Menu
AWS IoT
Developer Guide

What Is AWS IoT?

AWS IoT provides secure, bi-directional communication between Internet-connected things (devices such as sensors, actuators, embedded micro-controllers, or smart appliances) and the AWS Cloud. This enables you to collect telemetry data from multiple things, and store and analyze the data. You can also create applications that enable your users to control these devices from their phones or tablets.

AWS IoT Components

AWS IoT consists of the following components:

Device gateway

Enables devices to securely and efficiently communicate with AWS IoT.

Message broker

Provides a secure mechanism for things and AWS IoT applications to publish and receive messages from each other. You can use either the MQTT protocol directly or MQTT over WebSocket to publish and subscribe. You can use the HTTP REST interface to publish.

Rules engine

Provides message processing and integration with other AWS services. You can use an SQL-based language to select data from message payloads, and then process and send the data to other services, such as Amazon S3, Amazon DynamoDB, and AWS Lambda. You can also use the message broker to republish messages to other subscribers.

Security and Identity service

Provides shared responsibility for security in the AWS Cloud. Your things must keep their credentials safe in order to securely send data to the message broker. The message broker and rules engine use AWS security features to send data securely to devices or other AWS services.

Thing registry

Sometimes referred to as the device registry. Organizes the resources associated with each thing. You register your things and associate up to three custom attributes with each thing. You can also associate certificates and MQTT client IDs with each thing to improve your ability to manage and troubleshoot your things.

Group registry

Thing groups allow you to manage several things at once by categorizing them into groups. Groups can also contain groups—you can build a hierarchy of groups. Any action you perform on a parent group will apply to its child groups, and to all the things in it and in all of its child groups as well. Permissions given to a group will apply to all things in the group and in all of its child groups.

Thing shadow

Sometimes referred to as a device shadow. A JSON document used to store and retrieve current state information for a thing (device, app, and so on).

Thing Shadows service

Provides persistent representations of your things in the AWS Cloud. You can publish updated state information to a thing shadow, and your thing can synchronize its state when it connects. Your things can also publish their current state to a thing shadow for use by applications or devices.

Device Provisioning service

Allows you to provision devices using a template that describes the resources required for your device: a thing, a certificate, and one or more policies. A thing is an entry in the device registry that contains attributes that describe a device. Devices use certificates to authenticate with AWS IoT. Policies determine which operations a device can perform in AWS IoT.

The templates contain variables that are replaced by values in a dictionary (map). You can use the same template to provision multiple devices just by passing in different values for the template variables in the dictionary.

Custom Authentication service

You can define custom authorizers that allow you to manage your own authentication and authorization strategy using a custom authentication service and a Lambda function. Custom authorizers allow AWS IoT to authenticate your devices and authorize operations using bearer token authentication and authorization strategies.

Custom authorizers can implement various authentication strategies (for example: JWT verification, OAuth provider call out, and so on) and must return policy documents which are used by the device gateway to authorize MQTT operations.

Jobs Service

Allows you to define a set of remote operations that are sent to and executed on one or more devices connected to AWS IoT. For example, you can define a job that instructs a set of things to download and install application or firmware updates, reboot, rotate certificates, or perform remote troubleshooting operations.

To create a job, you specify a description of the remote operations to be performed and a list of targets that should perform them. The targets can be individual things, thing groups or both.

For information about AWS IoT limits, see AWS IoT Limits.

How to Get Started with AWS IoT

Accessing AWS IoT

AWS IoT provides the following interfaces to create and interact with your things:

  • AWS Command Line Interface (AWS CLI)—Run commands for AWS IoT on Windows, macOS, and Linux. These commands allow you to create and manage things, certificates, rules, and policies. To get started, see the AWS Command Line Interface User Guide. For more information about the commands for AWS IoT, see iot in the AWS Command Line Interface Reference.

  • AWS IoT API—Build your IoT applications using HTTP or HTTPS requests. These API actions allow you to programmatically create and manage things, certificates, rules, and policies. For more information about the API actions for AWS IoT, see Actions in the AWS IoT API Reference.

  • AWS SDKs—Build your IoT applications using language-specific APIs. These SDKs wrap the HTTP/HTTPS API and allow you to program in any of the supported languages. For more information, see AWS SDKs and Tools.

  • AWS IoT Device SDKs—Build applications that run on devices that send messages to and receive messages from AWS IoT. For more information see, AWS IoT SDKs

AWS IoT integrates directly with the following AWS services:

  • Amazon Simple Storage Service—Provides scalable storage in the AWS Cloud. For more information, see Amazon S3.

  • Amazon DynamoDB—Provides managed NoSQL databases. For more information, see Amazon DynamoDB.

  • Amazon Kinesis—Enables real-time processing of streaming data at a massive scale. For more information, see Amazon Kinesis.

  • AWS Lambda—Runs your code on virtual servers from Amazon EC2 in response to events. For more information, see AWS Lambda.

  • Amazon Simple Notification Service—Sends or receives notifications. For more information, see Amazon SNS.

  • Amazon Simple Queue Service—Stores data in a queue to be retrieved by applications. For more information, see Amazon SQS.