Amazon IoT is a platform that enables you to connect devices to Amazon Web Services Services and other devices, secure data and interactions, process and act upon device data, and enable applications to interact with devices even when they are offline.
Amazon IoT Device SDK
To learn more read the Amazon IoT Device SDK documentation or get started by downloading the SDKs.
The Amazon IoT Device Gateway enables devices to securely and efficiently communicate with Amazon IoT. The Device Gateway can exchange messages using a publication/subscription model, which enables one-to-one and one-to-many communications. With this one-to-many communication pattern Amazon IoT makes it possible for a connected device to broadcast data to multiple subscribers for a given topic. The Device Gateway supports MQTT, WebSockets, and HTTP 1.1 protocols and you can easily implement support for proprietary or legacy protocols. The Device Gateway scales automatically to support over a billion devices without provisioning infrastructure.
To learn more read Protocols in the Amazon IoT user guide.
Authentication and Authorization
Amazon IoT provides mutual authentication and encryption at all points of connection, so that data is never exchanged between devices and Amazon IoT without proven identity. Amazon IoT supports the Amazon Web Services method of authentication (called ‘SigV4’) as well as X.509 certificate based authentication. Connections using HTTP can use either of these methods, while connections using MQTT use certificate based authentication, and connections using WebSockets can use SigV4. With Amazon IoT you can use Amazon IoT generated certificates, as well as those signed by your preferred Certificate Authority (CA). You can map your choice of role and/or policies to each certificate, so that you can authorize devices or applications to have access, or change your mind and revoke access altogether without ever touching the device.
You can create, deploy and manage certificates and policies for the devices from the console or using the API. Those device certificates can be provisioned, activated and associated with the relevant policies that are configured using Amazon IAM. This allows you to instantly revoke access for an individual device if you choose to do so.
To learn more read the Security and Authentication section in the Amazon IoT user guide.
The Registry establishes an identity for devices and tracks metadata such as the devices’ attributes and capabilities. The Registry assigns a unique identity to each device that is consistently formatted regardless of the type of device or how it connects. It also supports metadata that describes the capabilities of a device, for example whether a sensor reports temperature, and if the data are Fahrenheit or Celsius.
The Registry lets you store metadata about your devices at no additional charge, and metadata in the Registry does not expire as long as you access or update your registry entry at least once every 7 years.
To learn more read the Registry section of the Amazon IoT user guide.
With Amazon IoT you can create a persistent, virtual version, or “shadow,” of each device that includes the device’s latest state so that applications or other devices can read messages and interact with the device. The Device Shadows persist the last reported state and desired future state of each device even when the device is offline. You can retrieve the last reported state of a device or set a desired future state through the API or using the rules engine.
Device Shadows make it easier to build applications that interact with your devices by providing always available REST APIs. In addition, applications can set the desired future state of a device without accounting for the devices current state. Amazon IoT will compare the difference between the desired and last reported state, and command the device to make up the difference.
The Amazon IoT Device SDK makes it easy for your device to synchronize its state with its shadow, and to respond to desired future states set via the shadow.
Device Shadows let you store the state of your devices for up to a year for free. Device Shadows persist forever if you update them at least once per year, otherwise they expire.
To learn more read the Device Shadows section of the Amazon IoT user guide.
The Rules Engine makes it possible to build IoT applications that gather, process, analyze and act on data generated by connected devices at global scale without having to manage any infrastructure. The Rules Engine evaluates inbound messages published into Amazon IoT and transforms and delivers them to another device or a cloud service, based on business rules you define. A rule can apply to data from one or many devices, and it can take one or many actions in parallel.
The Rules Engine can also route messages to Amazon Web Services endpoints including Amazon Kinesis, Amazon S3, Amazon DynamoDB, and Amazon CloudWatch. External endpoints can be reached using Amazon Kinesis, and Amazon Simple Notification Service (SNS).
You can author rules within the management console or write rules using a SQL-like syntax. Rules can be authored to behave differently depending upon the content of the message.
The Rules Engine provides dozens of available functions that can be used to transform your data.
To learn more read the Rules Engine section of the Amazon IoT user guide.