Logo
AWS Certified Solutions Architect - Professional / Question #602 of 529

Question #602

A company is deploying an IoT fleet management system on AWS. Each vehicle-mounted device must transmit and receive real-time telemetry data using the MQTT protocol while authenticating via unique X.509 certificates. The solution must ensure secure communication with minimal administrative effort.

Which architecture best satisfies these requirements?

A

Deploy Amazon MQ with ActiveMQ. Create a dedicated message queue for each device, generate X.509 certificates per device, and configure devices to connect to Amazon MQ brokers.
B

Launch an Application Load Balancer (ALB) with TLS listener. Implement a custom certificate validation Lambda function. Deploy MQTT brokers on EC2 instances behind the ALB in an Auto Scaling group. Attach device certificates during ALB authentication.
C

Implement AWS IoT Core. Register each device as an AWS IoT thing with a unique X.509 certificate. Establish MQTT communication between devices and AWS IoT Core endpoints.
D

Configure Amazon API Gateway WebSocket API with mutual TLS authentication. Integrate with a backend service running MQTT brokers on ECS Fargate containers behind a Network Load Balancer. Manage device certificates through API Gateway.

Explanation

Answer C is correct because AWS IoT Core is purpose-built for IoT scenarios requiring MQTT-based communication with X.509 certificate authentication. It simplifies device management by allowing registration of each device as an 'IoT thing' with unique certificates, handles certificate rotation/revocation, and provides secure endpoints for MQTT communication. Other options are incorrect because:
- A: Amazon MQ requires manual queue/certificate management, increasing administrative overhead.
- B: ALB does not natively support MQTT (HTTP-based), and EC2-based brokers add operational complexity.
- D: API Gateway WebSocket API is not optimized for MQTT, and backend MQTT brokers on ECS Fargate introduce unnecessary complexity.
Key points: AWS IoT Core natively supports MQTT, X.509 authentication, and reduces operational effort via serverless architecture.

Answer

The correct answer is: C