Q. What is AWS IoT

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely. With AWS IoT, your applications can keep track of and communicate with all your devices, all the time, even when they aren’t connected.

Q. What does AWS IoT offer?

Connectivity between devices and the AWS cloud. First, with AWS IoT you can communicate with connected devices securely, with low latency and with low overhead. The communication can scale to as many devices as you want. The AWS IoT service supports standard communication protocols (HTTP, MQTT, and WebSockets are supported currently). Communication is secured using TLS.

Connectivity between devices and the AWS cloud. First, with AWS IoT you can communicate with connected devices securely, with low latency and with low overhead. The communication can scale to as many devices as you want. The AWS IoT service supports standard communication protocols (HTTP, MQTT, and WebSockets are supported currently). Communication is secured using TLS.

Processing data sent from connected devices. Secondly, with AWS IoT you can continuously ingest, filter, transform, and route the data streamed from connected devices. You can take actions based on the data and route it for further processing and analytics.

Application interaction with connected devices. Finally, the AWS IoT service accelerates IoT application development. It serves as an easy to use interface for applications running in the cloud and on mobile devices to access data sent from connected devices, and send data and commands back to the devices.

Q. How does AWS IoT work?

Connected devices, such as sensors, actuators, embedded devices, smart appliances, and wearable devices, connect to AWS IoT over HTTPS, WebSockets, or secure MQTT. Included in AWS IoT is a Device Gateway that allows secure, low-latency, low-overhead, bi-directional communication between connected devices and your cloud and mobile applications.

AWS IoT Core also contains a Rules Engine which enables continuous processing of data sent by connected devices. You can configure rules to filter and transform the data. You also configure rules to route the data to other AWS services such as DynamoDB, Kinesis, Lambda, SNS, SQS, CloudWatch, Elasticsearch Service with built-in Kibana integration, as well as to non-AWS services, via Lambda for further processing, storage, or analytics.

There is also a Device Registry where you can register and keep track of devices connected to AWS IoT, or devices that may connect in the future. Device Shadows in AWS IoT Core enable cloud and mobile applications to query data sent from devices and send commands to devices, using a simple REST API, while letting IoT Core handle the underlying communication with the devices. The shadows accelerate application development by providing a uniform interface to devices, even when they use one of the several IoT communication and security protocols with which the applications may not be compatible. Shadows also accelerate application development by providing an always available interface to devices even when the connected devices are constrained by intermittent connectivity, limited bandwidth, limited computing ability or limited power.

Communication with AWS IoT Core is secure. The service requires all of its clients (connected devices, server applications, mobile applications, or human users) to use strong authentication (X.509 certificates, AWS IAM credentials, or 3rd party authentication via AWS Cognito). All communication is encrypted. AWS IoT also offers fine-grained authorization to isolate and secure communication among authenticated clients.

Q. Which AWS regions is AWS IoT service available in?

AWS IoT is currently available in the following AWS regions:

  • US East (N. Virginia)
  • US East (Ohio)
  • US West (Oregon)
  • EU (Ireland)
  • EU (Frankfurt)
  • EU (London)
  • Asia Pacific (China)
  • Asia Pacific (Sydney)
  • Asia Pacific (Seoul)
  • Asia Pacific (Tokyo)
  • Asia Pacific (Singapore)

You can use AWS IoT regardless of your geographic location, as long as you have access to one of the above AWS regions.

Q. How do I get started with using AWS IoT?

Use the AWS IoT console or refer to the Quickstart section of our developer guide to test drive the AWS IoT service in minutes.

Also, take a look at the AWS-powered Starter Kits provided by our partners.

Refer to the AWS IoT documentation for further details.

Q. Which languages does the AWS IoT console support?

​The AWS IoT console supports English, Simplified Chinese, French, and Japanese.

Q. How can I switch the console's language?

Click on the language at the bottom left corner of the console to pick the language. The language selection will persist throughout the consoles of different AWS services.

Q. What are the ways for accessing AWS IoT?

You can use the AWS Management Console, the AWS SDKs, the AWS CLI, and the AWS IoT APIs to access the AWS IoT service. Connected devices can use the AWS IoT Device SDKs to simplify the communication with the AWS IoT service.

The AWS IoT APIs and commands are largely divided into control plane operations and data plane operations. The control plane operations enable you to do tasks such as configuring security, registering devices, configuring rules for routing data, and setting up logging. The data plane operations enable you to ingest data from connected devices into AWS IoT with low latency and high throughput rate at a large scale.

Q. What communication and authentication protocols does AWS IoT support?

For control plane operations, AWS IoT supports HTTPS. For data plane operations, AWS IoT supports HTTPS, WebSockets, and secure MQTT – a protocol often used in IoT scenarios.

HTTPS and WebSockets requests sent to AWS IoT are authenticated using AWS IAM or AWS Cognito, both of which support the AWS SigV4 authentication. If you are using the AWS SDKs or the AWS CLI, the SigV4 authentication is taken care of for you under the hood. HTTPS requests can also be authenticated using X.509 certificates. MQTT messages to AWS IoT are authenticated using X.509 certificates.

With AWS IoT you can use AWS IoT generated certificates, as well as those signed by your preferred Certificate Authority (CA).

Q. Can devices that are NOT directly connected to the Internet access AWS IoT?

Yes, via a physical hub. Devices connected to a private IP network and devices using non-IP radio protocols such as ZigBee or Bluetooth LE can access AWS IoT as long as they have a physical hub as an intermediary between them and AWS IoT for communication and security.

Q. How should applications access AWS IoT?

Applications connecting to AWS IoT largely fall in two categories: 1. companion apps and 2. server applications. Companion apps are mobile or client-side browser applications that interact with connected devices via the cloud. A mobile app that lets a consumer remotely unlock a smart lock in the consumer’s house is an example of a companion app. Server applications are designed to monitor and control a large number of connected devices at once. An example of a server application would be a fleet management website that plots thousands of trucks on a map in real-time.

AWS IoT enables both companion apps and server applications to access connected devices via uniform, RESTful APIs. Applications also have the option to use pub/sub to communicate directly with the connected devices.

Typically the companion apps would authenticate using end-user identities which are managed either by your own identity store or a third party identity provider such as Facebook and Login with Amazon. For companion apps, use Amazon Cognito, which integrates with several identity providers. Cognito identities can be authorized to access AWS IoT, and their access can be restricted only to the resources relevant to them. For example, as a connected washing machine manufacturer, you can authorize your consumers to access your AWS IoT information pertaining only to their individual washing machines.

Server applications (such as a mapping application running on Amazon EC2) can use IAM roles to access AWS IoT.

Q. Can I get a history of AWS IoT API calls made on my account for security analysis and operational troubleshooting purposes?

Yes, to receive a history of AWS IoT API calls made on your account, you simply turn on CloudTrail in the AWS Management Console.

Q. What is new with the console?

The AWS IoT console supports English, Simplified Chinese, and French.

Q. How do I switch the console's language?

Click on the language at the bottom left corner of the console to pick the language. The language selection will persist throughout the consoles of different AWS services.

Q. How do I send feedback?

To send feedback, click on the “Feedback” link in the footer bar of the console.

Q: What is the AWS IoT Device Gateway?

The Device Gateway forms the backbone of communication between connected devices and the cloud capabilities such as the AWS IoT Rules Engine, Device Shadows, and other AWS and 3rd-party services.

The Device Gateway supports the pub/sub messaging pattern, which enables scalable, low-latency, and low-overhead communication. It is particularly useful for IoT scenarios where billions of devices are expected to communicate frequently and with minimal delay. Pub/sub involves clients publishing messages on logical communication channels called ‘topics’ and clients subscribing to topics to receive messages. The device gateway enables the communication between publishers and subscribers. Traditionally, organizations have had to provision, operate, scale, and maintain their own servers as device gateways to take advantage of pub/sub. AWS IoT service has eliminated this barrier by providing the AWS IoT device gateway.

The Device Gateway scales automatically with your usage, without any operational overhead for you. AWS IoT supports secure communication with the device gateway, AWS-account level isolation, as well as fine-grained authorization within an AWS account. The device gateway currently supports publish and subscribe over secure MQTT and WebSockets, as well as publish over HTTPS.  

MQTT is a lightweight pub/sub protocol, designed to minimize network bandwidth and device resource requirements. MQTT also supports secure communication using TLS. MQTT is often used in IoT use cases. MQTT v3.1.1 is an OASIS standard, and the AWS IoT device gateway supports most of the MQTT specification.

Q. What is the AWS IoT Rules Engine?

The AWS IoT Rules Engine enables continuous processing of inbound data from devices connected to the AWS IoT service. You can configure rules in the Rules Engine in an intuitive, SQL-like syntax to automatically filter and transform inbound data. You can further configure rules to route data from the AWS IoT service to several other AWS services as well as your own or 3rd party services.

Here are just a few example use cases of rules:

  • Filtering and transforming incoming messages and storing them as time series data in DynamoDB.
  • Sending a push notification via SNS when the data from a sensor crosses a certain threshold.
  • Saving a firmware file to S3
  • Processing messages simultaneously from a multitude of devices using Kinesis
  • Invoke Lambda to do custom processing on incoming data
  • Sending a command to a group of devices with an automated republish

Q. How are the rules defined and triggered?

An AWS IoT rule consists of two main parts:

A SQL statement that specifies the pub/sub topics to apply the rule on, data transformation to perform, if any, and the condition under which the rule should be executed. The rule is applied on every message published on the specified topics.

An actions list that defines the actions to take when the rule is executed, that is, when an incoming message matches the condition specified in the rule.

Rule definitions use a JSON-based schema. You can directly edit the JSON or use the rules editor in the AWS Management Console.

As an example, here is a rule for saving temperature data from a sensor to DynamoDB whenever the temperature is above 50:


    "sql": "SELECT * from 'iot/tempSensors/#' WHERE temp > 50",

    "description": "Rule to save sensor data when temperature is about 50",

    "actions": [


            "dynamoDB": {

            "tableName": "HighTempTable",

            "roleArn": "arn:aws:iam::your-aws-account-id:role/dynamoPut",

            "hashKeyField": "key",

            "hashKeyValue": "${topic(3)}",

            "rangeKeyField": "timestamp",

            "rangeKeyValue": "${timestamp()}"





Sensors in this example are publishing on their topics under “iot/tempSensors/”. The first line of the rule defines the SQL SELECT statement used to query on the “iot/tempSensors/#” topic. It contains a WHERE clause that extracts the value of a ‘temp’ field in the message’s payload and checks if it passes the condition ‘greater than 50’. If the condition is met, the data is stored in the specified DynamoDB table. The example uses built-in functions for tasks such as traversing the message payload and getting current time.

Q. Where can I learn more about rules?

You can learn more about rule here AWS IoT Rules documentation

Q. What is the AWS IoT Device Registry and what should I use it for?

IoT scenarios can range from a small number of mission-critical devices to large fleets of devices. The AWS IoT Device Registry allows you to organize and track those devices. You can maintain a logical handle in the Device Registry for every device you are connecting to AWS IoT. Each device in the Device Registry can be uniquely identified and can have metadata such as model numbers, support contact, and certificates associated with it. You can search for connected devices in the Device Registry based on the metadata.

Q. What is a Thing Type?

Thing Types allow you to effectively manage your catalogue of devices by defining common characteristics for devices that belong to the same device category. In addition, a Thing associated with a Thing Type can now have up to 50 attributes including 3 searchable attributes.

Q. What is Simplified Permission Management?

This feature allows you to easily manage permission policies for a large number of devices by using variables that reference Registry or X.509 certificate properties. The integration of Registry and Certificate properties with device policies offers the benefits listed below:

  • You can now reference Device Registry properties in device permission policies. Referencing device properties defined in the Device Registry allows your policies to reflect any changes made in the Device Registry. For example, by referencing the Thing Attribute named “building-address” as a variable in the policy, devices will automatically inherit a new set of permissions when they move buildings.
  • You can share a single generic policy for multiple devices. A generic policy can be shared among the same category of devices instead of creating a unique policy per device. For example, a policy that references the “serial-number” as a variable, can be attached to all the devices of the same model. When devices of the same serial number connect, policy variables will be automatically substituted by their serial-number.

Q. What are the Device Shadows?

The Device Shadows enable cloud and mobile applications to easily interact with the connected devices registered in AWS IoT. A Device Shadow in AWS IoT contains properties of a connected device. You can define any set of properties applicable to your use case. For example, for a smart light bulb, you might define ‘on-or-off’, ‘color’, and ‘brightness’ as the properties. The connected device is expected to report the actual values of those properties, which are stored in the Device Shadow. Applications get and update the properties simply by using a RESTful API provided by the AWS IoT service. The AWS IoT service and the AWS IoT Device SDKs take care of synchronizing property values between the connected device and its shadow in AWS IoT.

Q. Do I have to use Device Registry and Device Shadows?

You can have applications communicate directly to the connected devices using the Device Gateway and/or the Rules Engine in AWS IoT. However, we recommend using the Device Registry and Device Shadows since they offer richer and more structured development and management experience that lets you focus on the unique value you want to create for your customers rather than having to focus on the underlying communication and synchronization between the connected devices and the cloud.

Q. What is the lifecycle of a device and its Shadow in AWS IoT?

  • You register a device (such as a light bulb) in the Device Registry.
  • You program connected device to publish a set of its property values or ‘state (“I am ON and my color is RED”) to the AWS IoT service.
  • The last reported state is stored in the device’s Shadow in AWS IoT.
  • An application (such as a mobile app controlling the light bulb) uses a RESTful API to query AWS IoT for the last reported state of the light bulb, without the complexity of communicating directly with the light bulb.
  • When a user wants to change the state (such as turning the light bulb from ON to OFF), the application uses a RESTful API to request an update, i.e. sets a ‘desired’ state for the device in AWS IoT. AWS IoT takes care of synchronizing the desired state to the device.
  • The application gets notified when the connected device updates its state to the desired state.

Q. Where can I learn more about Device Registry and Device Shadows?

For more information on the Device Registry, see AWS IoT Device Registry. For more information on Shadows, see AWS IoT Device Shadows.

Q. Can I configure fine-grained authorization in AWS IoT?

Yes. Similar to other AWS services, in AWS IoT you have fine-grained control over the set of API actions each identity is authorized to invoke. In addition, you have fine-grained control over the pub/sub topics that an identity can publish or subscribe to, as well as over the devices and shadows in the Device Registry that an identity can access.

Q. Where can I learn more about Security and Access Control in AWS IoT?

For more information, see AWS IoT Security and Identity.

Q. What is Just-in-time registration of certificates?

Just-in-time registration (JITR) of device certificates expands on the "Use Your Own Certificate" feature launched in April 2016 by simplifying the process of enrolling devices with AWS IoT. Prior to support for JITR, the device enrollment process required two steps: first, registering the Certificate Authority (CA) certificate to AWS IoT, then individually registering the device certificates that were signed by the CA. Now, with JITR you can complete the second step by auto-registering device certificates when devices connect to AWS IoT for the first time. This saves time spent on registering device certificates and allows devices to remain off-line during the manufacturing process. To further automate IoT device provisioning, you can create an AWS IoT rule with a Lambda action that activates the certificates and attaches policies. For more information, visit the Internet of Things Blog on AWS or Developer Documentation.

Q. What is the AWS IoT Device SDK?

The AWS IoT Device SDKs simplify and accelerate the development of code running on connected devices (micro-controllers, sensors, actuators, smart appliances, wearable devices, etc.). First, devices can optimize the memory, power, and network bandwidth consumption by using the Device SDKs. At the same time, Device SDKs enable highly secure, low-latency, and low-overhead communication with built-in TLS, WebSockets, and MQTT support. The Device SDKs also accelerate IoT application development by supporting higher level abstractions such as synchronizing the state of a device with its shadow in the AWS IoT service.

AWS IoT Device SDKs are freely available as open-source projects. For more details visit our Device SDK page.

Q. Which programming languages and hardware platforms does the AWS IoT Device SDK support?

AWS currently offers the AWS IoT Device SDKs for C and Node.js languages, as well as for the Arduino Yún platform.

In addition, several hardware manufacturers have partnered with AWS to make the AWS IoT Device SDKs available on their respective platforms. You can find out more about the hardware platforms on our Getting Started page.

Lastly, AWS IoT Device SDKs are open-source. You can port them to the languages and hardware platforms of your choice if they are not supported already. 

Q: Should I use AWS IoT Device SDK or the AWS SDKs?

The AWS IoT Device SDK complements the AWS SDKs. IoT projects often involve code running on micro-controllers and other resource-constrained devices. However, IoT projects often include application running in the cloud and on mobile devices that interact with the micro-controllers/resource-constrained devices. AWS IoT Device SDKs are designed to be used on the micro-controllers/resource-constrained devices, while the AWS SDKs are designed for cloud and mobile applications.

For more information on the AWS IoT Device SDKs, see AWS IoT Device SDKs.

Q. Is the AWS IoT service available in AWS Free Tier?

Yes. As part of the AWS Free Tier, AWS IoT offers 250,000 messages per month at no charge, for the first 12 months.

Q. How much does AWS IoT Core cost?

Please visit our pricing page for information.

Discover more AWS IoT Core resources

Visit the resources page
Ready to get started?
Register for the Preview
Have more questions?
Contact us