AWS IoT Core device claim provisioning

Networking Solutions
1

Dear community,

I am trying to setup claim provisioning with AWS IoT core and a Teltonika RUT241. After following the various steps within IoT core to setup ‘Provisioning devices with claim certificates’ and setting up the AWS job instance within the RUT241 I am unable to establish a connection.

There is a topic for ‘AWS IoT Core device provisioning’ which sets out the steps for basic provisioning. I am following this topic but editing the RUT setup to use provisioning by claim and matching the template topic name to a provisioning template I have setup within AWS.

I believe I may be missing something in the JSON for the provisioning template within IoT core or device policy.

Has anyone done this and to share what the correct JSON provisioning template should be, device policy etc?

Kind Regards

Luke

1 Like
3

Greetings,

Have you tried to follow the instructions in the AWS documentation to set up provisioning by claim on the AWS side? You can find the guide here: Provisioning devices that don't have device certificates using fleet provisioning - AWS IoT Core

Best Regards,
Justinas

4

Hi Justinas,

Thank you for the guide and I believe I have the setup correct. Would it be possible to maybe setup a remote session with you run though this?

Kind Regards

Luke

5

Hi Justinas,

I have since resolved the issue, many thanks.

Luke

6

Greetings,

It’s great to hear that you got it working.

If you don’t mind, could you please share the solution for configuring provisioning by claim? I’m sure it would be helpful for other users in the future.

Best Regards,
Justinas

7

Hi,

Yes no problem. I will if possible try to do that this week and include screenshots etc.

Kind Regards

Luke

8

Hi Justinas,

As discussed please see details for the setup of a RUT241 with AWS IoT core.

AWS IoT Core

First step is create a claim provision policy with AWS IoT core by going to Manage → Security → Policies. This is needed for the next step when creating a claim certificate. See details in the image for what to include in the policy

AWS setup 1 - claim policy
AWS setup 1 - claim policy1833×748 196 KB

Next is to create a claim certificate which will be uploaded to the RUT device. To do this go to Manage → Security → Certificates and select create certificate. Once created attach the claim provision policy above.

creat claim certificate
creat claim certificate1832×642 91.1 KB

Before we can create a fleet provisioning template the next step is to create an operational policy that will be attached to the unique certificate AWS will automatically create and issue to the RUT device to use. Do this by going to by going to Manage → Security → Policies and follow the steps again to create a policy. See details in the image for what to include in the policy.

AWS setup 2 - op policy
AWS setup 2 - op policy1815×792 228 KB

Now we have the above two policies we can create a fleet provisioning policy. Go to Connect → Connect many devices →Provisioning templates. Follow the steps to create the template selecting ‘Provisioning devices with claim certificates’. This will create JSON that should output like below.

{
  "Parameters": {
    "SerialNumber": {
      "Type": "String"
    },
    "AWS::IoT::Certificate::Id": {
      "Type": "String"
    }
  },
  "Resources": {
    "policy_operational_policy": {
      "Type": "AWS::IoT::Policy",
      "Properties": {
        "PolicyName": "operational_policy"
      }
    },
    "certificate": {
      "Type": "AWS::IoT::Certificate",
      "Properties": {
        "CertificateId": {
          "Ref": "AWS::IoT::Certificate::Id"
        },
        "Status": "Active"
      }
    },
    "thing": {
      "Type": "AWS::IoT::Thing",
      "OverrideSettings": {
        "AttributePayload": "MERGE",
        "ThingGroups": "DO_NOTHING",
        "ThingTypeName": "REPLACE"
      },
      "Properties": {
        "AttributePayload": {},
        "ThingGroups": [],
        "ThingName": {
          "Fn::Join": [
            "",
            [
              "",
              {
                "Ref": "SerialNumber"
              }
            ]
          ]
        }
      }
    }
  }
}

Device configuration

Now AWS IoT core is ready then next is to setup the RUT. First you will need to install AWS IoT Core using System →Package Manager. From here will be the provision setup using the claim certificate and private key you created earlier in AWS. The template name will need to match the name you used in IoT Core.

RUT provision setup 2
RUT provision setup 21582×822 110 KB

Next raise a job using the endpoint that can be found in IoT core. The thing name used here must be the same as what IoT Core will use to name the device it creates.

RUT provision setup 3
RUT provision setup 31562×807 78.8 KB

Once this is enabled and saved then IoT Core will try and provision the device and if successful you should see a unique certificate automatically created in IoT Core and the RUT device appear in ‘Things’ and a connection with the RUT as per the screenshot below.

RUT provision setup 4
RUT provision setup 41598×761 60.6 KB

Thanks

Luke

9

Greetings,

Thank you so much for sharing the solution. I am sure this will be very helpful to other users.

Best Regards,
Justinas