Connecting devices to AWS IoT

Devices connect to AWS IoT and other services through AWS IoT Core. Through AWS IoT Core, devices send and receive messages using device endpoints that are specific to your account. The AWS IoT Device SDKs support device communications using the MQTT and WSS protocols. For more information about the protocols that devices can use, see Device communication protocols.

The message broker

AWS IoT manages device communication through a message broker. Devices and clients publish messages to the message broker and also subscribe to messages that the message broker publishes. Messages are identified by an application-defined topic. When the message broker receives a message published by a device or client, it republishes that message to the devices and clients that have subscribed to the message's topic. The message broker also forwards messages to the AWS IoT rules engine, which can act on the content of the message.

AWS IoT message security

Device connections to AWS IoT use X.509 client certificates and AWS signature V4 for authentication. Device communications are secured by TLS version 1.3 and AWS IoT requires devices to send the Server Name Indication (SNI) extension when they connect. For more information, see Transport Security in AWS IoT.

AWS IoT device data and service endpoints

Important

You can cache or store the endpoints in your device. This means you won't need to query the DescribeEndpoint API every time when a new device is connected. The endpoints won't change after AWS IoT Core creates them for your account.

Each account has several device endpoints that are unique to the account and support specific IoT functions. The AWS IoT device data endpoints support a publish/subscribe protocol that is designed for the communication needs of IoT devices; however, other clients, such as apps and services, can also use this interface if their application requires the specialized features that these endpoints provide. The AWS IoT device service endpoints support device-centric access to security and management services.

To learn your account's device data endpoint, you can find it in the Settings page of your AWS IoT Core console.

To learn your account's device endpoint for a specific purpose, including the device data endpoint, use the describe-endpoint CLI command shown here, or the DescribeEndpoint REST API, and provide the endpointType parameter value from the following table.

aws iot describe-endpoint --endpoint-type endpointType

This command returns an iot-endpoint in the following format: account-specific-prefix.iot.aws-region.amazonaws.com.

Every customer has an iot:Data-ATS and an iot:Data endpoint. Each endpoint uses an X.509 certificate to authenticate the client. We strongly recommend that customers use the newer iot:Data-ATS endpoint type to avoid issues related to the widespread distrust of Symantec certificate authorities. We provide the iot:Data endpoint for devices to retrieve data from old endpoints that use VeriSign certificates for backward compatibility. For more information, see Server Authentication.

AWS IoT endpoints for devices
Endpoint purpose	endpointType value	Description
AWS IoT Core - data plane operations	iot:Data-ATS	Used to send and receive data to and from the message broker, Device Shadow, and Rules Engine components of AWS IoT. iot:Data-ATS returns an ATS signed data endpoint.
AWS IoT Core - data plane operations (legacy)	iot:Data	iot:Data returns a VeriSign signed data endpoint provided for backward compatibility. MQTT 5 is not supported on Symantec (iot:Data) endpoints.
AWS IoT Core credential access	iot:CredentialProvider	Used to exchange a device's built-in X.509 certificate for temporary credentials to connect directly with other AWS services. For more information about connecting to other AWS services, see Authorizing Direct Calls to AWS Services.
AWS IoT Device Management - jobs data operations	iot:Jobs	Used to enable devices to interact with the AWS IoT Jobs service using the Jobs Device HTTPS APIs.
AWS IoT Device Advisor operations	iot:DeviceAdvisor	A test endpoint type used for testing devices with Device Advisor. For more information, see Device Advisor.
AWS IoT Core data beta (preview)	iot:Data-Beta	An endpoint type reserved for beta releases. For information about its current use, see Configurable endpoints.

You can also use your own fully-qualified domain name (FQDN), such as example.com, and the associated server certificate to connect devices to AWS IoT by using Configurable endpoints.

AWS IoT Device SDKs

The AWS IoT Device SDKs help you connect your IoT devices to AWS IoT Core and they support MQTT and MQTT over WSS protocols.

The AWS IoT Device SDKs differ from the AWS SDKs in that the AWS IoT Device SDKs support the specialized communications needs of IoT devices, but don't support all of the services supported by the AWS SDKs. The AWS IoT Device SDKs are compatible with the AWS SDKs that support all of the AWS services; however, they use different authentication methods and connect to different endpoints, which could make using the AWS SDKs impractical on an IoT device.

Mobile devices

The AWS Mobile SDKs support both MQTT device communications, some of the AWS IoT service APIs, and the APIs of other AWS services. If you're developing on a supported mobile device, review its SDK to see if it's the best option for developing your IoT solution.

C++

AWS IoT C++ Device SDK

The AWS IoT C++ Device SDK allows developers to build connected applications using AWS and the APIs of the AWS IoT Core services. Specifically, this SDK was designed for devices that are not resource constrained and require advanced features such as message queuing, multi-threading support, and the latest language features. For more information, see the following:

• AWS IoT Device SDK C++ v2 on GitHub

• AWS IoT Device SDK C++ v2 Readme

• AWS IoT Device SDK C++ v2 Samples

• AWS IoT Device SDK C++ v2 API documentation

Python

AWS IoT Device SDK for Python

The AWS IoT Device SDK for Python makes it possible for developers to write Python scripts to use their devices to access the AWS IoT platform through MQTT or MQTT over the WebSocket Secure (WSS) protocol. By connecting their devices to the APIs of the AWS IoT Core services, users can securely work with the message broker, rules, and Device Shadow service that AWS IoT Core provides and with other AWS services like AWS Lambda, Amazon Kinesis, and Amazon S3, and more.

• AWS IoT Device SDK for Python v2 on GitHub

• AWS IoT Device SDK for Python v2 Readme

• AWS IoT Device SDK for Python v2 Samples

• AWS IoT Device SDK for Python v2 API documentation

JavaScript

AWS IoT Device SDK for JavaScript

The AWS IoT Device SDK for JavaScript makes it possible for developers to write JavaScript applications that access APIs of the AWS IoT Core using MQTT or MQTT over the WebSocket protocol. It can be used in Node.js environments and browser applications. For more information, see the following:

• AWS IoT Device SDK for JavaScript v2 on GitHub

• AWS IoT Device SDK for JavaScript v2 Readme

• AWS IoT Device SDK for JavaScript v2 Samples

• AWS IoT Device SDK for JavaScript v2 API documentation

Java

AWS IoT Device SDK for Java

The AWS IoT Device SDK for Java makes it possible for Java developers to access the APIs of the AWS IoT Core through MQTT or MQTT over the WebSocket protocol. The SDK supports the Device Shadow service. You can access shadows by using HTTP methods, including GET, UPDATE, and DELETE. The SDK also supports a simplified shadow access model, which allows developers to exchange data with shadows by using getter and setter methods, without having to serialize or deserialize any JSON documents. For more information, see the following:

• AWS IoT Device SDK for Java v2 on GitHub

• AWS IoT Device SDK for Java v2 Readme

• AWS IoT Device SDK for Java v2 Samples

• AWS IoT Device SDK for Java v2 API documentation

Embedded C

AWS IoT Device SDK for Embedded C

Important

This SDK is intended for use by experienced embedded-software developers.

The AWS IoT Device SDK for Embedded C (C-SDK) is a collection of C source files under the MIT open source license that can be used in embedded applications to securely connect IoT devices to AWS IoT Core. It includes MQTT, JSON Parser, and AWS IoT Device Shadow libraries and others. It is distributed in source form and intended to be built into customer firmware along with application code, other libraries and, optionally, an RTOS (Real Time Operating System).

The AWS IoT Device SDK for Embedded C is generally targeted at resource constrained devices that require an optimized C language runtime. You can use the SDK on any operating system and host it on any processor type (for example, MCUs and MPUs). If your device has sufficient memory and processing resources available, we recommend that you use one of the other AWS IoT Device and Mobile SDKs, such as the AWS IoT Device SDK for C++, Java, JavaScript, or Python.

For more information, see the following:

• AWS IoT Device SDK for Embedded C on GitHub

• AWS IoT Device SDK for Embedded C Readme

• AWS IoT Device SDK for Embedded C Samples