Skip to content

Single Thing Provisioning

In order to be able to connect, each device needs to be provisioned to the AWS IoT platform. This operation can be done using either the AWS Web Console or with the AWS CLI command line tool. The following steps are related to the Web Console-based approach and involve the creation of a thing (= device on AWS IoT Platform), creation of a certificate for it, and related security policy.

  1. Access the AWS IoT management console: log into the AWS console and select IoT Core from Services list, in the Internet of Things section.

  2. Register a new thing: under the Manage menu section on the left, select Things and click on the Create things button on the right side of the page.

    Select Create a single thing and enter a name for the new device, from now on kura-gateway will be used as the device name.

  3. The AWS IoT Core service uses SSL mutual authentication, for this reason it is necessary to download a public/private key pair for the device and a server certificate. Click on Auto-generate a new certificate to quickly generate a new certificate for the new device.

    Certificates can be managed later on by clicking on Security/Certificates, in the left part of the console.

  4. Create a new policy with the following actions mapping:

    Effect Policy Action Policy Resource
    Allow iot:Connect *
    Allow iot:Publish *
    Allow iot:Subscribe *
    Allow iot:Receive *
    Allow iot:UpdateThingShadow *
    Allow iot:GetThingShadow *
    Allow iot:DeleteThingShadow *

  5. From the previous Create Single Thing configuration page, attach the newly created policy and hit Create Thing.

  6. A new popup will appear with all the certificates information as below in picture. Download all the keys and certificates.

Core Device Discovery Configuration

It is possible to associate the previously created AWS IoT Thing to an AWS Core Device and use the AWS Cloud Discovery feature. With cloud discovery, core devices store their connectivity information in the AWS IoT Greengrass cloud service. Client devices connect to AWS IoT Greengrass to discover connectivity information for core devices where they can connect to. Client devices must be AWS IoT things to use cloud discovery.

If you have followed the Greengrass installation tutorial, then the policy GreengrassV2IoTThingPolicy used for provisioning has already all the default required permissions.

To be able to use the Core Device Discovery Cloud Endpoint of this bundle follow the AWS enable client device support tutorial.