AWS GovCloud (US) User Guide
AWS GovCloud (US) User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

AWS IoT Device Defender

AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices. You can use AWS IoT Device Defender to audit your IoT resources like policies, certificates, IAM roles and Amazon Cognito IDs against security best practices, monitor connected devices to detect abnormal behavior, and mitigate security risks. By using AWS IoT Device Defender, you can enforce consistent security policies across your AWS IoT device fleet and respond quickly when devices are compromised.

The following list details the differences for using this service in AWS GovCloud (US) Regions compared to other AWS Regions:

  • Cognito related checks in Device Defender Audit are not available.

For more information about AWS IoT Device Defender, see the AWS IoT Device Defender documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in AWS GovCloud (US) Regions. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in AWS GovCloud (US) Regions, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • Security Profile data (other than Security Profile and Behavior names)

  • Schedule Audit data (other than Scheduled Audit name)

  • Mitigation action data (other than Mitigation Action name and Audit Mitigation Action Task Id)

  • Security Profile Name

  • Behavior Name

  • Audit Schedule Name

  • Mitigation Action Name

  • Audit Mitigation Action Task Id

On this page: