Secure Provisioning at Scale

Client:

AWS IoT - Certificate Provider

 
 

Impact

Simplified onboarding: Customers could now set up secure, automated certificate provisioning in minutes instead of writing custom code.

Reduced risk: Clear warnings, test mode, and rollback options prevented account-wide misconfigurations.

Improved security ownership: Organizations could use their own Certificate Authority (CA) while maintaining AWS integration — meeting compliance requirements for regulated industries.

 

Overview

When IoT devices first connect to the cloud, they need a unique digital certificate to prove who they are — like a passport for machines. Traditionally, these certificates were generated manually, creating bottlenecks and security risks during large-scale manufacturing.

To solve this, I helped design the AWS IoT Certificate Provider, a mechanism that allows companies to securely issue their own device certificates directly through AWS, without manual steps. This gave security teams full control over their cryptography while keeping factory provisioning fast and reliable.

 

Challenge

Customers manufacturing thousands of connected devices needed a way to automatically assign certificates the moment a device first powers on.

However, existing workflows were:

  • Manual and error-prone — teams had to upload certificates by hand or build custom scripts.

  • Hard to govern — certificates were often issued from multiple systems, with inconsistent policies or expirations.

  • Risky to deploy — enabling a custom certificate provider affects every certificate request in the account, so a mistake could block all devices from connecting.

My goal was to create a safe, guided experience that made it easy to adopt self-managed security without breaking existing production systems.

 

Approach

I partnered with security engineers, IoT architects, and developer advocates to design an experience that balanced power with protection.

Structured a living project board that connected UX research, API design notes, and decision logs to maintain clarity amid constant scope changes.

  • Clarified the mental model
    We built a setup flow that explains: “By enabling self-managed signing, you are replacing AWS’s default certificate signing for all devices in this account.” It also surfaces the limitation that only one certificate provider can exist per account.

Visualized how Certificate Provider interacts across AWS services to uncover dependencies and potential points of failure.

Mapped the end-to-end certificate provisioning flow, integrating API behaviors and system constraints to align technical logic with user experience.

  • Guided setup with safety rails
    The wizard walks users through selecting or creating a Lambda function, linking it to their Certificate Authority (either AWS Private CA or an external CA), and highlighting key constraints such as the 5-second execution limit and Region/account restrictions. It also provides an IAM policy snippet so AWS IoT can invoke the Lambda securely, avoiding confused-deputy issues.

  •  

  • Built-in validation (dry run)
    Before committing to the change, users can submit a sample Certificate Signing Request (CSR) to test the provider. This allows them to confirm that the returned certificate is valid without impacting live devices.

  •  

  • Visual feedback and rollback support
    Once enabled, the console displays a clear banner indicating that a custom certificate provider is active and offers a one-click delete option to revert back to AWS-managed signing if needed.

Role
Product Designer
Feature Launch
December 2023
Team
1 PM · 2 Engineers · 1 Tech Writer