AWS IoT Core is a platform that enables you to connect devices to AWS Services and other devices, secure data and interactions, process and act upon device data, and enable applications to interact with devices even when they are offline.
AWS IoT Device SDK
To learn more read the AWS IoT Device SDK documentation or get started by downloading the SDKs.
The Device Gateway serves as the entry point for IoT devices connecting to AWS. The Device Gateway manages all active device connections and implements semantics for multiple protocols to ensure that devices are able to securely and efficiently communicate with AWS IoT Core. Currently the Device Gateway supports the MQTT, WebSockets, and HTTP 1.1 protocols. For devices that connect using MQTT or WebSockets the Device Gateway will maintain long lived, bidirectional connections,enabling these devices to send and receive messages at any time with low latency. The Device Gateway is fully managed and scales automatically to support over a billion devices without requiring you to manage any infrastructure.
To learn more read the protocols section in the AWS IoT Core user guide.
The Message Broker is a high throughput pub/sub message broker that securely transmits messages to and from all of your IoT devices and applications with low latency. The flexible nature of the Message Broker’s topic structure allows you to send messages to, or receive messages from, as many devices as you would like. It supports messaging patterns ranging from one-to-one command and control messaging, to one-to-one million (or more!) broadcast notification systems and everything in between. In addition, you can set up fine grained access controls that enable you to manage the permissions of individual connections at the topic level, ensuring that your devices and applications will only send and receive the data that you want them to. The Message Broker is a fully managed service, so no matter how you choose to use it, it will scale automatically with your message volume without requiring you to run any infrastructure.
To learn more read the Message Broker section of the AWS IoT Core user guide.
Authentication and Authorization
AWS IoT Core provides mutual authentication and encryption at all points of connection, so that data is never exchanged between devices and AWS IoT Core without a proven identity. AWS IoT Core supports the AWS method of authentication (called ‘SigV4’), X.509 certificate based authentication, and customer created token based authentication (through custom authorizers.) Connections using HTTP can use any of these methods, while connections using MQTT use certificate based authentication, and connections using WebSockets can use SigV4 or custom authorizers. With AWS IoT Core you can use AWS IoT Core generated certificates, as well as those signed by your preferred Certificate Authority (CA). You can map your choice of policies to each certificate, so that you can authorize devices or applications to have access, or change your mind and revoke access altogether without ever touching the device.
You can create, deploy and manage certificates and policies for the devices from the console or using the API. Those device certificates can be provisioned, activated and associated with the relevant IoT policies that are configured using AWS IoT Core. This allows you to instantly revoke access for an individual device if you choose to do so. AWS IoT Core also supports connections from users’ mobile apps using Amazon Cognito, which takes care of all the steps necessary to create a unique identifier for your app’s users and retrieve temporary, limited-privilege AWS credentials. AWS IoT Core can also provide temporary AWS credentials after a device has authenticated with an X.509 certificate, so that the device can more easily access other AWS services such as DynamoDB or S3.
To learn more read the Security and Authentication section in the AWS IoT Core user guide.
The Registry establishes an identity for devices and tracks metadata such as the devices’ attributes and capabilities. The Registry assigns a unique identity to each device that is consistently formatted regardless of the type of device or how it connects. It also supports metadata that describes the capabilities of a device, for example whether a sensor reports temperature, and if the data are Fahrenheit or Celsius.
The Registry lets you store metadata about your devices at no additional charge, and metadata in the Registry does not expire as long as you access or update your registry entry at least once every 7 years.
To learn more read the Registry section of the AWS IoT Core user guide.
With AWS IoT Core, you can create a persistent, virtual version, or Device Shadow, of each device that includes the device’s latest state so that applications or other devices can read messages and interact with the device. The Device Shadow persists the last reported state and desired future state of each device even when the device is offline. You can retrieve the last reported state of a device or set a desired future state through the API or using the rules engine.
The Device Shadow makes it easier to build applications that interact with your devices by providing always available REST APIs. In addition, applications can set the desired future state of a device without accounting for the devices current state. AWS IoT Core will compare the difference between the desired and last reported state, and command the device to make up the difference.
The AWS IoT Device SDK makes it easy for your device to synchronize its state with its Device Shadow, and to respond to desired future states set via the Device Shadow.
The Device Shadow lets you store the state of your devices for up to a year for free. The Device Shadow persist forever if you update them at least once per year, otherwise they expire.
To learn more read the Device Shadow section of the AWS IoT Core user guide.
The Rules Engine makes it possible to build IoT applications that gather, process, analyze and act on data generated by connected devices at global scale without having to manage any infrastructure. The Rules Engine evaluates inbound messages published into AWS IoT Core and transforms and delivers them to another device or a cloud service, based on business rules you define. A rule can apply to data from one or many devices, and it can take one or many actions in parallel.
The Rules Engine can also route messages to AWS endpoints including AWS Lambda, Amazon Kinesis, Amazon S3, Amazon Machine Learning, Amazon DynamoDB, Amazon CloudWatch, Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), AWS IoT Analytics, Amazon Elasticsearch Service with built-in Kibana integration, and AWS Step Functions. External endpoints can be reached using AWS Lambda, Amazon Kinesis, Amazon SNS, and AWS Step Functions.
You can author rules within the management console or write rules using a SQL-like syntax. Rules can be authored to behave differently depending upon the content of the message. For example, if a temperature reading exceeds a certain threshold it could trigger a rule to transmit data to AWS Lambda. Rules can also be authored to take into account other data in the cloud, such as data from other devices. For example you could say take an action if this temperature is more than 15% higher than the average of 5 other devices.
The Rules Engine provides dozens of available functions that can be used to transform your data, and it’s possible to create infinitely more via AWS Lambda. For example, if you’re dealing with a wide range of values you could take the average of incoming numbers. Rules can also trigger the execution of your Java, Node.js or Python code in AWS Lambda, giving you maximum flexibility and power to process device data.
To learn more read the Rules Engine section of the AWS IoT Core user guide.