Components - AWS Connected Vehicle Solution


AWS IoT Greengrass Core

Customers can use AWS IoT Greengrass Core to send telematics data to the connected vehicle solution. AWS IoT Greengrass Core provides a message broker for preprocessing vehicle data that is sent to AWS IoT. AWS IoT Greengrass Core also helps manage over-the-air updates by acting as a listener for updates to the instrument cluster and in-vehicle infotainment unit, and an orchestrator for executing those changes locally.

The minimum hardware requirements for AWS IoT Greengrass Core are:

  • Minimum 1GHz of compute

  • Minimum 128MB of RAM

  • Linux kernel version 4.4.11+ with OverlayFS and user namespace enabled

  • CPU Architectures: x86_64, ARMv7, AArch64 (ARMv8)

AWS IoT Greengrass Core devices can be configured to communicate with one another through the AWS IoT Greengrass Core in a AWS IoT Greengrass Group. If the AWS IoT Greengrass Core device loses connection to the cloud, devices in the AWS IoT Greengrass Group can continue to communicate with each other over the local network.

AWS IoT Device SDK

Customers can also use the AWS IoT Device SDK to send data to the solution. The AWS IoT Device SDK helps you to easily and quickly connect your hardware device to AWS IoT. For example, you can leverage the AWS IoT Device SDK to build a substrate layer that scans on-board diagnostic data (OBD-II) and publishes sensor data to AWS IoT via the AWS IoT Greengrass Core.

Device Gateway

The AWS IoT Device Gateway enables devices to securely and efficiently communicate with AWS IoT. For this solution, connected vehicles communicate with the Device Gateway using a publication/subscription model. In the pub/sub model, vehicles publish messages to specific logical communication channels called topics. Vehicles subscribe to the topics to receive messages. The solution includes the following topics.

Message Type Topic Action Description
Telematics connectedcar/telemetry/<VIN> publish Vehicle sensor and telematics data { timestamp:x, trip_id:x, vin:x, name:x, value:x }
Vehicle Trip Info connectedcar/trip/<VIN> publish Aggregated trip data
Diagnostic Trouble Code connectedcar/dtc/<VIN> publish Diagnostic trouble codes (DTC) { timestamp:x, trip_id:x, vin:x, name:'dtc', value:x }
Anomaly Alert connectedcar/alert/<VIN>/anomaly subscribe Anomaly detection alert { type:’anomaly’,message:x }
DTC Alert connectedcar/alert/<VIN>/dtc subscribe DTC alert { type:’dtc’,message:x }
Driver Score Alert connectedcar/alert/<VIN>/driverscore subscribe Driver safety score alert { type:’driverscore’,message:x }
Advertisement Alert connectedcar/telemetry/<VIN>/info subscribe Advertisement alert { type:’info’,message:x }

Rules Engine

When a connected vehicle publishes a message to the connected vehicle solution, the AWS IoT Rules Engine evaluates, transforms, and delivers the message to the appropriate backend services based on defined rules. The solution includes the following rules.

Message Type Topic Description
ConnectedVehicleJITR SELECT * FROM '$aws/events/certificates/registered/<CA CERTIFICATE ID>' Activates unknown certificates signed by registered CAs and attaches vehicle identification number (VIN) policies to them
ConnectedVehicleTelematicsStorage SELECT * FROM 'connectedcar/telemetry/#' Processes inbound vehicle telemetry data and sends messages to persistent storage
ConnectedVehicleTelematicsDtc SELECT * FROM 'connectedcar/dtc/#' Selects inbound vehicle diagnostic trouble code (DTC) data and triggers an AWS Lambda function to process DTC information
ConnectedVehicleTrip SELECT * FROM 'connectedcar/trip/#' Selects inbound vehicle aggregated trip data and stores it in a DynamoDB table
ConnectedVehicleDriverScore SELECT * FROM 'connectedcar/trip/#' WHERE ignition_status = 'off' Detects the end of a trip, then triggers a Lambda function to calculate a driver safety score from aggregated trip data
ConnectedVehicleLocationBasedMarketing SELECT * FROM 'connectedcar/telemetry/#' WHERE name = 'location' Selects inbound vehicle location and triggers a Lambda function to determine whether the vehicle is located near a point of interest

The Rules Engine can be configured to route inbound telemetry data from AWS IoT to several other AWS services such as Amazon Kinesis Data Streams or Amazon DynamoDB, or from one AWS IoT topic to another. Data can also be sent to custom applications running on AWS Lambda, giving manufacturers maximum flexibility and power to process connected vehicle data.


This solution takes advantage of mutual authentication and encryption at all points of connection to AWS IoT to ensure that data is never exchanged between the vehicle and AWS IoT without proven identity. We recommend leveraging MQTT connections with X.509 certificate based authentication for vehicles that connect to this solution. You can register your preferred Certificate Authority (CA), which is used to sign and issue the vehicle certificate(s), with AWS IoT. Each registered vehicle certificate has a policy that allows that vehicle to publish and subscribe only to topics associated with its vehicle identification number (VIN).

Just-in-Time Registration

When a vehicle connects to AWS IoT for the first time, AWS IoT detects the unknown certificate. If the certificate is signed by a registered CA, the connected vehicle solution attempts to register the vehicle certificate automatically during the Transport Layer Security (TLS) handshake.

An MQTT registration event is published on a registration topic associated with the registered CA certificate. The registration event invokes an AWS Lambda function that activates the certificate and attaches the VIN policy to it. When the certificate is activated and the policy is attached, the certificate can be used for authentication and authorization with AWS IoT.

User Management

After the connected vehicle solution is deployed, administrators can invite privileged users and customize their permissions to implement granular access-control policies. Privileged users can browse, search, and access data. They can also build and maintain cloud applications, and invite customers to use those applications.

This solution also integrates with Microsoft Active Directory.

Logging and Metrics

The connected vehicle solution logs API calls, latency, and error rates to Amazon CloudWatch which you can use to set alarms based on defined thresholds. The connected vehicle solution also monitors traffic at the REST API level. Optionally, you can enable detailed metrics for each method of the connected vehicle solution REST API from the Amazon API Gateway deployment configuration console. Detailed metrics will incur an extra cost.

Regional Deployment

This solution uses Amazon Cognito, AWS IoT, Amazon Kinesis Data Firehose, Amazon Kinesis Data Analytics, and Amazon Kinesis Data Streams which are available in specific AWS Regions only. Therefore, you must deploy this solution in a region that supports these services. For the most current service availability by region, see the AWS service offerings by region.