AWS IoT Core

• AWS IoT Core is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices.
• AWS IoT Core can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely.
• AWS IoT Core allows the applications to keep track of and communicate with all the devices, all the time, even when they aren’t connected.
• AWS IoT Core offers
  • Connectivity between devices and the AWS cloud.
    • AWS IoT Core allows communication with connected devices securely, with low latency and with low overhead.
    • Communication can scale to as many devices as needed.
    • AWS IoT Core supports standard communication protocols including HTTP, MQTT (v3.1.1 and v5), and WebSockets.
    • Communication is secured using TLS.
  • Processing data sent from connected devices.
    • AWS IoT Core can continuously ingest, filter, transform, and route the data streamed from connected devices.
    • Actions can be taken based on the data and route it for further processing and analytics.
  • Application interaction with connected devices.
    • AWS IoT Core accelerates IoT application development.
    • It serves as an easy to use interface for applications running in the cloud and on mobile devices to access data sent from connected devices, and send data and commands back to the devices.

AWS IoT Core Works

• Connected devices, such as sensors, actuators, embedded devices, smart appliances, and wearable devices, connect to AWS IoT Core over HTTPS, WebSockets, or secure MQTT.
• Communication with AWS IoT Core is secure.
  • HTTPS and WebSockets requests sent to AWS IoT Core are authenticated using AWS IAM or AWS Cognito, both of which support the AWS SigV4 authentication.
  • HTTPS requests can also be authenticated using X.509 certificates.
  • MQTT messages to AWS IoT Core are authenticated using X.509 certificates.
  • AWS IoT Core allows using AWS IoT Core generated certificates, as well as those signed by your preferred Certificate Authority (CA).
• AWS IoT Core also offers fine-grained authorization to isolate and secure communication among authenticated clients.

MQTT Protocol Support

• AWS IoT Core supports both MQTT v3.1.1 and MQTT v5 protocols, enabling heterogeneous deployments with a mix of MQTT connectivity specifications.
• MQTT 5 features include:
  • Shared Subscriptions – enables load balancing across multiple subscribing MQTT sessions or consumers, sending a published message to only one subscriber in a random manner.
  • Message Queuing for Shared Subscriptions (2025) – maintains message delivery reliability during network disruptions for shared subscription groups.
  • User Properties – allows attaching custom key-value pairs to MQTT messages for additional metadata.
  • Request/Response Pattern – includes response topic and correlation data for request-response communication patterns.
  • Message Expiry – sets a time-to-live on messages after which undelivered messages expire.
  • Topic Aliases – reduces the size of published packets by using short numeric aliases instead of full topic names.
  • Reason Codes – provides enhanced error handling with reason codes on acknowledgments.
• AWS IoT Core supports cross MQTT version (MQTT 3 and MQTT 5) communication.

Direct Messaging (2026)

• Direct Messaging enables sending point-to-point messages to any connected device by its MQTT client ID, without requiring the device to subscribe to a topic.
• Uses the SendDirectMessage HTTP API to deliver messages from a sender to a single receiver.
• Provides delivery confirmation – when enabled, the API delivers the message at QoS 1 and waits for a PUBACK from the receiving client before returning a successful response.
• Supports response topic for request-response flows.
• Provides better visibility into message delivery and lower messaging costs compared to pub/sub for point-to-point communication.

MQTT Connection Management APIs (2026)

• AWS IoT Core provides GetConnection and ListSubscriptions APIs for MQTT connection management.
• GetConnection – retrieves connection information for a specific MQTT client.
• ListSubscriptions – lists active MQTT topic subscriptions for connected devices.
• Enables easy access to client connection and subscription information for monitoring and troubleshooting.

Device Gateway

• Device Gateway forms the backbone of communication between connected devices and the cloud capabilities such as the Rules Engine, Device Shadow, and other AWS and 3rd-party services.
• Device Gateway allows secure, low-latency, low-overhead, bi-directional communication between connected devices, cloud and mobile applications.
• Device Gateway supports the pub/sub messaging pattern, which involves clients publishing messages on logical communication channels called ‘topics’ and clients subscribing to topics to receive messages.
• Device gateway enables communication between publishers and subscribers.
• Device Gateway scales automatically as per the demand, without any operational overhead.
• Supports custom domains – allows configuring custom domain names, using own server certificates stored in AWS Certificate Manager, and attaching custom authorizers.

Rules Engine

• Rules Engine enables continuous processing of data sent by connected devices.
• Rules can be configured to filter and transform the data using an intuitive, SQL-like syntax.
• Rules can be configured to route the data to other AWS services such as DynamoDB, Kinesis, Lambda, SNS, SQS, CloudWatch, Amazon OpenSearch Service, Amazon Timestream, Amazon S3, AWS IoT SiteWise, as well as to non-AWS services via Lambda or HTTP actions for further processing, storage, or analytics.
• Supports Basic Ingest to reduce messaging costs by bypassing the IoT message broker and routing telemetry directly to IoT Rule actions.

Registry

• Registry allows registering devices and keeping track of devices connected to AWS IoT Core, or devices that may connect in the future.
• Supports fleet indexing to search and aggregate device data across the fleet.

Device Shadow

• Device Shadow enables cloud and mobile applications to query data sent from devices and send commands to devices, using a simple REST API, while letting AWS IoT Core handle the underlying communication with the devices.
• Device Shadow accelerates application development by providing
  • a uniform interface to devices, even when they use one of the several IoT communication and security protocols with which the applications may not be compatible.
  • an always available interface to devices even when the connected devices are constrained by intermittent connectivity, limited bandwidth, limited computing ability or limited power.
• Supports Named Shadows – allows creating multiple named shadows for a single device, enabling different applications or services to manage their own shadow independently.

Device and its Device Shadow Lifecycle

• A device (such as a light bulb) is registered in the Registry.
• Connected device is programmed to publish a set of its property values or ‘state (“I am ON and my color is RED”) to the AWS IoT Core service.
• Device Shadow also stores the last reported state in AWS IoT Core.
• An application (such as a mobile app controlling the light bulb) uses a RESTful API to query AWS IoT Core for the last reported state of the light bulb, without the complexity of communicating directly with the light bulb.
• When a user wants to change the state (such as turning the light bulb from ON to OFF), the application uses a RESTful API to request an update, i.e. sets a ‘desired’ state for the device in AWS IoT Core. AWS IoT Core takes care of synchronizing the desired state to the device.
• Application gets notified when the connected device updates its state to the desired state.

AWS IoT Core Device Location

• AWS IoT Core Device Location enables devices to retrieve and report their current location without relying on GPS hardware.
• Supports multiple location resolution methods:
  • Wi-Fi scan – uses nearby Wi-Fi access points to determine location.
  • Cellular scan – uses cell tower information for location resolution.
  • GNSS scan – uses Global Navigation Satellite System data.
  • Reverse IP look-up – determines approximate location from IP address.
• Supports both MQTT and HTTP protocols for submitting location data.
• Supports Confidence Level Configuration and Measurement Type for greater control over location resolution (2026).
• Use cases include map visualization, historical route tracking, and geofencing.

AWS IoT Device Management Commands

• Commands feature (GA November 2024) enables sending remote commands to IoT devices at scale for remote monitoring, control, and diagnostics.
• Devices subscribe to MQTT topics to receive user-defined payloads from the cloud.
• Supports creating reusable command templates with static or dynamic payloads.
• Enables tracking command execution status (CREATED, IN_PROGRESS, SUCCEEDED, FAILED, TIMED_OUT, REJECTED).
• Use cases include turning devices on/off, adjusting settings, retrieving data, or uploading logs without being physically present.

Related AWS IoT Services

• AWS IoT Greengrass (V2) – enables local processing, messaging, data management, and ML inference at the edge. Provides prebuilt components for accelerated development. (Note: Greengrass V1 reaches end of support on October 7, 2026 – migrate to V2.)
• AWS IoT Device Defender – audits device configurations, monitors connected devices for anomalous behavior, and mitigates security risks.
• AWS IoT SiteWise – collects, stores, organizes, and monitors industrial equipment data at scale.

AWS Certification Exam Practice Questions

• Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
• AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
• AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
• Open to further feedback, discussion and correction.

1. You need to filter and transform incoming messages coming from a smart sensor you have connected with AWS. Once messages are received, you need to store them as time series data in DynamoDB. Which AWS service can you use?
   1. IoT Device Shadow Service (maintains device state)
   2. Redshift
   3. Kinesis (While Kinesis could technically be used as an intermediary between different sources, it isn’t a great way to get data into DynamoDB from an IoT device.)
   4. IoT Rules Engine
2. A company has thousands of IoT sensors deployed in the field. The sensors publish telemetry data via MQTT and the company needs to load balance message processing across multiple backend consumers. Which AWS IoT Core feature should they use?
   1. Device Shadow
   2. Basic Ingest
   3. MQTT Shared Subscriptions
   4. IoT Rules Engine
3. A company needs to determine the location of its IoT devices deployed in warehouses where GPS signals are unavailable. Which AWS IoT Core feature enables location resolution without GPS hardware?
   1. Device Shadow
   2. Fleet Indexing
   3. AWS IoT Core Device Location
   4. AWS IoT SiteWise
4. An application needs to send a command to a specific connected IoT device and receive confirmation that the message was delivered. Which AWS IoT Core feature provides point-to-point messaging with delivery acknowledgment? (Choose the BEST answer)
   1. Device Shadow desired state
   2. IoT Rules Engine with Lambda
   3. MQTT topic publish with QoS 1
   4. Direct Messaging with SendDirectMessage API
5. A company is currently using AWS IoT Analytics to process IoT telemetry data. Given the service’s end of support, which combination of services should they migrate to? (Select TWO)
   1. AWS IoT Core Rules Engine
   2. AWS IoT Events
   3. Amazon Kinesis Data Firehose with Amazon S3
   4. AWS IoT 1-Click
   5. Amazon Redshift Spectrum