What does this AWS Solutions Implementation do?

This solution provides a failover strategy for your AWS IoT devices. Customers with critical AWS IoT Core workloads can use this solution to store and process their data in a second AWS Region if the primary Region is not available.

Benefits

Automatically replicates classic device shadows in Regions

This solution replicates classic device shadows and registry events by configuring a global Amazon DynamoDB table in the primary and secondary Regions.

Copy IoT devices, certificates, and policies in Regions

This solution implements an active-passive disaster recovery and provides tools to copy existing IoT devices from your primary Region (active) to your secondary Region (passive).

Amazon Route 53 health checks

This solution uses Amazon Route 53 with health checks and traffic policies to direct traffic from the primary Region to the secondary Region in the event of a Region failover.

Secure one-click deployment

Provides a secure one-click deployment using an AWS CloudFormation template developed with the AWS Well-Architected Framework methodologies.

AWS Solutions Implementation overview

The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation template.

Disaster Recovery for AWS IoT | Architecture Diagram
 Click to enlarge

Disaster Recovery for AWS IoT Solutions Implementation architecture

Replication flow

1. After the AWS CloudFormation templates have created an Amazon DynamoDB table in each of the Regions, these tables will be configured as one global table. You must turn on registry events in the primary Region.

2. The registry publishes event messages when AWS IoT things, thing types, and thing groups are created, updated, or deleted. A topic rule forwards these messages to the DynamoDB table in the primary Region. They are automatically replicated to the table in the secondary Region.

3. DynamoDB streams captures the data on arrival in the secondary Region and invokes an AWS Lambda function (Dynamo trigger).

4. The Dynamo trigger Lambda function initiates an AWS Step Functions workflow to forward the related event types to another Lambda function.

5. The related Lambda function creates, updates or deletes several aspects of IoT things, thing groups, and thing types.

6. The Step Functions workflow creates or updates IoT things in the secondary Region. The Step Functions setup also includes retry rules to handle errors.

Failover flow

A separate set of AWS CloudFormation templates creates health checks that can be used by Amazon Route 53 in the primary and secondary Regions.

7. Amazon Route 53 with health checks and traffic policies can be used for a Region failover. For more information about failover options, refer to Solution components. Amazon Route 53 currently only supports HTTP(s) or TCP health checks. This solution uses the health of the Message Queuing Telemetry Transport (MQTT) message broker from AWS IoT Core.

8. CloudFormation templates deploy an Amazon API Gateway resource, which calls a Lambda function. This Lambda function is configured as a device in IoT Core. When invoked, the Lambda function connects to IoT Core, and subscribes to a topic and publishes a configured number of messages. The Lambda function expects to receive the same number of messages to the topic it has subscribed to.

9. Amazon Route 53 health checks calls the API Gateway resource and tests the MQTT message broker implicitly. As a layer of security, the Lambda function receives a query string before it connects to the message broker. If the query string does not match, the Lambda function issues an error message. The expected query string is configurable.

Disaster Recovery for AWS IoT

Version 1.0.0
Released: 05/2021
Author: AWS

Estimated deployment time: 20 min

Estimated Cost Source Code  CloudFormation template 
Use the button below to subscribe to updates for this Solutions Implementation.
Note: To subscribe to RSS updates, you must have an RSS plug-in enabled for the browser you are using.
Did this Solutions Implementation help you?
Provide feedback 
Build icon
Deploy a Solution yourself

Browse our library of AWS Solutions Implementations to get answers to common architectural problems.

Learn more 
Find an APN partner
Find an APN Partner

Find AWS certified consulting and technology partners to help you get started.

Learn more 
Explore icon
Explore Solutions Consulting Offers

Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.

Learn more