To improve operational efficiency, we recommend enabling logging to Amazon CloudWatch for each AWS service. We also recommend configuring alarms and event notifications and establishing different subscriptions to events through Amazon SNS. Additionally, you can establish Rules for AWS IoT to report on devices experiencing issues logging to CloudWatch. CloudWatch logs enable the user to understand system performance and if business outcomes are being achieved through successful end-user content consumption.

AWS IoT Core, AWS IoT Device Management, and AWS IoT Device Defender provide features to manage device security, manage certificates, and publish alerts if a device exhibits behavior that indicates an issue. In this Guidance, customers should follow best practices when setting access requirements using AWS Identity and Access Management (IAM), including least-privilege access, password and key rotation, service control policies, and automated alerting. 

Authorization for AWS IoT Core devices is managed through permissions using IAM policies. AWS IoT connected devices support the HTTPS and WebSockets protocol. For requests sent to AWS IoT Core, you can choose to have requests authenticated using IAM or Amazon Cognito, both of which support the AWS SigV4 authentication. For customers implementing HTTPS requests, devices can also be authenticated using X.509 certificates. MQTT messages to AWS IoT Core are authenticated using X.509 certificates. Devices must authenticate using X.509 certificates or the AWS Cognito service.

AWS IoT Device software development kits (SDKs) have built-in functionality to support non-client-side disconnect and queuing of plain MQTT operations in case of network failure. The AWS IoT Device Shadow service provides a reliable data store for devices, apps, and the AWS Cloud services to share data. The shadow manager component enables AWS IoT Greengrass to sync local device shadow states with AWS IoT Core so that app running on an IoT device can still communicate with AWS IoT and the device's shadows when a device goes offline.

Stream Manager can batch data feeds when there is a network failure and can automatically forward information when connectivity is restored. This means you can continue to accept data even when remote locations lose internet connectivity.

The Guidance will scale serverless and managed services components as needed. It will scale services up to handle the concurrent processing of potentially thousands of requests or scale down during times when there are no pending calls to process.

This architecture uses AWS IoT Greengrass ML Inference to perform ML inference locally on AWS IoT Greengrass devices using models that are built and trained in the cloud. AWS IoT Greengrass includes support for Lambda for local processing. Together, these features minimize the cost of transmitting data to the cloud.

This Guidance incorporates serverless technologies for receiving, processing, and storing data. Serverless services support dynamic scaling, which minimizes the environmental impact of the backend services.