Creates an AWS IoT thing, certificate, policy, and associates the three together
Project description
AWS IoT Thing, Certificate, and Policy Construct Library
The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
An L3 CDK construct to create and associate a singular AWS IoT Thing, Certificate, and IoT Policy. The construct also retrieves and returns AWS IoT account specific details such as the AWS IoT data endpoint and the AWS IoT Credential provider endpoint.
The certificate and its private key are stored as AWS Systems Manager Parameter Store parameters that can be retrieved via the AWS Console or programmatically via construct members.
Installing
TypeScript/JavaScript
npm install @cdklabs/cdk-aws-iot-thing-certificate-policy
Python
pip install cdklabs.cdk-aws-iot-thing-certificate-policy
Java
// add this to your pom.xml
<dependency>
<groupId>io.github.cdklabs</groupId>
<artifactId>cdk-aws-iot-thing-certificate-policy</artifactId>
<version>0.0.0</version> // replace with version
</dependency>
.NET
dotnet add package Cdklabs.CdkAwsIotThingCertificatePolicy --version X.X.X
Go
// Add this
import "github.com/cdklabs/cdk-aws-iot-thing-certificate-policy-go/cdklabscdkawsiotthingcertificatepolicy"
Usage
from cdklabs.cdk_aws_iot_thing_certificate_policy import PolicyMapping, PolicyMapping
import aws_cdk as cdk
from cdklabs.cdk_aws_iot_thing_certificate_policy import IotThingCertificatePolicy
#
# A minimum IoT Policy template using substitution variables for actual
# policy to be deployed for "region", "account", and "thingname". Allows
# the thing to publish and subscribe on any topics under "thing/*" topic
# namespace. Normal IoT Policy conventions such as "*", apply.
#
minimal_iot_policy = """{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["iot:Connect"],
"Resource": "arn:aws:iot:{{region}}:{{account}}:client/{{thingname}}"
},
{
"Effect": "Allow",
"Action": ["iot:Publish"],
"Resource": [
"arn:aws:iot:{{region}}:{{account}}:topic/{{thingname}}/*"
]
},
{
"Effect": "Allow",
"Action": ["iot:Subscribe"],
"Resource": [
"arn:aws:iot:{{region}}:{{account}}:topicfilter/{{thingname}}/*"
]
},
{
"Effect": "Allow",
"Action": ["iot:Receive"],
"Resource": [
"arn:aws:iot:{{region}}:{{account}}:topic/{{thingname}}/*"
]
}
]
}"""
app = cdk.App()
#
# Create the thing, certificate, and policy, then associate the
# certificate to both the thing and the policy and fully activate.
#
foo_thing = IotThingCertificatePolicy(app, "MyFooThing",
thing_name="foo-thing", # Name to assign to AWS IoT thing, and value for {{thingname}} in policy template
iot_policy_name="foo-iot-policy", # Name to assign to AWS IoT policy
iot_policy=minimal_iot_policy, # Policy with or without substitution parameters from above
encryption_algorithm="ECC", # Algorithm to use to private key (RSA or ECC)
policy_parameter_mapping=[PolicyMapping(
name="region",
value=cdk.Fn.ref("AWS::Region")
), PolicyMapping(
name="account",
value=cdk.Fn.ref("AWS::AccountId")
)
],
# Optional: if the X.509 Subject is not provided, a set of default values will be used and the
# common name (CN) will be set from the thingName parameter.
x509_subject="CN=foo-thing,OU=Information Security,O=ACME Inc.,L=Detroit,ST=Michigan,C=US"
)
# The AWS IoT Thing Arn as a stack output
cdk.CfnOutput(app, "ThingArn",
value=foo_thing.thing_arn
)
# The AWS account unique endpoint for the MQTT data connection
# See API for other available public values that can be referenced
cdk.CfnOutput(app, "IotEndpoint",
value=foo_thing.data_ats_endpoint_address
)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file cdklabs_cdk_aws_iot_thing_certificate_policy-0.0.10.tar.gz.
File metadata
- Download URL: cdklabs_cdk_aws_iot_thing_certificate_policy-0.0.10.tar.gz
- Upload date:
- Size: 1.2 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f643aa5b9e2c9fd6cd53480dcf3b48f028546ebdd8047a3d40d08a5084d2a4e1 |
|
| MD5 | ab127d8a2e505a44dcd691ef2fbb9848 |
|
| BLAKE2b-256 | 2d0389539107353f040c791da6a658363560be6c21dce65a84cd9d1666b9b39c |
Provenance
File details
Details for the file cdklabs.cdk_aws_iot_thing_certificate_policy-0.0.10-py3-none-any.whl.
File metadata
- Download URL: cdklabs.cdk_aws_iot_thing_certificate_policy-0.0.10-py3-none-any.whl
- Upload date:
- Size: 1.2 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 32e30e39a250b428f5e7030a3b0de8bfcf3e5f1d48a02bd57cae42bee1666deb |
|
| MD5 | da5a0ce263501bdda3d20b490090da68 |
|
| BLAKE2b-256 | ce5b23e81078c46ea617cc45a12be3619bc50e929a1d7175a29fb044b98144f9 |
