I am using AWS IoT. I want to throttle the connections and messages from a particular device. ( mainly to prevent costs )
Is there any way to achieve this?
AWS IoT device defender can be used for addressing security vulnerabilities, detect anamolies, etc.
But I wan to set up some threshold ( e.g. 100 messages per day), after which the messages from the same device should be rejected.
Configuring the behavior(rule) and threshold for AWS IoT Device Defender metrics generated by IoT devices is feasible. This shall help in invocation of appropriate action once the violation occurs. Behaviors(rules) convey the AWS IoT Device Defender on the normal device behavior using which it shall recognize when a device is doing something abnormal. A behavior is generally defined using a metric.
The below link can be a good starting point https://aws.amazon.com/blogs/iot/use-aws-iot-device-defender-to-detect-statistical-anomalies-and-to-visualize-your-device-security-metrics/
AWS IoT Device Defender can detect abnormal device behavior and take actions. The below link configures two behaviors which can be modified for your requirement. First behavior - “msgReceive”, verifies that every five minutes the number of messages received from the device is less than 100. Second behavior - “bytesOut”, verifies that every five minutes the number of bytes sent out by the device is less than 10,000 (approximately 10 K). https://aws.amazon.com/blogs/iot/detect-anomalies-connected-devices/?nc1=b_rp
Once detection and alerting is done, mitigation is feasible using AWS IoT Device Defender that helps in investigation of issues by providing contextual and historical information about the device such as device metadata, device statistics, and historical alerts for the device. You can also use AWS IoT Device Management tools to perform mitigation steps such as revoking permissions, rebooting a device, resetting factory defaults, or pushing security fixes.
With Rules engine, the AWS IoT rules are analyzed and actions are performed based on the MQTT topic stream a message is received on. The Rules Engine enables evaluation of inbound messages published into AWS IoT Core and transforms and delivers them to another device or a cloud service(AWS services like Lambda, S3, Kinesis, SQS, SNS and 3rd party external endpoints via lambda and SNS), based on business rules you define to process and transform data. This is the place where decisions can be made about a device’s messages (for example, message filtering, routing messages to other services, route messages to AWS endpoints and even a direct processing of messages). In this case, you may need to have Rules engine that blocks(message filtering) the device based on device id & threshold using your application of interest. So, here the rule can trigger a Lambda function that will compare the threshold value with the collected data and act upon accordingly like push notification to mobile as intimation to user via SNS service and rejecting the device.
You can author rules within the management console or write rules using a SQL-like syntax. Rules can also trigger the execution of your Java, Node.js or Python code in AWS Lambda, giving you maximum flexibility and power to process device data. The below link has related information on AWS IoT Rules https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html
