Getting started with IoT Core
The following code example shows how to:
Create IoT resources
Configure your device
Run the sample application
Clean up resources
- Bash
-
- Amazon CLI with Bash script
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Sample developer tutorials
repository. #!/bin/bash # AWS IoT Core Getting Started Script # This script creates AWS IoT resources, configures a device, and runs a sample application # Set up logging LOG_FILE="iot-core-setup.log" echo "Starting AWS IoT Core setup at $(date)" > $LOG_FILE # Function to log commands and their outputs log_cmd() { echo "$(date): Running command: $1" >> $LOG_FILE eval "$1" 2>&1 | tee -a $LOG_FILE return ${PIPESTATUS[0]} } # Function to check for errors check_error() { if [ $1 -ne 0 ]; then echo "ERROR: Command failed with exit code $1" | tee -a $LOG_FILE echo "Please check the log file $LOG_FILE for details" | tee -a $LOG_FILE cleanup_on_error exit $1 fi } # Function to cleanup resources on error cleanup_on_error() { echo "Error encountered. Attempting to clean up resources..." | tee -a $LOG_FILE echo "Resources created:" | tee -a $LOG_FILE if [ ! -z "$CERTIFICATE_ARN" ]; then echo "Certificate ARN: $CERTIFICATE_ARN" | tee -a $LOG_FILE if [ ! -z "$POLICY_NAME" ]; then log_cmd "aws iot detach-policy --policy-name $POLICY_NAME --target $CERTIFICATE_ARN" fi if [ ! -z "$THING_NAME" ]; then log_cmd "aws iot detach-thing-principal --thing-name $THING_NAME --principal $CERTIFICATE_ARN" fi if [ ! -z "$CERTIFICATE_ID" ]; then log_cmd "aws iot update-certificate --certificate-id $CERTIFICATE_ID --new-status INACTIVE" log_cmd "aws iot delete-certificate --certificate-id $CERTIFICATE_ID" fi fi if [ ! -z "$THING_NAME" ]; then echo "Thing Name: $THING_NAME" | tee -a $LOG_FILE log_cmd "aws iot delete-thing --thing-name $THING_NAME" fi if [ ! -z "$POLICY_NAME" ]; then echo "Policy Name: $POLICY_NAME" | tee -a $LOG_FILE log_cmd "aws iot delete-policy --policy-name $POLICY_NAME" fi if [ ! -z "$SHARED_POLICY_NAME" ]; then echo "Shared Policy Name: $SHARED_POLICY_NAME" | tee -a $LOG_FILE log_cmd "aws iot delete-policy --policy-name $SHARED_POLICY_NAME" fi } # Generate unique identifiers RANDOM_SUFFIX=$(openssl rand -hex 4) THING_NAME="MyIoTThing-${RANDOM_SUFFIX}" POLICY_NAME="MyIoTPolicy-${RANDOM_SUFFIX}" SHARED_POLICY_NAME="SharedSubPolicy-${RANDOM_SUFFIX}" CERTS_DIR="$HOME/certs" echo "==================================================" | tee -a $LOG_FILE echo "AWS IoT Core Getting Started" | tee -a $LOG_FILE echo "==================================================" | tee -a $LOG_FILE echo "This script will:" | tee -a $LOG_FILE echo "1. Create AWS IoT resources (policy, thing, certificate)" | tee -a $LOG_FILE echo "2. Configure your device" | tee -a $LOG_FILE echo "3. Set up for running the sample application" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "Thing Name: $THING_NAME" | tee -a $LOG_FILE echo "Policy Name: $POLICY_NAME" | tee -a $LOG_FILE echo "Certificates Directory: $CERTS_DIR" | tee -a $LOG_FILE echo "==================================================" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE # Get AWS account ID echo "Getting AWS account ID..." | tee -a $LOG_FILE ACCOUNT_ID=$(log_cmd "aws sts get-caller-identity --query Account --output text") check_error $? # Get AWS region echo "Getting AWS region..." | tee -a $LOG_FILE REGION=$(log_cmd "aws configure get region") check_error $? if [ -z "$REGION" ]; then echo "AWS region not configured. Please run 'aws configure' to set your region." | tee -a $LOG_FILE exit 1 fi echo "Using AWS Account ID: $ACCOUNT_ID and Region: $REGION" | tee -a $LOG_FILE # Step 1: Create AWS IoT Resources echo "" | tee -a $LOG_FILE echo "Step 1: Creating AWS IoT Resources..." | tee -a $LOG_FILE # Create IoT policy echo "Creating IoT policy document..." | tee -a $LOG_FILE cat > iot-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:$REGION:$ACCOUNT_ID:client/test-*" ] }, { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Receive" ], "Resource": [ "arn:aws:iot:$REGION:$ACCOUNT_ID:topic/test/topic" ] }, { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:$REGION:$ACCOUNT_ID:topicfilter/test/topic" ] } ] } EOF echo "Creating IoT policy: $POLICY_NAME..." | tee -a $LOG_FILE log_cmd "aws iot create-policy --policy-name $POLICY_NAME --policy-document file://iot-policy.json" check_error $? # Create IoT thing echo "Creating IoT thing: $THING_NAME..." | tee -a $LOG_FILE log_cmd "aws iot create-thing --thing-name $THING_NAME" check_error $? # Create directory for certificates echo "Creating certificates directory..." | tee -a $LOG_FILE log_cmd "mkdir -p $CERTS_DIR" check_error $? # Create keys and certificate echo "Creating keys and certificate..." | tee -a $LOG_FILE CERT_OUTPUT=$(log_cmd "aws iot create-keys-and-certificate --set-as-active --certificate-pem-outfile $CERTS_DIR/device.pem.crt --public-key-outfile $CERTS_DIR/public.pem.key --private-key-outfile $CERTS_DIR/private.pem.key") check_error $? # Extract certificate ARN and ID CERTIFICATE_ARN=$(echo "$CERT_OUTPUT" | grep "certificateArn" | cut -d'"' -f4) CERTIFICATE_ID=$(echo "$CERTIFICATE_ARN" | cut -d/ -f2) if [ -z "$CERTIFICATE_ARN" ] || [ -z "$CERTIFICATE_ID" ]; then echo "Failed to extract certificate ARN or ID" | tee -a $LOG_FILE cleanup_on_error exit 1 fi echo "Certificate ARN: $CERTIFICATE_ARN" | tee -a $LOG_FILE echo "Certificate ID: $CERTIFICATE_ID" | tee -a $LOG_FILE # Attach policy to certificate echo "Attaching policy to certificate..." | tee -a $LOG_FILE log_cmd "aws iot attach-policy --policy-name $POLICY_NAME --target $CERTIFICATE_ARN" check_error $? # Attach certificate to thing echo "Attaching certificate to thing..." | tee -a $LOG_FILE log_cmd "aws iot attach-thing-principal --thing-name $THING_NAME --principal $CERTIFICATE_ARN" check_error $? # Download Amazon Root CA certificate echo "Downloading Amazon Root CA certificate..." | tee -a $LOG_FILE log_cmd "curl -s -o $CERTS_DIR/Amazon-root-CA-1.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem" check_error $? # Step 2: Configure Your Device echo "" | tee -a $LOG_FILE echo "Step 2: Configuring Your Device..." | tee -a $LOG_FILE # Check if Git is installed echo "Checking if Git is installed..." | tee -a $LOG_FILE if ! command -v git &> /dev/null; then echo "Git is not installed. Please install Git and run this script again." | tee -a $LOG_FILE cleanup_on_error exit 1 fi # Check if Python is installed echo "Checking if Python is installed..." | tee -a $LOG_FILE if ! command -v python3 &> /dev/null; then echo "Python 3 is not installed. Please install Python 3 and run this script again." | tee -a $LOG_FILE cleanup_on_error exit 1 fi # Install AWS IoT Device SDK for Python echo "Installing AWS IoT Device SDK for Python..." | tee -a $LOG_FILE log_cmd "python3 -m pip install awsiotsdk" check_error $? # Clone the AWS IoT Device SDK for Python repository echo "Cloning AWS IoT Device SDK for Python repository..." | tee -a $LOG_FILE if [ ! -d "$HOME/aws-iot-device-sdk-python-v2" ]; then log_cmd "cd $HOME && git clone https://github.com/aws/aws-iot-device-sdk-python-v2.git" check_error $? else echo "AWS IoT Device SDK for Python repository already exists." | tee -a $LOG_FILE fi # Step 3: Get AWS IoT Endpoint echo "" | tee -a $LOG_FILE echo "Step 3: Getting AWS IoT Endpoint..." | tee -a $LOG_FILE IOT_ENDPOINT=$(log_cmd "aws iot describe-endpoint --endpoint-type iot:Data-ATS --query endpointAddress --output text") check_error $? echo "AWS IoT Endpoint: $IOT_ENDPOINT" | tee -a $LOG_FILE # Create a shared subscription policy (optional) echo "" | tee -a $LOG_FILE echo "Creating shared subscription policy (optional)..." | tee -a $LOG_FILE cat > shared-sub-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:$REGION:$ACCOUNT_ID:client/*" ] }, { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Receive" ], "Resource": [ "arn:aws:iot:$REGION:$ACCOUNT_ID:topic/test/topic" ] }, { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:$REGION:$ACCOUNT_ID:topicfilter/test/topic", "arn:aws:iot:$REGION:$ACCOUNT_ID:topicfilter/\$share/*/test/topic" ] } ] } EOF log_cmd "aws iot create-policy --policy-name $SHARED_POLICY_NAME --policy-document file://shared-sub-policy.json" check_error $? log_cmd "aws iot attach-policy --policy-name $SHARED_POLICY_NAME --target $CERTIFICATE_ARN" check_error $? # Summary of created resources echo "" | tee -a $LOG_FILE echo "==================================================" | tee -a $LOG_FILE echo "Setup Complete! Resources Created:" | tee -a $LOG_FILE echo "==================================================" | tee -a $LOG_FILE echo "Thing Name: $THING_NAME" | tee -a $LOG_FILE echo "Policy Name: $POLICY_NAME" | tee -a $LOG_FILE echo "Shared Subscription Policy Name: $SHARED_POLICY_NAME" | tee -a $LOG_FILE echo "Certificate ID: $CERTIFICATE_ID" | tee -a $LOG_FILE echo "Certificate ARN: $CERTIFICATE_ARN" | tee -a $LOG_FILE echo "Certificate Files Location: $CERTS_DIR" | tee -a $LOG_FILE echo "AWS IoT Endpoint: $IOT_ENDPOINT" | tee -a $LOG_FILE echo "==================================================" | tee -a $LOG_FILE # Instructions for running the sample application echo "" | tee -a $LOG_FILE echo "To run the sample application, execute:" | tee -a $LOG_FILE echo "cd $HOME/aws-iot-device-sdk-python-v2/samples" | tee -a $LOG_FILE echo "python3 pubsub.py \\" | tee -a $LOG_FILE echo " --endpoint $IOT_ENDPOINT \\" | tee -a $LOG_FILE echo " --ca_file $CERTS_DIR/Amazon-root-CA-1.pem \\" | tee -a $LOG_FILE echo " --cert $CERTS_DIR/device.pem.crt \\" | tee -a $LOG_FILE echo " --key $CERTS_DIR/private.pem.key" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "To run the shared subscription example, execute:" | tee -a $LOG_FILE echo "cd $HOME/aws-iot-device-sdk-python-v2/samples" | tee -a $LOG_FILE echo "python3 mqtt5_shared_subscription.py \\" | tee -a $LOG_FILE echo " --endpoint $IOT_ENDPOINT \\" | tee -a $LOG_FILE echo " --ca_file $CERTS_DIR/Amazon-root-CA-1.pem \\" | tee -a $LOG_FILE echo " --cert $CERTS_DIR/device.pem.crt \\" | tee -a $LOG_FILE echo " --key $CERTS_DIR/private.pem.key \\" | tee -a $LOG_FILE echo " --group_identifier consumer" | tee -a $LOG_FILE # Ask if user wants to clean up resources echo "" | tee -a $LOG_FILE echo "==================================================" | tee -a $LOG_FILE echo "CLEANUP CONFIRMATION" | tee -a $LOG_FILE echo "==================================================" | tee -a $LOG_FILE echo "Do you want to clean up all created resources? (y/n): " | tee -a $LOG_FILE read -r CLEANUP_CHOICE if [[ $CLEANUP_CHOICE =~ ^[Yy]$ ]]; then echo "Cleaning up resources..." | tee -a $LOG_FILE # Detach policies from certificate echo "Detaching policies from certificate..." | tee -a $LOG_FILE log_cmd "aws iot detach-policy --policy-name $POLICY_NAME --target $CERTIFICATE_ARN" log_cmd "aws iot detach-policy --policy-name $SHARED_POLICY_NAME --target $CERTIFICATE_ARN" # Detach certificate from thing echo "Detaching certificate from thing..." | tee -a $LOG_FILE log_cmd "aws iot detach-thing-principal --thing-name $THING_NAME --principal $CERTIFICATE_ARN" # Update certificate status to INACTIVE echo "Setting certificate to inactive..." | tee -a $LOG_FILE log_cmd "aws iot update-certificate --certificate-id $CERTIFICATE_ID --new-status INACTIVE" # Delete certificate echo "Deleting certificate..." | tee -a $LOG_FILE log_cmd "aws iot delete-certificate --certificate-id $CERTIFICATE_ID" # Delete thing echo "Deleting thing..." | tee -a $LOG_FILE log_cmd "aws iot delete-thing --thing-name $THING_NAME" # Delete policies echo "Deleting policies..." | tee -a $LOG_FILE log_cmd "aws iot delete-policy --policy-name $POLICY_NAME" log_cmd "aws iot delete-policy --policy-name $SHARED_POLICY_NAME" echo "Cleanup complete!" | tee -a $LOG_FILE else echo "Resources were not cleaned up. You can manually clean them up later." | tee -a $LOG_FILE echo "To clean up resources, run the following commands:" | tee -a $LOG_FILE echo "aws iot detach-policy --policy-name $POLICY_NAME --target $CERTIFICATE_ARN" | tee -a $LOG_FILE echo "aws iot detach-policy --policy-name $SHARED_POLICY_NAME --target $CERTIFICATE_ARN" | tee -a $LOG_FILE echo "aws iot detach-thing-principal --thing-name $THING_NAME --principal $CERTIFICATE_ARN" | tee -a $LOG_FILE echo "aws iot update-certificate --certificate-id $CERTIFICATE_ID --new-status INACTIVE" | tee -a $LOG_FILE echo "aws iot delete-certificate --certificate-id $CERTIFICATE_ID" | tee -a $LOG_FILE echo "aws iot delete-thing --thing-name $THING_NAME" | tee -a $LOG_FILE echo "aws iot delete-policy --policy-name $POLICY_NAME" | tee -a $LOG_FILE echo "aws iot delete-policy --policy-name $SHARED_POLICY_NAME" | tee -a $LOG_FILE fi echo "" | tee -a $LOG_FILE echo "Script execution completed. See $LOG_FILE for details." | tee -a $LOG_FILE-
For API details, see the following topics in Amazon CLI Command Reference.
-
For a complete list of Amazon SDK developer guides and code examples, see Using Amazon IoT with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.
Getting Started with IoT Device Defender
Amazon IoT quotas