Create an Amazon IoT thing and get Amazon IoT Core credentials
At this point you've created:
-
An IAM permissions policy. See Create an IAM permissions policy.
-
An IAM role, with the permissions policy attached. See Create an IAM role.
-
An Amazon IoT role alias for the IAM role. See Create the Amazon IoT role alias.
-
An Amazon IoT policy, currently unattached to any Amazon resource. See Create the Amazon IoT policy.
To create and register an Amazon IoT thing and get Amazon IoT Core access credentials
-
Register the device as an Amazon IoT thing and generate the X.509 certificate for the device.
-
Sign in to the Amazon Web Services Management Console and open the Amazon IoT Core console at https://console.amazonaws.cn/iot/
. -
Select the appropriate Region.
-
On the left navigation, select All devices, then choose Things.
-
Choose Create things.
-
Select Create single thing, then choose Next.
-
Step 1. Specify thing properties
Type a name for your thing, then choose Next.
-
Step 2. Configure device certificate
Select Auto-generate a new certificate (recommended), then choose Next.
-
Step 3. Attach policies to certificate
Search for the permissions policy you created in Create the Amazon IoT policy.
Select the check box next to your policy and choose Create thing.
-
-
In the window that appears, download the following files:
-
Device certificate. This is the X.509 certificate.
-
Public key file
-
Private key file
-
Amazon trust services endpoint (RSA 2048 bit key: Amazon Root CA 1)
Make note of the location of each of these files for a later step.
-
-
Choose Done. On the next page, you see a note that your thing was successfully created.
-
Transfer the files downloaded above onto your Amazon IoT thing, if not already there.
-
-
Obtain the credential provider endpoint for your Amazon account.
Make note of this information for a later step.
-
Obtain the device data endpoint for your Amazon account.
Make note of this information for a later step.
-
(Optional) Verify that your certificates were generated correctly.
Run the following command to validate that your items were generated correctly.
curl --header "x-amzn-iot-thingname:
your-thing-name
" \ --cert /path
/to
/certificateID-certificate
.pem.crt \ --key /path
/to
/certificateID-private
.pem.key \ --cacert /path
/to
/AmazonRootCA1.pem \ https://your-credential-provider-endpoint
/role-aliases/your-role-alias-name
/credentialsFor more information, see How to use a certificate to get a security token.