Managing domain configurations - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Managing domain configurations

You can manage the lifecycles of existing configurations by using the following APIs.

Viewing domain configurations

To return a paginated list of all domain configurations in your Amazon Web Services account, use the ListDomainConfigurations API . You can see the details of a particular domain configuration using the DescribeDomainConfiguration API. This API takes a single domainConfigurationName parameter and returns the details of the specified configuration.


Updating domain configurations

To update the status or the custom authorizer of your domain configuration, use the UpdateDomainConfiguration API. You can set the status to ENABLED or DISABLED. If you disable the domain configuration, devices connected to that domain receive an authentication error. Currently you can't update the server certificate in your domain configuration. To change the certificate of a domain configuration, you must delete and recreate it.


Deleting domain configurations

Before you delete a domain configuration, use the UpdateDomainConfiguration API to set the status to DISABLED. This helps you avoid accidentally deleting the endpoint. After you disable the domain configuration, delete it by using the DeleteDomainConfiguration API. You must place Amazon-managed domains in DISABLED status for 7 days before you can delete them. You can place custom domains in DISABLED status and then delete them at once.


After you delete a domain configuration, Amazon IoT Core no longer serves the server certificate associated with that custom domain.

Rotating certificates in custom domains

You may need to periodically replace your server certificate with an updated certificate. The rate at which you do this depends on the validity period of your certificate. If you generated your server certificate by using Amazon Certificate Manager (ACM), you can set the certificate to renew automatically. When ACM renews your certificate, Amazon IoT Core automatically picks up the new certificate. You don't have to perform any additional action. If you imported your server certificate from a different source, you can rotate it by reimporting it to ACM. For information about reimporting certificates, see Reimport a certificate.


Amazon IoT Core only picks up certificate updates under the following conditions.

  • The new certificate has the same ARN as the old one.

  • The new certificate has the same signing algorithm, common name, or subject alternative name as the old one.