Skip to content

Commit 1e5492e

Browse files
zayeshaatawsJustin Boswell
zayeshaataws
and
Justin Boswell
authored
Fleetprovisioning (#58)
* Fleet provisioning Co-authored-by: Justin Boswell <[email protected]>
1 parent dd03b69 commit 1e5492e

File tree

3 files changed

+889
-0
lines changed

3 files changed

+889
-0
lines changed

README.md

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -276,6 +276,75 @@ and receive.
276276
</pre>
277277
</details>
278278

279+
## fleet provisioning
280+
281+
This sample uses the AWS IoT
282+
[Fleet provisioning](https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html)
283+
to provision devices using either a CSR or KeysAndcertificate and subsequently calls RegisterThing.
284+
285+
On startup, the script subscribes to topics based on the request type of either CSR or Keys topics,
286+
publishes the request to corresponding topic and calls RegisterThing.
287+
288+
Source: `samples/fleetprovisioning.py`
289+
290+
Run the sample using createKeysAndCertificate:
291+
```
292+
python fleetprovisioning.py --endpoint <endpoint> --root-ca <file> --cert <file> --key <file> --thing-name <name> --templateName <name> --templateParameters <parameters>
293+
```
294+
295+
Run the sample using createCertificateFromCsr:
296+
```
297+
python fleetprovisioning.py --endpoint <endpoint> --root-ca <file> --cert <file> --key <file> --thing-name <name> --templateName <name> --templateParameters <parameters> --csr <csr file>
298+
```
299+
300+
Your Thing's
301+
[Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html)
302+
must provide privileges for this sample to connect, subscribe, publish,
303+
and receive.
304+
305+
<details>
306+
<summary>(see sample policy)</summary>
307+
<pre>
308+
{
309+
"Version": "2012-10-17",
310+
"Statement": [
311+
{
312+
"Effect": "Allow",
313+
"Action": [
314+
"iot:Publish"
315+
],
316+
"Resource": [
317+
"arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create/json",
318+
"arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create-from-csr/json",
319+
"arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/provisioning-templates/<b>templatename<b>/provision/json"
320+
]
321+
},
322+
{
323+
"Effect": "Allow",
324+
"Action": [
325+
"iot:Receive",
326+
"iot:Subscribe"
327+
],
328+
"Resource": [
329+
"arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create/json/accepted",
330+
"arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create/json/rejected",
331+
"arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create-from-csr/json/accepted",
332+
"arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/certificates/create-from-csr/json/rejected",
333+
"arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/provisioning-templates/<b>templatename<b>/provision/json/accepted",
334+
"arn:aws:iot:<b>region</b>:<b>account</b>:topic/$aws/provisioning-templates/<b>templatename<b>/provision/json/rejected"
335+
]
336+
},
337+
{
338+
"Effect": "Allow",
339+
"Action": "iot:Connect",
340+
"Resource": "arn:aws:iot:<b>region</b>:<b>account</b>:client/samples-client-id"
341+
}
342+
]
343+
}
344+
</pre>
345+
</details>
346+
347+
279348
## basic discovery
280349

281350
This sample intended for use directly with the

0 commit comments

Comments
 (0)