AWS IoT Connection setup

IoT Device <-> AWS IoT Core connection setup
IoT Device <-> AWS IoT Core connection setup

Let’s talk about the secure connectivity between the IoT Device and the AWS IoT Core.

During the connection setup, the IoT Device presents the x509 Device Certificate.

AWS IoT Core verifies if that certificate:

  • exists in the Thing Registry
  • is active
  • has a proper policy attached

The Device certificate corresponds to the Device Private Key. Private Key is securely stored on the Device and should not be exposed.

x509 Certificate and Private Key are used as the proof of identity of the IoT Device.

AWS IoT Core presents its certificate. The Device verifies if that is the certificate it expects. This ensures that the IoT Device is communicating with the valid AWS IoT endpoint, not some fake server that tries to compromise the system.

The presented Amazon Root CA certificate corresponds to the Amazon Private Key (securely stored at AWS).

This way, both parties established trust, confirmed identities, and started TLS encrypted MQTT communication.


You can find more details in AWS documentation.

Support quality content❤️ Donate💰

Sign up for news: (by subscribing you accept the privacy policy)