Course description
Security is a central concern for all of Amazon Web Services (AWS). Security is extremely important in the field of IoT (Internet of Things) because IoT devices are physically accessible. Authentication and authorization are the foundations of a secure IoT infrastructure.This course explores the concepts of IoT authentication and authorization within AWS IoT. You will learn about the IoT control plane and data plane and how to authenticate and authorize to both. This course is intended for students who would like to securely connect devices, mobile apps, desktop apps, web apps, or the CLI to AWS IoT. You will learn about using different authentication methods and their appropriate authorization policies.
This is an interactive course that includes hands-on exercises using AWS. This course is designed so that you can take the full course from start to finish or select individual topics that suit your interests.
Course objectives
In this course, you will learn:
- What authentication and authorization are
- The difference between the control plane and data plane in AWS IoT
- Different methods of connecting to AWS IoT Core
- How to use policies to grant proper permissions
- How to use the different authentication methods
- X.509 certificates
- Custom authorizers
- AWS Identity and Access Management (IAM), federated identities, and Amazon Cognito Federated Identities
Intended audience
This course is intended for:
- Fleet managers
- Security architects
- Device engineers
- Line-of-business application developers
Prerequisites
We recommend that attendees of this course have the following prerequisites:
- IoT Foundation: Telemetry
- AWS IoT Security Primer
Course outline
Module 1: Introduction
- Welcome
- Demos in this course
- Introduction to authentication and authorization
- Introduction to policies
- Determining permissions
- Writing a policy
- Least privilege
- Closing
Module 2: Control Plane and Data Plane
- Control plane vs. data plane
- Control plane
- Authenticating
- Authorizing
- Common IAM policies for IoT
- Data plane
- Authenticating
- Authorizing: Choosing the appropriate policy type
- Authorizing: IoT policy action/resource/variable
- Authentication and authorization requirements
- Demo
- Closing
Module 3: X.509 Certificates
- Introduction
- Authenticating
- Authenticating
- Mutual authentication
- Creating and registering certificates
- Authorizing
- Policy variables with certificate attributes
- Direct calls to AWS services
- Deactivating and revoking certificates
- Demo
- Closing
Module 4: Custom Authorizers
- Introduction
- Authenticating and authorizing
- Components of a custom authorizer
- Demo
- Closing
Module 5: IAM, Federated Identities, and Cognito Identities
- Authenticating with AWS Identity and Access Management
- Federated identities
- IAM federated identities
- Introduction
- Authenticating and authorizing
- Recommended: Amazon Cognito identities
- Introduction
- Authenticating
- Authorizing: Choosing the appropriate policy type
- Authenticating and authorizing
- Demo
- Closing
