Appendix A.7 - Uploading a Certificate to Amazon AWS Cloud

Perform the following steps to connect the device to your AWS cloud instance.

  1. Create an AWS account or log in to an existing AWS account.

    For more details, refer to the Set up your AWS account and Create AWS IoT resources.

  2. Navigate to IoT Core console>Manage>Things and click “Create” / “Register a Thing”.
    Figure . Register a Thing
  3. Select “Create a single thing”.
    Figure . Create a Single Thing
  4. In Thing name, enter a unique name or the name that originates from the device certificate.
    Figure . Thing Name
  5. Select defaults for the other fields and click “Next” at the bottom of the page.
  6. Select “Create thing without certificate” in the next page.
    Figure . Configure Device Certificate
    Figure . Thing Created
  7. Go to Secure>Policies and select “Create a Policy”.
    Figure . Create a Policy
  8. Create a new policy which allows all the connected devices to perform all actions without restrictions.

    This policy grants unrestricted access for all IoI operations and to be used only in a development environment. For non-development environments, all devices must have credentials with privileges that authorize intended actions only, which include (but not limited to) AWS IoT MQTT actions, such as publishing messages or subscribing to topics with specific scope and context. The specific permission policies can vary for your use cases. Identify the permission policies that best meet your business and security requirements. Refer to the sample policies and security best practices.

    Table . Item-Policy Parameter Mapping

    Item

    Policy Parameter

    Name

    allowAll

    Action

    *

    Resource

    *

    Figure . Policy Created
  9. Navigate to Certificates>Add certificate.
    Figure . Add Certificate to the Device
  10. Select Create with “CA not registered with AWS IoT”.
  11. Select “Upload” the device certificate. The device certificate needs to be read from the device using steps mentioned in Read Certificate Using AT Command or Read Certificate Using Python Script.
  12. Select “Activate” and click “Register”.
    Figure . Registering and Activating a Certificate
  13. Select the certificate and click “Attach policy” and select the “allowAll” policy which was created.
    Figure . Attaching a Policy to the Certificate
  14. Click “Attach thing” and choose the “thing”.
    Figure . Attaching the ‘thing’
  15. Navigate to “Settings” and copy the endpoint URL.
    Figure . Endpoint