Trainer’s Handbook

AWS IoT Core Hands‑On (20 Hours) — Certificates & Policies • MQTT via Node‑RED • Send/Receive Data • Threshold Email Alert Mini‑Project

Format: 5 weeks × 4 hrs/week × 1 hr/day Approach: ~95% hands‑on Stack: AWS IoT Core · Node‑RED · MQTT · SNS

Scope & Outcomes

Hands‑on journey from first device to a working alert pipeline.

  • Create Things, generate certificates/keys, and attach policies.
  • Set up Node‑RED as an MQTT client over TLS with AWS IoT Core.
  • Publish/Subscribe to device topics; route data via IoT Rules.
  • Trigger SNS email when incoming value exceeds a threshold (no SES deep dive).

Week 1 · AWS IoT Core Fundamentals

Set up your first device, keys, policies, and verify MQTT in the console.

Outcome: Thing + cert + policy workingArtifacts: keys, policy JSON
Day 1 Intro & Thing Registration
  • Hands‑on: Explore AWS IoT Core console; create a Thing (device) named demo-device-001.
  • Checkpoint: Thing visible in registry.
Day 2 Certificates & Keys
  • Hands‑on: Generate certificate + private key; download root CA, device cert, and private key.
  • Checkpoint: Certificate Activated; keys stored securely.
Day 3 IoT Policies
  • Hands‑on: Create a policy granting iot:Connect, iot:Publish, iot:Subscribe, iot:Receive for devices/demo/*.
  • Attach policy to cert and cert to Thing.
  • Checkpoint: Policy attachment verified.
Day 4 MQTT Test Client
  • Hands‑on: In AWS IoT console, subscribe to devices/demo/#.
  • Publish a test message on devices/demo/data.
  • Checkpoint: Round‑trip shown in test client.

Week 2 · Node‑RED & MQTT Setup

Install Node‑RED and wire it securely to AWS IoT over MQTT/TLS.

Outcome: Node‑RED connected to AWS IoTArtifacts: flow JSON
Day 5 Install & Hello Node‑RED
  • Hands‑on: Install Node‑RED (Docker or npm); explore the editor, create a basic flow.
  • Checkpoint: "Hello World" flow deploys.
Day 6 Secure MQTT Config
  • Hands‑on: Add MQTT node; set AWS IoT endpoint; import Root CA, device cert, private key.
  • TLS enabled (port 8883); client ID = Thing name; clean session OFF.
  • Checkpoint: Connected status in Node‑RED.
Day 7 Subscribe in Node‑RED
  • Hands‑on: Subscribe to devices/demo/data; attach debug node to view payloads.
  • Checkpoint: Incoming MQTT messages visible in debug pane.
Day 8 Publish from Node‑RED
  • Hands‑on: Use inject node to send random sensor values (e.g., temperature) to devices/demo/data.
  • Verify in AWS IoT MQTT test client.
  • Checkpoint: Two‑way visibility confirmed.

Week 3 · Sending & Receiving Data

Round‑trip device ↔ cloud; route data with IoT Rules; simple storage/visualization.

Outcome: end‑to‑end data flowArtifacts: rule SQL, dashboard
Day 9 Device → Cloud
  • Hands‑on: Publish JSON payloads (id, ts, value) every 5s from Node‑RED.
  • Checkpoint: Cloud receives values on devices/demo/data.
Day 10 Cloud → Device
  • Hands‑on: From console, publish a command to devices/demo/command; Node‑RED subscribes and reacts.
  • Checkpoint: Flow toggles behavior based on command.
Day 11 IoT Rules to Store Data
  • Hands‑on: Create an IoT Rule (SQL) to route SELECT * FROM 'devices/demo/data' to DynamoDB (or S3) target.
  • Checkpoint: Messages persisted; verify records exist.
Day 12 Node‑RED Dashboard
  • Hands‑on: Install node-red-dashboard; render gauge/chart for live values.
  • Checkpoint: Chart updates in real time.

Week 4 · Policies, Security & Email Alerts

Tighten policies, simulate multiple devices, and wire threshold emails via SNS.

Outcome: secure policies + alertingArtifacts: SNS topic, subscriptions
Day 13 Fine‑Grained Policies
  • Hands‑on: Restrict policy to specific client IDs and topics (e.g., devices/demo/*).
  • Checkpoint: Publishing outside scope fails as expected.
Day 14 Two Devices
  • Hands‑on: Create a second Thing + cert; enforce per‑device topics (e.g., devices/deviceA/*, devices/deviceB/*).
  • Checkpoint: Isolation confirmed between devices.
Day 15 Rules → SNS
  • Hands‑on: Create an SNS topic ("iot-alerts"); add an Email subscription; confirm.
  • Create IoT Rule that forwards messages to SNS (no SES deep dive needed).
  • Checkpoint: Messages arrive to the topic.
Day 16 Threshold Alert Logic
  • Hands‑on: Update Rule SQL to filter high values: SELECT * FROM 'devices/demo/data' WHERE value > 75.
  • Trigger emails for threshold breaches via SNS subscription.
  • Checkpoint: Email received on high value.

Week 5 · Capstone — Threshold Email Alert System

Deliver an end‑to‑end IoT alert pipeline with demo and retrospective.

Outcome: working demoArtifacts: flow export, rule SQL, runbook
Day 17 Project Kickoff
  • Define topic structure; acceptance criteria; success metrics.
  • Checkpoint: Tasks assigned; timeline agreed.
Day 18 Implement & Wire
  • Finalize Node‑RED publisher/subscriber; verify IoT Rule to SNS.
  • Checkpoint: Data flows; SNS confirms subscription.
Day 19 Validate & Harden
  • Test edge cases (missing fields, invalid JSON); lock policies; basic dashboards.
  • Checkpoint: Alert only on valid high values.
Day 20 Demo & Wrap‑up
  • Demo: Publish high temperature → email alert; log and dashboard review.
  • Retro: What went well; improvements; next steps (shadow, jobs, fleet provisioning).

Resources

  • AWS IoT Core: Things, Policies, MQTT test client, Rules.
  • Node‑RED: MQTT nodes, Dashboard, TLS configuration.
  • AWS SNS: Email subscriptions.

Keep theory ≤5 minutes/hour. Prioritize hands‑on labs, pairing, and debriefs.