Can we use same AWS IOT device certificate for two AWS regions?

Question

I have tried to use same AWS IOT certificate in two AWS Regions (Stockholm & London).But device could connect only to the region which the certificate has created (Stockholm).

Can we use the same AWS IOT device certificate for two AWS regions (belongs to single account)?

Steps :

• Create a IOT device certificate in Stockholm region
• Download certificate (in Stockholm region )
• Import the downloaded certificate to London region

This Old thread(2016) says that transferring certificate to different region not allowed.But not sure are there any way to do that now.

Answer 1

I think the issue is that the CA of the certificate is registered in the specific region. The documentation (section "Using X.509 client certificates in multiple AWS accounts with multi-account registration") indicates that you should not register the CA if you want to use the same certificate in different accounts/regions.

To use multi-account registration

• Do not register the CA that signed the device certificates with AWS IoT.
• Register the device certificates without a CA. See Register a client certificate without a registered CA (CLI).
• Use the correct host_name in the SNI extension to TLS when the device connects to AWS IoT. See Transport security in AWS IoT.