AWS IoT Core helps you connect devices to AWS Services and other devices, secure data interactions, and process and act upon device data.

Key features

AWS IoT Device SDK

The AWS IoT Device SDK lets you more easily and more quickly connect your hardware device or mobile application to AWS IoT Core. The AWS IoT Device SDK helps your devices connect, authenticate, and exchange messages with AWS IoT Core using the MQTT, HTTP, or WebSockets protocols. The AWS IoT Device SDK supports C, JavaScript, and Arduino, and includes the client libraries, the developer guide, and the porting guide for manufacturers. You can also use an open-source alternative or write your own SDK.

Learn more in the AWS IoT Device SDK documentation or get started by downloading the SDKs.

Device Advisor

Device Advisor is a fully managed cloud-based test capability for validating IoT devices during development. It provides pre-built tests that help developers validate their IoT devices for reliable and secure connectivity with AWS IoT Core. By using Device Advisor, developers can test if their IoT devices can reliably interoperate with AWS IoT Core and follow security best practices. Developers can identify and resolve the most common device software issues during development before they deploy their devices in production. Device Advisor also provides a signed qualification report that can be used by hardware partners to qualify their devices for inclusion in the AWS Partner Device Catalog. Learn more and get started, in the Device Advisor’s overview page, technical documentation, and blog.

Device Gateway

The Device Gateway serves as the entry point for IoT devices connecting to AWS. The Device Gateway manages all active device connections and implements semantics for multiple protocols to verify that devices can securely and efficiently communicate with AWS IoT Core. Currently the Device Gateway supports the MQTT, WebSockets, and HTTPS protocols. For devices that connect using MQTT or WebSockets the Device Gateway will maintain long lived, bidirectional connections, helping these devices send and receive messages at any time with low latency. The Device Gateway is fully managed and scales automatically to support over a billion devices without requiring you to manage any infrastructure. If you are migrating to AWS IoT, the Device Gateway offers capabilities to transition infrastructures with minimal impact to existing architectures and IoT devices. To learn more about Configurable endpoints, read the documentation here.

Learn more in the protocols section in the AWS IoT Core user guide.

Message Broker

The Message Broker is a high throughput Pub/Sub messaging agent that securely transmits messages to and from all of your IoT devices and applications with low latency based on the MQTT Version 5.0 Message Standard. The flexible nature of the Message Broker’s topic structure helps you send messages to, or receive messages from, a number of devices. It supports messaging patterns ranging from one-to-one command and control messaging, to one-to-one million (or more) broadcast notification systems and everything in between. Also, you can set up fine-grained access controls that help you manage the permissions of individual connections at the topic level. This verifies that your devices and applications will send and receive only the data that you want them to. The Message Broker is a fully managed service, so no matter how you choose to use it, it will scale automatically with your message volume without requiring you to run any infrastructure.

Learn more in the device communication protocol section of the AWS IoT Core user guide.

CoAP Protocol

Constrained Application Protocol (CoAP) is a specialized Internet application layer protocol that is purpose built for constrained devices like battery powered IoT sensors. CoAP offers familiar HTTP-style request/response messaging in a lightweight User Datagram Protocol (UDP) protocol, making it a suitable protocol choice for IoT use-cases where devices communicate infrequently to the cloud and spend most of their time offline in a low power state. AWS IoT Core offers CoAP/UDP support for cellular devices, such as those using Narrowband IoT (NB-IoT) technology, through partner-developed IoT platforms built on AWS. Our partners like 1NCE, Aeris and Telefonica have built dedicated services on AWS IoT Core to support CoAP protocol, so that customers can directly connect their devices to the cloud without building their own broker or managing dedicated cloud resources.

Learn more about Implementing LPWAN IoT solutions with CoAP.


Authentication and authorization

AWS IoT Core provides mutual authentication and encryption at all points of connection, so that data is never exchanged between devices and AWS IoT Core without a proven identity. AWS IoT Core supports the AWS method of authentication (called SigV4), X.509 certificate-based authentication, and customer created token-based authentication (through custom authorizers.) Connections using HTTP can use any of these methods, while connections using MQTT use certificate-based authentication, and connections using WebSockets can use SigV4 or custom authorizers. With AWS IoT Core you can use AWS IoT Core generated certificates and those signed by your preferred Certificate Authority (CA). You can map your choice of policies to each certificate, so that you can give devices or applications access, or instead revoke access without ever touching the device.

You can create, deploy, and manage certificates and policies for the devices from the console or using the API. Those device certificates can be provisioned, activated, and associated with the relevant IoT policies that are configured using AWS IoT Core. This helps you instantly revoke access for a device if you choose to do so. AWS IoT Core also supports connections from users’ mobile apps using Amazon Cognito, which takes care of all the steps necessary to create a unique identifier for your app’s users and retrieve temporary, limited-privilege AWS credentials. AWS IoT Core can also provide temporary AWS credentials after a device has been authenticated with an X.509 certificate, so that the device can more easily access other AWS services such as DynamoDB or S3.

Fleet provisioning for AWS IoT Core makes it easier to onboard any number of manufactured devices to the cloud at scale. It provides a complete managed-device onboarding experience that sets up devices with unique digital identities. It also performs the device-side and cloud-side configuration needed for each device to connect and operate with AWS IoT automatically upon its first connection to AWS IoT Core. Fleet provisioning is offered at no additional charge to customers. Learn more about Fleet provisioning.

Learn more at the security and authentication section in the AWS IoT Core user guide.


The registry establishes an identity for devices and tracks metadata, such as the devices’ attributes and capabilities. The registry assigns an identity to each device that is consistently formatted regardless of the type of device or how it connects. It also supports metadata that describes the capabilities of a device (such as whether a sensor reports temperature and if the data are Fahrenheit or Celsius).

The registry helps you store device metadata at no additional charge. Metadata in the registry does not expire if you access or update your registry entry at least once every 7 years.

Learn more in the registry section of the AWS IoT Core user guide.

Device Shadow

With AWS IoT Core, you can create a persistent, virtual version, or Device Shadow, of each device. This includes the device’s latest state so that applications or other devices can read messages and interact with the device. The Device Shadow persists the last reported state and desired future state of each device even when the device is offline. You can retrieve the last reported state of a device or set a desired future state through the API or use the rules engine.

The Device Shadow makes it easier to build applications that interact with your devices by providing always available REST API operations. Also, applications can set the desired future state of a device without accounting for the devices’ current state. AWS IoT Core will compare the difference between the desired and last reported state and command the device to make up the difference.

The AWS IoT Device SDK makes it easier for your device to synchronize its state with its Device Shadow and to respond to desired future states set by using the Device Shadow.

With Device Shadow you can store the state of your devices for up to a year, for free. If you update the Device Shadow at least once per year, then it will persist forever; otherwise, they will expire.

Learn more in the Device Shadow section of the AWS IoT Core user guide.

Rules Engine

The Rules Engine helps you build IoT applications that gather, process, analyze, and act on data generated by connected devices at a global scale without having to manage any infrastructure. The Rules Engine evaluates inbound messages published on AWS IoT Core and transforms and delivers them to another device or a cloud service, based on business rules you define. A rule can apply to data from one or many devices, and it can take one or many actions in parallel.

The Rules Engine can also route messages to AWS endpoints including AWS IoT Analytics, AWS IoT Events, AWS Lambda, Amazon Kinesis, Amazon S3, Amazon DynamoDB, Amazon CloudWatch, Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), Amazon Elasticsearch Service, AWS Step Functions, and Amazon Location Service. External endpoints can be reached using AWS Lambda, Amazon Kinesis, Amazon SNS, and the Rules Engine’s native HTTP action.

You can author rules within the AWS Management Console or write rules using a SQL-like syntax. Rules can be authored to behave differently depending upon the content of the message. For example, if a temperature reading exceeds a certain threshold, it could initiate a rule to transmit data to AWS Lambda. Rules can also be written to take into account other data in the cloud, such as data from other devices. For example, you could initiate an action if the temperature is more than 15% higher than the average of the five other devices.

The Rules Engine provides dozens of available functions that can be used to transform your data, and it’s possible to create infinitely more by using AWS Lambda. For example, if you’re dealing with a wide range of values, you could take the average of the incoming numbers. Rules can also initiate the runtime of your Java, Node.js or Python code on AWS Lambda, giving you maximum flexibility and power to process device data.

Learn more, read the Rules Engine section of the AWS IoT Core user guide.

AWS IoT Core for LoRaWAN

AWS IoT Core for LoRaWAN helps customers connect wireless devices that use low-power, long-range wide area network (LoRaWAN) technology. Using AWS IoT Core, you can now set up a private LoRaWAN network by connecting your own LoRaWAN devices and gateways to AWS  without developing or operating a LoRaWAN Network Server (LNS). This reduces the undifferentiated development work and operational burden of managing an LNS and associated infrastructure, accelerating the network set-up time.

AWS IoT Core for LoRaWAN includes support for an open-source, LoRaWAN gateway–LNS communication protocol called Basic Station. This means no writing or testing of custom gateway software is required to connect LoRaWAN gateways to AWS IoT Core. Once LoRaWAN gateways and devices are connected, device data streams are automatically routed to AWS IoT Core rules engine, accelerating IoT application development.

Developers can write rules (like simple SQL queries to transform and act on the device data), raise alerts, or route it to other AWS services like Amazon S3 using the AWS IoT Core Rules Engine. From the console, engineers can also query metrics for connected devices and gateways to troubleshoot connectivity issues. With pay-as-you-go pricing and no monthly commitments, you can connect and scale LoRaWAN device fleets reliably and build applications with AWS services more quickly and efficiently.

AWS IoT Partners make it easier to get started by providing AWS IoT Core for LoRaWAN qualified gateways that connect to AWS IoT Core from the start, without any need to modify embedded software. Search the AWS Partner Device Catalog to find gateways that are qualified for use with AWS IoT Core for LoRaWAN.

Learn more and access getting started resources, at the AWS IoT Core for LoRaWAN guide.

*LoRaWAN is a mark used under license from the LoRa Alliance.

Device Location

AWS IoT Core Device Location helps you track and manage your fleet of IoT devices using their location data, such as latitude and longitude coordinates, without traditional Global Positioning Service (GPS) hardware. When you use the Device Location feature, you don’t have to rely on high-power consuming GPS hardware, and can choose an appropriate location technology that works within your engineering constraints. With Device Location, you can enhance business processes, simplify and automate maintenance efforts, and unlock new use cases. For example, your field service team can stay informed and quickly identify the location of devices that require maintenance action. You can also support location-based security enhancements, such as restricting access to a specific Region and improve the security posture of your IoT solution.

HIW diagram of AWS IoT Core

AWS IoT Core for Amazon Sidewalk

Amazon Sidewalk is a shared network that helps connected devices work better through improved connectivity options. Operated by Amazon at no charge to customers, Sidewalk can help simplify new device setup. It can also extend the low-bandwidth working range of devices, and help devices stay online even if they are outside the range of their home Wi-Fi.

AWS IoT Core for Amazon Sidewalk makes it easier for you to onboard your Sidewalk-enabled device fleets to AWS IoT Core and build scalable IoT solutions.

Learn more about AWS IoT Core pricing

Visit the pricing page
Ready to get started?
Sign up
Have more questions?
Contact us