AWS IoT Core services

AWS IoT Core provides the services that connect your IoT devices to the AWS Cloud so that
other cloud services and applications can interact with your internet-connected devices.

AWS IoT Core messaging services

The AWS IoT Core connectivity services provide secure communication with the IoT devices
and manage the messages that pass between them and AWS IoT.

Device gateway
Enables devices to securely and efficiently communicate with AWS IoT. Device
communication is secured by secure protocols that use X.509 certificates.
Message broker
Provides a secure mechanism for devices and AWS IoT applications to publish and
receive messages from each other. You can use either the MQTT protocol directly or
MQTT over WebSocket to publish and subscribe. Devices and clients can also use the
HTTP REST interface to publish data to the message broker.

The message broker distributes device data to devices that have subscribed to it and to
other AWS IoT Core services, such as the Device Shadow service and the rules engine.
 AWS IoT Core for LoRaWAN
AWS IoT Core for LoRaWAN makes it possible to set up a private LoRaWAN
network by connecting your LoRaWAN devices and gateways to AWS without the
need to develop and operate a LoRaWAN Network Server (LNS). Messages received
from LoRaWAN devices are sent to the rules engine where they can be formatted and
sent to other AWS IoT services.
Rules engine
The Rules engine connects data from the message broker to other AWS IoT services
for storage and additional processing. For example, you can insert, update, or query a
DynamoDB table or invoke a Lambda function based on an expression that you
defined in the Rules engine. You can use an SQL-based language to select data from
message payloads, and then process and send the data to other services, such as
Amazon Simple Storage Service (Amazon S3), Amazon DynamoDB, and AWS
Lambda. You can also create rules that republish messages to the message broker and
on to other subscribers.

AWS IoT Core control services

The AWS IoT Core control services provide device security, management, and registration
features.

Custom Authentication service

You can define custom authorizers that allow you to manage your own authentication
and authorization strategy using a custom authentication service and a Lambda
function. Custom authorizers allow AWS IoT to authenticate your devices and
authorize operations using bearer token authentication and authorization strategies.

Custom authorizers can implement various authentication strategies; for example,

JSON Web Token verification or OAuth provider callout. They must return policy
documents that are used by the device gateway to authorize MQTT operations. w
Device Provisioning service
Allows you to provision devices using a template that describes the resources required
for your device: a thing object, a certificate, and one or more policies. A thing object is
an entry in the registry that contains attributes that describe a device. Devices use
certificates to authenticate with AWS IoT. Policies determine which operations a
device can perform in AWS IoT.
 The templates contain variables that are replaced by values in a dictionary (map). You
can use the same template to provision multiple devices just by passing in different
values for the template variables in the dictionary.
Group registry
Groups allow you to manage several devices at once by categorizing them into groups.
Groups can also contain groups—you can build a hierarchy of groups. Any action that
you perform on a parent group will apply to its child groups. The same action also
applies to all the devices in the parent group and all devices in the child groups.
Permissions granted to a group will apply to all devices in the group and in all of its
child groups.
Jobs service
Allows you to define a set of remote operations that are sent to and run on one or more
devices connected to AWS IoT. For example, you can define a job that instructs a set
of devices to download and install application or firmware updates, reboot, rotate
certificates, or perform remote troubleshooting operations.

To create a job, you specify a description of the remote operations to be performed and
a list of targets that should perform them. The targets can be individual devices, groups
or both.
Registry
Organizes the resources associated with each device in the AWS Cloud. You register
your devices and associate up to three custom attributes with each one. You can also
associate certificates and MQTT client IDs with each device to improve your ability to
manage and troubleshoot them.
Security and Identity service
Provides shared responsibility for security in the AWS Cloud. Your devices must keep
their credentials safe to securely send data to the message broker. The message broker
and rules engine use AWS security features to send data securely to devices or other
AWS services.

AWS IoT Core data services

The AWS IoT Core data services help your IoT solutions provide a reliable application
experience even with devices that are not always connected.

Device shadow
 A JSON document used to store and retrieve current state information for a device.
Device Shadow service
The Device Shadow service maintains a device's state so that applications can
communicate with a device whether the device is online or not. When a device is
offline, the Device Shadow service manages its data for connected applications. When
the device reconnects, it synchronizes its state with that of its shadow in the Device
Shadow service. Your devices can also publish their current state to a shadow for use
by applications or other devices that might not be connected all the time.

AWS IoT Core support service

Amazon Sidewalk Integration for AWS IoT Core
Amazon Sidewalk is a shared network that improves connectivity
options to help devices work together better. Amazon Sidewalk
supports a wide range of customer devices such as those that locate
pets or valuables, those that provide smart home security and
lighting control, and those that provide remote diagnostics for
appliances and tools. Amazon Sidewalk Integration for AWS IoT Core
makes it possible for device manufacturers to add their Sidewalk
device fleet to the AWS IoT Cloud.