- Newest
- Most votes
- Most comments
It is best practice to have unique credentials for each device, meaning that you SHOULD use unique certificates for each ESP32. These certificates can be embedded in software or in HW security modules (such as ATECC608). These modules can also be purchased with preconfigured credentials that can be pre-registered in AWS IoT Core (see https://www.microchip.com/en-us/products/security/trust-platform). You can then leverage a JITP flow to activate the device and create the cloud resources (such as Thing, ThingGroups, Policies) automatically.
An alternative solution is to use a certificate vending machine that sends the device the unique certificate at onboarding time. One such solution which is tailored for embedded devices is IoT Provisioning Secrets Free. You can find additional solutions in the whitepaper listed below.
You can leverage AWS IoT Policiy variables to create scalable policies. You can read more at https://docs.aws.amazon.com/iot/latest/developerguide/iot-policy-variables.html
Check also out this whitepaper for more information on the different options for creating a secure provisioning solution your IoT products: https://docs.aws.amazon.com/whitepapers/latest/device-manufacturing-provisioning/device-manufacturing-provisioning.html
Thanks for the help. However it would be very helpful if I get some more in depth help regarding this. I am very much new to it.
Relevant content
- Accepted Answerasked 2 months ago
- Accepted Answerasked 2 years ago
- asked 4 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago