# Serverless IoT for E-Health

Welcome to our workshop! Here we will practice how to build solutions for the internet of things. Our focus is to generate well being, not manage servers, so we'll leverage the best of managed cloud services. However, we still need to accomodate the security, scalability and other requirements of e-health applications. 

This workshop is built as a jupyter notebook so we can build the concepts and execute the code step-by-step. You can execute a cell by selecting it and using the "run" menu action or shift+enter shortcut. Make sure you execute every cell, as each one defines variables or creates resources for the next. But don't just execute the cell - the whole point of this workshop is undestanding them.

Let's help people live long and prosper?

# Disclaimers

This workshop creates AWS resources that may incur in costs, but do not worry. Even if you go above the 500.000 messages included in the free tier, another million messages would cost about one dollar.  Just remember to delete the CloudFormation stack when you are done. 

The security settings in this workshop are extremely open so that management operations at any level can be demonstrated. Do not share your notebook instance. Only run this workshop on accounts prepared for educational or personal purposes.

This project is not sponsored or supported by Amazon or its affiliates. The text, code and opinions in this open-source respository are exclusive from its contributors.

# Soundcheck

Let's get our feet wet by executing some cells and checking our environment is ready. This cell executes some python code to get the current user home directory, where we will store some files, and prints the output of the last line in the cell.

In [1]:
from pathlib import Path
home = str(Path.home())
home

'/home/ec2-user'

This is quite an useful variable so let's ask Jupyter to store it so we can use it in other notebooks.

In [2]:
%store home

Stored 'home' (str)


Another helpful variable is a uniquely generated identifier to name our AWS resources. This way you can easily find or identify the resources created by this workshop. It also helps to prevent naming clases if running multiple instances of this workshop in the same AWS account.

In [3]:
from datetime import datetime
unique = datetime.now().strftime('ehw%M%S%f')
%store unique
unique

Stored 'unique' (str)


'ehw3758579571'

Jupyter can execute other languages and execution environments. In this workshope we use the "!" magic to execute shell commands and create AWS Resources using the AWS Command Line Interface.

In [4]:
!python --version
!aws --version

Python 3.6.5 :: Anaconda custom (64-bit)
aws-cli/1.16.38 Python/3.6.6 Linux/4.14.72-68.55.amzn1.x86_64 botocore/1.12.23


Install the latest [AWS IoT Pytion client library](https://github.com/aws/aws-iot-device-sdk-python)

In [5]:
!pip install --upgrade pip
!pip install AWSIoTPythonSDK
!pip show AWSIoTPythonSDK

Requirement already up-to-date: pip in /home/ec2-user/anaconda3/envs/python3/lib/python3.6/site-packages (18.1)
Name: AWSIoTPythonSDK
Version: 1.4.0
Summary: SDK for connecting to AWS IoT using Python.
Home-page: https://github.com/aws/aws-iot-device-sdk-python.git
Author: Amazon Web Service
Author-email: UNKNOWN
License: UNKNOWN
Location: /home/ec2-user/anaconda3/envs/python3/lib/python3.6/site-packages
Requires: 
Required-by: 


Local environment is checked, let's see cloud conectivity. In the following cells we fetch the list of available regions both using the AWS SDK for Python (a.k.a. boto3) and the AWS Command Line Interface. This is important to highlight that they are clients to the same web services. You will see the same list top right menus of the AWS Console.

In [6]:
!aws ec2 describe-regions 

{
    "Regions": [
        {
            "Endpoint": "ec2.ap-south-1.amazonaws.com",
            "RegionName": "ap-south-1"
        },
        {
            "Endpoint": "ec2.eu-west-3.amazonaws.com",
            "RegionName": "eu-west-3"
        },
        {
            "Endpoint": "ec2.eu-west-2.amazonaws.com",
            "RegionName": "eu-west-2"
        },
        {
            "Endpoint": "ec2.eu-west-1.amazonaws.com",
            "RegionName": "eu-west-1"
        },
        {
            "Endpoint": "ec2.ap-northeast-3.amazonaws.com",
            "RegionName": "ap-northeast-3"
        },
        {
            "Endpoint": "ec2.ap-northeast-2.amazonaws.com",
            "RegionName": "ap-northeast-2"
        },
        {
            "Endpoint": "ec2.ap-northeast-1.amazonaws.com",
            "RegionName": "ap-northeast-1"
        },
        {
            "Endpoint": "ec2.sa-east-1.amazonaws.com",
            "RegionName": "sa-east-1"
        },
   

In [7]:
import boto3

ec2 = boto3.client('ec2')
response = ec2.describe_regions()
for region in response["Regions"]:
    print(region['RegionName'])

ap-south-1
eu-west-3
eu-west-2
eu-west-1
ap-northeast-3
ap-northeast-2
ap-northeast-1
sa-east-1
ca-central-1
ap-southeast-1
ap-southeast-2
eu-central-1
us-east-1
us-east-2
us-west-1
us-west-2


Ready to rock!

**Proceed to [AWS IoT Connectivity and Security Basics](aws-iot-basics.ipynb)**

# Extra Credit

## How does this Jupyter Notebook gets credentials to perform authenticated AWS API calls such as DescribeRegions?

The AWS SDKs and CLI fetches and rotates temporary credentials from the instance metadata service. Those credentials have the permission policy bound to the notebook instance as declared in the CloudFormation template.

In [8]:
! curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/BaseNotebookInstanceEc2InstanceRole \
    | python -m json.tool

{
    "AccessKeyId": "ASIAQOHJYOOX7AEKDEN4",
    "SecretAccessKey": "MTpk7C4/8O9rtBX/4LW34vpde1il4ppa3KIB8Rp3",
    "Token": "AgoGb3JpZ2luEBUaCXVzLWVhc3QtMSKAAhIxEQMbB1+VQ3TxkRvArHpVqmctWTiBx4J5fjTDxWjKu2kQbaabKaB3zWaRxk6FLX8Prm3Rp6CYQHtOBiHdQy08eUkfxIGLRHP/OdS6DPRn5G/dtHkD54McGi5c17WmzOFSQtKSrYr6feMdO4T0tCggqdGnV1YQy/I3pmQFUlFv1y8v5OFM/tMNHNXZrNkVeZphJypnAF0M5YXQWSrkDe9UiFvaWVy9MgTwkrU6tyWB4R0UQO2MmCOLccpLUKixTwHtpT7dlGs/o6UqDYdEol5YgSat5IBXz6jk9sd0qPBECXJXJ3t1Zsks1NmiFiamErvSWE/bbdZRmhySZE31kzkq6wIIi///////////ARAAGgwwMzA1NTUwMDk5NjciDMn59vAAgaIRvISa1Sq/Aribc2m4oO4U1u/Tw131p1LtOTj69FZuK6oM+F7oR+2soKFRFqkVRp8kei74OLUqu+3W5pi+eUgsr7b/pUqsZWPAhDxn1uYNH0wniZ64W3uDEx1q2arp8bft5os07MJuKhihFbn6g3pVGt3l39wuZNyJ9kTzN5kmE1vtjbyaGXp6zCb4nP2LGPM1f2PYILM73wLIZysRkyIpU3QDTuUPsInRSsI/RSXcduJuTt8hUZb2d/Ttpqp3s34CXeVkgy9fm3iIamHNc1zRuaspdSRKAN/OjoKlWrTT0BPGKkvuvdMMKUt+89HxnQuMHIOEPakt1iA1gPYwueMwywfMtOb6HOKFpLHaeZeybJWG5D9+GCOTFc2IEu3UbeZrVcqLNXq6ZKmWYzXb/WkNUc0fXjK96Lss0PYqUcBS4p4korsh1ygw87Dw3gU