# What is a domain configuration?
<a name="iot-domain-configuration-what-is"></a>

In Amazon IoT Core, a domain configuration refers to the setup and configuration of a domain (either Amazon managed domain or customer managed domain) for your Amazon IoT Core data endpoints. Amazon IoT Core also provides a default endpoint for your Amazon account (`iot:Data-ATS`) for devices to communicate with Amazon IoT Core.

**Topics**
+ [Use cases](#iot-custom-endpoints-configurable-use-cases)
+ [Key concepts](#iot-domain-configuration-key-concepts)
+ [Important notes](#iot-custom-endpoints-configurable-notes)

## Use cases
<a name="iot-custom-endpoints-configurable-use-cases"></a>

You can use domain configurations to simplify tasks like the following.
+ Migrate devices to Amazon IoT Core.
+ Support heterogeneous device fleets by maintaining separate domain configurations for separate device types.
+ Maintain brand identity (for example, through domain name) while migrating application infrastructure to Amazon IoT Core.

## Key concepts
<a name="iot-domain-configuration-key-concepts"></a>

The following concepts provide details about domain configurations and related concepts.
+ **Domain configuration**

  The setup and configuration of a domain for your Amazon IoT Core endpoints.
+ **Default endpoint domain**

  The domain that Amazon IoT provides with the default endpoint such as `iot:Data-ATS`. To find the default endpoint, run the [describe-endpoint](https://docs.amazonaws.cn//cli/latest/reference/iot/describe-endpoint.html) or [describe-domain-configuration](https://docs.amazonaws.cn//cli/latest/reference/iot/describe-domain-configuration.html) CLI command. Alternatively, go to Amazon IoT Core console, choose **Domain configurations** from **Connect** on the left navigation. The default endpoint is listed with the name `iot:Data-ATS`.
+ **Amazon managed domain**

  The domain that Amazon will manage. Choosing Amazon managed domain means that your devices will connect using a data endpoint provided by Amazon. Amazon will manage the domain and the certificates.
+ **Customer managed domain**

  The domain that you will manage. Also known as custom domain. Choosing customer managed domain means that your devices will connect using a custom domain data endpoint. You will manage the domain and the certificates. Customer managed domain allows you to tailor the endpoint URLs to suit your needs. For example, you can use a custom domain name (`your-domain-name.com`) or apply specific access policies.
+ **Authentication type**

  The authentication type that you choose to authenticate your devices when connecting to Amazon IoT Core. When creating a domain configuration, you must specify an authentication type. For more information, see [Choosing an authentication type for your device communication](protocols.md#connection-protocol-auth-mode).
+ **Application protocol**

  The application layer protocols which your devices use when connecting to Amazon IoT Core. When creating a domain configuration, you must specify an application protocol. For more information, see [Choosing an application protocol for your device communication](protocols.md#protocol-selection).

## Important notes
<a name="iot-custom-endpoints-configurable-notes"></a>

Amazon IoT Core uses the [server name indication (SNI) TLS extension](https://www.rfc-editor.org/rfc/rfc3546) to apply domain configurations. When connecting devices to Amazon IoT Core, clients can send the [Server Name Indication (SNI) extension](https://tools.ietf.org/html/rfc3546#section-3.1), which is required for features such as [multi-account registration](https://docs.amazonaws.cn//iot/latest/developerguide/x509-client-certs.html#multiple-account-cert), [configurable endpoints](https://docs.amazonaws.cn//iot/latest/developerguide/iot-custom-endpoints-configurable.html), [custom domains](https://docs.amazonaws.cn//iot/latest/developerguide/iot-custom-endpoints-configurable-custom.html), and [VPC endpoints](https://docs.amazonaws.cn//iot/latest/developerguide/IoTCore-VPC.html). They also must pass a server name that is identical to the domain name that you specify in the domain configuration. To test this service, use the v2 version of the [Amazon IoT Device SDKs](https://github.com/aws) in GitHub.

If you create multiple data endpoints in your Amazon Web Services account, they will share Amazon IoT Core resources such as MQTT topics, device shadows, and rules.

When you provide the server certificates for Amazon IoT Core custom domain configuration, the certificates have a maximum of four domain names. For more information, see [Amazon IoT Core endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/iot-core.html#security-limits).