Best practices for securing MQTT communication

Question

What are the best practices for securing MQTT communication between IoT devices and the AWS IoT Core service, including certificate management, MQTT over TLS, and fine-grained IAM policies for IoT devices?

Accepted Answer

Hi sdtslmn. All [communication is encrypted using TLS](https://docs.aws.amazon.com/iot/latest/developerguide/transport-security.html), no matter which [device communication protocol](https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html) you use. There are several [client authentication](https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html) options, but new devices would most commonly use [X.509 certificates](https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html), with [IoT policies](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) (rather than IAM policies) for authorization).

In terms of best practices:
* https://docs.aws.amazon.com/iot/latest/developerguide/iot-security.html
* https://docs.aws.amazon.com/iot/latest/developerguide/security-best-practices.html
* https://docs.aws.amazon.com/wellarchitected/latest/iot-lens/sec-best-practices.html
* https://docs.aws.amazon.com/whitepapers/latest/device-manufacturing-provisioning/device-manufacturing-provisioning.html

Best practices for securing MQTT communication

관련 콘텐츠