How to manage IoT infrastructure using the AWS CLI, CDK, and SDK

Overview

In this post, I will present differences in AWS IoT infrastructure management using CLI, CDK, and SDK.

As an example, we will create an IoT Thing using all of those approaches.

Setup

CLI

The AWS Command Line Interface (AWS CLI) enables interaction with AWS services using commands invoked in a shell.

Creating an IoT Thing using the AWS CLI is simple:

1
2
3
4
5
6
7

aws iot create-thing --thing-name cli-thing-0001

# {
#     "thingName": "cli-thing-0001",
#     "thingArn": "arn:aws:iot:eu-west-1:693854281758:thing/cli-thing-0001",
#     "thingId": "0f17b3b9-c77c-442e-9a25-ff04108729ef"
# }

We can check the outcome by invoking the following command:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

aws iot list-things

# {
#     "things": [
#         {
#             "thingName": "cli-thing-0001",
#             "thingArn": "arn:aws:iot:eu-west-1:693854281758:thing/cli-thing-0001",
#             "attributes": {},
#             "version": 1
#         }
#     ]
# }

Pros of using CLI:

• a great way of learning about the AWS services by invoking low-level calls
• easy way to automate simple setup by executing CLI calls from a Bash script

Cons:

• we are responsible for maintaining the state of our assets (a sample IoT Thing was created and CLI “forgot” about it)
• deployment of a complex solution using CLI is hard to develop and maintain

CDK

The AWS Cloud Development Kit (AWS CDK) defines cloud infrastructure as code.

Before we can create our IoT Thing we need to make the CDK app.

Create the CDK app

1
2
3
4
5
6
7

mkdir cdk_iot_thing/
cd cdk_iot_thing/
cdk init app --language=python

# Applying project template app for python
# Welcome to your CDK Python project!
# This is a blank project for CDK development with Python.

Update the code

Open the ./cdk_iot_thing/cdk_iot_thing/cdk_iot_thing_stack.py

and replace it with the following sample:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

from aws_cdk import (
    Stack,
    aws_iot as iot
)
from constructs import Construct

class CdkIotThingStack(Stack):

    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        # in this place we are creating our IoT Thing
        cfn_thing = iot.CfnThing(self, "cdk-thing-0002",
            thing_name="cdk-thing-0002"
        )

Deploy

To actually create our IoT Thing we need to deploy the CDK App:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

cdk deploy

# CdkIotThingStack: creating CloudFormation changeset...

#  ✅  CdkIotThingStack

# ✨  Deployment time: 20.75s

# Stack ARN:
# arn:aws:cloudformation:eu-west-1:693854281758:stack/CdkIotThingStack/a5b4b600-875f-11ed-b5a3-0257979a815b

# ✨  Total time: 25.41s

Pros of using CDK:

• CDK (actually the CloudFormation under the hood) maintains the state of our environment
• enables efficient management of complex systems

Cons:

• CDK requires an initial setup of the development environment
• steeper learning curve than for CLI (you need to learn the structure of AWS services and concepts related to the CDK itself)
• CDK does not support every action required to set up an Internet of Things environment

SDK

AWS SDK for Python (Boto3) allows the management of AWS services using Python script.

Some initial setup is required when working with the SDK:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

from configparser import ConfigParser
import os
import boto3

aws_cred = ConfigParser()
aws_cred.read('/home/iot/.aws/credentials')

aws_conf = ConfigParser()
aws_conf.read('/home/iot/.aws/config')

AWS_ACCESS_KEY_ID = aws_cred.get('default','aws_access_key_id')
AWS_SECRET_ACCESS_KEY = aws_cred.get('default','aws_secret_access_key')
REGION = aws_conf.get('default','region')

session = boto3.Session(
    aws_access_key_id = AWS_ACCESS_KEY_ID,
    aws_secret_access_key = AWS_SECRET_ACCESS_KEY,
    region_name = REGION
)

Then we can actually create our IoT Thing:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

iot_c = session.client('iot')

thing_name = "boto3-thing-0003"

iot_c.create_thing(
    thingName = thing_name
)

# {'ResponseMetadata': {'RequestId': '21686ccd-7379-4946-9c3b-b19db08a6b2a',
#   'HTTPStatusCode': 200,
#   'HTTPHeaders': {'date': 'Thu, 29 Dec 2022 10:11:26 GMT',
#    'content-type': 'application/json',
#    'content-length': '152',
#    'connection': 'keep-alive',
#    'x-amzn-requestid': '21686ccd-7379-4946-9c3b-b19db08a6b2a'},
#   'RetryAttempts': 0},
#  'thingName': 'boto3-thing-0003',
#  'thingArn': 'arn:aws:iot:eu-west-1:693854281758:thing/boto3-thing-0003',
#  'thingId': 'c8135daf-2838-414f-a753-9bb9347abb03'}

Pros of using SDK:

• allows for the full control of the AWS environment (not limited to the CloudFormation functionalities like CDK)
• enables automated deployments and configuration of edge and cloud infrastructure

Cons:

• similarly to the CLI, we are responsible for maintaining the state of our assets (but that state management is easier than when using CLI)
• steeper learning curve than for CLI (you need to learn SDK and Python language)

Cleanup

Now let’s remove our IoT Things and observe differences in the state management between the CLI, CDK, and SDK.

CLI

To remove an IoT Thing using the CLI we need to know its name. In huge-scale automated deployments, keeping track of managed IoT Things is not a trivial task and CLI does not support us much.

1

aws iot delete-thing --thing-name cli-thing-0001

CDK

To remove the IoT Thing managed by the CDK App, we need to destroy that App.

The name of IoT Thing is known by the CDK App, so we do not have to remember or store it anywhere - state management is a huge benefit of using CDK.

In terminal execute:

1
2
3
4
5
6

cdk destroy

# Are you sure you want to delete: CdkIotThingStack (y/n)? y
# CdkIotThingStack: destroying... [1/1]

#  ✅  CdkIotThingStack: destroyed

SDK

When we use the SDK, we can list all IoT Things and destroy them in the loop.

That might be a bit risky operation, but it is very efficient (provided that we know what we are doing).

SDK does not manage the state of our environment, but we can leverage Python to build a custom management logic.

1
2
3
4

for thing in iot_c.list_things()['things']:
    iot_c.delete_thing(
        thingName = thing['thingName']
    )

Conclusion

I hope that this simplified example presented the differences when working with CLI, CDK, and SDK. Every tool requires a bit different approach.

Personally, I prefer to use CDK to manage complex IoT deployments at AWS. To fine-tune setup and invoke specific functions, I support CDK with SDK.