# Part 3: Reacting to events

If a friend has high blood pressure we better let them know!

We'll need some stuff prom those previous notebooks...

In [1]:
#Hour and minute when this started to create unique names
%store -r HM
#Home directory of the user running this notebook
%store -r home
#Private key file name, for AWS IoT authentication
%store -r private_key
#Certificate file name, for AWS IoT authentication
%store -r certificate_file
#Certificate authority file name, for AWS IoT authentication
%store -r ca_file
#Address to connect using MQTT
%store -r endpoint_address
#The name of the topic to send MQTT messages to
%store -r topic_name
#A list of sample messages
%store -r payloads
#A sample message payload
%store -r payload

Let's start with a very simple function that logs a simple message.


This is your code and could do anything: send an em-mail, a tweet, a phone call...

In [2]:
# %load hypertension.py
def on_hbp(event, context):
    name = event['name']
    print("High blood pressure detected. Take care {}!".format(name))


To create a lambda function we need to:

- Create a zip package with the code

In [3]:
zip_file = "{}/aws_iot/hypertension{}.zip".format(home,HM) 
!zip -g {zip_file} hypertension.py
zip_file

  adding: hypertension.py (deflated 11%)


'/home/ec2-user/aws_iot/hypertension120031.zip'

- Create a role authorizing the function execution

In [4]:
print(open('lambda-trust.json').read())

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "lambda.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}


In [5]:
role_name = "fn_hbp_role{}".format(HM) 
fn_role_arn = !aws iam create-role \
    --role-name {role_name} \
    --assume-role-policy-document file://lambda-trust.json \
    --query Role.Arn \
    --output text
fn_role_arn = fn_role_arn.s
fn_role_arn

'arn:aws:iam::030555009967:role/fn_hbp_role120031'

In [6]:
policy_arn="arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
!aws iam attach-role-policy \
    --role-name '{role_name}' \
    --policy-arn '{policy_arn}'

In [7]:
!echo {fn_role_arn}

arn:aws:iam::030555009967:role/fn_hbp_role120031


Create the function:

In [8]:
function_name="on_hbp{}".format(HM)
function_name

'on_hbp120031'

In [24]:
function_arn = !aws lambda create-function \
    --function-name '{function_name}' \
    --zip-file "fileb://{zip_file}" \
    --role '{fn_role_arn}' \
    --handler hypertension.on_hbp \
    --runtime python3.6 \
    --timeout 30 \
    --memory-size 128 \
    --query FunctionArn \
    --output text
function_arn = function_arn.s
function_arn

'arn:aws:lambda:us-east-1:030555009967:function:on_hbp120031'

Now let's create the rule that tells AWS IoT to call that function when a message with high blood pressure arrives.

For that we need:
- The SQL statement capturing messages with the desired condition

In [25]:
sql = """
SELECT name, 
    time_stamp, 
    systolic, 
    diastolic, 
    id, 
    timestamp() as recv_stamp 
FROM '{}'
WHERE systolic > 120 
    OR diastolic > 80
""".format(topic_name)
print(sql)


SELECT name, 
    time_stamp, 
    systolic, 
    diastolic, 
    id, 
    timestamp() as recv_stamp 
FROM 'myhealthcare/data'
WHERE systolic > 120 
    OR diastolic > 80



- Authorize the rule to invoke the lambda function

https://docs.aws.amazon.com/iot/latest/developerguide/lambda-rule.html

In [26]:
import json
rule = {
        "sql": sql, 
        "ruleDisabled": False,
        "awsIotSqlVersion": "2016-03-23",
        "actions": [{
            "lambda": {
                "functionArn": function_arn
             }
        }]}
rule = json.dumps(rule)
rule_file="{}/rule.json".format(home)
with open(rule_file, "w") as f:
    f.write(rule)
rule_file

'/home/ec2-user/rule.json'

In [27]:
print(open(rule_file).read())

{"sql": "\nSELECT name, \n    time_stamp, \n    systolic, \n    diastolic, \n    id, \n    timestamp() as recv_stamp \nFROM 'myhealthcare/data'\nWHERE systolic > 120 \n    OR diastolic > 80\n", "ruleDisabled": false, "awsIotSqlVersion": "2016-03-23", "actions": [{"lambda": {"functionArn": "arn:aws:lambda:us-east-1:030555009967:function:on_hbp120031"}}]}


In [28]:
rule_name="bp2lambda_rule{}".format(HM)
!aws iot create-topic-rule \
  --rule-name '{rule_name}' \
  --topic-rule-payload file://{rule_file}
rule_name


An error occurred (ResourceAlreadyExistsException) when calling the CreateTopicRule operation: Topic Rule 'bp2lambda_rule120031' already exists for account


'bp2lambda_rule120031'

In [29]:
rule_arn=!aws iot get-topic-rule --rule-name '{rule_name}' --query ruleArn --output text
rule_arn = rule_arn.s
rule_arn

'arn:aws:iot:us-east-1:030555009967:rule/bp2lambda_rule120031'

In [30]:
account_id=!aws sts get-caller-identity --query Account --output text
account_id =account_id.s
account_id

'030555009967'

In [31]:
unique_id = "unique{}".format(HM)
unique_id

'unique120031'

In [32]:
!aws lambda add-permission \
    --function-name "{function_name}" \
    --principal iot.amazonaws.com \
    --source-arn '{rule_arn}' \
    --source-account "{account_id}" \
    --statement-id "{unique_id}" \
    --action "lambda:InvokeFunction"

{
    "Statement": "{\"Sid\":\"unique120031\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"iot.amazonaws.com\"},\"Action\":\"lambda:InvokeFunction\",\"Resource\":\"arn:aws:lambda:us-east-1:030555009967:function:on_hbp120031\",\"Condition\":{\"StringEquals\":{\"AWS:SourceAccount\":\"030555009967\"},\"ArnLike\":{\"AWS:SourceArn\":\"arn:aws:iot:us-east-1:030555009967:rule/bp2lambda_rule120031\"}}}"
}


In [42]:
from AWSIoTPythonSDK.MQTTLib import AWSIoTMQTTClient

client_id="NotebookCient{}".format(HM) 
mqtt = AWSIoTMQTTClient(client_id)
mqtt.configureEndpoint(endpoint_address, 8883)
mqtt.configureCredentials(ca_file, private_key, certificate_file)
mqtt.configureConnectDisconnectTimeout(10)
mqtt.connect()
mqtt

<AWSIoTPythonSDK.MQTTLib.AWSIoTMQTTClient at 0x7f2b78042518>

In [47]:
import random
payload = random.choice(payloads)
print(payload)
mqtt.publish(topic_name, payload , QoS = 0)

{"id": "871929af-0cdd-4e88-aa63-17d2864f5d3b", "name": "Sarah Jane", "systolic": 143, "diastolic": 103, "time_stamp": 1539259291090}


False

In [38]:
log_group="/aws/lambda/{}".format(function_name)
print(log_group)
!aws logs describe-log-groups --log-group-name-prefix '{log_group}'

/aws/lambda/on_hbp120031
{
    "logGroups": []
}


In [39]:
log_stream = !aws logs describe-log-streams \
    --log-group-name '{log_group}' \
    --order-by LastEventTime \
    --max-items 1  \
    --query 'logStreams[0].logStreamName'\
    --output text
log_stream = log_stream.s
log_stream

' An error occurred (ResourceNotFoundException) when calling the DescribeLogStreams operation: The specified log group does not exist.'

In [40]:
!aws logs get-log-events \
    --log-group-name '{log_group}' \
    --log-stream-name '{log_stream}' \
    --query 'events[].message' \
    --output text 


An error occurred (InvalidParameterException) when calling the GetLogEvents operation: 1 validation error detected: Value ' An error occurred (ResourceNotFoundException) when calling the DescribeLogStreams operation: The specified log group does not exist.' at 'logStreamName' failed to satisfy constraint: Member must satisfy regular expression pattern: [^:*]*


In [None]:
mqtt.disconnect()

Now let's have some fun accessing real things.Let's see how we can use certificates to allow access from other AWS IoT Core Accounts. [Click here to start controling other things!](aws-iot-other-things.ipynb)