1 - Control the identity and access of the IoT devices

How do you associate IoT identities and permissions with your devices? Your application is responsible for managing how your devices authenticate and authorize their interactions. By creating a process that ensures devices have identity-based permissions for accessing the IoT platform, you establish the greatest control for managing device interactions.

Follow the best practices and check if your workload is well-architected.

	ID	Priority	Best Practice
☐	BP 1.1	Required	Assign unique identities to each IoT device
☐	BP 1.2	Highly Recommended	Assign least privilege access to devices

Identity and access management for AWS IoT
AWS IoT Core Developer Guide: Customer authentication
AWS IoT identity-based policy examples
AWS IoT Core: X.509 client certificates
AWS IoT Core Developer Guide: Just-in-time provisioning
The Internet of Things on AWS – Official Blog: Just-in-Time Registration of Device Certificates on AWS IoT
AWS IoT Core Developer Guide: Provisioning devices that don’t have device certificates using fleet provisioning
AWS Security Blog: How to Use Your Own Identity and Access Management Systems to Control Access to AWS IoT Resources

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Security checklist

Best Practice 1.1 – Assign unique identities to each IoT device