Data encryption in Amazon IoT - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Data encryption in Amazon IoT

Data protection refers to protecting data while in-transit (as it travels to and from Amazon IoT) and at rest (while it is stored on devices or by other Amazon services). All data sent to Amazon IoT is sent over an TLS connection using MQTT, HTTPS, and WebSocket protocols, making it secure by default while in transit. Amazon IoT devices collect data and then send it to other Amazon services for further processing. For more information about data encryption on other Amazon services, see the security documentation for that service.

FreeRTOS provides a PKCS#11 library that abstracts key storage, accessing cryptographic objects and managing sessions. It is your responsibility to use this library to encrypt data at rest on your devices. For more information, see FreeRTOS Public Key Cryptography Standard (PKCS) #11 Library.

Device Advisor

Encryption in transit

Data sent to and from Device Advisor is encrypted in transit. All data sent to and from the service when using the Device Advisor APIs is encrypted using Signature Version 4. For more information about how Amazon API requests are signed, see Signing Amazon API requests. All data sent from your test devices to your Device Advisor test endpoint is sent over a TLS connection so it is secure by default in transit.