Understanding IoT in AWS: A Primer

By | February 13, 2016

A version of this article originally appeared in TechTarget SearchAWS as AWS IoT platform connects devices to cloud services

Amazon wants to be the hub for sensor data, whether from industrial instrumentation or personal gadgets. A look the AWS IoT platform

AWS-IoT-buttonMillions upon millions of intelligent devices streaming information and waiting for commands poses the type of data and device management problem that seems tailor-made for the cloud. It’s hard to imagine many organizations having the scale of systems and communications infrastructure that’s required to build a real world IoT backend capable of handling the volume of messages and processing the resulting data in real time where a modern aircraft engine might have 5,000 sensors generating gigabytes of data per second. Indeed, it’s an opportunity that’s not lost on the biggest IaaS providers as both Amazon AWS and Microsoft Azure introduced IoT services in the past six months. We surveyed the new IoT options in a previous article, so this time we’ll take a closer look at the AWS IoT platform.

Announced at reInvent 2015, AWS IoT is a suite of services designed to manage intelligent devices, whether industrial sensors or consumer wearables, and connect them to the broader AWS ecosystem where the captured information stream can feed databases, trigger other AWS services and respond to commands from external applications.


The platform has five major components plus an SDK with libraries to connect, authenticate and register devices to the IoT portal. These are:

  • Device Gateway: A publish/subscribe message broker that facilitates secure, one-to-one and one-to-many communications between devices and AWS. It supports both HTTP via a RESTful API and MQTTT. The latter is an OASIS standard designed as a lightweight, publish-subscribe protocol that is preferable for IoT devices due to its small code footprint, speed and low resource utilization. According to one set of tests, MQTTT is much faster and more efficient, with less network overhead than HTTP, uses far less power (important for battery-powered devices) to transmit messages or maintain a connection and provides more reliable message delivery and retention. The gateway allows clients, both IoT devices and mobile apps to receive command and control signals from the cloud and is capable of supporting billions of devices.
  • Authentication and Authorization: AWS IoT features strong authentication, incorporates fine-grained, policy-based authorization and uses secure communication channels. Each device needs a credential, typically an X.509 certificate or AWS key, to access the gateway message broker and has a unique identity, used to manage individual and group permissions within the system. Like other AWS services, IoT operates on the policy of least privilege, meaning IoT clients can only execute operations if specifically granted permission. All traffic to and from the service is encrypted over TLS with support for most major cipher suites.


  • Device Registry: The Registry is like an identity management system for devices, where they check in, are given a unique identifier and store metadata such as device attributes and capabilities. Typical metadata might include the type of data a particular sensor provides, e.g. temperature, pressure, position, the units, e.g. Fahrenheit, Celsius, psi, the manufacturer, firmware version and serial number. AWS doesn’t charge for using the Registry and metadata doesn’t expire as long as an entry is accessed or updated at least once every 7 years.
  • Device Shadows: Shadows are virtual representations of a device, recorded as JSON documents, that live in the cloud and are available whether a device is connected or not. They include data such as device state (both desired and reported), device metadata (e.g sensor types), a client token (a unique ID), a document version (incremented every time the shadow information is updated) and timestamp of the last message to AWS. The desired state is typically updated by IoT apps used to manage or control devices while the reported state is data sent from the device. Applications interact with the Shadow, not the actual device, which enables proper operation whether the device is connected or not; an important consideration given the intermittent nature of IoT connectivity.
  • Rules Engine: The brains of AWS IoT, the Rules Engine is how IoT applications gather and process data and execute instructions. Like other data pipelines, it parses and analyzes incoming messages and triggers actions on other AWS services, including Lambda, Kinesis, S3, Machine Learning, and DynamoDB based on predefined criteria. It can also communicate with external devices or apps using Lambda, Kinesis and SNS (Simple Notification Service). The Rules Engine uses an SQL-like syntax (e.g. SELECT * FROM ‘things/sensors’ * WHERE sensor = ‘temperature’) with functions for string manipulation, math operators, context-based helper functions, crypto support and metadata lookup (UUID, timestamp, etc.). Rules can also trigger the execution of Java, Node.js or Python code in AWS Lambda allowing for the execution of arbitrarily complex operations.

Examples and Getting Started

AWS has 10 hardware partners, including Broadcom, Intel, Qualcomm and TI with IoT Starter Kits that support the AWS SDK. These include development microcontroller development boards, sensors and actuators and a copy of the SDK. Another option is the AWS IoT Button, a variant of the company’s Dash Button that can be used to trigger IoT workflows without writing device-specific embedded code. For example, a button press could launch a Lambda job that connects to Twilio and sends a text message to Dominos ordering your favorite pizza.

AWS IoT released to general availability in December and is available in four regions (two US, EU and APAC). The price is $5 per million messages (up to a 512-byte block of data) published to or delivered by the service. Thus, a 900-byte payload counts as two messages. For example, if an organization has 100 sensors, each updating data every minute, that’s 4.32 million messages per month. If the Rules engine sends each sensor reading to an external metering device and records it in a DynamoDB table, that’s another 4.32 million external and internal (with AWS) message deliveries. Since messages within AWS are free, the total is 8.64 million messages for the month or $43.20 (8.64*$5. Note that the AWS Free Tier includes 250,000 IoT messages, so developers can do a lot of prototyping without incurring any charges.

Other innovative applications are showcased by the winners of the AWS IoT Mega Contest, such as this voice-controlled drone using an Amazon Echo and Raspberry Pi.


AWS IoT is a remarkable suite of services paired with an SDK supporting a variety of popular IoT hardware platforms. Since it’s hard to see most organizations duplicating anything of its sophistication and scale, we hope this overview inspires IT pros and developers to familiarize themselves with the details, dream up some creative business applications for cloud-aware intelligent devices and give it a try.