Posted On: Jul 7, 2022
Today, AWS announced the general availability of a new feature of AWS IoT Core that simplifies the registration of certificate authorities (CAs) necessary for device provisioning and makes it easier to move devices between customers' multiple AWS accounts within the same AWS region and between different regions. This reduces the complexity of registering devices to AWS IoT Core and helps customers accelerate the development lifecycle for their IoT implementations when using AWS IoT Core Just-in-Time Provisioning (JITP) and Just-in-Time Registration (JITR) device provisioning methods of AWS IoT Core.
AWS IoT Core requires customers to register CA to validate the signature of device certificates during provisioning. Previously, customers needed access to the CA's private key to prove its ownership before registering the CA, but the private keys are often managed by device vendors or security teams of organizations that operate their own CAs and are not easily accessible to developers. Effective today, customers can directly manage the registration of CAs to simplify device provisioning.
Customers also often manage different AWS accounts to differentiate between development, testing, and production workloads. Until now, they had to configure multiple CAs to connect the same device to multiple accounts during the development process. With this update, customers can use the same CA across multiple accounts to simplify device provisioning using JITP or JITR and improve security posture by having fewer CAs.
AWS IoT Core is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices. Customers must provision their devices before devices can securely connect and communicate with AWS IoT Core. Provisioning refers to registering devices' digital identities with the cloud service, attaching permissions for the devices to access cloud resources, and associating contextual information such as device serial numbers and location with registered digital identities. With AWS IoT Core Just-in-Time Provisioning and Just-in-Time Registration features, customers can have their devices provisioned automatically when devices first attempt to connect to AWS IoT Core.
The ability to register and use certificate authorities (CAs) in multiple accounts is offered at no additional charge beyond the standard AWS IoT Core pricing and is generally available immediately in all Regions where AWS IoT Core is available. See the blog on the AWS IoT Blog and developer documentation to learn more about the new functionality.