Connecting devices to Amazon IoT - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Connecting devices to Amazon IoT

Devices connect to Amazon IoT and other services through Amazon IoT Core. Through Amazon IoT Core, devices send and receive messages using device endpoints that are specific to your account. The Amazon IoT Device SDKs support device communications using the MQTT and WSS protocols. For more information about the protocols that devices can use, see Device communication protocols.

The message broker

Amazon IoT manages device communication through a message broker. Devices and clients publish messages to the message broker and also subscribe to messages that the message broker publishes. Messages are identified by an application-defined topic. When the message broker receives a message published by a device or client, it republishes that message to the devices and clients that have subscribed to the message's topic. The message broker also forwards messages to the Amazon IoT rules engine, which can act on the content of the message.

Amazon IoT message security

Device connections to Amazon IoT use X.509 client certificates and Amazon signature V4 for authentication. Device communications are secured by TLS version 1.3 and Amazon IoT requires devices to send the Server Name Indication (SNI) extension when they connect. For more information, see Transport Security in Amazon IoT.

Amazon IoT device data and service endpoints


You can cache or store the endpoints in your device. This means you won't need to query the DescribeEndpoint API every time when a new device is connected. The endpoints won't change after Amazon IoT Core creates them for your account.

Each account has several device endpoints that are unique to the account and support specific IoT functions. The Amazon IoT device data endpoints support a publish/subscribe protocol that is designed for the communication needs of IoT devices; however, other clients, such as apps and services, can also use this interface if their application requires the specialized features that these endpoints provide. The Amazon IoT device service endpoints support device-centric access to security and management services.

To learn your account's device data endpoint, you can find it in the Settings page of your Amazon IoT Core console.

To learn your account's device endpoint for a specific purpose, including the device data endpoint, use the describe-endpoint CLI command shown here, or the DescribeEndpoint REST API, and provide the endpointType parameter value from the following table.

aws iot describe-endpoint --endpoint-type endpointType

This command returns an iot-endpoint in the following format:

Every customer has an iot:Data-ATS and an iot:Data endpoint. Each endpoint uses an X.509 certificate to authenticate the client. We strongly recommend that customers use the newer iot:Data-ATS endpoint type to avoid issues related to the widespread distrust of Symantec certificate authorities. We provide the iot:Data endpoint for devices to retrieve data from old endpoints that use VeriSign certificates for backward compatibility. For more information, see Server Authentication.

Amazon IoT endpoints for devices

Endpoint purpose

endpointType value


Amazon IoT Core - data plane operations


Used to send and receive data to and from the message broker, Device Shadow, and Rules Engine components of Amazon IoT.

iot:Data-ATS returns an ATS signed data endpoint.

Amazon IoT Core - data plane operations (legacy)


iot:Data returns a VeriSign signed data endpoint provided for backward compatibility. MQTT 5 is not supported on Symantec (iot:Data) endpoints.

Amazon IoT Core credential access


Used to exchange a device's built-in X.509 certificate for temporary credentials to connect directly with other Amazon services. For more information about connecting to other Amazon services, see Authorizing Direct Calls to Amazon Services.

Amazon IoT Device Management - jobs data operations


Used to enable devices to interact with the Amazon IoT Jobs service using the Jobs Device HTTPS APIs.

Amazon IoT Device Advisor operations


A test endpoint type used for testing devices with Device Advisor. For more information, see Device Advisor.

Amazon IoT Core data beta (preview)


An endpoint type reserved for beta releases. For information about its current use, see Configurable endpoints.

You can also use your own fully-qualified domain name (FQDN), such as, and the associated server certificate to connect devices to Amazon IoT by using Configurable endpoints.

Amazon IoT Device SDKs

The Amazon IoT Device SDKs help you connect your IoT devices to Amazon IoT Core and they support MQTT and MQTT over WSS protocols.

The Amazon IoT Device SDKs differ from the Amazon SDKs in that the Amazon IoT Device SDKs support the specialized communications needs of IoT devices, but don't support all of the services supported by the Amazon SDKs. The Amazon IoT Device SDKs are compatible with the Amazon SDKs that support all of the Amazon services; however, they use different authentication methods and connect to different endpoints, which could make using the Amazon SDKs impractical on an IoT device.

Mobile devices

The Amazon Mobile SDKs support both MQTT device communications, some of the Amazon IoT service APIs, and the APIs of other Amazon services. If you're developing on a supported mobile device, review its SDK to see if it's the best option for developing your IoT solution.


Amazon IoT C++ Device SDK

The Amazon IoT C++ Device SDK allows developers to build connected applications using Amazon and the APIs of the Amazon IoT Core services. Specifically, this SDK was designed for devices that are not resource constrained and require advanced features such as message queuing, multi-threading support, and the latest language features. For more information, see the following:


Amazon IoT Device SDK for Python

The Amazon IoT Device SDK for Python makes it possible for developers to write Python scripts to use their devices to access the Amazon IoT platform through MQTT or MQTT over the WebSocket Secure (WSS) protocol. By connecting their devices to the APIs of the Amazon IoT Core services, users can securely work with the message broker, rules, and Device Shadow service that Amazon IoT Core provides and with other Amazon services like Amazon Lambda, Amazon Kinesis, and Amazon S3, and more.


Amazon IoT Device SDK for JavaScript

The Amazon IoT Device SDK for JavaScript makes it possible for developers to write JavaScript applications that access APIs of the Amazon IoT Core using MQTT or MQTT over the WebSocket protocol. It can be used in Node.js environments and browser applications. For more information, see the following:


Amazon IoT Device SDK for Java

The Amazon IoT Device SDK for Java makes it possible for Java developers to access the APIs of the Amazon IoT Core through MQTT or MQTT over the WebSocket protocol. The SDK supports the Device Shadow service. You can access shadows by using HTTP methods, including GET, UPDATE, and DELETE. The SDK also supports a simplified shadow access model, which allows developers to exchange data with shadows by using getter and setter methods, without having to serialize or deserialize any JSON documents. For more information, see the following:

Embedded C

Amazon IoT Device SDK for Embedded C


This SDK is intended for use by experienced embedded-software developers.

The Amazon IoT Device SDK for Embedded C (C-SDK) is a collection of C source files under the MIT open source license that can be used in embedded applications to securely connect IoT devices to Amazon IoT Core. It includes MQTT, JSON Parser, and Amazon IoT Device Shadow libraries and others. It is distributed in source form and intended to be built into customer firmware along with application code, other libraries and, optionally, an RTOS (Real Time Operating System).

The Amazon IoT Device SDK for Embedded C is generally targeted at resource constrained devices that require an optimized C language runtime. You can use the SDK on any operating system and host it on any processor type (for example, MCUs and MPUs). If your device has sufficient memory and processing resources available, we recommend that you use one of the other Amazon IoT Device and Mobile SDKs, such as the Amazon IoT Device SDK for C++, Java, JavaScript, or Python.

For more information, see the following: