Based on awslabs/aws-iot-certificate-vending-machine this deployment uses Serverless framework instead
Serverless Certificate Vending Machine is a pattern for managing AWS IoT Devices in a secure and repeatable way. Learn how to deploy your own CVM and onboard new devices.
npm install -g serverless
serverless config credentials --provider aws --key <ACCESS KEY ID> --secret <SECRET KEY>serverless plugin install -n serverless-pseudo-parametersAdd the following to the serveress.yml file
plugins:
- serverless-pseudo-parametersCreate a copy of env.yml.sample as env.yml and update the IOT_DATA_ENDPOINT variable with the endpoint address from the following commnad
aws iot describe-endpoint --endpoint-type iot:Data-ATS
# {
# "endpointAddress": "XXXXXX-ats.iot.us-east-1.amazonaws.com"
# }npm install
serverless deploy
# api keys:
# None
# endpoints:
# GET - https://XXXXXX.execute-api.us-east-1.amazonaws.com/dev/getcert
# ANY - https://XXXXXX.execute-api.us-east-1.amazonaws.com/dev/shadow
# functions:
# cvm: serverless-cvm-dev-cvm
# layers:
# NoneReplace the device token with something secure and add a new entry to the DB
aws dynamodb put-item \
--table-name iot-cvm-device-info \
--item '{"deviceToken":{"S":"1234567890"},"serialNumber":{"S":"devopstar-iot-01"}}'Run the following command to generate the certificates based on the json recieved from the request.
Note: You'll need jq installed for this
./create_certs.sh "https://XXXXXX.execute-api.us-east-1.amazonaws.com/dev/getcert?serialNumber=devopstar-iot-01&deviceToken=1234567890"This should create your certs in the following files based on the json keys
- iot-certificate.pem.crt: certificatePem
- iot-private.pem.key: keyPair.PrivateKey
- iot-root-ca.crt: RootCA
curl \
-d '{"deviceAttribute":"CVM"}' \
-X PUT "https://XXXXXX.execute-api.us-east-1.amazonaws.com/dev/shadow?serialNumber=devopstar-iot-01&deviceToken=1234567890"curl -X GET "https://XXXXXX.execute-api.us-east-1.amazonaws.com/dev/shadow?serialNumber=devopstar-iot-01&deviceToken=1234567890"