Best Practice 25.5 – Bootstrap devices to use the endpoint with the least latency - IoT Lens Checklist

Best Practice 25.5 – Bootstrap devices to use the endpoint with the least latency

In IoT, bootstrapping refers to the process of assigning identity to the device and enabling communications with an endpoint. Devices in a global fleet should be provisioned in the regional data center nearest to its physical location for minimum latency. Each device should get its regional endpoint and certificate no later than the time of bootstrapping. Each device is provisioned in the nearest to its physical location and gets the certificate and IoT endpoint at the time of bootstrapping. This ensures best possible latency for bidirectional communications.

Recommendation 25.5.1 - Obtain key metadata and regional endpoint for the device at the time of bootstrapping

  • The device signs its thing name with a private key and sends a provisioning request to a pre-defined cloud endpoint. If the device uses its own private key, it provides a certificate signing request (CSR) in the provisioning request. If a CSR is not present in the request, AWS IoT creates the private key.

  • IoT services in the cloud receive and validate the request and thereafter, provision the device.

Recommendation 25.5.2 – Use automated mechanisms to audit the configuration of your devices, monitor connected devices to detect abnormal behavior, and mitigate security risks

  • For example, use AWS IoT Device Defender to continually audit your IoT configurations to make sure that they aren’t deviating from security best practices.

Recommendation 25.5.3 – Use temporary, limited-privilege security tokens to communicate with cloud services