This directory contains all Infrastructure as Code (IaC) scripts and backend code for the NeoBell Project, implemented primarily in Python with Boto3.
⚠️ Important Note: While all the infrastructure creation scripts are provided here, many component configurations and Lambda function codes have been modified through the AWS Console after initial deployment. These manual modifications are not reflected in the code repository and would need to be manually replicated when setting up a new environment.
The AWS/ folder is the core of NeoBell's cloud infrastructure, providing:
- Automated provisioning scripts for all necessary AWS services
- Specialized Lambda functions for business logic
- IoT Core configurations for SBC device communication
- SNS notification scripts for push notifications
- Mock data for development environment
NeoBell's backend uses a serverless and event-driven architecture on AWS:
┌─────────────────┐ ┌──────────────┐ ┌─────────────────┐
│ App Flutter │◄──►│ API Gateway │◄──►│ Lambda Functions│──────┐
└─────────────────┘ └──────────────┘ └─────────────────┘ │
│ │ │
▼ ▼ │
┌──────────────┐ ┌─────────────────┐ │
│ Cognito │ │ DynamoDB │ │
│ (Auth/Users) │ │ (Data Store) │ │
└──────────────┘ └─────────────────┘ │
│
┌─────────────────┐ ┌──────────────┐ │
│ SBC Device │◄──►│ IoT Core │ │
│ (Radxa Rock 5C) │ │ (MQTT) │ │
└─────────────────┘ └──────────────┘ │
│ ▼
▼ ┌─────────────────────────┐
┌─────────────────┐ │ S3 │
│ Lambda Functions│───►│ (Video Storage) │
└─────────────────┘ └─────────────────────────┘
│
▼
┌──────────────┐
│ SNS │
│(Notification)│
└──────────────┘
| Script | Purpose | Execution Order |
|---|---|---|
create_neobell_iam_boto3.py |
Creates necessary IAM roles | 1st |
create_neobell_vpc_boto3.py |
Configures VPC and networking | 2nd |
create_neobell_dynamodb_boto3.py |
Creates DynamoDB tables | 3rd |
create_neobell_s3_boto3.py |
Configures S3 bucket | 4th |
create_neobell_cognito_boto3.py |
Cognito setup | 5th |
create_neobell_iot_boto3.py |
Configures IoT Core | 6th |
create_neobell_gateway_boto3.py |
Creates API Gateway | 7th (after Lambdas) |
| Directory | Description |
|---|---|
lambda/ |
Domain-specialized Lambda functions |
iot/ |
IoT Core configuration and rules scripts |
sns notification/ |
SNS configuration for push notifications |
mock/ |
Scripts to populate tables with test data |
-
AWS CLI configured with proper credentials
aws configure
-
Python 3.8+ and Boto3 installed
pip install boto3
-
IAM Permissions to create AWS resources (AdministratorAccess recommended for initial setup)
ACCOUNT_IDwith your real AWS Account IDYOUR_COGNITO_USER_POOL_ARNwith correct ARNs- S3 bucket names must be globally unique
-
IAM Roles (Security foundation)
python create_neobell_iam_boto3.py
-
VPC and Networking (Network infrastructure)
python create_neobell_vpc_boto3.py
-
DynamoDB (Data storage)
python create_neobell_dynamodb_boto3.py
-
S3 (File storage)
python create_neobell_s3_boto3.py
-
Cognito (Authentication)
python create_neobell_cognito_boto3.py
-
Lambda Functions
cd lambda/ # Execute Lambda deployment scripts
-
IoT Core (Device communication)
python create_neobell_iot_boto3.py
-
API Gateway (Public API)
python create_neobell_gateway_boto3.py
-
SNS Notifications
-
Mock Data (Development environment)
cd mock/ # Execute data population scripts
- Amazon Cognito: Identity management and authentication
- Amazon API Gateway: Public REST API for the mobile application
- AWS Lambda: Serverless business logic
- Amazon DynamoDB: NoSQL database for structured data
- Amazon S3: Video and image storage
- AWS IoT Core: MQTT communication with SBC devices
- Amazon SNS: Push notifications for mobile devices
- Amazon VPC: Isolated virtual private network
- AWS IAM: Access control and permissions
| Table | Purpose | Keys |
|---|---|---|
NeoBellUsers |
User data | PK: user_id |
NeoBellDevices |
SBC device registry | PK: sbc_id |
DeviceUserLinks |
User-device linking | PK: sbc_id, SK: user_id |
UserNFCTags |
User NFC tags | PK: user_id, SK: nfc_id_scanned |
Permissions |
Visitor permissions | PK: user_id, SK: face_tag_id |
VideoMessages |
Video metadata | PK: user_id, SK: message_id |
ExpectedDeliveries |
Expected deliveries | PK: user_id, SK: order_id |
EventLogs |
Event logs (TTL) | PK: log_source_id, SK: timestamp_uuid |
- Isolated VPC: Lambdas run in private subnets
- VPC Endpoints: Secure access to S3 and DynamoDB
- Encryption: SSE-S3 enabled by default
- IAM Roles: Principle of least privilege
- Cognito JWT: Secure authentication tokens
- CloudWatch Logs enabled for all Lambdas
- CloudWatch Metrics for performance
- DynamoDB Point-in-Time Recovery enabled
- DynamoDB: Automatic backup via PITR
- S3: Versioning enabled
- EventLogs: TTL configured for automatic cleanup
- Authentication via AWS Amplify (Cognito)
- HTTP calls to API Gateway
- Push notification reception via SNS
- MQTT communication via IoT Core
- Video upload to S3 via presigned URLs
- Local facial recognition and QR code processing
- Costs: Monitor usage to avoid unexpected charges
- Region: All resources are created in
us-east-1 - Unique names: S3 buckets must have globally unique names
- Credentials: Never commit credentials in code
- Cleanup: Use cleanup scripts when dismantling the environment
Note: This AWS is designed to work in conjunction with the NeoBell hardware device and NeoBell App. Ensure all components are properly configured for full functionality.
NeoBell - Securely connected. Simply Home