Best practices for security

FreeOurToes wrote on June 17, 2019:


Could someone provide good practices or references on making your AWS FreeRTOS device secure?

I see that AWS IoT is coming up with some new tools for building applications and monitoring your device but I still have a lot of question on setting up device itself.

I am at the stage of the project were we are about to deploy 10 devices to the field and I would like to exercise best practices for securing devices, storing credentials and setting up automation for authenticating, provisioning etc.

I am using ESP32 and Testing with Raspberry pi as greengrass gateway. About to start designing new prototype PCB (with ESP32).


Gaurav-Aggarwal-AWS wrote on June 17, 2019:

Hello, please take a look at the Security Pillar of the “AWS IoT Lens” whitepaper in our Well-Architected documentation (find the link by searching for IoT in

I also recommend that you create a flow diagram and threat model for your device and deployment. Any of the methodologies in will suffice. Those steps help you systematically identify, prioritize, and mitigate data loss risk in the context of your anticipated production environment.


FreeOurToes wrote on June 18, 2019:

This is great. Thank you very much.