Skip to content

AWS Account

When you create a device cloud, the Builder will create the required resources in your AWS account.

It is best practice to create a dedicated AWS account for each device cloud you create and not use a pre-existing AWS account that is used for other purposes.

This helps isolate problems and errors and can make issues much simpler.

The Builder and Ioto will create a set of resources in your account and it is best practice to be able to isolate the resources of different apps in separate AWS accounts.

AWS Regions

The Ioto Device Cloud is created in your AWS account in the AWS region that you select. For efficiency, you should select a region that is closest to the majority of your devices. Another consideration is where do you want the device data to be stored.

Ioto stores device data in the AWS region you nominate so you have total control and privacy regarding your device data. Device data goes directly from your devices to the Device Cloud in your account. The device data is not sent through EmbedThis servers or other AWS accounts.

AWS Resources Created

The Builder and Ioto will create the following AWS resources in your AWS account when you create

  • An AWS DynamoDB database registry of your devices.
  • An AWS DynamoDB database exclusively for your device data.
  • AWS DynamoDB streams to replicate device data to and from the cloud.
  • An AWS API Gateway to authorize remote API access to device data.
  • An AWS Cognito User Pool to authenticate user access.
  • An AWS CloudFront and S3 site for the Ioto Device Manager site.
  • AWS Route53 domain for the Ioto Device Manager site.
  • AWS Lambda functions for cloud-side device management.
  • IAM Roles to restrict remote access.
  • AWS IoT Core policies and message routing rules.
  • AWS IoT Things to model your devices in the cloud.

AWS Pre-requisites

When you create an AWS account, AWS may not immediately grant you permission to create some resources that are required to support a device cloud. It is best to be proactive and immediately after creating the AWS account, ask AWS to increase the following limits:

  • Ability to create an AWS CloudFront web site
  • Ability to send emails from AWS SES

Ioto requires these abilities to complete creation of the device cloud.

When asking to increase your AWS SES limit, AWS will ask you several questions. The following FAQ will help you answer their form questions.

Q: Tell us how often you send email,

A: Emails will be sent by the Ioto manager when a user registers to create a new account or has account issues. The estimated rate will be per customer 1-2 times per month.

Q: How you maintain your recipient lists,

A: Customer sign up for our service and the customer gets a record in Cognito. The user list is managed in Cognito.

Q: How you manage bounces, complaints, and unsubscribe requests.

A: Customers must maintain a valid email address in their account as part of the TOS. CloudWatch metrics are used to track SES bound metrics.

Q: Provide examples of the email you plan to send so we can ensure that you are sending high-quality content.

PRODUCT NAME Welcome</h1>
Your NAME user account has been setup.

Please follow this link now and set your password:


This link will expire in 24 hours.

You recieved this message because ${email} was listed as the contact address
       when requesting the Embedthis Builder invite.