5.42. Ease of Use configuration - AWS IoT Console

5.42.1. Pre-requisites

  • AWS IoT Console Account

  • Active Multi-Account Registration feature for your account. For more information, refer to Multi-Account Registration

  • AWS CLI Setup on your machine

  • pySSSCLI Tool

5.42.2. Extracting Device Certificate

Using pySSSCLI Tool, read out the device certificate. Refer to Trust provisioned KeyIDs for keyIDs of trust provisioned keys and certificates.

Note

If you wish to use an embedded microcontroller, flash the VCOM binary on your board first. VCOM binaries are available in binaries directory.

Extract the device certificate as:

ssscli connect se05x <conn-type> <port>
ssscli get cert <certificate-keyId> <certificate-filename>
ssscli disconnect

Note

Give connection parameters according to your board. Refer to List of ssscli commands for details on supported parameters.

5.42.3. Registering Device Certificate

Use AWS CLI Tool to register the extracted device certificate on to your AWS IoT Console:

aws iot register-certificate-without-ca --certificate-pem <certificate-filename> --status ACTIVE
aws iot attach-policy --target <certificate ARN> --policy-name <policy name>

Note

Certificate ARN will be printed out after execution of the first command

Run the following command to print out the SNI string. This will be used later:

aws iot describe-endpoint --endpoint-type iot:Data-ATS

5.42.4. Running on Linux

This step is only for Linux platforms. If you wish to use an embedded microcontroller, continue to the next step

  • Run the following commands to build OpenSSL engine for SE050:

    cd simw-top
    python scripts/create_cmake_projects.py
    cd ../simw-top_build/<board>_native_se050_t1oi2c
    cmake --build .
    make install
    ldconfig /usr/local/lib
    
  • Navigate to demos/linux/aws_eou directory and execute the buildScript.sh as:

    ./buildScript.sh
    

    This will build the project iot_demo_mqtt.

  • Based on OpenSSL version, select the appropriate configuration file in <MW_SRC_DIR>/simw-top/demos/linux/common directory:

    openssl11_sss_se050.cnf   ----- OpenSSL 1.1.1 and SE050
    openssl_sss_se050.cnf     ----- OpenSSL 1.0.0 and SE050
    
  • Set the openssl config path as:

    $ export OPENSSL_CONF=/simw-top/demos/linux/common/<appropriate-cnf-file>
    
  • Create a reference file of device keypair for OpenSSL engine:

    ssscli connect se05x <conn-type> <port>
    ssscli refpem ecc/rsa pair <keypair-keyId> <ref-filename>
    ssscli disconnect
    

    Note

    Make sure that the device keypair used corresponds to the device certificate

  • Run the demo:

    cd output/bin
    ./iot_demo_mqtt -i "ThingName" -h <endpoint> -r AmazonRootCA1.pem -c <certificate-filename> -k <ref-filename>
    

    where endpoint is the SNI string obtained in step Registering Device Certificate, certificate-filename is the device certificate extracted in step Extracting Device Certificate and ref-filename is the reference key created in the previous step.

5.42.5. Update Cloud Example

  • Update the clientcredentialMQTT_BROKER_ENDPOINT variable in demos/ksdk/common/aws_clientcredential.h file with the SNI string obtained in previous step.

  • Update SSS_KEYPAIR_INDEX_CLIENT_PRIVATE and SSS_CERTIFICATE_INDEX_CLIENT in file demos/ksdk/common/aws_iot_config.h with KeyIDs of device keypair and device certificate respectively.

#define SSS_KEYPAIR_INDEX_CLIENT_PRIVATE 0x20181005
#define SSS_CERTIFICATE_INDEX_CLIENT 0x20181007

5.42.6. Build and run the demo.

Build and run project aws_demo.

CMake configurations:

  • RTOS_FreeRTOS: ON

  • WithHostCrypto_MBEDTLS: ON

  • WithmbedTLS_ALT_SSS: ON

  • IOT_AWS: ON