Step 7: Create an Amazon IoT thing and obtain credentials for Amazon IoT Core

At this point you've created:

An IAM permissions policy. See Step 3: Create an IAM permissions policy.
An IAM role, with the permissions policy attached. See Step 4: Create an IAM role.
An Amazon IoT role alias for the IAM role. See Step 5: Create the Amazon IoT role alias.
An Amazon IoT policy, currently unattached to any Amazon resource. See Step 6: Create the Amazon IoT policy.

To create and register an Amazon IoT thing and get Amazon IoT Core access credentials

Register the device as an Amazon IoT thing and generate the X.509 certificate for the device.
1. Sign in to the Amazon Web Services Management Console and open the Amazon IoT Core console at https://console.amazonaws.cn/iot/.
2. Select the appropriate Region.
3. On the left navigation, select All devices, then choose Things.
4. Choose Create things.
5. Select Create single thing, then choose Next.
  1. Step 1. Specify thing properties
    
    Type a name for your thing, then choose Next.
  2. Step 2. Configure device certificate
    
    Select Auto-generate a new certificate (recommended), then choose Next.
  3. Step 3. Attach policies to certificate
    
    Search for the permissions policy you created in Step 6: Create the Amazon IoT policy.
    
    Select the check box next to your policy and choose Create thing.
6. In the window that appears, download the following files:
  - Device certificate. This is the X.509 certificate.
  - Public key file
  - Private key file
  - Amazon trust services endpoint (RSA 2048 bit key: Amazon Root CA 1)
  Make note of the location of each of these files for a later step.
7. Choose Done. On the next page, you see a note that your thing was successfully created.
8. Transfer the files downloaded above onto your Amazon IoT thing, if not already there.
Obtain the credential provider endpoint for your Amazon account.
Amazon CLI
Run the following command:
```
aws iot describe-endpoint --endpoint-type iot:CredentialProvider
```
Amazon Web Services Management Console
In Amazon CloudShell, run the following command:
```
aws iot describe-endpoint --endpoint-type iot:CredentialProvider
```
Make note of this information for a later step.
Obtain the device data endpoint for your Amazon account.
Amazon CLI
Run the following command:
```
aws iot describe-endpoint --endpoint-type iot:Data-ATS
```
Amazon Web Services Management Console
Do the following:
Sign in to the Amazon Web Services Management Console and open the Amazon IoT Core console at https://console.amazonaws.cn/iot/.

In the left navigation, select Settings.

Locate the Device data endpoint.
Make note of this information for a later step.

(Optional) Verify that your certificates were generated correctly.

Run the following command to validate that your items were generated correctly.


curl --header "x-amzn-iot-thingname:your-thing-name" \
  --cert /path/to/certificateID-certificate.pem.crt \
  --key /path/to/certificateID-private.pem.key \
  --cacert /path/to/AmazonRootCA1.pem \
  https://your-credential-provider-endpoint/role-aliases/your-role-alias-name/credentials

For more information, see How to use a certificate to get a security token.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

6. Create the Amazon IoT policy

8. Build and run the Amazon Kinesis Video Streams Edge Agent