Use this script to create a new AWS IoT Thing from the command line.
Install these prerequisits first aws cli
and jq
with these instructions.
# name of the IoT Device Thing
# change this to what you want
THING_NAME=iot_shadow_test
# create the thing
aws iot create-thing --thing-name ${THING_NAME} | tee create-thing.json
# create and download the keys and device certificate
aws iot create-keys-and-certificate --certificate-pem-outfile ${THING_NAME}-certificate.crt.pem --public-key-outfile ${THING_NAME}-public.key.pem --private-key-outfile ${THING_NAME}-private.key.pem --set-as-active | tee create-keys-and-certificate.json
# create the thing policy
aws iot create-policy --policy-name ${THING_NAME}_all_access --policy-document '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["iot:*"], "Resource": ["*"]}]}'
# attach the certificate to the thing
CERT_ARN=$(jq -r '.certificateArn' < create-keys-and-certificate.json)
aws iot attach-thing-principal --thing-name ${THING_NAME} --principal ${CERT_ARN}
# attach policy to the certificate
aws iot attach-policy --policy-name ${THING_NAME}_all_access --target ${CERT_ARN}
# download the amazon root ca
wget https://www.amazontrust.com/repository/AmazonRootCA1.pem
# find out what endpoint we need to connect to
aws iot describe-endpoint --endpoint-type iot:Data-ATS | tee describe-endpoint.json
When done, delete resources with this...
# when done, delete thing resources
THING_NAME=$(jq -r '.thingName' < create-thing.json)
aws iot detach-policy --policy-name ${THING_NAME}_all_access --target ${CERT_ARN}
aws iot detach-thing-principal --thing-name ${THING_NAME} --principal ${CERT_ARN}
aws iot delete-policy --policy-name ${THING_NAME}_all_access
aws iot update-certificate --certificate-id $(jq -r '.certificateId' < create-keys-and-certificate.json) --new-status INACTIVE
aws iot delete-certificate --certificate-id $(jq -r '.certificateId' < create-keys-and-certificate.json)
aws iot delete-thing --thing-name ${THING_NAME}
rm ${THING_NAME}-certificate.crt.pem ${THING_NAME}-public.key.pem ${THING_NAME}-private.key.pem create-keys-and-certificate.json describe-endpoint.json create-thing.json
Using the thing just created, we can subscribe to a topic from the command line or start pushing data.
# get the thing name
THING_NAME=$(jq -r '.thingName' < create-thing.json)
# subscribe to watch traffic with mosquitto
brew install mosquitto
mosquitto_sub --cert ${THING_NAME}-certificate.crt.pem --key ${THING_NAME}-private.key.pem --cafile AmazonRootCA1.pem -h $(jq -r '.endpointAddress' < describe-endpoint.json) -p 8883 -t '#' -v
# push data from command line
mosquitto_pub --cert ${THING_NAME}-certificate.crt.pem --key ${THING_NAME}-private.key.pem --cafile AmazonRootCA1.pem -h $(jq -r '.endpointAddress' < describe-endpoint.json) -p 8883 -t 'hello/world' -m '{"msg":"hello world"}'
# push sample data into AWS IoT using the device SDK
git clone --depth 1 https://github.com/aws/aws-iot-device-sdk-python-v2.git
pip3 install --user awsiotsdk
cd aws-iot-device-sdk-python-v2/samples
python3 pubsub.py --endpoint $(jq -r '.endpointAddress' < ../../describe-endpoint.json) --root-ca ../../AmazonRootCA1.pem --cert ../../${THING_NAME}-certificate.crt.pem --key ../../${THING_NAME}-private.key.pem
Thanks for sharing !