Dear community,
I am looking for information about how to automatically rotate AWS device certificates on a scheduled basis, specifically for a RUT241. I have previously posted about provisioning the device with AWS under topic name ‘AWS IoT core device claim provisioning’ and this topic is an extension of that as I would now like to automatically rotate the device certificate.
I can see that there is a method in AWS where I can create a Lamda function triggered by an AWS EventBridge schedule where I am able to create a new device certificate and deactivate old device certificate but this is only for the device certificates held within AWS. This does not place the new certificate created in AWS onto the RUT241, replacing the old one. My question is how do I get the new certificate automatically downloaded onto the RUT241 as part of the rotation within AWS and with minimal configuration changes to the RUT241?
In reference to my previous topic where I have installed the IoT Core service onto the RUT241 using package manager, here an AWS certificate has automatically been placed onto the device initially as part of the fleet provisioning process. So is there a way using the IoT Core package manager service to pull the new certificate from AWS? My research so far suggests that the AWS certificate placed on the device initially using the IoT Core service is a one time deal.
Kind Regards
Luke