Posted On: Nov 19, 2018

You can now assign tags to AWS IoT Core, AWS IoT Device Management, and AWS IoT Device Defender resources. This enables you to allocate costs and get detailed billing reports across your device fleets as well as define IAM permissions based on these tags.

Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources. You can allocate costs by creating tagged Billing Groups and mapping individual “Things” to those groups. All IoT usage and cost for a device will inherit the tags of the Billing Group to which it belongs. Costs attributable to a device include connectivity, MQTT messages, shadow operations, job execution, indexing of Things, detection of anomalous behavior, and more. Cost allocation can be particularly handy if you manage a large fleet of devices grouped by product line. You can use Billing Groups to get visibility into what share of your AWS IoT bill is attributable to each product line. The allocated costs are available on the Cost Explorer and detailed billing reports on AWS Billing.

IAM policies also support tag-based conditions, enabling you to constrain IAM permissions based on specific tags or tag values (when leveraging tag-based conditions for access control, make sure to also define and restrict who can modify those tags). For example, you can tag your beta, gamma, and production environment resources appropriately, and ensure only selected groups of users have access to those environments based on those tags. The IoT resources you can tag are Thing Groups, Thing Types, Billing Groups, Jobs, and Security Profiles. You can also tag these resources at the time of creation.

These features are provided at no additional cost. Click here to learn more about how to tag IoT resources. See AWS Tagging Strategies for general best practices for using tags with AWS resources.