What is Cloud IoT Core?

Cloud IoT Core is a fully managed service that allows you to easily and securely connect, manage, and ingest data from millions of globally dispersed devices. Cloud IoT Core, in combination with other services on Google Cloud IoT platform, provides a complete solution for collecting, processing, analyzing, and visualizing IoT data in real time to support improved operational efficiency.

Secure device connection and management



Cloud IoT Core Components

Cloud IOT Core has two main components :

  • Device Manager
  • Protocol Bridge


The device manager helps to configure individual devices and manage them securely in a coarse-grained way. These devices can be managed through a console or programmatically. The device manager establishes the identity of a device, and provides the mechanism for authenticating a device when connecting. It also maintains a logical configuration of each device and can be used to remotely control the device from the cloud.           


The protocol bridge provides connection endpoints for protocols with automatic load balancing for all device connections. The protocol bridge has native support for secure connection over industry standard protocols such as MQTT and HTTP. The protocol bridge publishes all device telemetry to Cloud Pub/Sub, which can then be consumed by downstream analytic systems.           


  • End-to-end security :  Provides end-to-end security using asymmetric key authentication over TLS 1.2; CA signed certificates can be used to verify device ownership. Devices running Android Things or supporting the Cloud IoT Core security requirements can deliver full-stack security.    


  • Single global system : Connect all devices and gateways to Google Cloud over standard protocols, such as MQTT and HTTP, through the protocol endpoints and manage all your devices as a single global system. The service uses Cloud Pub/Sub underneath, which retains data for 7 days.


  • Out-of-box data insights : Use downstream analytic systems by integrating with Google Big Data Analytics and ML services such as Dataflow, BigQuery, Bigtable, ML, Data Studio, or partner BI tools.     


  • Fully managed and scalable : The service is serverless and doesn’t require any upfront software installation. It scales instantly without limits using horizontal scaling of Google Cloud Platform.


  • Role-level access control : Apply IAM roles to device registries to control user access to devices and data.


  • Device deployment at scale : Use REST APIs to automatically manage the registration, deployment, and operation of devices at scale. Also, use the APIs to retrieve and update device properties and state even when the devices are not connected.

Configuring Devices

With Cloud IoT Core, you can control a device by modifying its configuration. A device configuration is an arbitrary, user-defined blob of data. After a configuration has been applied to a device, the device can report its state to Cloud IoT Core.

Device configuration works differently in the MQTT and HTTP bridges. See below for details.

For more information, see Devices, Configuration, and State.

Google IoT Core Pricing

Cloud IoT Core is priced per MB of data exchanged by IoT devices with the service after a 250MB free tier. For details, please see the pricing guide.

Cloud IoT core price

Before starting, it is advisable to go through Google IoT Core Overview.

How to Quick Start?

  • In the Cloud Platform Console, go to the Manage resources page and select or create a new project.
  • Enable billing for your project.
  • Enable the Cloud IoT Core and Cloud Pub/Sub APIs.


You can also use Google Cloud Shell, which comes with Cloud SDK and Node.js already installed.

Create a device registry

  1. Go to the Google Cloud IoT Core page in GCP Console.
  2. Click Create device registry.
  3. Enter a registry ID for the Registry ID. For example – first-registry.
  4. Select us-central1 for the Cloud region.
  5. Select MQTT for the Protocol.
  6. In the Telemetry topic dropdown list, select Create a topic.
  7. In the Create a topic dialog, enter my-device-events in the Name field.
  8. Click Create in the Create a topic dialog.
  9. The Device state topic and Certificate value fields are optional, so leave them blank.
  10. Click Create on the Cloud IoT Core page.
  11. Click Continue in the Grant permission to service account dialog.

So, you are now ready with a device registry for publishing device telemetry events.

Now, let us add a device to the recently created device registry.

Add a device to the registry

  1. On the Registry Details page, click Add device.
  2. Enter first-device for the Device ID.
  3. Select Allow for Device communication.
  4. The Authentication section is optional, so leave its fields blank or use the default values. The Device metadata field is also optional, so leave it blank.
  5. Click Add.

Great ! You have added a device to your device registry.

Add a public key to the device

1. Open a terminal window and run the following command to create an RS256 key:

openssl req -x509 -newkey rsa:2048 -keyout rsa_private.pem -nodes \
   -out rsa_cert.pem -subj “/CN=unused”

2. Copy the contents of rsa_cert.pem to the clipboard. Please make sure to include the lines that say —–BEGIN CERTIFICATE—– and—–END CERTIFICATE—–.

3. On the Device details page for the device you created in the preceding section, click Add public key.

4. Select RS256_X509 for the Public key format.

5. Paste your public key in the Public key value box.

6. Click Add.

Here, we will use a Google IoT Core sample using Node.js to connect a virtual device and view the telemetry data.

Connect a virtual device and view telemetry

  • Clone the full Node.js repository. You can look into iot directory for Cloud IoT Core samples.
  • In your cloned repository, navigate to the iot/mqtt_example directory. You’ll complete the rest of these steps in this directory.
  • Copy the private key you created in the previous section (rsa_private.pem) to the current directory (iot/mqtt_example).
  • Install the Node.js dependencies using the following command:

npm install

  • Now, let us create a subscription to the registry’s Pub/Sub topic. Run the following command substituting your project ID:

gcloud beta pubsub subscriptions create \
   projects/PROJECT_ID/subscriptions/first-subscription \

  • To connect a virtual device using the MQTT bridge, navigate to the directory where cloudiot_mqtt_example_nodejs.js is contained and run the following command substituting your project ID:

node cloudiot_mqtt_example_nodejs.js \
   –project_id=PROJECT_ID \
   –registry_id=first-registry \
   –device_id=first-device \
   –private_key_file=rsa_private.pem \
   –num_messages=5 \

The output shows that the sample device is publishing messages to the telemetry topic. Five messages are published as num_messages = 5.

  • Run the following command to read the messages published to the telemetry topic, substituting your project ID:

gcloud beta pubsub subscriptions pull –auto-ack \

You can see message details will be displayed after running the above command.

  • Repeat the subscriptions pull command to view additional messages.





Want to work with us? We're hiring!