6 – Manage device certificate lifecycles - IoT Lens Checklist

6 – Manage device certificate lifecycles

How do you manage device certificates, including installation, validation, revocation, and rotation? To protect and encrypt data in transit from an IoT device to the cloud, most IoT broker supports TLS-based mutual authentication using X.509 certificates. Device makers must provision a unique identity, including a unique private key and X.509 certificate, into each device. Certificates are long-lived credentials and managed using a customer-owned Certificate Authority (CA), a third party CA or AWS IoT CA. Any hosted CA chosen must provide you the ability to validate, activate, deactivate, and rotate certificates.

Follow the best practices and check if your workload is well-architected.

ID Priority Best Practice
BP 6.1 Required Perform certificate lifecycle management

For more details, see the following links and information.