AWS IoT is a platform that enables you to connect devices to AWS Services and other devices, secure data and interactions, process and act upon device data, and enable applications to interact with devices even when they are offline.
AWS IoT Device SDK
To learn more read the AWS IoT Device SDK documentation or get started by downloading the SDKs.
The AWS IoT Device Gateway enables devices to securely and efficiently communicate with AWS IoT. The Device Gateway can exchange messages using a publication/subscription model, which enables one-to-one and one-to-many communications. With this one-to-many communication pattern AWS IoT makes it possible for a connected device to broadcast data to multiple subscribers for a given topic. The Device Gateway supports MQTT, WebSockets, and HTTP 1.1 protocols and you can easily implement support for proprietary or legacy protocols. The Device Gateway scales automatically to support over a billion devices without provisioning infrastructure.
To learn more read Protocols in the AWS IoT user guide.
Authentication and Authorization
AWS IoT provides mutual authentication and encryption at all points of connection, so that data is never exchanged between devices and AWS IoT without proven identity. AWS IoT supports the AWS method of authentication (called ‘SigV4’) as well as X.509 certificate based authentication. Connections using HTTP can use either of these methods, while connections using MQTT use certificate based authentication, and connections using WebSockets can use SigV4. With AWS IoT you can use AWS IoT generated certificates, as well as those signed by your preferred Certificate Authority (CA). You can map your choice of role and/or policies to each certificate, so that you can authorize devices or applications to have access, or change your mind and revoke access altogether without ever touching the device.
You can create, deploy and manage certificates and policies for the devices from the console or using the API. Those device certificates can be provisioned, activated and associated with the relevant policies that are configured using AWS IAM. This allows you to instantly revoke access for an individual device if you choose to do so.
To learn more read the Security and Authentication section in the AWS IoT user guide.
The Registry establishes an identity for devices and tracks metadata such as the devices’ attributes and capabilities. The Registry assigns a unique identity to each device that is consistently formatted regardless of the type of device or how it connects. It also supports metadata that describes the capabilities of a device, for example whether a sensor reports temperature, and if the data are Fahrenheit or Celsius.
The Registry lets you store metadata about your devices at no additional charge, and metadata in the Registry does not expire as long as you access or update your registry entry at least once every 7 years.
To learn more read the Registry section of the AWS IoT user guide.
With AWS IoT you can create a persistent, virtual version, or “shadow,” of each device that includes the device’s latest state so that applications or other devices can read messages and interact with the device. The Device Shadows persist the last reported state and desired future state of each device even when the device is offline. You can retrieve the last reported state of a device or set a desired future state through the API or using the rules engine.
Device Shadows make it easier to build applications that interact with your devices by providing always available REST APIs. In addition, applications can set the desired future state of a device without accounting for the devices current state. AWS IoT will compare the difference between the desired and last reported state, and command the device to make up the difference.
The AWS IoT Device SDK makes it easy for your device to synchronize its state with its shadow, and to respond to desired future states set via the shadow.
Device Shadows let you store the state of your devices for up to a year for free. Device Shadows persist forever if you update them at least once per year, otherwise they expire.
To learn more read the Device Shadows section of the AWS IoT user guide.
The Rules Engine makes it possible to build IoT applications that gather, process, analyze and act on data generated by connected devices at global scale without having to manage any infrastructure. The Rules Engine evaluates inbound messages published into AWS IoT and transforms and delivers them to another device or a cloud service, based on business rules you define. A rule can apply to data from one or many devices, and it can take one or many actions in parallel.
The Rules Engine can also route messages to AWS endpoints including Amazon Kinesis, Amazon S3, Amazon DynamoDB, and Amazon CloudWatch. External endpoints can be reached using Amazon Kinesis, and Amazon Simple Notification Service (SNS).
You can author rules within the management console or write rules using a SQL-like syntax. Rules can be authored to behave differently depending upon the content of the message.
The Rules Engine provides dozens of available functions that can be used to transform your data.
To learn more read the Rules Engine section of the AWS IoT user guide.