Getting Started with ZWG3M

Getting Started with AWS IoT

This integration enables you to build AWS IoT management system based on H/W root of trust for enhanced security: interact with Internet of Things, collect and process telemetry from devices or control devices remotely while protecting sensitive information in hardware format. Uplink and downlink messages are available on AWS IOT MQTT, allowing you to leverage Amazon services such as storing messages in DynamoDB , invoke Lambda functions and many more.

Connect to AWS IoT Core with MQTT and TLS

* Implemeataion is based on MQTT version 3.1.1 and TLS 1.2 with ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ciphersuite.
* private key and certificates are encrptyed in HW-based security chip, supports enhacned secured working structure.

  1. Log in to the AWS Management Console AWS Management Console

  2. Choose IoT Core service

  3. In the left navigation panel, click on Manage/Things

  4. Click on create button and add your device to the thing registery

  5. On the Certificate page, choose Use my certificate.

  6. Select or register CA for your own certificate to register

  7. Upload a device certificate : the one installed in ZWG3M

  8. Choose Polices under Secure menu

  9. Click on the create button and defines a set of policy actions

    Users can define their own policy (ex. control clients or limit messages) by attach policies to Thing certificate.

    Below shows policy commands which grants permission for a device to connect using its thing name as the client ID. The device must be registered with AWS IoT or the connection would not work.

  10. Go to the certificates page, click on the three dots of your certificate and attach the selected policies to the thing certificate

Setting up the device (ZWG3M device):

  1. Download test example script from the ICTK GitHub Repository
  2. ZWG3M contains amazon root CA, client certificate and private key already installed in PUF chip. The basic certificate is installed, but can be renewed or added upon request.
  3. Run test script after connecting power and UART to ZWG3M module.(Please see the ZWG3M datasheet)
Configuration :

This AT Commands allows users to set Wi-Fi information and application specific settings in order to connect with the AWS IoT message broker.

• Wi-Fi configuration command


• AWS configuration command

AT+AWS_TN=thing name

Or user can download below python code to configure the device. Please modify wifi.json and aws.json files accroding to your settings.



Run ZWG3M_Configuration

Available port will be shown in windows. Once user selects the port for the ZWG3M, it will be stored in json file name 'zwg3m.json'.

Configuration process

Users Wi-Fi and AWS settings that was written on json file will be configured. Please reset the ZWG3M after the configuration by pressing the reset button on the evaluation board.

MQTT Test : Subscibe / Publish

ZWG3M can subscribes and publish messages to user specific topics using AT command.


Using AWS IoT device shadow, users can update or get information using sub/pub command below.

Out board currently support up to 3 topics to subscribe

AT+AWS_PUB=$aws/things/yourthingname/shadow/update,0,{ your input in json format }

To publish or subscrice with python, please modify below json file with your topic, QoS and payload.

Publish updates to AWS IoT Device Shadow : pub.json

After run publish script as above, updated shadow states as in pub.json will be shown in thing shadow in amazon console.

Subscription to the AWS IoT Device Shadow : sub.json

After modifying the topic in sub.json, run

By publish MQTT messages using amazon console, topic and payload will be shown in python shell as below.

Device Shadow : Update /Delta

ZWG3M publishes updates to the AWS IoT Device Shadow using both AT command and python code provided.


With configured data( clinetID , Endpoint etc) , above command will update item with desired values.

To update with python code, please modify update.json file with your input : update.json

Below python shell shows successful execution of shadow updates. You can also observe updated shadow values on your AWS console.

Delta in shadow is useful indicator which contains difference between the desired and reported states. This will not show on shadow if desired and reported states are the same or there is no desired part in Thing shadow. Below AT command will report delta states of the item when it triggers with delta.


Below is the example of running the delta function in python. Please modify 'update.json' file with your key and type before running delta function. It will return item with desired states.

TPM/SE security : G3 PUF IC


The firmware binaries for ZWG3M module can be found on GitHub.