Sign IoT Request With SigV4 - Device Limits?

May be another option is to explore credentials provider. AWS IoT Core has a credentials provider that allows you to use the built-in X.509 certificate as the unique device identity to authenticate AWS requests. This eliminates the need to store an access key ID and a secret access key on your device.

The credentials provider authenticates a caller using an X.509 certificate and issues a temporary, limited-privilege security token. The token can be used to sign and authenticate any AWS request. This way of authenticating your AWS requests requires you to create and configure an AWS Identity and Access Management (IAM) role and attach appropriate IAM policies to the role so that the credentials provider can assume the role on your behalf.

Reference : https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html

You can use Cognito Identities to use SigV4 to authenticate an IoT client. There are no limits on how many Cognito Identities you can have in the account. Cognito Identities are useful when the connection is established based on a user authentication, for example when you have an application that needs to communicate with IoT Core. If the authentication is for a device, you should use X.509 certificates or Custom Authorizers.