AWS IoT Device Defender - AWS GovCloud (US)

AWS IoT Device Defender

This service is currently available in AWS GovCloud (US-West) only.

AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices. You can use AWS IoT Device Defender to audit your IoT resources like policies, certificates, IAM roles and Amazon Cognito IDs against security best practices, monitor connected devices to detect abnormal behavior, and mitigate security risks. By using AWS IoT Device Defender, you can enforce consistent security policies across your AWS IoT device fleet and respond quickly when devices are compromised.

How AWS IoT Device Defender Differs for AWS GovCloud (US)

  • Cognito related checks in Device Defender Audit are not available.

Documentation for AWS IoT Device Defender

AWS IoT Device Defender documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in AWS GovCloud (US) Regions. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in AWS GovCloud (US) Regions, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted ITAR-Regulated Data Not Permitted
  • Security Profile data (other than Security Profile and Behavior names)

  • Schedule Audit data (other than Scheduled Audit name)

  • Mitigation action data (other than Mitigation Action name and Audit Mitigation Action Task Id)

  • Security Profile Name

  • Behavior Name

  • Audit Schedule Name

  • Mitigation Action Name

  • Audit Mitigation Action Task Id