Getting started with AWS

Getting started with AWS

This is a collection of things which should be done before a first POC (Probe of Concept) or a first deployment can happen. These hints are not sufficient to setup a production and final development environment. Be ready to abandon the entire account to recreate a production account by using the AWS Landing Zone concept.

The goal of this page is to help you to build a save environment which is using a minimum set of AWS features.

Stefan Schneider Thu, 03/26/2020 - 13:45

Machine Monitoring

Machine Monitoring

Disclaimer: This page and this website are not owned or controlled by Amazon or AWS!


Machine Monitoring demo architecture

See as well: The AWS Manufacturing Reference Architecture

Other resources

holodoctor Thu, 11/17/2022 - 15:32

AWS services used in this demonstration

AWS services used in this demonstration
  • AWS IoT Greengrass V2: Management of the edge software
  • AWS IoT Core: The AWS services to manage the IoT messages
  • AWS IoT Sitewise: Collect, organize, and analyze data from industrial equipment at scale
  • Amazon SNS: Fully managed Pub/Sub service for A2A and A2P messaging
  • AWS Lambda: Run code without thinking about servers or clusters (used to generate a custom SMS and email text)
  • Amazon Managed Grafana: Scalable and secure data visualization for your operational metrics, logs, and traces
  • AWS IoT TwinMaker: Optimize operations by easily creating digital twins of real-world systems
  • Amazon Lookout for Vision: Spot product defects using computer vision to automate quality inspection
  • AWS Systems Manager: Gain operational insights into AWS and on-premises resources (used to managed the Raspberry)
  • Amazon QuickSight A serverless BI service
  • AWS IAM Identity Center (Successor to AWS Single Sign-On): Centrally manage workforce access to multiple AWS accounts and applications
Stefan Schneider Fri, 11/18/2022 - 09:41

About us

About us

We are Partner Solution architects working for AWS.
We work with AWS partners.
This demonstration will be shown at the Re:Invent Builders fair 2022 in Las Vegas. All implementations follow the AWS Manufacturing Reference Architecture. Every service published on this page is however not officially endorsed by AWS. Please contact us, if you plan to go into production with certain components, we work with hardware partners, system integrators and consulting partners which are happy to turn this demonstration into a professional solution.

Stefan Schneider Fri, 11/18/2022 - 17:19

Building this Demonstration

Building this Demonstration

WIP: Work in progress: I'm rebuilding the demo setup. I'm documenting while I'm rebuilding. Revisit this page by the end of March 2023 for a complete document

Stefan Schneider Tue, 01/17/2023 - 17:13

BOM: Bill of Material (Hardware)

BOM: Bill of Material (Hardware)

WIP: Work in progress: I'm rebuilding the demo setup. I'm documenting while I'm rebuilding. Revisit this page by the end of March 2023 for a complete document

All measurements in metric units!

Id Number Item Comment
1 4 Plywood 250x350mm (Bottom, Middle board, Upper board, cover of case, 6mm thick beech is very robust. The upper board has to carry quite some load
2 1 Plywood 70x40mm,6mm thick, raiser for the burners Use the leftover from the cut out of the middle board
3 8 wood screws, 3mm x 15mm to fasten the three boards
4 2 Plywood 238mmx110mmx6mm the sides of the cover box
5 2 Plywood 350mmx110mmx6mm the other sides of the cover box
6 1 HB12: Big Powerstation the Stirling engine. Pick self assembly. The two cylinder model is more robust against wind from the side. The flame may not generate enough heat for the HB10 or HB11 in windy trade show halls.
7 1 Raspberry 4 Model B 8GB starte kit The
8 1 Case for DIN rail mount GeekPi sells an enclosure for rail mounting
9 1 Rail for case  (DIN TS35) The rail will need to be shortened
10 1 TRCT500 IR sensor Pack of 3.
11 7 Round head M4 screws 10 or 12mm
  • 2 Raspberry Rail
  • 2 IO Cover
  • 2 HB 12
  • 1 IR sensor enclosure 
12 5 M4 screw nuts
  • 2 Raspberry Rail
  • 2 IO Cover
  • 1 IR sensor enclosure 
13 1 Kit of jumper cables Female-Female ones are required. Lengths required vary in between 10cm and 30cm
14 1 kit, flat band cables to reach the physical location of the Raspberry optical camera
15 1 Raspberry Camera Module 3 Wide wide angle is important here. The autofocus is very helpful. An earlier camera will work as well. They have however a fixed focus which needs to be broken to just for the focus at ~12cm
16 1 MLX90640 Infrared camera, 55 degrees, with sockets to plugs. Soldering required for models without a plug...
17 1 plug fo MLX90640 This plug allows to connect the infrared camera to regular breadboard cables

Disclaimer: This list looks very concise. This is the third revision of the demonstration. The components are known to work. Most components can be replaced by different ones. There are lots of degrees of freedom...

Stefan Schneider Tue, 01/17/2023 - 17:15

Mechanical Design and Layout

Mechanical Design and Layout

The mechanical layout follows a number of requirements:

  • robustness: The demonstration will be taken to customers and trade shows. It needs to be robust
    • It has to fit into hand luaggage
    • No part should be damaged
    • Cable connection have to be robust and protected against accidental damage
  • It has to look a kind of professional, viewers shouldn't be distracted by non relevant parts
  • has to meet the skills of the builder
    • basic wood processing
    • soldering
    • 3D printing
    • plastic processing (grinding, drilling, cutting)

The layout looks as follows:

Overview layout

Stefan Schneider Wed, 01/25/2023 - 13:34

IR Sensor TCRT5000 (RPM Counting)

IR Sensor TCRT5000 (RPM Counting)

WIP: Work in progress: I'm rebuilding the demo setup. I'm documenting while I'm rebuilding. Revisit this page by the end of March 2023 for a complete document

Wiring plan.

Sensor seen from the back. Electrical pins at the downside. Pins from left to right. The cable colors are arbitrary, pick them as you like. 30cm long female-female cables work out well. The cables get connected directly with the Raspberry pins, no resistors are required.

Pin Meaning Color Comment
1 A0   Not being used
2 D0 Red  
3 GND Brown  
4 VCC Orange  

Placing and Tuning

The sensor has to be placed at about 5mm distance from the flywheel. The flywheel needs a black mark to make the IR sensor to trigger an event.

The TCRT5000 has a potentiometer at the rear side. It allows to calibrate the sensitivity. Turning this potentiometer up to a half turn to the left or right should trigger the events. The TCRT5000 sensor has a LED at the rear side. This sensor will blick with every event when if it is adjusted correctly.

Stefan Schneider Mon, 01/30/2023 - 18:19

Infrared Camera (MLX90640)

Infrared Camera (MLX90640)

We use an infrared camera of the type MLX90460 with a 50mm lens for three purposes:

  • temperature cool cylinder
  • temperature warm cylinder
  • the flame burning

It'll take four components to build this sensor

A Housing for the Sensor (the Rocket)

The camera has to be placed 7 to 10 cm from the flame.

The camera has to have a fixed position in relation to the Stirling engine. The software will have to pick two rectangles out of the image. This is a static software configuration.

The Sensor

The MX90460 with a 50 mm lens It has a 32x24 pixel array. I got it from here.

The connector 3.0V does not get used. The camera gets powered with the VON cable.

Connector to the Camera and extension Cable

The wires to the camera can be directly soldered on. I decided to buy a small plug (4 Pin Dupont female). This cable is 150mm long. This is not long enough to connect it to the Raspberry. I had to put a 300mm long male-female 4 wire extension cable in between. This allows me to change the camera without having to solder. I have to switch colors in the wiring plan to connect to the Raspberry.

The information flow starts from 4 contacts from the camera. I pick it up with with 4Pin Dupont plug. I extend it with a male-female cable. This cable gets connected with the GPIO pins of the Raspberry.

The Wiring Schema

MLX90460 Connector Cable Color (arbitrary) Cable Color (arbitrary) Raspberry Pin GPIO
VIN Red Red 1 3.3V
SDA Blue Orange 3 GPIO 2
SCL Yellow Yellow 5 GPIO 3
GND Black Brown 14 GND
3.0V - - - -


Enable the Operating System

The sensor is using the I2C protocol. It needs to be enabled. Use the interactive "Raspberry Pi Configuration" tool and enable it in the "Interfaces" section. Reboot the Raspberry.

An alternative is to update /boot/config.txt with the following two parameters


The first parameter will do the same as the interactive tool. The second parameter is a safety precaution to avoid bottlenecks on the bus.

Testing the Sensor

The took i2cdetect needs to be installed upfront:

pi@raspberrypi:~ $ sudo apt-get install -y python3-smbus
pi@raspberrypi:~ $ sudo apt-get install -y i2c-tools

Then use the command

pi@raspberrypi:~ $i2cdetect -y 1

It should list a table. The table has to have an entry "33" somewhere. The is the identifier of an MLX90640 sensor on the bus.

Enabling Greengrass V2 to access the Sensor

The Python scripts run as user ggc_user in Greengrass. Use the following command to allow ggc_user to access i2c:

sudo usermod -a -G i2c ggc_user

Enabling the Calibration of the Camera

The camera will be in different positions depending on the physical setup. The Greengrass component will install a a calibration program as well. This calibration will have to be run as root. The calibration program is written in Python3 and it will need a number of Python libraries. Install them with the command:

At this point, the MLX90640 is ready to be read by the Raspberry Pi. However, since the Adafruit library is being used, a few other libraries need to be installed:

pi@raspberrypi:~ $ sudo pip3 install RPI.GPIO adafruit-blinka
pi@raspberrypi:~ $ sudo pip3 install adafruit-circuitpython-mlx90640
pi@raspberrypi:~ $ sudo pip3 install matplotlib


Stefan Schneider Wed, 02/22/2023 - 16:25

Optical Camera (Module 3)

Optical Camera (Module 3)

Cabling is straight forward. The module 3 camera gets connected with a flatland cable. Pass through holes have to be significant larger.

It'll take one change to allow the Greengrass component to access the hardware component.

Execute the following command:

$ sudo usermod -a -G video ggc_user
Stefan Schneider Wed, 04/12/2023 - 09:17

The Base Board

The Base Board

WIP: Work in progress: I'm rebuilding the demo setup. I'm documenting while I'm rebuilding. Revisit this page by the end of March 2023 for a complete document

Use four boards 350mm x 250mm x 6 mm beech plywood boards. The material is very sturdy, it won't bend quickly.

  • The lower board is the simplest one. It only needs 8 holes for srews to get tied with the two upper boards
  • The middle board has a large cut out which is 20mm smaller than it's size. This empty space will hide all the cables
    • Keep a small board at the middle level. The two burners shouldn't sit lower than 6 mm. Make it large enough to fit underneath the two holes for the burner. You can glue it to be in the right position. You can leave it at the right place. The upper and the lower board will keep it in place through friction.
  • The upper board is the most complex one. It'll have the holes to fix all the objects and it'll need holes for the cables to go through.
    • All components will leave 20mm distance from any boarder. The cover will sit on the upper board. The cover will consist of 10mm walls.
  • The cover:
    • I used birch plywood boards with the sizes
      • 2 boards 350mm x 110mm x 10mm
      • 2 boards 330mm x 110mm x 10mm
    • The 10mm birch plywood panels allow to use 6mm wooden dowels to connect all 4 boards
    • The top cover is the 4th beech plywood board. I nailed it the the side boards
    • The cover board isn't shown at the image below

WIP: The position of the holes will get published at a later point of time. More and more holes are required for the objects which will be documented in future.

Base board

Stefan Schneider Wed, 01/25/2023 - 14:17

The Raspberry

The Raspberry

WIP: Work in progress: I'm rebuilding the demo setup. I'm documenting while I'm rebuilding. Revisit this page by the end of March 2023 for a complete document

Stefan Schneider Wed, 01/25/2023 - 14:45

Raspberry IO Wiring

Raspberry IO Wiring

WIP: Work in progress: I'm rebuilding the demo setup. I'm documenting it, while I'm rebuilding. Revisit this page by the end of March 2023 for a complete document

The cable colors are arbitrary. Pick which ever color you want to pick!

Pin GPIO Id Cable Color Connected device Comment
1 3.3V Red 30cm MLX90460 Power Power
2 +5V Orange 30cm TCRT5000 Power Power
3 SDA Blue 30cm MLX90460  
4 +5V Red Raspberry fan Raspberry Cooling
5 SCL Yellow 30cm MLX90460  
6 GND Black Raspberry fan Raspberry Cooling
7 4 Red 30cm TCRT5000 Binary
8 24      
9 GND Brown 30cm TCRT5000 Ground
14 GND Broen 30cm MLX90460 Ground


Stefan Schneider Tue, 01/24/2023 - 13:47

Software Configuration

Software Configuration

WIP: Work in progress: I'm rebuilding the demo setup. I'm documenting while I'm rebuilding. Revisit this page by the end of March 2023 for a complete document

Stefan Schneider Wed, 02/01/2023 - 17:29

Raspberry Configuration

Raspberry Configuration

WIP: Work in progress: I'm rebuilding the demo setup. I'm documenting while I'm rebuilding. Revisit this page by the end of March 2023 for a complete document

OS Configuration

Use the default OS from from and configure it on a 32GB SD card. Use a version with the desktop software. The Raspberry may need to connect to a new Wifi. It's simpler to do this on the fly with a monitor and a key board.

I'm using:

pi@raspberrypi:~ $ more /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 11 (bullseye)"
NAME="Raspbian GNU/Linux"
VERSION="11 (bullseye)"

I created a user pi for backward compatibility reasons.

Upgrade to the latest packages

$ sudo apt update
$ sudo apt dist-upgrade
$ sudo apt clean
$ sudo reboot

Prepare GreenGrass V2 installation

Install GGV2 accoring to this installation page.

Allow Greengrass user to access GPIO

Execute the following command to make the ggc_user to be part of the gpis group:

$ sudo adduser ggc_user gpio
Stefan Schneider Wed, 02/01/2023 - 17:31

FAQ: Frequently asked Questions

FAQ: Frequently asked Questions

How do I implement this architecture?

All AWS services are public available. The demonstration has been build using public available tutorials. Everything in the AWS cloud can be generated by scripts or configured through the AWS console

I am a AWS customer or partner and I'm interested in the demos and the services. How can I adopt them?

Get in touch with us. We will help you depending on your business case.

Is this architecture ready for industrial production use?

Yes and no...

Yes: all AWS services all highly available. They are scalable. Security is at a production level. The Greengrass V2 container manages the software on the Raspberry at a production level.

No: The Raspberry, the sensors and the wiring is not a professional level. We recommend to work with AWS partners who have verified Greengrass V2 hardware and carrier grade sensors. This project had no funding. This was the cheapest solution.
The quality of the Python scripts which run on the Raspberry are not at a quality level to use it at production. There is very limited error checking; there is very limited checking for incorrect data; the software has no life cycle. The gathering and filtering of data at the edge device would be different with professional hardware and professional sensors

Can we get access to the Python scripts running in Greengrass V2?

Not as of today (November 2023). The scripts have been derived vom AWS tutorials and Raspberry websites. The sensor libraries are open source raspberry libraries.

AWS does not release the scripts as of today since they did not yet pass the reviews to allow AWS to publish them as Open Source. Such a review would require significant resources in AWS. Please talk to us, we want to share the scripts with the community...

Where can I get such a Stirling machine?

Search for Stirling machines at!
We bought our machines from Böhm. Böhm ships self assembly and assembled Stirling engines world wide. We picked the engines since they are robust enough for heavy usage. The oldest machine which we use has more than 20h of operation. Böhm ships as well spare parts.
... and yes, they are a kind of affordable. Get one as a Christmas present. The eight year old in yourself deservers it.

holodoctor Fri, 11/18/2022 - 09:11

Media transfers to EC instances

Media transfers to EC instances

Most users will have to transfer installation media to the targeted EC systems. Copying data to a Bastian host or a jum start server is the straight forward approach. AWS acually allows to simplify this transfer with the help of S3. The idea is

  • Copy installation media to a (private) S3 bucket
  • Download media to the target systems for the installations

S3 will store the installation media savely for a future use. S3 costs are relatively low. Delete the S3 files after you don't need them anymore. This will help to keep costs at a minimum.

The AWS IAM (Identity and access management) will help you to keep your data private. This requires a few extra steps.

1. Create a S3 Bucket to store your Installation Media

S3 buckets are world wide uniformly accessible. Make sure that you store your media files in the region you work. This saves costs and it expedites the data transfer.

  1. Become a user with administration rights in your AWS console
  2. Go to the S3 screen
    1. Select "Services" (upper left corner)
    2. Look or search for "S3" and click on this button
  3. Pick "Buckets" in the left column (most likely already being shown)
  4. Pick "Create bucket"
    1. Choose a name (This name will be unique, world wide across AWS!)
    2. Pick the region in which you work (a remote region will create a bit of costs, increase access latency and it may put your data under a different legislation)
    3. Do not pick any other option. The default setting will create a user private bucket. The costs will be OK. Access speed will be OK as well. All options, but the region can be changed later on.
    4. Consider to create some subfolders in your bucket. It's straight forward...

Test the entire setup. The AWS console allows you to up and download files as well

  • Use the console to upload a file to a bucket.
  • Try accessing the file through it''s URL. This shouldn't work.
  • Use the download option to download it again

Background information: You have the authority of the user with whom you logged into the console to perform these operations.

2. Uploading your Media Files

There are a number of options:

  • The AWS console. See above
  • There are S3 tools out there. Search for them. You will have to provide these tools with a public and a secret user key in order to authenticate the AWS users.
  • Use the AWS CLI (Command Line Interface). You will have to provide these tools with a public and a secret user key in order to authenticate the AWS users.
    • The AWS CLI needs to be installed on on-premises systems manually.
    • Most Linux and Windows AMIs have it preinstalled. Check your EC2 system and install it manually if needed.

3. Downloading the Media Files to the EC2 Systems

Downloads within a region are very fast. We will use the AWS CLI which is preinstalled on most AMIs. Download it here if it is not installed. The EC system will need access to an S3 end point. This is given as long as the system has Internet and DNS access (very common). A in VPC S3 end point is an alternative (unlikely in a new setup).

The AWS CLI allows for save and secure resource access in AWS. The work we will have to do is:

  • Create an access policy which allows to work with one given S3 bucket.
  • Attach the policy to a role
  • Attach the role to the instance.

This will allow any user on the EC2 instance to access the S3 bucket without any extra authenticaten. No IAM user will have to leave the individual credentials on the machine. User on the machine can allow perform a well defined scope of actions.

3.1 Creation of a Bucket Access Policy

Perform the following steps on the AWS console

  1. Select Services (upper left corner in window)
  2. Search for "IAM", select it.
  3. Pick "Policies" from the left column
  4. Push "Create Policy" button
  5. Select tabulator "JSON"
  6. Replace content with the following content:
   "Statement":[ { 
         "Action":[ "s3:ListAllMyBuckets" ],
       { "Effect":"Allow",
         "Action":[ "s3:ListBucket", "s3:GetBucketLocation" ],
       { "Effect":"Allow", 
         "Action":[ "s3:PutObject",

Replace the string examplebucket with your individual bucket name. Give it a name. For example "mediaaccess". Save everything.

3.2 Create a Role for EC2 Systems

It'll take a role which we associate with the EC2 systems which need to access the bucket with the installation media.

  1. Use the console. Use "Services" in the upper left corner
  2. Search for "IAM" and select it
  3. Select "Roles" in the left column
  4. Push "Create Role"
  5. "AWS service" with EC2 is high lighted
  6. Click on "Nect: Permissions" in the lower right corner
  7. Enter the name of your policy ("mediaaccess") in the search field.
  8. Mark the policy and click on "Nect: Tags"
  9. Optional: Add a tag
  10. Click on "Next: Review"in the lower right corner
  11. Provide a Role name and a description
  12. Click on "Create Role" in the lower right corner

3.3 Associate the Role with all relevant Instances

The EC2 inszances need to be enabled to act with this role

  1. Use the console. "Use "Services" in the upper left corner
  2. Search for "EC2" and select it
  3. View all instances
  4. Pick your instance
  5. Select "Actions" -> "Instance Settings" -> "Attach/Replace IAM Role"
  6. Select your role in "IAM role"
  7. Click on "Apply"

There may be two different situations:

  • You create a new instance: Consider to assign the IAM role when you create the instance
  • Your instance already has a role: Consider to add the policy to the existing role.

4. Downloading media on your Instance

Your instance now has the right to access this bucket without having to add a local user!

Do not add user credentials with "aws configure"!

Run "aws configure" and add the region to be used only. This may have to be done for every Linux user who wants to download media.

You can now download a file from the bucket examplebucket your media with a command like

$ aws s3 cp s3://examplebucket/

The aws s3 sync command is very useful as well. It acts similary to the Linux rsync command.

Stefan Schneider Thu, 03/26/2020 - 14:28