AWS IoT Core
A fully managed service enabling bidirectional communication between IoT devices and the cloud via MQTT and HTTPS, supporting billions of device connections with certificate-based authentication
Overview
AWS IoT Core is a fully managed service that securely connects IoT devices such as sensors and embedded systems to the AWS cloud, enabling bidirectional messaging. In addition to the lightweight MQTT protocol, it supports HTTPS and MQTT over WebSocket, allowing protocol selection based on device communication requirements. Device Shadows for offline state management, a Rules Engine for message routing and transformation, and mutual authentication using X.509 certificates make it a foundational platform for building large-scale IoT systems.
Why MQTT Became the Standard for IoT Communication and Protocol Selection Tips
Most IoT devices are battery-powered with limited bandwidth, making the request/response overhead of HTTP too large. MQTT is a publish/subscribe protocol running over TCP with a fixed header starting at just 2 bytes, making it extremely lightweight. IoT Core supports both MQTT 3.1.1 and MQTT 5.0, with MQTT 5.0 enabling more flexible communication control including request/response patterns and message expiry. However, in environments where firewall restrictions block MQTT port 8883, MQTT over WebSocket (port 443) is effective. HTTPS is suitable for one-off data transmissions from devices and has the advantage of leveraging existing REST client libraries. In practice, MQTT is commonly used for always-on telemetry collection, while HTTPS handles low-frequency notifications like firmware version reporting. Azure IoT Hub also supports MQTT and HTTPS, but IoT Core offers greater topic filter flexibility, enabling hierarchical topic designs with wildcards to manage thousands of device types through a single endpoint.
Designing Offline Resilience with Device Shadows
In environments with unreliable network connectivity - factory production lines, agricultural sensors - devices cannot always communicate with the cloud. Device Shadows maintain each device's "desired" state and "reported" state as JSON documents on the cloud side. When an application wants to change a device's settings, it simply updates the Shadow's desired section. When the device comes back online, the difference is automatically synchronized, and the delta between desired and reported is notified to the device. This design allows applications to issue control commands without being aware of device connectivity, while devices can reflect state at their own pace. Named Shadows allow a single device to have multiple shadows - for example, managing "temperature control" and "lighting control" as independent shadows makes per-function access control and version management easier. IoT development books (Amazon) systematically cover offline-resilient patterns using Shadows.
Building Secure Data Pipelines with the Rules Engine and Certificate Authentication
IoT Core's Rules Engine filters and transforms MQTT messages received from devices using SQL-like syntax and routes them directly to over 20 AWS services. For example, you can declaratively define rules like "send only messages where temperature exceeds 50 degrees to Lambda, and accumulate all messages in S3." Direct writes to DynamoDB, streaming to Kinesis Data Streams, and triggering Step Functions workflows are all possible without writing code, making it a powerful tool for building data pipelines. For security, mutual TLS authentication with X.509 certificates is the foundation. Unique certificates are issued per device, and IoT Policies finely control which devices can publish/subscribe to which topics. Just-in-Time Registration (JITR) automatically registers and activates certificates when a device connects for the first time, streamlining provisioning for tens of thousands of devices. Combined with Fleet Provisioning templates, an operational pattern of embedding provisional certificates at factory shipment and automatically switching to production certificates on first connection is also achievable.