Amazon IoT Device Defender

AWS IoT Device Defender is a security service that lets you continuously audit your IoT configurations to detect deviations from security best practices. It also lets you detect abnormal device behavior through ML-based anomaly detection and take actions to mitigate security risks.

1 APIs 4 Features

ComplianceIoTSecurityVulnerability Management

APIs

AWS IoT Device Defender API

The AWS IoT Device Defender API provides programmatic access to security profiles, audit configurations, anomaly detection, and violation management for IoT fleet security.

Features

Configuration Audit

Continuously audit IoT configurations against security best practices.

ML Anomaly Detection

Detect abnormal device behavior using machine learning models.

Security Profiles

Define expected behaviors for device metrics and receive alerts on violations.

Automated Mitigation

Automatically take actions to mitigate security violations.

Use Cases

IoT Compliance

Ensure IoT deployments meet security compliance requirements.

Threat Detection

Detect compromised devices exhibiting abnormal communication patterns.

Security Auditing

Audit IoT policies and certificates against security best practices.

Integrations

AWS IoT Core

Monitors all IoT Core device connections and policies.

Amazon CloudWatch

Sends security metrics and alerts to CloudWatch.

AWS Security Hub

Publishes IoT security findings to Security Hub.

Semantic Vocabularies

Amazon Iot Device Defender Context

102 classes · 266 properties

JSON-LD

API Governance Rules

Amazon IoT Device Defender API Rules

14 rules · 8 errors 5 warnings 1 info

SPECTRAL

Resources

Documentation

TermsOfService

PrivacyPolicy

GitHubOrganization

GitHubOrganization

SpectralRules

Sources

aid: amazon-iot-device-defender
name: Amazon IoT Device Defender
description: AWS IoT Device Defender is a security service that lets you continuously audit your IoT configurations to detect
  deviations from security best practices. It also lets you detect abnormal device behavior through ML-based anomaly detection
  and take actions to mitigate security risks.
type: Index
image: https://kinlane-productions.s3.amazonaws.com/apis-json/apis-json-logo.jpg
tags:
- AWS
- Compliance
- IoT
- Security
- Vulnerability Management
url: https://raw.githubusercontent.com/api-evangelist/amazon-iot-device-defender/refs/heads/main/apis.yml
created: '2026-03-16'
modified: '2026-05-19'
specificationVersion: '0.19'
apis:
- aid: amazon-iot-device-defender:aws-iot-defender-api
  name: AWS IoT Device Defender API
  description: The AWS IoT Device Defender API provides programmatic access to security profiles, audit configurations, anomaly
    detection, and violation management for IoT fleet security.
  humanURL: https://aws.amazon.com/iot-device-defender/
  baseURL: https://iot.amazonaws.com
  tags:
  - Compliance
  - IoT
  - Security
  properties:
  - type: Documentation
    url: https://docs.aws.amazon.com/iot/latest/developerguide/device-defender.html
  - type: OpenAPI
    url: openapi/amazon-iot-device-defender-openapi-original.yml
  - type: GettingStarted
    url: https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-getting-started.html
  - type: Pricing
    url: https://aws.amazon.com/iot-device-defender/pricing/
  - type: FAQ
    url: https://aws.amazon.com/iot-device-defender/faqs/
  - type: NaftikoCapability
    url: capabilities/amazon-iot-device-defender.yaml
common:
- type: Portal
  url: https://aws.amazon.com/iot-device-defender/
- type: Website
  url: https://aws.amazon.com/iot-device-defender/
- type: Documentation
  url: https://docs.aws.amazon.com/iot/latest/developerguide/device-defender.html
- type: TermsOfService
  url: https://aws.amazon.com/service-terms/
- type: PrivacyPolicy
  url: https://aws.amazon.com/privacy/
- type: Support
  url: https://aws.amazon.com/premiumsupport/
- type: Blog
  url: https://aws.amazon.com/blogs/iot/tag/aws-iot-device-defender/
- type: GitHubOrganization
  url: https://github.com/aws
- type: Console
  url: https://console.aws.amazon.com/iot/home#/devicedefender
- type: SignUp
  url: https://portal.aws.amazon.com/billing/signup
- type: Login
  url: https://signin.aws.amazon.com/
- type: StatusPage
  url: https://health.aws.amazon.com/health/status
- type: Contact
  url: https://aws.amazon.com/contact-us/
- type: SpectralRules
  url: rules/amazon-iot-device-defender-spectral-rules.yml
- type: Vocabulary
  url: vocabulary/amazon-iot-device-defender-vocabulary.yaml
- type: JSONLD
  url: json-ld/amazon-iot-device-defender-context.jsonld
- type: Features
  data:
  - name: Configuration Audit
    description: Continuously audit IoT configurations against security best practices.
  - name: ML Anomaly Detection
    description: Detect abnormal device behavior using machine learning models.
  - name: Security Profiles
    description: Define expected behaviors for device metrics and receive alerts on violations.
  - name: Automated Mitigation
    description: Automatically take actions to mitigate security violations.
- type: UseCases
  data:
  - name: IoT Compliance
    description: Ensure IoT deployments meet security compliance requirements.
  - name: Threat Detection
    description: Detect compromised devices exhibiting abnormal communication patterns.
  - name: Security Auditing
    description: Audit IoT policies and certificates against security best practices.
- type: Integrations
  data:
  - name: AWS IoT Core
    description: Monitors all IoT Core device connections and policies.
  - name: Amazon CloudWatch
    description: Sends security metrics and alerts to CloudWatch.
  - name: AWS Security Hub
    description: Publishes IoT security findings to Security Hub.
maintainers:
- FN: Kin Lane
  email: [email protected]