reference deployment

IoT Connectivity and Security on AWS

Deploy IoT connectivity and security capabilities based on preset configurations

This Quick Start helps commercial and consumer-electronics companies set up and operate their fleet of Internet of Things (IoT) devices within a cloud architecture that follows Amazon Web Services (AWS) best practices.

Getting started with AWS IoT, including implementing security features, is a complex process. This Quick Start reduces the complexity by automating the provisioning process and helping you secure your devices for development, testing, and production. It sets up the following:

  • Just-in-time registration (JITR) of device certificates.
  • Device connectivity and messaging.
  • A web application used by consumers—the device purchasers—to activate and interact with their devices.
  • Device security auditing, monitoring, and anomaly mitigation.

This Quick Start was developed by AWS.

  •  What you'll build
  •  How to deploy
  •  Cost and licenses
  •  What you'll build
  • This Quick Start sets up the following:

    • AWS IoT Core, which enables registration, control, and data collection for IoT devices.
    • Lambda functions:
      • A JITR function that automatically registers device certificates whenever you connect a device to AWS IoT for the first time.
      • A command-and-control function that updates device shadows.
      • A function that queries IoT devices and device telemetry.
    • Amazon DynamoDB, which stores device telemetry data and gives the web application access to this data.
    • AWS IoT Device Management, which organizes, monitors, and manages IoT things (devices registered in the AWS IoT registry).
    • AWS IoT Device Defender, which audits cloud-side device configurations against AWS security best practices.
    • Amazon API Gateway, which provides endpoints that the web application connects to.
    • Amazon Cognito, which authenticates web-application users.
    • AWS CodeCommit, which holds the web-application repository.
    • AWS Amplify, which publishes the web-application webpages. 
    • The web application, a Vue.js front end that consumers—the device purchasers—use to activate, control, and view telemetry data for their devices.
  •  How to deploy
  • To deploy this Quick Start, follow the instructions in the deployment guide, as highlighted here. Launching the stack and then waiting for the web application to deploy in AWS Amplify takes about 20 minutes.

    1. Create JITR-ready device certificates.
    2. Within your chosen AWS Region, confirm that this deployment does not already exist and that an audit configuration for AWS IoT Device Defender does not already exist.
    3. Sign in to your AWS account. If you don't have an AWS account, sign up at
    4. Launch the Quick Start. Choose the AWS Region from the top toolbar before creating the stack.
    5. Set up an account in the web application.
    6. Test the deployment.
    7. Complete any postdeployment steps that apply.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on the Quick Start.  

  •  Cost and licenses
  • You are responsible for the cost of the AWS services and any third-party licenses used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start. No licenses are required to deploy this Quick Start.

    The AWS CloudFormation templates for this Quick Start include configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment.

    This deployment incurs costs for multiple AWS services. For cost estimates, see the pricing pages for each AWS service you use. For a list of AWS services that you might use in this deployment, see the FAQ in the IoT Connectivity and Security Quick Start deployment guide. Prices are subject to change.

    Tip: After you deploy the Quick Start, create AWS Cost and Usage Reports to track costs associated with the Quick Start. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information about the report, see What are AWS Cost and Usage Reports?