correct JSON for provision by claim

Question

Hello there AWS team!

I'm using provision by claim in AWS IoT core to provision a fleet of devices.

At this moment I'm able to publish to $aws/certificates/create/json topic and receive the following values:
-Certificate Id
-Certificate
-Private Key
-Certificate ownership token

Now, I'm trying to publish to `$aws/provisioning-templates/esp32_fleet_prov_template/provision/json` topic. I get the following error in the `$aws/provisioning-templates/esp32_fleet_prov_template/provision/json/rejected`topic: 
-{"statusCode":400,"errorCode":"InvalidParameters","errorMessage":"Cannot resolve reference value: SerialNumber"}

As far as I understand, I need to create a JSON with the ownership certificate which is what I do here:

```
    DynamicJsonDocument registerDoc(2000);
    registerDoc["certificateOwnershipToken"] = ownerToken;
    char jsonRegister[2000]; 
    serializeJson(registerDoc, jsonRegister); // print to client    
    client.publish("$aws/provisioning-templates/esp32_fleet_prov_template/provision/json", jsonRegister);
    registerDoc.clear();
```

My policies are: 
esp32_claim_policy (for the claim certificate)

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:Connect"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Receive"
      ],
      "Resource": [
        "arn:aws:iot:sa-east-1:195542078145:topic/$aws/certificates/create/*",
        "arn:aws:iot:sa-east-1:195542078145:topic/$aws/provisioning-templates/esp32_fleet_prov_template/provision/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": [
        "arn:aws:iot:sa-east-1:195542078145:topicfilter/$aws/certificates/create/*",
        "arn:aws:iot:sa-east-1:195542078145:topicfilter/$aws/provisioning-templates/esp32_fleet_prov_template/provision/*"
      ]
    }
  ]
}

```

esp32_fleet_policy

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"
    }
  ]
}
```

I couldn't find the documentation for the JSON on the AWS site, so I'm following this one https://buildstorm.com/blog/aws_iot_provision_by_claim/
I think I need to add a serial number and certificateId in the JSON? 
I tested different formats but all of them result in the same error, so I muss be missing something, but I can't find too much documentation about it.

Thanks a lot in advance :)

Answer

Hi juanGomez,

from the error message you get I assume that you are referencing a serial number in your provisioning template but you did not provide a serial number. You can find a fleet provisioning example in the [AWS IoT Device Management workshop](https://catalog.us-east-1.prod.workshops.aws/workshops/7c2b04e7-8051-4c71-bc8b-6d2d7ce32727/en-US/provisioning-options/fleet-provisioning). More details about provisioning templates can be found in the [AWS IoT Core developer guide](https://docs.aws.amazon.com/iot/latest/developerguide/provision-template.html).

Cheers,  
Philipp

correct JSON for provision by claim

Conteúdo relevante