Is it possible to modify the JITP Policy for a registered CA?

Once the CA is registered, I can't see how to change the JITP policy. The only way I found was to remove the CA and register it again with the new policy, which can be inconvenient.

Is there any way to update the JITP policy?

Txs!

Topics

Internet of Things (IoT)

Tags

AWS IoT Core AWS IoT Device Management

Language

English

pfuentes69

asked a year ago248 views

2 Answers

Newest
Most votes
Most comments

Another option would be to use a policy name in your provisioning template. With a policy name you can reference an existing policy which you can change outside of the provisioning template.

Cheers,
Philipp

EXPERT

Philipp S

answered a year ago

pfuentes69
a year ago
Thanks, Philipp! This sound quite more practical. I checked the man page and I only see reference to the policy names referring to the security policy inside the JITP policy, but not to the full JITP policy itself? Can you point me to some instructions on how to specify the policy name when registering a CA? Cheers!
Philipp S EXPERT
a year ago
Hi pfuentes69, please take a look at the link I posted and search for PolicyName. To use a named policy you create your IoT policy before you use it in the template. Assuming you named the policy my_aws_iot_policy your template entry would look similar to:

"policy" : { "Type" : "AWS::IoT::Policy", "Properties" : { "PolicyName" : "my_aws_iot_policy" } }

I think I found an answer... aws iot update-ca-certificate --certificate-id $CA_CERTIFICATE_ID \ --no-remove-auto-registration \ --new-auto-registration-status ENABLE \ --registration-config "<NEW_POLICY>"

As explained here: https://catalog.us-east-1.prod.workshops.aws/workshops/7c2b04e7-8051-4c71-bc8b-6d2d7ce32727/en-US/provisioning-options/just-in-time-provisioning

pfuentes69

answered a year ago

Relevant content

Use our own CA cert with Greengrass aws.greengrass.FleetProvisioningByClaim.jar
ncarn
asked 2 years ago
Is it possible to register CA with AWS IoT Core without having access to Private Key ?
Ravi Trivedi
asked a year ago
How to use a newer CA for the autoscaled Aurora PSQL DB?
Yechan
asked 4 months ago
AWS JITP for IoT embedded system in ESP32
juanGomez
asked a year ago
Can I use ACM to issue private certificates when the AWS Private CA validity is less than 13 months?
AWS OFFICIALUpdated 5 months ago
How do I change the email address for my registered domain in Route 53 if I lost access to my previous email account?
AWS OFFICIALUpdated 4 years ago
How can I use JITP with AWS IoT Core?
AWS OFFICIALUpdated 2 years ago
Why is the Amazon ECS container instance that I terminated still registered with its cluster?
AWS OFFICIALUpdated 5 years ago
How can I see the Trailing 3-month Spot Discount for each instance type and Availability Zone?
EXPERT
Christopher Morris
published 4 months ago
How to insert multiple language subtitles into a VOD and select it while watching the video.
EXPERT
Bo_L
published 7 months ago