AWS IoT Device Management Documentation

AWS IoT Device Management helps you register, organize, monitor, and remotely manage IoT devices at scale. With AWS IoT Device Management, you can scale your fleets and reduce the effort of managing large and diverse IoT device deployments.

Key Features

Register Connected Devices in Bulk

AWS IoT Device Management helps you register new devices by using the IoT management console or API to upload templates that you populate with information like device manufacturer and serial number, X.509 identity certificates, or security policies. Then, the service is designed so you can configure the entire fleet of devices with this information with a few clicks in the management console.

Organize Connected Devices into Groups

AWS IoT Device Management is designed so you can group your device fleet into a hierarchical structure based on function, security requirements, or other categories. You can group one device in a room, group devices together that operate on the same floor, or group all the devices that operate within a building. Then, the service is designed so you can use these groups to manage access policies, view operational metrics, or perform actions on your devices across the entire group. The service can also help you to organize your devices with dynamic thing groups. Dynamic thing groups are designed to help you quickly add devices that meet your specified criteria and remove the devices that no longer match the criteria.

AWS IoT Device Management helps you to query a group of devices and aggregate statistics on device records based on any combination of device attribute, state and connectivity indexing so that you can better organize and understand your fleet. For example, you can search for a group of connected temperature sensors in a manufacturing facility, count the number of sensors with a specific firmware version, and find the average temperature reading for those sensors.

Fine-Grained Device Logging

AWS IoT Device Management is designed to let you collect device logs so that in the event of a problem you can query the log data to figure out what went wrong. The service is also designed so you can configure the logs to include only the metrics that are critical to device performance to help you identify issues quickly. For example, you can include device metrics like error codes that indicate download failures or device restart counters, and quickly identify and troubleshoot issues on devices within the device group.

Remotely Manage Connected Devices

AWS IoT Device Management is designed to allow you to push software and firmware to devices in the field to help you patch security vulnerabilities and improve device functionality. The service is designed to enable you to execute bulk updates, control deployment velocity, set failure thresholds, and define jobs to update device software so they are always running the latest version. The service is also designed to send actions such as device reboots or factory resets remotely to help you fix software issues in the device or restore the device to its original settings.

Secure Tunneling

AWS IoT Device Management is designed to support the creation of a device tunnel - a remote communications session to a device. This provides connectivity to individual devices, which can help you to diagnose issues and act to solve in just a few clicks. This feature is also designed so you can make multiple, concurrent client connections over a single tunnel, enabling you to perform more advanced device troubleshooting, such as issuing remote shell commands to a device while simultaneously debugging a web application on the same device.

With Secure Tunneling, you can rapidly build remote access solutions to connect to devices on isolated networks or behind firewalls. This feature is designed so you can establish trusted connections that allow you to comply with your customers’ corporate security policies, without the need to adjust inbound firewall configurations or manage proxies for each user network. This is accomplished by a mutually initiated tunnel connection between source and destination devices that is brokered through the Secure Tunneling feature in AWS IoT Device Management. These device connections can be configured with a user defined timeout setting designed to close connections after a certain period of time.

Fleet Hub

AWS IoT Device Management is designed to allow you to create no-code, fully-managed web applications using Fleet Hub to visualize and interact with your device fleets connected to AWS IoT. Fleet Hub is designed so you can search across your large and diverse fleets and view device state and health data—such as connection status, firmware version, country code, or battery level. It is also designed so you can program alarms to be triggered by rule-based changes to device status and health metrics and customizable by each end user, so you can be notified of potential issues. Once alerted to an alarm, you can take corrective actions, such as deploying a firmware update or rebooting a device. Fleet Hub’s integration with the many AWS IoT Device Management features as well as across other AWS IoT services is designed so you can interact with your devices to do so, like pushing an OTA (“over the air”) update via Jobs or opening a Secure Tunnel to reconfigure a device. Fleet Hub is designed so users can access the web applications from a browser on any web-enabled desktop, tablet, or phone and sign-in with their corporate credentials through a single sign-on (SSO) experience, and so IT administrators can control access to operational data from devices and equipment for different end users by adding users from their corporate directory and defining permissions through AWS Single-Sign On (SSO), Active Directory, and AWS Organizations.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at, or other agreement between you and AWS governing your use of AWS’s services.