Posted On: Dec 14, 2023

Today, AWS IoT Core—a managed service that connects billions of Internet of Things (IoT) devices to AWS—announces the capability of using your own Certificate Authority (CA) certificates when provisioning fleets with AWS IoT Core. Using AWS IoT Core, you can provision your devices with various techniques, such as just-in-time provisioning, just-in-time registration, and fleet provisioning, where each technique serves a dedicated purpose. For example, with fleet provisioning, you can generate and securely deliver X.509 client certificates to your devices when they connect to AWS for the first time. The updated fleet provisioning capability enables you to issue and customize X.509 client certificates using CAs hosted on popular CA services, such as AWS Private CA, external CAs, or your own public key infrastructure (PKI).

With the new capability, you have more control over the CA certificate when using fleet provisioning, so that you can meet your organizations’ specific security requirements, such as controlling the source of credentials and ensuring the credentials’ authenticity. Additionally, you can customize your security certificates’ signing algorithms, validity periods, and other attributes to improve the security posture of your IoT solution.

The capability to customize and issue client certificates with your own CA is offered at no additional charge beyond the standard AWS IoT Core, AWS Lambda, and optionally AWS Private CA pricing. The feature is generally available in all commercial regions where AWS IoT Core is available. To get started, refer to the blog and technical documentation.