When you create a thing within AWS IoT Console, the associated SIM enables the
The Amazon Trust Service (ATS) uses the cellular network to securely deliver the following information to the
For identification purposes:
- The unique AWSthing name
- The Amazon Resource Name (ARN) that defines which AWS endpoint supports the thing
For security purposes:
- A set of X.509 certificates
- An encrypted private key – AWS and the
Cinterion® ELS61 Wireless Moduleuse key pairs for signing data
The certificates and private key are stored in a secure Java keystore. The end user cannot see or handle the security materials throughout their use.
When a thing is deleted in AWS, the data within the device keystore remains in the keystore. If you reuse the device with a new SIM and recreate it as a new thing within AWS, then any existing security information in the keystore is replaced by the new certificates and a new private key.
AWS security compliance
- Each connected device has a set of credentials to access the message broker or device shadow service
- Device credentials are stored safely in order to send data securely to the message broker
- All traffic to and from AWS IoT is encrypted over Transport Layer Security (TLS)
For more information, see the AWS documentation Security section, including: https://docs.aws.amazon.com/iot/latest/developerguide/iot-security.html.
Updates to the certificates and keys are handled in the same way as all security data. This enables you to apply a managed certificate rotation policy, as well as automatically protecting the device against changes in rootCA providers.