IoT Bytes

Bits and Bytes of IoT

Device Shadows – Part 2 (MQTT Based Prototype using Python and Raspberry Pi)

Pradeep Singh | 8th Apr 2017


After exploring the basics of AWS IoT Thing/Device Shadows in Part 1 of this article Device Shadows – Part 1 (MQTT Topics and REST APIs); it’s time to create a working prototype. In this article, we are going to use Paho MQTT client for Python to communicate with Device Shadow and control an LED connected to Raspberry Pi.

A. Raspberry Pi Setup:

In this section, you will prepare Raspberry Pi with software prerequisites and create a basic circuit to connect LED to Raspberry Pi –

1 Software Prerequisites:

You need to make sure your Raspberry Pi meets following software requirements –

1.1 Python 2.7+ (Available by default)
1.2 OpenSSL version 1.0.1+ (TLS version 1.2)
1.3 Paho MQTT client library for Python

1.1 Python 2.7:

Make sure you are using Python 2.7 on Raspberry Pi. You can check Python version using “python -V” command –

pi@raspberrypi:~ $ python -V
Python 2.7.9

1.2 OpenSSL:

Make sure you have OpenSSL with TLS v1.2 support (version 1.0.1+) installed on your RaspberryPi.

You can install OpenSSL on Raspberry Pi using “sudo apt-get install openssl” command.

pi@raspberrypi:~ $ sudo apt-get install openssl

To check OpenSSL version you can execute python -c “import ssl; print ssl.OPENSSL_VERSION” command –

pi@raspberrypi:~ $ python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 1.0.1t  3 May 2016

1.3 Paho MQTT Client:

You can install Paho using pip command “pip install paho-mqtt” or “sudo pip install paho-mqtt” –

pi@raspberrypi:~ $ pip install paho-mqtt

2. LED Connection with GPIO Pins:

Connect an LED to GPIO 14 (Pin # 8) and Ground Pin (Pin # 6) with a 330 Ohm Resistor in series. For details refer to the following image –


B. Create Thing, Policy, and Certificate on AWS IoT Platform:

In this section, you will create new AWS IoT Thing, Policy, and Certificate –

1. Login to AWS IoT Console using your AWS IoT Account.

2. Create a new “Thing” from AWS IoT Console (IoT Console –> Registry –> Things) and name it something. I will name my IoT Thing as “RaspberryPi“.

3. Create a new “Policy” from AWS IoT Console (IoT Console –> Security –> Policies) and name it something. I will name my Security Policy as “RaspberryPi_Policy“.

Following are the statement settings for this policy (This policy will allow any IoT operation from any Resource, use it only for testing) –

Action: iot.*
Resource ARN: *
Effect: Allow

The Policy JSON should look like –

{"Version": "2012-10-17",
 "Statement": [
 "Effect": "Allow",
 "Action": "iot:*",
 "Resource": "*"

4. Create a new “Certificate” from AWS IoT Console (IoT Console –> Security –> Certificates –> Create). Select “One-click certificate creation (recommended)” option and download the Certificate, Public Key, Private Key and Root CA Certificate as shown in the following screenshot.


5. Attach your newly created “Thing” and “Policy” with the certificate created in the previous step (navigate to –   IoT Console –> Security –> Certificates;   Select your certificate and attach Thing and Policy to it using menu options).

C. Shadow Logic Implementation with Paho MQTT Client and Python:

I have created two python scripts to implement AWS IoT Device/Thing Shadow logic (based on fundamentals discussed in Part 1) for an LED connected to the GPIO Pin of a Raspberry Pi (Circuit is shown in Sec A of this article). At high level following diagram shows the control signal flow –

AWS IoT Shadows on RaspberryPi with Paho

1. Download Python Scripts and Set the Variables:

Python Scripts are available at GitHubOctocat. You need to download following two files –

1.1 Download this file and upload it on Raspberry Pi. This script will listen to messages on Delta Topic from AWS IoT Service and switch On or Off the LED connected to your Raspberry Pi.

1.2 You can download and run this file on your computer or on the Raspberry Pi. You need to make sure you have OpenSSL with TLS 1.2 support installed on the machine where you want to run this script (I am assuming you have already installed OpenSSL on Raspberry Pi as mentioned in Sec A of this article).

After downloading these files you need to change following variables in both the script files before executing them –

# =======================================================
# Set Following Variables
# AWS IoT Endpoint
# CA Root Certificate File Path
# AWS IoT Thing Name
# AWS IoT Thing Certificate File Path
THING_CERT_FILE = "42f2bc1d29-certificate.pem.crt"
# AWS IoT Thing Private Key File Path
THING_PRIVATE_KEY_FILE = "42f2bc1d29-private.pem.key"
# =======================================================

2. Execute the Python Scripts and Control your LED with AWS IoT Device Shadow:

Start “” script on your Raspberry Pi with “python” command –

pi@raspberrypi$ python
Connected to AWS IoT...

Start “” script on your Computer or Raspberry Pi with “python” command to switch On or Off the LED connected to Raspberry Pi –

PRADEEP-M-91HZ:~ pradeep$ python 
Enter 1 to Turn On the LED
Enter 2 to Turn OFF the LED
Enter 3 to exit
Select an option:

3. Check Shadow State Document:

After executing the scripts (or during the execution process) you may check the Shadow State Doc. Follow these steps to locate Shadow JSON –

  1. Navigate to:   “AWS IoT Console –> Registry –> Things”
  2. Select the Thing that you created in Sec B and click on it. (For my example I will click on “RaspberryPi“)
  3. Click on “Shadow” to check the Shadow State Doc for your IoT Device.

Keep checking the State Doc during LED On/Off operations to understand the behavior of Shadow Service. Your Shadow State Document may look similar to the following example –

 "desired": {
 "LED": "ON"
 "reported": {
 "LED": "OFF"
 "delta": {
 "LED": "ON"


Now you can leverage the power of AWS IoT Device Shadows in your IoT Projects using MQTT Topics. In next Part of this article, we shall explore REST API implementation for Shadows using Python “Requests” modules.

Device Shadows – Part 3 (RESTful API Based Prototype using Python)

2 thoughts on “Device Shadows – Part 2 (MQTT Based Prototype using Python and Raspberry Pi)

  1. Clearest example I’ve seen for AWS IOT. Write more example!.
    I do have a question, for testing. If I manually change the values in the shadow copy, does it generate a message back to the client. Should it?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: