5.42. Ease of Use configuration - AWS IoT Console¶
5.42.1. Pre-requisites¶
AWS IoT Console Account
Active Multi-Account Registration feature for your account. For more information, refer to Multi-Account Registration
AWS CLI Setup on your machine
pySSSCLI Tool
5.42.2. Extracting Device Certificate¶
Using pySSSCLI Tool, read out the device certificate. Refer to Trust provisioned KeyIDs for keyIDs of trust provisioned keys and certificates.
Note
If you wish to use an embedded microcontroller, flash the VCOM binary on your board first.
VCOM binaries are available in binaries directory.
Extract the device certificate as:
ssscli connect se05x <conn-type> <port>
ssscli get cert <certificate-keyId> <certificate-filename>
ssscli disconnect
Note
Give connection parameters according to your board. Refer to List of ssscli commands for details on supported parameters.
5.42.3. Registering Device Certificate¶
Use AWS CLI Tool to register the extracted device certificate on to your AWS IoT Console:
aws iot register-certificate-without-ca --certificate-pem <certificate-filename> --status ACTIVE
aws iot attach-policy --target <certificate ARN> --policy-name <policy name>
Note
Certificate ARN will be printed out after execution of the first command
Run the following command to print out the SNI string. This will be used later:
aws iot describe-endpoint --endpoint-type iot:Data-ATS
5.42.4. Running on Linux¶
This step is only for Linux platforms. If you wish to use an embedded microcontroller, continue to the next step
Run the following commands to build OpenSSL engine for SE050:
cd simw-top python scripts/create_cmake_projects.py cd ../simw-top_build/<board>_native_se050_t1oi2c cmake --build . make install ldconfig /usr/local/lib
Navigate to
demos/linux/aws_eoudirectory and execute thebuildScript.shas:./buildScript.sh
This will build the project
iot_demo_mqtt.Based on OpenSSL version, select the appropriate configuration file in
<MW_SRC_DIR>/simw-top/demos/linux/commondirectory:openssl11_sss_se050.cnf ----- OpenSSL 1.1.1 and SE050 openssl_sss_se050.cnf ----- OpenSSL 1.0.0 and SE050
Set the openssl config path as:
$ export OPENSSL_CONF=/simw-top/demos/linux/common/<appropriate-cnf-file>
Create a reference file of device keypair for OpenSSL engine:
ssscli connect se05x <conn-type> <port> ssscli refpem ecc/rsa pair <keypair-keyId> <ref-filename> ssscli disconnect
Note
Make sure that the device keypair used corresponds to the device certificate
Run the demo:
cd output/bin ./iot_demo_mqtt -i "ThingName" -h <endpoint> -r AmazonRootCA1.pem -c <certificate-filename> -k <ref-filename>
where
endpointis the SNI string obtained in step Registering Device Certificate,certificate-filenameis the device certificate extracted in step Extracting Device Certificate andref-filenameis the reference key created in the previous step.
5.42.5. Update Cloud Example¶
Update the
clientcredentialMQTT_BROKER_ENDPOINTvariable indemos/ksdk/common/aws_clientcredential.hfile with the SNI string obtained in previous step.Update
SSS_KEYPAIR_INDEX_CLIENT_PRIVATEandSSS_CERTIFICATE_INDEX_CLIENTin filedemos/ksdk/common/aws_iot_config.hwith KeyIDs of device keypair and device certificate respectively.
#define SSS_KEYPAIR_INDEX_CLIENT_PRIVATE 0x20181005
#define SSS_CERTIFICATE_INDEX_CLIENT 0x20181007
5.42.6. Build and run the demo.¶
Build and run project aws_demo.
CMake configurations:
RTOS_FreeRTOS: ONWithHostCrypto_MBEDTLS: ONWithmbedTLS_ALT_SSS: ONIOT_AWS: ON
