Posted On: Jul 7, 2022

Today, Amazon IoT Core announced the general availability of a new feature that simplifies the registration of certificate authorities (CAs) necessary for device provisioning and makes it easier to move devices between customers' multiple Amazon Web Services accounts within the same Amazon Web Services region and between different regions. This reduces the complexity of registering devices to Amazon IoT Core and helps customers accelerate the development lifecycle for their IoT implementations when using Amazon IoT Core Just-in-Time Provisioning (JITP) and Just-in-Time Registration (JITR) device provisioning methods of Amazon IoT Core.

Amazon IoT Core requires customers to register CA to validate the signature of device certificates during provisioning. Previously, customers needed access to the CA's private key to prove its ownership before registering the CA, but the private keys are often managed by device vendors or security teams of organizations that operate their own CAs and are not easily accessible to developers. Effective today, customers can directly manage the registration of CAs to simplify device provisioning.

Customers also often manage different Amazon Web Services accounts to differentiate between development, testing, and production workloads. Until now, they had to configure multiple CAs to connect the same device to multiple accounts during the development process. With this update, customers can use the same CA across multiple accounts to simplify device provisioning using JITP or JITR and improve security posture by having fewer CAs.

Amazon IoT Core is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices. Customers must provision their devices before devices can securely connect and communicate with Amazon IoT Core. Provisioning refers to registering devices' digital identities with the cloud service, attaching permissions for the devices to access cloud resources, and associating contextual information such as device serial numbers and location with registered digital identities. With Amazon IoT Core Just-in-Time Provisioning and Just-in-Time Registration features, customers can have their devices provisioned automatically when devices first attempt to connect to Amazon IoT Core.

The ability to register and use certificate authorities (CAs) in multiple accounts is offered at no additional charge beyond the standard Amazon IoT Core pricing and is generally available immediately in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD. See developer documentation to learn more about the new functionality.