As Internet of Things (IoT) devices become increasingly pervasive in the home, device owners often find the need to grant fine-grained access to multiple users. AWS IoT Core enables developers to build applications with fine-grained access control across mobile apps, web apps, and devices. For example, IoT enables personalized experiences in smart spaces and hotels, where smart devices can adjust lighting, temperature, and entertainment based on user preferences, while allowing guests to control their environment via mobile apps without admin access. In this blog post, AWS customer CHEF iQ tells their story and how they evolved the architecture of the CHEF iQ Appliance Sharing feature to provide a high-quality end user experience.
The Challenge
CHEF iQ’s Appliance Sharing feature enables The CHEF iQ App to interact seamlessly with shared smart kitchen appliances. This allows users to access and control shared devices while 
maintaining personalized experiences on their individual smart phones. The challenge began during the 2023 holiday season when daily active users spiked from an average of tens of thousands to hundreds of thousands. As the CHEF iQ platform gained popularity, the company realized the initial system architecture wasn’t designed for multiple users sharing the same device and needed to evolve to meet the demands of sustained usage as well as during peaks.
CHEF iQ needed a secure and scalable solution that allowed multiple users to access shared kitchen appliances without sacrificing personalization or performance. The system needed to:
- Enable secure device access through mobile apps
- Support multiple users sharing the same device
- Maintain individual preferences and settings
- Scale smoothly as the CHEF iQ user base grows
Designing a Scalable Solution
Recognizing the need for a robust, scalable architecture, CHEF iQ collaborated closely with their AWS account and solutions architect teams. The team focused on leveraging AWS IoT Core and Amazon Cognito to create a system that could handle the growing user base while maintaining the personalized experience CHEF iQ users love.
“Leveraging AWS IoT services, particularly AWS IoT Core and Amazon Cognito, allowed us to focus on developing our innovative solution rather than building complex services for deploying and maintaining software on edge devices with intermittent connectivity,” says Mihir Patel, VP of Architecture and Infrastructure at CHEF iQ. “We also benefit from AWS’s built-in security and scalability features, which are critical when working with sensitive user data in a home environment.”
The New CHEF iQ Architecture
Figure 1- CHEF iQ Architecture on AWS
The revamped CHEF iQ platform centers around a device sharing mechanism that leverages AWS IoT Core policies and Amazon Cognito Identity Pools. This new architecture enables seamless, secure multi-user access to shared kitchen appliances while maintaining individual user preferences and settings.
Key components of the solution include:
- AWS IoT Core: Manages device connectivity, enables secure communication between appliances and the cloud, and stores device state information. It also handles the processing of device data and enforces access control policies.
- Amazon Cognito and Amazon Cognito Identity Pools: Handles user authentication and authorization, allowing for fine-grained access control. It stores user identities and their associations with devices, which are crucial for the device sharing feature.
- AWS Lambda: Processes device data and user requests in a scalable, serverless environment.
- AWS AppSync: Enables real-time data synchronization between devices and mobile apps.
AWS IoT Core, Amazon Cognito, and AWS AppSync synergize to manage device connectivity, user identities, and real-time updates, enabling efficient device sharing and a seamless multi-user experience.
By focusing on these core services, CHEF iQ maintains a scalable, serverless architecture that directly addresses the challenges of secure device sharing and multi-user access in an IoT environment.
Implementing Secure Device Sharing
CHEF iQ’s new solution centers on innovative device sharing approach. When a user activates an appliance, it’s registered in the AWS IoT Core registry with a unique ID and then securely linked to the owner’s identity via Amazon Cognito. To share access, CHEF iQ’s backend updates the recipient’s profile with the necessary device information. Upon the recipient’s next login or auto refresh using real-time sync using AppSync, these updates grant them access to the shared appliance.
Fine-Grained Access Control
CHEF iQ utilizes AWS IoT Core policies to manage device access with precision. These policies define what actions users can perform on specific smart kitchen appliances. For owned devices, users have full control. For shared devices, access is carefully restricted based on the permissions granted by the owner.
The following tables illustrate the access control implemented by CHEF iQ:
Smart Kitchen Appliance Access Control Matrix:
| Appliance | Owner Access | Family Member Access | Guest Access |
|---|---|---|---|
| iQ MiniOven | Full control | Adjust settings, view status | View status only |
| iQ Sense | Full control | Full control | No access |
| iQ Cooker | Full control | Start/stop, view status | No access |
IoT policy actions for appliance owners:
| Action | Resource Pattern | Description |
|---|---|---|
| iot:Connect | client/${cognito-identity.amazonaws.com:sub}/* | Allows connection to all owned appliances |
| iot:Subscribe | topicfilter/appliances/${cognito-identity.amazonaws.com:sub}/* | Enables monitoring of all owned appliances |
| iot:Publish | topic/appliances/${cognito-identity.amazonaws.com:sub}/* | Permits control of all owned appliances |
IoT policy actions for shared users:
| Action | Resource Pattern | Description |
|---|---|---|
| iot:Subscribe | topicfilter/appliances/${aws:PrincipalTag/SharedApplianceId}/* | Enables monitoring of shared appliances |
| iot:Publish | topic/appliances/${aws:PrincipalTag/SharedApplianceId}/user/${cognito-identity.amazonaws.com:sub}/* | Permits limited control of shared appliances |
These policies use AWS IoT Core policy variables and Amazon Cognito Identity Pool attributes to achieve fine-grained access control. This approach allows CHEF iQ to manage access flexibly and securely, ensuring that users can only perform authorized actions on specific appliances. For more information on policy variables, see the AWS IoT Core policy variables documentation.
Impact and Results
The implementation of the new architecture has had a significant impact on CHEF iQ’s business and user experience. CHEF IQ reports the following:
- 40% increase in engagement among multi-user households
- 25% decrease in customer support tickets related to device access issues
- 30% growth in daily active users
- 4.8/5 user satisfaction rating for the Appliance Sharing feature
“These numbers validate our approach,” says René Midouin, CTO of Chefman. “We’re not just solving technical problems; we’re enhancing the cooking experience for our users in meaningful ways.”
Ensuring Security and Privacy
Security and privacy were paramount in CHEF iQ’s implementation. The team utilized AWS IoT Core’s security features, including:
- Device authentication using X.509 certificates
- Data encryption in transit using TLS 1.2
- Fine-grained access control with IoT Core policies
For more information on AWS IoT Core security best practices, see the AWS IoT security best practices guide.
Looking to the Future
With a scalable, secure foundation in place, CHEF iQ is now exploring exciting new possibilities:
- AI-powered recipe optimization: Leveraging Amazon Personalize for personalized recipe suggestions based on user preferences and cooking habits.
- Cross-device cooking experiences: Implementing AWS IoT Events to enable seamless coordination between multiple smart appliances for complex meal preparation.
These innovations will utilize AWS IoT Core’s rules engine to route device data to the appropriate AWS services for processing and analysis. For more on IoT rules, see the AWS IoT rules documentation.
Conclusion
AWS services enable CHEF iQ to offer personalized, secure, and scalable smart kitchen solutions, highlighting the importance of fine-grained access control, identity management integration, real-time data sync, and serverless architecture for IoT device sharing across industries.
“Our journey with AWS has not only solved our immediate scalability challenges but has also opened up a world of possibilities for innovation in the smart kitchen space,” Midouin concludes. “We’re excited to continue pushing the boundaries of what’s possible in connected cooking, making our customers’ lives easier and more enjoyable, one smart appliance at a time.”
For developers and companies looking to implement similar IoT solutions, AWS provides comprehensive resources and documentation. Start with the AWS IoT Developer guide to explore the full capabilities of AWS IoT services and how they can be applied to your specific use case.
About the authors
Brian McCallion
At AWS, Brian McCallion works with customers to apply advanced
technologies across the industries. Brian enjoys fresh and salt water fishing, scuba diving, and in general, being on, in, or near large and small bodies of water.
Charles Wocmeni
Charles is an IoT Specialist Solutions Architect in AWS Worldwide
Specialist Organization, focused on Smart Home customers willing to build the best IoT solutions possible. Outside of Technology, Charles enjoys traveling, reading about History, Cultures around the world and listening to Cameroonian Music in particular.
Steve Krems
Steve Krems is a Specialist Solution Architect for IoT at Amazon Web Services (AWS). Prior to this role, Steve spent 18 years in the semiconductor industry in Information Technology management roles with a focus on cloud migration and modernization.
Sara Torchio
At AWS, Sara Torchio enables customers to achieve their business goals.
Sara enjoys traveling to new countries, skiing and finding the best new restaurants around NYC.
Mihir Patel
Mihir Patel is a technology leader passionate about combining business,
technology, and innovation to craft digital-first solutions that make a meaningful impact on people’s lives. At Chefman, he applies his expertise in software engineering, cloud infrastructure, and operations to design, build, and optimize systems, mentoring teams to deliver a connected kitchen appliance ecosystem that delights customers and empowers them to cook smarter, not harder.
René Midouin
As the CTO of Chefman, Rene leads the company’s technology strategy to
create innovative products that redefine the kitchen of the future. A creative thinker and strategic leader, he fosters a culture of innovation and teamwork. Outside of work, Rene enjoys writing poems, spending quiet time with his family in the woods, and have a deep passion for painting, sculptures, and exploring the intersection of technology, humanity, and fine arts.
