AWS IoT Device Management Features

Register new devices with AWS IoT Device Management. Using the IoT management console or API, you can upload templates that you populate with information like device manufacturer and serial number, X.509 identity certificates, or security policies. Then, you can configure the entire fleet of devices with this information in a few steps in the management console.

Learn more about the bulk registration process.

Group your device fleet into a hierarchical structure based on function, security requirements, or any other category. You can group one device in a room, group devices together that operate on the same floor, or group all the devices that operate within a building. Then, you can use these groups to manage access policies, view operational metrics, or perform actions on your devices across the entire group. You can also automate organization of your devices with dynamic thing groups. Your dynamic thing groups will automatically add devices that meet your specified criteria and remove the devices that no longer match the criteria.

Learn more about how to create static groups and dynamic groups.

Query a group of devices and aggregate statistics on device records based on any combination of device attribute, state, and connectivity indexing so that you can better organize and understand your fleet. For example, you can search for a group of connected temperature sensors in a manufacturing facility, count the number of sensors with a specific firmware version, and find the average temperature reading for those sensors.

Learn more about fleet indexing.

Monitoring is an important part of maintaining the reliability, availability, and performance of your IoT solutions. With AWS IoT Device Management, collect device logs so that, in the event of a problem, you can query the log data to figure out what went wrong. You can configure the logs to include only the metrics that are critical to device performance so that you can identify issues quickly. For example, you can include device metrics like error codes that indicate download failures or device restart counters, and quickly identify and troubleshoot issues on devices within the device group.

Learn more about monitoring IoT resources on AWS.

Push software and firmware to devices in the field to patch security vulnerabilities and improve device functionality. You can initiate bulk updates, configure rollout schedule, control deployment velocity, set failure thresholds, and define continuous jobs to update device software automatically so that they are always running the latest version. You can send actions such as device reboots or factory resets remotely to fix software issues in the device or restore the device to its original settings. You can also digitally sign files that you send to your devices, helping to ensure  that your devices are not compromised.

FreeRTOS over-the-air (OTA) update job allows you to use AWS IoT Device Management to schedule your FreeRTOS device software updates. You can also use the code signing feature.

You can also create an AWS IoT Greengrass Core update job for one or more AWS IoT Greengrass Core devices using AWS IoT Device Management to deploy security updates, bug fixes, and new AWS IoT Greengrass features to connected devices.

Learn more about how to keep your system up to date with AWS IoT Device Management Jobs.

AWS IoT Device Management supports the creation of a device tunnel—a secure remote communications session to a device. This provides secure connectivity to individual devices, which you can then use to diagnose issues and act to solve in just a few steps. You can also make multiple concurrent client connections over a single secure tunnel, so you can perform more advanced device troubleshooting, such as issuing remote shell commands to a device while simultaneously debugging a web application on the same device.

With secure tunneling, you can rapidly build remote access solutions to connect to devices on isolated networks or behind firewalls. You can establish these trusted connections that allow you to comply with your customers’ corporate security policies without the need to adjust inbound firewall configurations or manage proxies for each user network. This is accomplished by a mutually initiated tunnel connection between source and destination devices that is brokered through the secure tunneling feature in AWS IoT Device Management. These secure device connections are authenticated and encrypted using Transport Layer Security (TLS). They can be configured with a user-defined timeout setting that will ensure connections close after a certain period of time.

Learn more about secure tunneling.

AWS IoT Device Management includes the ability to create no-code, fully managed web applications to visualize and interact with your device fleets connected to AWS IoT. With Fleet Hub for AWS IoT Device Management, you can easily build these standalone web applications and make them available to users in your organization, even if they don't have AWS accounts. With Fleet Hub, you can search across your large and diverse fleets and view device state and health data in near real time—such as connection status, firmware version, country code, or battery level. You can program alarms, which are triggered by rule-based changes to device status and health metrics and customizable by each end user, to be notified of potential issues. Once alerted to an alarm, you can take built-in corrective actions, such as deploying a firmware update or rebooting a device. The seamless integration of Fleet Hub with the many AWS IoT Device Management features as well as across other AWS IoT services helps you more easily interact with your devices to do so, like pushing an OTA update or opening a secure tunnel to reconfigure a device. Moreover, IT administrators can control access to operational data from devices and equipment for different end users by adding users from their corporate directory and defining permissions.

Learn more about Fleet Hub.