--- title: AWS IoT Solutions: Architecture Patterns for Connected Devices description: AWS IoT architecture patterns for manufacturing, smart buildings, and connected devices — from device connectivity to data ingestion, edge processing with Greengrass, and real-time analytics. url: https://www.factualminds.com/blog/aws-iot-solutions-architecture-guide/ datePublished: 2026-04-04T00:00:00.000Z dateModified: 2026-04-16T00:00:00.000Z author: Palaniappan P category: Cloud Architecture tags: iot, aws-iot, iot-solutions-aws, connected-devices, iot-architecture, aws, edge-computing, serverless --- # AWS IoT Solutions: Architecture Patterns for Connected Devices > AWS IoT architecture patterns for manufacturing, smart buildings, and connected devices — from device connectivity to data ingestion, edge processing with Greengrass, and real-time analytics. Connected devices generate enormous value when you can process their data reliably. A manufacturing facility instrumenting equipment with IoT sensors can detect anomalies before failures, a smart building tracking occupancy can optimize HVAC in real time, and a fleet of delivery vehicles reporting location can improve routing efficiency by 15–20%. The challenge is not the vision — it is the infrastructure. Thousands of devices with intermittent connectivity, unreliable networks, edge processing requirements, and cloud synchronization dependencies demand an architecture that is resilient, scalable, and cost-efficient. AWS IoT provides the primitives. Getting them right requires understanding which AWS service handles which part of the problem. ## The AWS IoT Architecture Stack AWS IoT is not a single service — it is a suite of interconnected services for device connectivity, edge processing, data ingestion, and analytics: **IoT Core** — Device identity, authentication, connection management, and MQTT/HTTP message routing. Every device connects here first to authenticate with X.509 certificates and publish/subscribe to topics. **IoT Greengrass** — Local edge compute runtime that runs on gateways or local servers. Devices connect through Greengrass, which processes data locally, stores data when cloud connectivity is unavailable, and syncs to the cloud asynchronously. Greengrass also runs Lambda functions and ML models locally for sub-100ms latency processing. **IoT Rules Engine** — Serverless routing layer that transforms and filters messages from devices and sends them to downstream services (S3, Kinesis, Lambda, DynamoDB, SQS, SNS). Rules Engine scales automatically and charges per message processed. **IoT Analytics** — Managed service for IoT-specific analytics, including data channel creation, automatic data storage and retrieval, and SQL-based queries. Use this if your workload is purely analytics without real-time requirements. **IoT Device Defender** — Continuous security monitoring that detects anomalous device behavior, unauthorized API usage, and certificate expirations before they become incidents. **IoT Wireless** — Specialized service for low-power wireless protocols (LoRaWAN, Sidewalk). Use only if your devices operate on these specific protocols; most modern IoT devices use WiFi or cellular. ## Typical IoT Architecture Pattern **Device Layer** → **Edge Gateway (Greengrass)** → **AWS IoT Core** → **Rules Engine** → **Kinesis Streams** → **Analytics/Storage** Devices send sensor data to a local Greengrass gateway via WiFi or Bluetooth. Greengrass validates, batches, and compresses the data. When connectivity to AWS is available, Greengrass syncs data to IoT Core in the cloud. IoT Core routes messages through Rules Engine, which filters/transforms and forwards to Kinesis Streams. Kinesis fans out to Lambda for real-time alerts, Kinesis Analytics for streaming queries, and Kinesis Firehose for batch ingestion to S3. This pattern provides: - **Local resilience** — Edge gateway buffers data if cloud connectivity drops - **Cost efficiency** — Batching and compression reduce cloud transmission costs - **Real-time and batch** — Kinesis enables both real-time processing and historical analysis - **Security** — Device authentication at the edge, encrypted transport to cloud ## Cost Optimization Patterns **Device-side batching.** Do not send one sensor reading per message. Batch 10–100 readings into a single message to reduce connection overhead and message volume costs. Most IoT devices can tolerate 5–30 second batching without losing real-time value. **Greengrass filtering.** Filter noisy sensor data at the edge before sending to the cloud. A temperature sensor that reads every millisecond but only changes values every minute should publish to the cloud once per minute, not 60,000 times. Greengrass Lambda functions can perform this filtering without cloud roundtrips. **Kinesis shard autoscaling.** Size Kinesis for peak traffic, then enable autoscaling to reduce shards during off-peak hours. A manufacturing facility with 1,000 devices sending 1 message per minute needs roughly 1 shard (each shard handles ~1,000 msgs/sec). During off-hours, autoscaling reduces to 0.1 shards, cutting costs by 90%. **IoT Analytics vs S3 + Athena trade-off.** IoT Analytics charges per GB ingested; S3 + Athena charges per GB scanned. For high-volume IoT data (TB+/month), S3 + Athena with Parquet partitioning is typically 50–70% cheaper than IoT Analytics. Use IoT Analytics only for smaller datasets (<10GB/month) where the managed experience justifies the premium. ## Real-World IoT Patterns **Predictive maintenance for manufacturing.** Equipment sensors publish vibration, temperature, and power metrics to Greengrass. Lambda functions running on Greengrass calculate rolling statistics (FFT for vibration analysis) and compare against ML models deployed locally. Alerts for abnormal patterns are sent immediately; raw telemetry is batched and sent to cloud for historical analysis. SageMaker retrains models monthly on cloud data and deploys updated models back to edge devices. **Smart building occupancy and HVAC control.** Motion sensors, temperature, and air quality sensors publish to Greengrass every 30 seconds. Greengrass processes occupancy prediction locally and controls thermostats via local APIs (no cloud roundtrip for real-time HVAC). Aggregated metrics are sent to cloud for historical analysis and tenant dashboards. Cost: ~$200/month for 50 sensors across connection, compute, and storage. **Fleet tracking and route optimization.** Vehicles report GPS coordinates every 60 seconds to a Greengrass gateway (cellular connection). Routes are calculated locally using map data cached on the gateway; no cloud latency. Summary metrics and exception cases (driver behavior anomalies, geofence violations) are sent to cloud. Cloud Dashboard shows historical route efficiency. Real-time operations team sees vehicle positions with <30 second latency. ## When IoT Is Overkill Not every connected device needs AWS IoT. Evaluate whether you need AWS IoT's features: - **Single device or small fleet (<10 devices)?** Use simple HTTP/MQTT client libraries directly. IoT Core adds overhead without benefit. - **Real-time requirements < 5 seconds but devices only connect once per hour?** HTTP API endpoints are sufficient; you do not need persistent MQTT subscriptions. - **No offline resilience needed?** Direct cloud API calls from devices are simpler than Greengrass. - **One consumer of data (no fan-out)?** Direct to application database or Lambda. Rules Engine is overhead without multiplexing benefits. AWS IoT's value emerges at scale: hundreds of devices, multiple consumer systems, offline resilience requirements, and edge processing needs. ## Implementation Checklist - [ ] Device certificates generated and provisioned (use fleet provisioning for automated onboarding) - [ ] MQTT topic hierarchy designed with least-privilege IAM policies - [ ] IoT Rules Engine rules tested for message transformation and routing - [ ] Kinesis stream provisioned with autoscaling enabled - [ ] Greengrass deployed to edge gateway if offline resilience is required - [ ] IoT Device Defender enabled for continuous security monitoring - [ ] Data retention policy set for S3 (lifecycle rules to Glacier for historical data) - [ ] CloudWatch alarms configured for anomalous message volumes or connection drops - [ ] Cost monitoring enabled (AWS Cost Anomaly Detection for IoT-related costs) [Contact us](/contact-us/) if you are building an IoT solution and want expert guidance on architecture, cost optimization, or edge processing patterns. ## FAQ ### What is the difference between AWS IoT Core and AWS IoT Greengrass? AWS IoT Core is the cloud-based control plane — it manages device identity, policies, data routing, and connection lifecycle. AWS IoT Greengrass runs on edge devices to enable local compute and ML inference when connectivity is interrupted. Use IoT Core for centralized management and Greengrass for offline-first scenarios. For most deployments, devices connect through Greengrass locally, which syncs data to IoT Core. ### How much data can AWS IoT Core handle, and what is the typical cost? AWS IoT Core pricing is based on connection-minutes and message volume. A manufacturing facility with 100 devices sending 1 message per minute 24/7 costs roughly $50–80/month. The service handles millions of concurrent connections, but you must account for message batching to keep costs reasonable. Devices publishing 100+ messages per second will incur high costs. ### Should IoT data go to S3 or through Kinesis first? Use Kinesis if you need real-time processing or multiple consumers. Use S3 only for archival with no real-time requirements. Most production deployments use Kinesis as the funnel — it decouples devices, absorbs spikes, and integrates with analytics. Then Kinesis Firehose batches to S3 for long-term storage. ### What are the security implications of connecting thousands of devices to AWS? Each device must authenticate using X.509 certificates, not shared API keys. AWS IoT Core enforces mutual TLS authentication. Use IoT Device Defender for continuous behavior monitoring. For sensitive environments, use VPC endpoints and Greengrass for local processing before cloud ingestion. --- *Source: https://www.factualminds.com/blog/aws-iot-solutions-architecture-guide/*