet.
Understanding when to use AWS IoT Device Management commands and jobs capabilities
Customers can use AWS IoT Jobs to define a set of remote operations that can be sent to and run on one or more devices connected to AWS IoT. The choice between using commands or jobs feature depends on the specific requirements of your IoT use case and the nature of the interactions you need to have with your connected devices.
Getting started with the commands feature
We will walkthrough a real-life use case example of building a smart washing machine solution with the commands feature of AWS IoT Device Management.
Use Case: An engineer is developing a smart washing machine that customers can control remotely. Users manage their smart washing machine using mobile app from anywhere. Users can send commands through the app to start or stop wash cycles and adjust settings like cycle type, water temperature, and spin speed. These commands travel over the MQTT protocol to the washing machine for execution. During operation, the smart washing machine sends status updates via MQTT, showing users the remaining time, current cycle phase, and any alerts. If problems occur, technicians can remotely access the machine to troubleshoot and modify device settings that are restricted from regular users. While this solution can integrate with any mobile app, we’ll focus on the IoT backend implementation. Mobile app development and integration details are not included.
Assumption: For this walkthrough, we work with a device that’s already registered in the AWS IoT Core registry and has the thing-id “SmartWasher”. To register a new device, follow the Get Started with AWS IoT workshop.
This walkthrough shows step by step guide for implementing and monitoring command executions:
- Create the required commands for the system.
- Configure device to subscribe to relevant topics to receive the issued commands.
- Launch the commands to create new “command executions” to the device.
- Publish execution status from device, and monitor the progress on tracking applications.
Important Note: Commands can be created and managed in multiple ways: AWS SDK, AWS CLI, and AWS Management Console. For the examples in this blog, we use the AWS CLI and the AWS Management Console to demonstrate the command creation and management.
Step 1: Command creation
Let’s create commands to include three key functions for the smart washer system: 1. Initiate the default wash cycle with predefined settings. 2. Terminate the wash cycle. 3. Enable the technicians to run and access diagnostics data.
Command 1: Start default cycle
To create a new command in AWS IoT, start by accessing the AWS Management Console and navigating to the AWS IoT service. Once there, look for the “Manage” section in the left sidebar and click on “Remote actions,” then select “Commands.” Click the “Create Command” button to begin the process. When prompted, enter “StartDefaultCycle” as the Command ID. Next, you’ll need to create a JSON file containing the required payload (details provided below as startdefaultcycle.json). In the “Specify payload” section of the command creation interface, upload this JSON file. After confirming all details are correct, finalize the process by clicking the “Create Command” button, which will add new command to the AWS IoT system.
startdefaultcycle.json
{
"Action": "RunWashCycle",
"CycleType": "Normal",
"Soak": "Yes",
"SpinSpeed": "Medium",
"WaterTemperature": "Warm"
}
Figure 2 : Create new command for default cycle
Command 2: Stop Cycle
Create a stop command for the washer using the following payload.
stopcycle.json
{
"Action": "StopWashCycle"
}
Command 3: Retrieve Diagnostics
Create a command to get the washer logs for troubleshooting using this payload.
retrievediagnostics.json
{
"Action": "RetrieveLogs",
"LogType": "DiagnosticMetrics",
"TimeRange": "12Hr"
}
Commands home page will display the commands that were created.
Figure 3 : Commands home page on AWS Management Console
The created command can be managed via the action menu. Options include editing its settings, temporarily disabling it, or permanently deleting it as needed.
Step 2: Device setup and topic subscriptions
Commands service will notify the targeted device over MQTT whenever a new execution is initiated. Up on receiving a command execution, the device initiates a structured sequence of actions. First, it interprets the incoming command based on the MQTT message payload, and then executes the requested actions. Following the execution, the device reports the execution status back to cloud, indicating whether the operation was successful or if it encountered any issues. To accomplish this communication flow, the device needs to subscribe to the request topic, where all command execution requests are published. After processing a command, the device should publish its response to the designated response topic. In our simulation, we’ll demonstrate both successful and failed command executions to cover a few scenarios.
This blog uses the AWS IoT Device SDK v2 for Python, to simulate the SmartWasher.
Request Topic:
$aws/commands/things/
Sample log from the SmartWasher up on successful subscription:
Figure 4 : Terminal window showing subscription output
Response topic:
$aws/commands/things/
Step 3: Command execution
For end users, interaction with the smart washer is typically streamlined through a user-friendly application interface such as mobile application. In our demonstration, we’ll simulate this experience by using CLI commands. Upon running the CLI command mentioned below, you’ll receive an execution-id. This unique identifier is crucial for tracking and retrieving information about the command’s execution. Be sure to note this id. You’ll need it to replace the
Note: To start new command executions, please use DescribeEndpoint API to obtain customer specific endpoint, with endpoint-type as iot:Jobs.
Execute command to start the default wash cycle:
Sample request:
aws iot-jobs-data start-command-execution \
--command-arn arn:aws:iot:
--target-arn arn:aws:iot:
--execution-timeout-seconds 3600 \
--endpoint-url
Sample response:
{
"executionId": "576fe4d7-c604-489d-af91-c37ca9f8303b"
}
Upon successful invocation of StartCommandExecution API, the MQTT client running on SmartWasher will receive a MQTT message on the request topic, there’s the sample that was received on SmartWasher:
Figure 5 : Terminal window showing MQTT message
Step 4: Command execution status update by devices
Commands feature provides UpdateCommandExecution MQTT topic based API for devices to report status to cloud. From the example above, once the SmartWasher starts running the wash cycle, it can continuously report the status back to cloud.
In the following status update from SmartWasher, it is reporting that “Soak” is complete. We will use AWS Management Console’s sample MQTT client to simulate status updates from the washer. Washer posts the execution status to a response topic that is specific to the device and execution:
$aws/commands/things/SmartWasher/executions/
{
"status": "IN_PROGRESS",
"result": {
"SOAK": {
"s": "COMPLETED"
},
"RINSE": {
"s": "PENDING"
},
"SPIN": {
"s": "PENDING"
}
}
}
Developers can enhance their applications with status monitoring capabilities by leveraging the GetCommandExecution API.
Step 5.1: Progress tracking for end user (Applications)
To keep end users informed about command execution, the application can periodically call GetCommandExecution API to retrieve near real-time status for specific command executions, allowing users to track progress instantaneously.
Sample request to get the status of an execution:
aws iot get-command-execution --execution-id
--target-arn arn:aws:iot:
Step 5.2: Progress tracking by administrators or technicians
Technicians and administrators can track the command execution status across the fleet using the events topic for a given command.
$aws/events/commandExecution/
To test this functionality, we can utilize the AWS IoT Console. Log in to the console and navigate to the MQTT test client. Under the “Subscribe to a topic” section, subscribe to the topics mentioned above.
Figure 6: Subscribing to a command execution status topic
Execute any of the command and note the
Figure 7: Publishing success message to a response topic
Figure 8: Viewing command execution status topic results
Figure 9: Publishing failure message to a response topic
Figure 10: Viewing command execution status topic results
Policy configuration
For enhanced security, AWS IoT commands can be configured such that only specific users can be given permissions to send commands to specific devices. AWS IoT Core uses Identity and Access management (IAM) permissions (also known as policies) to control access to the command feature. These policies determine which authenticated users can send commands to devices.
IAM policies can be applied to individual users, groups, or roles, allowing for fine-grained control over who can execute specific commands. For example, if our smart washer system involves three distinct roles with varying levels of access:
- Administrator: responsible for creating and managing commands for the smart washer. This role has the highest level of system control.
- Household member: everyday user who operates the washer for regular laundry tasks. Their access is limited to basic functionalities required for daily use.
- Technician: Accesses the system for maintenance and troubleshooting purposes when issues arise. This role has specialized permissions for diagnostics and repairs.
Sample IAM policies are provided below for reference. For comprehensive policy configuration instructions, please visit create and manage commands documentation. To ensure you’re following security best practices and the principle of least privilege, refer to the Identity and Access Management guide for AWS IoT. Remember that these examples are for demonstration purposes only and you should always customize policies to meet your specific security requirements.
Policy 1:Administrator Role
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"iot:CreateCommand",
"iot:GetCommand",
"iot:UpdateCommand",
"iot:DeleteCommand"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:
],
"Condition": {
"ArnLike": {
"aws:PrincipalArn": [
"arn:aws:iam::
"arn:aws:iam::
]
}
}
}
]
}
Policy 2:Household Member or Standard User Role
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "iot:StartCommandExecution", "iot:GetCommandExecution" ], "Effect": "Allow", "Resource": [ "arn:aws:iot: "arn:aws:iot: "arn:aws:iot: ] } ] }
Policy 3:Technician Role
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "iot:StartCommandExecution", "iot:GetCommandExecution" ], "Effect": "Allow", "Resource": [ "arn:aws:iot: "arn:aws:iot: ] } ] }
Conclusion
In conclusion, commands feature of AWS IoT Device Management provides a secure, streamlined, and cost-efficient method for remotely managing IoT device commands, while maintaining excellent scalability. Its light-weight design, cost-effective and purpose-built capabilities offers a compelling advantage over other custom-built solutions. Whether managing a smart home or an industrial facility, the commands feature empowers developers to enable cloud to device interactions, remote monitoring, control and diagnosis at scale for low-latency and high-throughput applications and empowers users to stay connected and in control no matter where they are.
Related reference
AWS IoT Device Management remote commands executions
AWS IoT Device Management pricing
About the authors
Sara Akkandi is as a Solutions Architect at Amazon Web Services, where she partners with customers to design and implement well-architected cloud solutions. Drawing on her technical expertise, she guides organizations in leveraging AWS services and best practices to effectively address their business challenges and achieve optimal results.
Ryan Dsouza is a Principal Solutions Architect in the Cloud Optimization Success organization at AWS. Based in New York City, Ryan helps customers design, develop, and operate more secure, scalable, and innovative solutions using the breadth and depth of AWS capabilities to deliver measurable business outcomes. He is actively engaged in developing strategies, guidance and tools to support customers architect solutions that optimize for performance, cost-efficiency, security, resilience and operational excellence, adhering to the AWS Cloud Adoption Framework and Well-Architected Framework.
