I do have a question about the best practice for AWS IoT devices, should I create a certificate per device or should I use one certificate for multiple devices or per device type?
I'm trying to find the best practice but I still not getting any information about it.
Each device should have its own unique certificate. Certificates should be used as a form of unique identity for a device.
While you can setup AWS IoT policy based on the client id, that should not be used to uniquely identify a device. Since the client id can potentially be changed through reversed engineering and changed to be whatever device it wanted to be. While adding the unique certificate does not prevent tampering with the client id, it does give you the ability to block that single device from connecting.