I have an AWS account where I make use of a few of AWS’ services for my website. I also have an Esp32 so I thought, why not try accessing some of the AWS services from my esp32 without using AWS’ IoT service.
For the test project, I thought I’d simulate gathering temperature data with the esp32, store it in a cloud database and also display the data on a website.
So after some brainstorming, I realized that I’d need:
- the esp32 to act as a secure server
- to install a SSL certificate on the esp32
- a means to authenticate the esp32 to be able to access AWS services
- the esp32 to have it’s own domain name
- to take care of the fact that my esp32 did not have a static ip address
- a means of redirecting a dynamic DNS to my esp32
- to upload the temperature data to a cloud database
- an api to act as an endpoint for the upload
- a lambda function to process the uploaded data and save it in a database
- a database to save the data in
- to send the current temperature to a website for display
- to be able to fetch the database data from a website so as to display the data in a chart
What follows is a high level overview of how I tackled the problem. Let me know if you would like a more detailed tutorial on any of the topics covered.
Check out the demo video https://youtu.be/k9B4FdVi5xU
I definitely wanted the communication between the esp32, api and the website to be secure. There’s a great library that takes care of this, check it out, esp32_https_server library.
I found this library easy to install and use. I basically copied and pasted code from the examples and with some minor tweaking got everything working without too much trouble.
For the secure server to work, you need a SSL certificate. It’s fine to use a self-signed certificate if you’re working over your local network but as soon as you open your esp32 up on the internet, you’ll need a certificate issued by a trusted certificate authority.
I used https://www.sslforfree.com/ to get a free certificate and then saved the required certificate files on the esp32. sslforfree makes it easy to get a certificate from Let’s encrypt however, the downside of this is that the certificate is only valid for three months. So you’ll have to renew the certificate every 3 months. You could of course get a paid certificate which lasts longer.
We use a free domain name from Duck DNS.
Non-static ip addresses
My service provider issued me with a non-static public ip address and my router assigned a local network ip address to my esp32 which, by default can change. We have to fix this so that:
- the public ip address is either made static (can cost) or we take care of the changing ip address somehow. Duck DNS can take care of this for us
- the local ip address is made static which is easy to do by editing your router settings
Duck DNS is a dynamic DNS. It works like this, you choose a duck dns domain name and point it to your current public ip address (check what it is here https://whatismyipaddress.com/). You then install a library, https://github.com/ayushsharma82/EasyDDNS on your esp32 which regularly gets your current ip address (you set how often) and updates the Duck DNS so that your duck dns domain name always points to your latest ip address.
Router port forwarding
The secure server defaults to port 443. You need to set up port forwarding in your router to forward any https call to the esp32’s domain name to point to the local ip address of your esp32 as issued by your router. You’ll also have to edit the router set-up so that the local ip address for your esp32 is static.
Redirecting to my esp32
Once you’ve set up your dynamic domain name and port forwarding, you should be redirected to your esp32 whenever using the dynamic name even if your ip address changes.
Uploading data to the cloud
There are a couple of steps involved here.
We’ll need a database to store the data.
We’ll need cloud processing to receive, process and save the data in the database.
We’ll need an api endpoint to send the data to.
We’ll need to authenticate the esp32 so that the api will pass the data to be processed.
The database: dynamoDb
DynamoDb is a NoSql database where you can store key:value pairs of data. It’s easy to use and fast. We’ll save our temperature data in a dynamoDb database.
The process of saving and retrieving the data in the database will be carried out by an AWS cloud lambda function.
Cloud processing: lambda function
The lambda function receives the data or request for data from the api gateway. The function then either saves the data in or fetches the data from the database and returns the response via the api gateway.
Api endpoint: api gateway
The api is the endpoint to which we send our GET and POST requests to. We’ve set up an authentication requirement at the api gateway so that any api request must include the authorization header and a valid id token to pass through the gateway.
All authorized requests to the endpoint are forwarded to the integrated lambda function.
Cognito is a simple and Secure User Sign-Up, Sign-In, and Access Control. We use it to authenticate the esp32 as well as any user logging in to our website.
The user (and esp32 because the esp32 is treated as a user) receives an id token when they sign in. All calls to the api gateway must include this id token else the api will respond with a 401 unauthorized response.
Getting the current temperature
The website makes a request every 60 seconds to the esp32 for the current temperature. The esp32 then sends the temperature in its response.
The user can also select a menu option to fetch and display the current temperature.
The esp32 and user do not have to be logged in to fetch the current temperature.
Uploading the data
The esp32 automatically uploads a months worth of temperature data to the api endpoint when the esp32 logs in.
The user can request that the esp32 uploads the temperature data when selecting a menu option on the website.
The esp32 must be logged in to authenticate the api call to upload the data.
Getting the saved data
The user can select a menu option on the website to fetch the temperature data from the database for display in a chart on the website.
The user must be logged in so that the api call can be authenticated with the users id token.
Other useful AWS services
Credentials are the key to access AWS services.
Accessing any AWS service requires credentials. So once your esp32 has credentials (which you get when logging in) you effectively have access to all AWS’ services!
There are a lot of services offered by AWS that we can tap into with our esp32, it all depends on what your needs are. Two useful services that come to mind are:
- Amazon Simple Email Service – enables you to send emails from your esp32
- Amazon Simple Notification Service – enables you to send SMS’s
Let me know if you’d like a more detailed tutorial of the topics covered in this article.