Configurable endpoints - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Configurable endpoints

With Amazon IoT Core, you can configure and manage the behaviors of your data endpoints by using domain configurations. With domain configurations, you can generate multiple Amazon IoT Core data endpoints, customize data endpoints with your own fully qualified domain names (FQDN) and associated server certificates, and also associate a custom authorizer. For more information, see Custom authentication and authorization.


This feature is not available in GovCloud Amazon Web Services Regions.

You can use domain configurations to simplify tasks such as the following.

  • Migrate devices to Amazon IoT Core.

  • Support heterogeneous device fleets by maintaining separate domain configurations for separate device types.

  • Maintain brand identity (for example, through domain name) while migrating application infrastructure to Amazon IoT Core.

Amazon IoT Core uses the server name indication (SNI) TLS extension to apply domain configurations. Devices must use this extension when they connect. They also must pass a server name that is identical to the domain name that you specify in the domain configuration. To test this service, use the v2 version of the Amazon IoT Device SDKs in GitHub.

If you create multiple data endpoints in your Amazon Web Services account, they will share Amazon IoT Core resources such as MQTT topics, device shadows, and rules.

When you provide the server certificates for Amazon IoT Core custom domain configuration, the certificates have a maximum of four domain names. For more information, see Amazon IoT Core endpoints and quotas.