Best Practice 14.4 – Implement dynamic configuration management for devices - IoT Lens Checklist

Best Practice 14.4 – Implement dynamic configuration management for devices

Deploying software changes to devices constitutes a high-risk operation due to the recovery cost associated with remotely deployed devices. When possible, prefer mechanisms for making changes using command-and-control channels to reduce the risk that comes with software deployments and firmware upgrades. This approach enables you to push some changes to devices while minimizing the risk of entering fault states that require on-premises recovery actions. Configuration changes reduces the amount of bandwidth compared to firmware updates.

Recommendation 14.4.1 Utilize Cloud tools to command and control devices. Changing configuration of devices is less error prone and easier to trace back than updating firmware.

  • Use Secure Tunneling or Systems Manager to facilitate patching of the operating system instead of pushing a new image to be loaded on the device.

  • Use Device Shadows to command and control devices rather than sending commands directly to device.

  • Use AWS IoT Device Defender and AWS IoT Device Management jobs to rotate expiring device certificates instead of pushing a new image with updated certificates.

  • Secure Tunneling

  • Device Shadows

  • Device Defender