AWS Services to Build and Upscale an IoT Architecture

Head of Java Development, ScienceSoft


As IoT is gaining its momentum, leading tech companies keep pace with IoT innovations to provide their customers with more and more IoT opportunities – and so does Amazon Web Services (AWS)*. As AWS highlights, it aims to give users the opportunity to know the states of their things and how they help to solve business problems.

In our new article, we give a brief overview of AWS IoT offerings and possible AWS IoT architecture introducing the main features, pros, and limitations.

aws iot

AWS IoT Core and its components

AWS IoT Core is a platform that helps to build an architecture for an IoT solution and connect smart things to AWS Services. It guarantees secure data transmission to and from the cloud as well as secure data storing and processing. The main benefit is that AWS IoT Core incorporates all necessary components to create an IoT solution and can be connected to other AWS services helping to enhance an IoT solution.

aws iot architecture

The AWS IoT Device SDK

The AWS IoT Device SDK (software development kit) is used to speed up connecting smart things to AWS IoT Core and user mobile applications, authenticate and exchange messages with the MQTT, HTTP or WebSockets protocols.

The Device Gateway

The Device Gateway is an entry point for connecting devices to the cloud. The Gateway provides secure connection, manages all active connections and can scale automatically to support over a billion devices.

The Message Broker

The Message Broker performs secure message transmission with low latency to and from smart, connected devices. The Message Broker supports a wide range of messaging patterns from one-to-one command and control messaging to one-to-one million broadcast notification systems. The Message Broker scales up automatically as the volume of messages increases.

Authentication and authorization

In an IoT system, it’s crucial to ensure that only authorized things connect to the cloud in order to protect data and enable effective performance of an IoT system. In this respect, each smart, connected device has a credential to connect to the Message Broker or the Device Shadow service, and AWS IoT Core provides mutual authentication and encryption at all points of connection. All the messages to and from devices are encrypted over the Transport Layer Security. AWS IoT Core supports the AWS method of authentication (SigV4, or Signature Version 4 protocol), X.509 certificate-based authentication, and customer created token-based authentication (through custom authorizers).

Device Shadow

The Device Shadow service stores and retrieves the information about the current state of the devices connected to AWS, with a separate shadow for each device. Each shadow has two pieces of information: the state last reported by a device and the desired state requested, for example, by a user or a control application from the IoT system. The application can control the device by requesting a change in its state. The shadow accepts the state change request, updates its state information and sends a message to indicate the update. Even if a certain device is not connected, IoT applications can take its latest state from a corresponding device shadow.

The Registry

Metadata about devices (e.g., device locations, attributes, capabilities, manufacturer’s data) is stored in the Registry. This data can be useful in performing such queries as, for example, finding all the devices located in a certain city or country. A company can keep metadata in the Registry without additional charge, and the data won’t expire when it’s accessed at least once in 7 years.

Rules Engine

The Rules Engine is an AWS feature that helps to build IoT applications that gather, process and analyze the data generated by connected devices without the need to manage any infrastructure. It evaluates inbound messages published in AWS IoT Core and sends them to a cloud service according to the rules defined by a user. The Rules Engine also connects AWS IoT Core to other AWS Services (Kinesis, DDB, SQS) and external endpoints.

AWS Greengrass

AWS Greengrass is software for secure local computing, messaging, data caching, and machine learning for connected devices. With Greengrass, it’s possible to execute Lambda functions (programmed in the cloud and called by a trigger) locally with no need to develop embedded software. Thus, IoT devices respond to local events quicker.

AWS Greengrass helps to filter sensor data before transmitting it to the cloud. This approach helps to reduce volumes of sensor data coming to the cloud and the costs of this process.

Also, AWS Greengrass has a special feature for machine learning – ML Inference. It allows performing machine learning locally on Greengrass Core and uses the models built and trained in the cloud.

AWS Services for device management

To monitor and manage connected devices (both device fleets and individual devices), AWS provides IoT Device Management. The service integrates with AWS IoT Core to get the info about the devices connected to the cloud, enable reporting on device states, remotely solve (when possible) problems with the performance of devices and conduct software updates.

AWS IoT Device Defender helps to secure devices individually or in bulk. This service helps to authenticate IoT devices and monitor their performance (to keep track of and report on suspicious behavior) and ensures that devices securely communicate with the cloud.

Data analytics with AWS

To conduct sensor data analytics, AWS offers its AWS IoT Analytics. This service allows ingesting real-time data in various formats (video, audio, logs, website clickstreams, and more) and gives immediate responses to it. After processing, the data is sent to the IoT-optimized data store for further analytics.

AWS IoT Analytics provides connection to Amazon QuickSight, which helps users visualize their data. It’s also possible to visualize the results of the ad-hoc analysis in Jupyter Notebooks embedded within the IoT Analytics console.


Despite the variety of features that AWS offers for a reliable IoT solution, they are just a basis that needs a great deal of custom code for more complex solutions.

Moreover, there are certain restrictions to consider before and during planning an IoT project based on AWS. These restrictions are related to the compliance with AWS security regulations and are mainly on how data can be modeled and the size of the information, which can be stored in Device Shadows. Also, some features may be unavailable or limited in certain regions.

A versatile set of the AWS features for IoT solutions may be confusing if project participants have never dealt with AWS IoT before. Thus, a company may need to turn to third-party experience, including not only development teams but also IoT consultants, to choose the best services and find the most convenient and cost-effective ways to tune them. In addition, access to the AWS IoT Services (and corresponding training on how to use these services) requires Amazon membership. For some time, IoT-related AWS Services are available for free, but in the long-term perspective, paid membership is needed.


The variety of AWS Services (IoT Core, AWS Greengrass, IoT Data Analytics, and more) can help create an IoT solution to efficiently gather, process, store and analyze sensor data and act on connected devices ensuring secure connection IoT devices to the cloud and safe data transmission across the entire IoT solution.

However, choosing AWS Services for your IoT project, it’s important to keep in mind that they are just an easy-to-start-with basis for a future IoT solution. In this respect, you may need to resort to third parties experienced in dealing with AWS Services and Amazon products to tune AWS offerings and make your IoT project successful.

**All AWS Marks are trademarks of, Inc. or its affiliates in the United States and/or other countries.

IoT Services by ScienceSoft

From strategy development to support and evolution - we will lead your IoT initiative from 'How?' to 'Wow!'