Step 7: Create an Amazon IoT thing and obtain credentials for Amazon IoT Core
At this point you've created:
-
An IAM permissions policy. See Step 3: Create an IAM permissions policy.
-
An IAM role, with the permissions policy attached. See Step 4: Create an IAM role.
-
An Amazon IoT role alias for the IAM role. See Step 5: Create the Amazon IoT role alias.
-
An Amazon IoT policy, currently unattached to any Amazon resource. See Step 6: Create the Amazon IoT policy.
To create and register an Amazon IoT thing and get Amazon IoT Core access credentials
-
Register the device as an Amazon IoT thing and generate the X.509 certificate for the device.
-
Sign in to the Amazon Web Services Management Console and open the Amazon IoT Core console at https://console.amazonaws.cn/iot/
. -
Select the appropriate Region.
-
On the left navigation, select All devices, then choose Things.
-
Choose Create things.
-
Select Create single thing, then choose Next.
-
Step 1. Specify thing properties
Type a name for your thing, then choose Next.
-
Step 2. Configure device certificate
Select Auto-generate a new certificate (recommended), then choose Next.
-
Step 3. Attach policies to certificate
Search for the permissions policy you created in Step 6: Create the Amazon IoT policy.
Select the check box next to your policy and choose Create thing.
-
-
In the window that appears, download the following files:
-
Device certificate. This is the X.509 certificate.
-
Public key file
-
Private key file
-
Amazon trust services endpoint (RSA 2048 bit key: Amazon Root CA 1)
Make note of the location of each of these files for a later step.
-
-
Choose Done. On the next page, you see a note that your thing was successfully created.
-
Transfer the files downloaded above onto your Amazon IoT thing, if not already there.
-
-
Obtain the credential provider endpoint for your Amazon account.
Make note of this information for a later step.
-
Obtain the device data endpoint for your Amazon account.
Make note of this information for a later step.
-
(Optional) Verify that your certificates were generated correctly.
Run the following command to validate that your items were generated correctly.
curl --header "x-amzn-iot-thingname:
your-thing-name
" \ --cert /path
/to
/certificateID-certificate
.pem.crt \ --key /path
/to
/certificateID-private
.pem.key \ --cacert /path
/to
/AmazonRootCA1.pem \ https://your-credential-provider-endpoint
/role-aliases/your-role-alias-name
/credentialsFor more information, see How to use a certificate to get a security token.