AWS provisioning

Provisioning for AWS on Microchip sandbox account

This script implements the “sandbox” AWS provisioning method, using device certificate from ECC. It is intended to be invoked from iotprovison, but can also be run stand-alone.

class iotprovision.aws.sandbox_provision.AwsSandboxProvisioner(signer_cert_file, device_cert_file='device_aws_sandbox.pem', force_new_device_certificate=False)

Bases: object

Provides “sandbox” provisioning for AWS cloud

Parameters:

  • signer_cert_file (str (path)) – Path to file containing the signer certificate

  • device_cert_file (str (path)) – Path to the file to write the generated device certificate to

  • force_new_device_certificate (boolean, optional) – Force creation of new device certificate even if it exists already

provision(fwinterface)

Do the actual provisioning Read out device certificate from kit, save it to file, extract “thing name” (AKA subject key identifier), save these items to WINC flash for easy access by application.

Parameters:

fwinterface – Firmware interface

Returns:

“Thing name” (Subject Key Identifier) if successful, else None

Return type:

str

Provisioning for AWS on custom account

This script implements the “custom” AWS provisioning method, using self-generated root and signer certificates. It is intended to be invoked from iotprovison, but can also be run stand-alone.

class iotprovision.aws.custom_provision.AwsCustomProvisioner(signer_ca_key_file, signer_ca_cert_file, device_csr_file, device_cert_file, force_new_device_certificate=False, aws_profile='default')

Bases: object

Provides “custom”/JITR (Just In Time Registration) provisioning for AWS

Parameters:

  • signer_ca_key_file (str (path)) – Path to file containing signer Certificate Authority private key

  • signer_ca_cert_file (str (path)) – Path to file containing signer Certificate Authority certificate file

  • device_csr_file (str (path)) – Path to the file to write the generated Certificate Signer Request to

  • device_cert_file (str (path)) – Path to the file to write the generated device certificate to

  • force_new_device_certificate (boolean, optional) – Force creation of new device certificate even if it exists already

  • aws_profile (str, optional) – Name of profile to use, defaults to ‘default’

provision(fwinterface)

Do the actual provisioning. This will generate a device certificate, and save it along with the CA signer certificate in WINC flash Returns the “Thing name” (Subject Key Identifier) if successful. Generated certificates and thing name are saved to files as well.

Parameters:

fwinterface (ProvisioningFirmwareInterface) – Firmware interface driver

Returns:

“Thing name” (Subject Key Identifier) if successful, else None

Return type:

str