After studying the features and potential of the Cypress PSoC6 WiFi Bt kit now we see how I have started the first part of the development of the Cloud Node of the Super Smart Home, connecting the PSoC6 device to the AWS IoT Core.

Please, note that this is not a full how-to, for setting up the IoT ecosystem; in this post, I have tried to focus on how the Super Smart Home architecture has been designed to implement the PSoC6 thing as the primary LAN access to the cloud in a secure way.

AWS IoT Configuration and Setup

There are a couple of ways to access the AWS settings from remote; the more common is the AWS IoT Core console from where it is possible to do almost all the tasks needed to set and configure the cloud site to be able to communicate with the things configured accordingly. The second is the AWS CLI (Command Line Interpreter), but these two modes are not fully complementary: an initial basic setup should be done (or is easier to be) from the AWS CLI, a small Python application that can run on Linux, Mac OSX and Windows 10 with a single exception: it installs correctly but does not run on the last OSX version 10.15. It is a problem of incompatibility of one of the network libraries used by the application. It is a problem I have already faced when developing the Control Center so after a couple of tries and a short search on Google I moved on a Windows 10 VM just to use the AWS CLI for the first setup.

Detailed information on the AWS CLI features, download and how to install it can be found on the AWS documentation site.

Above: the AWS documentation page of the AWS CLI application.


As I am used to working with the AWS console in other environments, e.g. the EC2 machines, the security network connections and more, after this necessary step to retrieve the endpoint of my access to the cloud for the IoT features I moved to the web user interface offered by AWS for all the other operations. Apparently the command-line tool is a text-only alternative to the web UI but, as far as what I saw, not all the features can be applied easily from the AWS command. Indeed, the CLI can be used proficiently to create an automated batch to execute repetitive operations (for example configuring many different AWS access users).


The IoT Core Configuration Path

I have ignored the first step shown in the table above as I already own an AWS account then I created a "Thing". Together with defining the IoT object into the AWS IoT Core console, I defined the same parameters into the PSoC6 software. According to the AWS documentation, and modifying the Cypress AWS-RTOS demo software – it is a modified version distributed by Cypress, so don't install the default version that can be downloaded from the AWS portal – I have defined the same parameters in the PSoC6 software.


A Confusing Incongruence

On the PSoC6 I used the Modus Toolbox as the IDE and development environment. The software documentation explains how to configure the communication between the host computer and the PSoC6 and the predefined launch for KitProg3, as shown in the screenshot below (this in case you are not using a hardware programmer like the JTag).

On the contrary, the PSoC6 hardware documentation mentions the programmer USB C connector as KitProg2. Indeed, the first thing to do is the firmware upgrade, also required by the Modus Toolbox trying to compile the demo application and transfer it to the PSoC6. Also, in this case, the upgrader mentions the KitProg2. The doubt is how to install the KitProg3 if everywhere it is mentioned something else. I am aware of what happens when installing or upgrading wrong firmware on a board...

After investigating and without founding any alternative solution nor details, I decided to risk and start the installation of the new firmware following the KitProg2 instruction. As shown in the screenshot below, KitProg3 is just the firmware upgrade.


What I learned is that – probably considered obvious, but not for me – the number suffix of the "KitProg" is just the firmware version. After this small preparation, the PSoC6 started working fine and connecting to the serial without problems.


The IoT Thing: PSoC6ControlCenter

PSoC6ControlCenter is the name I have assigned to the Thing on both sides (should be the same, obviously): on the AWS IoT Core and in the sources.

Defining a new thing (see the screenshot above) in AWS IoT Core is almost easy: it is sufficient to define it; then the thing should be configured and identified in the right way also inside the program.

Looking at the secure connection scheme above may help to understand how the components work and how they are in a reciprocal relationship between the local device and the AWS IoT cloud.

The remote object sends MQTT data packets to its endpoint. Before starting the effective MQTT communication the connection is secured through a Certificate and the exchange of public/private keys between the remote object and the AWS portal. While the certificate is used to recognize the remote object, in the meantime the keys grant the strong encryption applied to the MQTT topics exchanged between the AWS endpoint and the remote object. Also granted by the same Certificate, we should have defined a Policy describing what kind of topics are expected, what should be rejected, and how these topics act when they are published by the thing (the PSoC6) to which the AWS IoT thing is subscribed.

From the AWS console, I created the certificate, required by the PSoC6 to establish a secure connection to the cloud. After the creation, the public and private key, and the certificate should be downloaded; these files will be used to configure the thing application to connect properly to the cloud.

Warning! The generated files can be downloaded once from the certificate creation page then it will no longer possible. It is important to save these three files and keep on a secure folder.

The Cypress AWS RTOS Demo application has a good architecture to configure the parameters to manage the communication, that can be reused for any kind of software application of the PSoC6 as an IoT connected device. there are two configuration header files that should be customized.


The File aws_clientcredential.h

 * Amazon FreeRTOS V201910.00
 * Copyright (C) 2019, Inc. or its affiliates.  All Rights Reserved.
 * Permission is hereby granted, free of charge, to any person obtaining a copy of
 * this software and associated documentation files (the "Software"), to deal in
 * the Software without restriction, including without limitation the rights to
 * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 * the Software, and to permit persons to whom the Software is furnished to do so,
 * subject to the following conditions:
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.


 * @brief MQTT Broker endpoint.
 * @todo Set this to the fully-qualified DNS name of your MQTT broker.
#define clientcredentialMQTT_BROKER_ENDPOINT         ""

 * @brief Host name.
 * @todo Set this to the unique name of your IoT Thing.
#define clientcredentialIOT_THING_NAME               "PSoC6ControlCenter"

 * @brief Port number the MQTT broker is using.
#define clientcredentialMQTT_BROKER_PORT             8883

 * @brief Port number the Green Grass Discovery use for JSON retrieval from cloud is using.
#define clientcredentialGREENGRASS_DISCOVERY_PORT    8443

 * @brief Wi-Fi network to join.
 * @todo If you are using Wi-Fi, set this to your network name.
#define clientcredentialWIFI_SSID                    "WiFi-2.4-CAB2"

 * @brief Password needed to join Wi-Fi network.
 * @todo If you are using WPA, set this to your network password.
#define clientcredentialWIFI_PASSWORD                "**********"

 * @brief Wi-Fi network security type.
 * @see WIFISecurity_t.
 * @note Possible values are eWiFiSecurityOpen, eWiFiSecurityWEP, eWiFiSecurityWPA,
 * eWiFiSecurityWPA2 (depending on the support of your device Wi-Fi radio).
#define clientcredentialWIFI_SECURITY                eWiFiSecurityWPA2

#endif /* ifndef __AWS_CLIENTCREDENTIAL__H__ */


This file contains the credentials to access the Internet via the PSoC6 WiFI, the endpoint (got from the AWS CLI), and the name of the thing that should correspond to the thing name defined in the AWS IoT Core console.


The File aws_clientcredental_keys.h

In this second file, we need to copy the certificate and private key downloaded from the AWS IoT Core when the certificate has been created.

To simplify the operation an HTML/Javascript page can be launched from the tools folder of the Cypress AWS RTOS, which automatically generates this header file that can be replaced in the demo project. After this configuration PSoC6 is able to send MQTT data as topics to the AWS IoT Core, filtered and validated by the policy associated with the certificate.


Full Content


Already Posted (until now)

Super Smart Home #1 The project

Super Smart Home #2 The Door Opener

Super Smart Home #3 Designing the Control Center

Super Smart Home #4 Activating the Door Opener

Super Smart Home #5 Connecting the First Node to the Control Center

Super Smart Home #6 PSoC6 On the Cloud

Super Smart Home #7 From AWS IoT Core to AWS SiteWise

Super Smart Home #8 The Kitchen Node: Parts, Design and Components

Super Smart Home #9 The Kitchen Node: Circuit and Software

Super Smart Home #10 Building IoT nodes with PSoC6-WiFi-Bt and Mbed OS

Super Smart Home #11 Project Summary, Highlights, and More...

Super Smart Home #12 PSoC6 Local Node: Application Skeleton

Super Smart Home #13 PSoC6 Protection Case


Sources, Circuits, and Documentation

All the software sources, scripts, circuits schematics, and more are available as Open Source material on the SuperSmartHome GitHub repository.

The video episodes of this challenge are repurposed on the blog posts of the site


Thanks to

Element14, AWS, and Cypress, main sponsors

Elegoo for 3D printers ad printing material

Digitspace for sensors, actuators, and boards

The friends and community members jancumps and shabaz always available with advice and suggestions.