Does using a custom authorizer with aws-iot (wss) create a new device everytime a device connects and sends data?

Question

Considering there are a bunch of mobile devices (Android and iOS) that need to be sending data to AWS-IoT via MQTT custom authorizer to check for valid token based on business logic is to be implemented.

Referring to IoT Apps with AWS IoT and Websockets, slide 56/60 shows the registration process where a lambda is used to create and attach a policy.

Does this indicate that the lambda will create a new AWS-IoT device and attach the policy to that device? Which results in creating a new AWS-IoT device everytime a new user signs up?

Answer 1

To expand on user2967920's answer:

1. You do not need to create devices when using AWS IoT Core. AWS Amplify PubSub actually uses IoT as a general-purpose MQTT broker. No devices will be created by using a custom authorizer*.
2. The policy returned by your custom authorizer is not persisted. Think of it as a dynamic, ad-hoc policy created for a specific connection.

For an example of using AWS IoT on Android and iOS, check out the documentation of AWS Amplify PubSub (which uses AWS IoT Core internally). On iOS:

iotDataManager.connectUsingWebSocket(withClientId: uuid,
                                     cleanSession: true,
                                     customAuthorizerName: "<name-of-the-custom-authorizer>",
                                     tokenKeyName: "<key-name-for-the-token>",
                                     tokenValue: "<token>",
                                     tokenSignature: "<signature-of-the-token>",
                                     statusCallback: mqttEventCallback)

*Obviously you can create devices in the lambda function if you choose to, just like you can use any other AWS API.