AWS IoT Core provides
certificates for your
things. When you delete an AWS IoT thing, the certificate attached to it will be available. If the
policy attached to that certificate doesn't rely on the Thing's existance, which is not so uncommon, bad things can happen. Unused certificates are always dangerous.
This gist scans your all certificates and calls their principals (attached certificates). If there is no principal for a certificate, first makes it
INACTIVE, then deletes it. I'm going to use this a lot on dev accounts.