By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

correct JSON for provision by claim

0

Hello there AWS team!

I'm using provision by claim in AWS IoT core to provision a fleet of devices.

At this moment I'm able to publish to $aws/certificates/create/json topic and receive the following values: -Certificate Id -Certificate -Private Key -Certificate ownership token

Now, I'm trying to publish to $aws/provisioning-templates/esp32_fleet_prov_template/provision/json topic. I get the following error in the $aws/provisioning-templates/esp32_fleet_prov_template/provision/json/rejectedtopic: -{"statusCode":400,"errorCode":"InvalidParameters","errorMessage":"Cannot resolve reference value: SerialNumber"}

As far as I understand, I need to create a JSON with the ownership certificate which is what I do here:

    DynamicJsonDocument registerDoc(2000);
    registerDoc["certificateOwnershipToken"] = ownerToken;
    char jsonRegister[2000]; 
    serializeJson(registerDoc, jsonRegister); // print to client    
    client.publish("$aws/provisioning-templates/esp32_fleet_prov_template/provision/json", jsonRegister);
    registerDoc.clear();

My policies are: esp32_claim_policy (for the claim certificate)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:Connect"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Receive"
      ],
      "Resource": [
        "arn:aws:iot:sa-east-1:195542078145:topic/$aws/certificates/create/*",
        "arn:aws:iot:sa-east-1:195542078145:topic/$aws/provisioning-templates/esp32_fleet_prov_template/provision/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": [
        "arn:aws:iot:sa-east-1:195542078145:topicfilter/$aws/certificates/create/*",
        "arn:aws:iot:sa-east-1:195542078145:topicfilter/$aws/provisioning-templates/esp32_fleet_prov_template/provision/*"
      ]
    }
  ]
}

esp32_fleet_policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"
    }
  ]
}

I couldn't find the documentation for the JSON on the AWS site, so I'm following this one https://buildstorm.com/blog/aws_iot_provision_by_claim/ I think I need to add a serial number and certificateId in the JSON? I tested different formats but all of them result in the same error, so I muss be missing something, but I can't find too much documentation about it.

Thanks a lot in advance :)

Topics
Internet of Things (IoT)Security, Identity, & Compliance
Tags
AWS IoT CoreAWS IoT EventsIAM Policies
Language
English
juanGomez
asked a year ago321 views
1 Answer
1

Hi juanGomez,

from the error message you get I assume that you are referencing a serial number in your provisioning template but you did not provide a serial number. You can find a fleet provisioning example in the AWS IoT Device Management workshop. More details about provisioning templates can be found in the AWS IoT Core developer guide.

Cheers,
Philipp

AWS
EXPERT
Philipp S
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content