Ensuring that your Internet of Things (IoT) environments are secure is an important priority, particularly because organizations are connecting billions of devices to their IT environments. This pattern provides a reference architecture that you can use to implement logging and monitoring for security events across your IoT environment on the Amazon Web Services (AWS) Cloud. Typically, an IoT environment on the AWS Cloud has the following three layers:
IoT devices that generate relevant telemetry data.
AWS IoT services (for example, AWS IoT Core, AWS IoT Device Management, or AWS IoT Device Defender) that connect your IoT devices to other devices and AWS services.
Backend AWS services that help process telemetry data and provide useful insights for your different business use cases.
The best practices provided by the AWS IoT Lens - AWS Well-Architected Framework whitepaper can help you review and improve your cloud-based architecture and better understand the business impact of your design decisions. An important recommendation is that you analyze application logs and metrics on your devices and in the AWS Cloud. You can achieve this by leveraging different approaches and techniques (for example, threat modeling) to identify metrics and events that must be monitored to detect potential security issues.
This pattern describes how to use AWS IoT and security services to design and implement a security logging and monitoring reference architecture for an IoT environment on the AWS Cloud. This architecture builds on existing AWS security best practices and applies them to your IoT environment.
