Setting up JITP for devices
The following steps describe how to set up Just In Time Provisioning for
Prerequisites:
In AWS IoT:
- Create an IAM user with an access key and save the key value for future step.
- Create an IAM service role with the following permissions:
AWSIoTThingsRegistration, AWSIoTLogging, AWSIoTConfigAccess, AWSIoTRuleActions. - Copy role ARN string for future use.
- Create an IAM policy and use the following JSON, substituting the value of your ARN string from the previous step:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "iam:GetRole", "iam:PassRole" ], "Resource": "yourArnString" }] } - Add the policy to your IAM user.
In
Perform the following steps:
- From the awsUtils palette, add an AWS Service to the Services container
- Select the AWS region to which your devices will be provisioned.
- Right-click Access Keys and select to add the access key, which has the correct permissions configured above.
- Expand the Aws IoT component and populate the Ca Provisioning Params.
- Select the access key entered above, and enter the
Role Arnfrom the previous steps. - If selecting the option for
New Ca Certificate DN. If choosing to use an existing CA, import this into the platforms Certificate Management prior to this step. Then pick the alias inExisting Niagara Cert Alias. - Regardless of your CA source, you will also need to enter the password for the CA certificate.
- Select the access key entered above, and enter the
- Right-click Aws IoT and select .The
.png)
The
Mqtt Data Endpointproperty of your Aws IoT component will not be populated with the endpoint that your MQTT devices can use to connect to IoT. - You can now install your MQTT devices to communicate with AWS. If you choose to do this manually on each station, you will
need to generate each device certificate and sign them individually with the CA. However with