AWS IoT Provision by claim
AWS provides several different ways to provision a device and install unique certificates on it. This library implements Provision by Claim process. You should read this page from the official aws documentation about this process before going any further.
Ensure you that you setup the following on your AWS account before using this library.
- A policy for the claim certificate
- Claim certificates with its policy attached
- A fleet policy, and
- Provisioning template
While setting up on AWS Side, you would have downloaded the claim certificate files:
- AWS Root CA certificate.
- Claim certificate.
- Claim Private key.
If you haven't set it up yet, then read the "AWS Side" setup from one of our blogpost on this topic here and set it up.
We already have an example project in the aws-iot-examples directory for your reference.
Device side setup
After setting up on AWS Side you should now use our library and let it handle the provsioning by claim process.
1. Initialize the system configuration
You should use claim certificate method of provisioning. You will have to initialize the System configuration and AWS configuration by configuring the following information in the variable of type systemInitConfig_st.
- Your WiFi SSID and Password.
- Your AWS IoT endpoint as hostname, and Port number as 8883.
Note: You can find your AWS IoT end-point from the AWS IoT Dashboard > Settings using the navigation menu.
- Your Provisioning Template name.
- Your Claim Certificates.
- Inside the
_Certificates/claimCerts folder, copy the thing certificate files. Rename the files respectively as follows.
- Rename the AWS Root CA file as
aws-root-ca.pem
- Rename the Claim certificate file as
claim-certificate.pem
- Rename the Claim private key file as
claim-private.pem.key
Here is the sample code for systemInitConfig_st configuration:
extern const uint8_t aws_root_ca_pem_start[] asm("_binary_aws_root_ca_pem_start");
extern const uint8_t claim_certificate_pem_crt_start[] asm("_binary_claim_certificate_pem_crt_start");
extern const uint8_t claim_private_pem_key_start[] asm("_binary_claim_private_pem_key_start");
{
switch (eventId)
{
print_info("EVENT_AWS_CONNECTED");
break;
print_info("EVENT_AWS_DISCONNECTED");
break;
}
}
.pDeviceNamePrefixStr = DEVICE_NAME_PREFIX,
.systemEventCallBack = app_eventsCallBackHandler,
.pWifiSsidStr = <your wifi ssid>,
.pWifiPwdStr = <your wifi password>,
.s_awsConfig = {
.pHostNameStr = <your aws iot endpoint>,
.port_u16 = 8883,
.pClaimTemplateStr = <your provisioning template name>,
.pRootCaStr = (char *)aws_root_ca_pem_start,
.pCaimCertStr = (char *)claim_certificate_pem_crt_start,
.pClaimPrivateKeyStr = (char *)claim_private_pem_key_start
}
};
systemEvents_et
Definition: lib_system.h:46
@ EVENT_AWS_DISCONNECTED
Definition: lib_system.h:50
@ EVENT_AWS_CONNECTED
Definition: lib_system.h:49
System configuration structure. The application should define the system configuration variable and c...
Definition: lib_system.h:72
2. Connect to AWS
Using the above configuration initialize the system and connect to AWS.
bool SYSTEM_init(systemInitConfig_st *s_pConfig)
Initiliaze the system with given configuration.
3. Check if device is provisioned
After initializing the system the device connects to AWS. If the device is not provisioned it will send the request to generate the thing certificates, downloads and saves it to its internal flash memory.
void app_main()
{
if (initSuccess)
{
SYSTEM_start();
}
while(1)
{
{
printf("Device is already provisioned");
}
else
{
printf("Device is not provisioned");
}
vTaskDelay(1000 / portTICK_RATE_MS);
}
}
bool FLASH_isDeviceRegistered()
Check if the device is registered with AWS IoT.
4. Flash the application
Erase the entire chip and then flash the application
# erase entire chip
idf.py erase_flash -p <your serial port>
# build and flash the application
idf.py flash monitor -p <your serial port>
Note: Don't erase the entire chip when your device is already provisioned or has claim certificates installed.
1.9.2