2020/04/30 - AWS IoT - 1 new 11 updated api methods
Changes AWS IoT Core released Fleet Provisioning for scalable onboarding of IoT devices to the cloud. This release includes support for customer's Lambda functions to validate devices during onboarding. Fleet Provisioning also allows devices to send Certificate Signing Requests (CSR) to AWS IoT Core for signing and getting a unique certificate. Lastly, AWS IoT Core added a feature to register the same certificate for multiple accounts in the same region without needing to register the certificate authority (CA).
Register a certificate that does not have a certificate authority (CA).
See also: AWS API Documentation
Request Syntax
client.register_certificate_without_ca( certificatePem='string', status='ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION' )
string
[REQUIRED]
The certificate data, in PEM format.
string
The status of the register certificate request.
dict
Response Syntax
{ 'certificateArn': 'string', 'certificateId': 'string' }
Response Structure
(dict) --
certificateArn (string) --
The Amazon Resource Name (ARN) of the registered certificate.
certificateId (string) --
The ID of the registered certificate. (The last part of the certificate ARN contains the certificate ID.
{'tags': [{'Key': 'string', 'Value': 'string'}]}
Creates an authorizer.
See also: AWS API Documentation
Request Syntax
client.create_authorizer( authorizerName='string', authorizerFunctionArn='string', tokenKeyName='string', tokenSigningPublicKeys={ 'string': 'string' }, status='ACTIVE'|'INACTIVE', tags=[ { 'Key': 'string', 'Value': 'string' }, ], signingDisabled=True|False )
string
[REQUIRED]
The authorizer name.
string
[REQUIRED]
The ARN of the authorizer's Lambda function.
string
The name of the token key used to extract the token from the HTTP headers.
dict
The public keys used to verify the digital signature returned by your custom authentication service.
(string) --
(string) --
string
The status of the create authorizer request.
list
Metadata which can be used to manage the custom authorizer.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) -- [REQUIRED]
The tag's key.
Value (string) --
The tag's value.
boolean
Specifies whether AWS IoT validates the token signature in an authorization request.
dict
Response Syntax
{ 'authorizerName': 'string', 'authorizerArn': 'string' }
Response Structure
(dict) --
authorizerName (string) --
The authorizer's name.
authorizerArn (string) --
The authorizer ARN.
{'tags': [{'Key': 'string', 'Value': 'string'}]}
Creates a domain configuration.
Note
The domain configuration feature is in public preview and is subject to change.
See also: AWS API Documentation
Request Syntax
client.create_domain_configuration( domainConfigurationName='string', domainName='string', serverCertificateArns=[ 'string', ], validationCertificateArn='string', authorizerConfig={ 'defaultAuthorizerName': 'string', 'allowAuthorizerOverride': True|False }, serviceType='DATA'|'CREDENTIAL_PROVIDER'|'JOBS', tags=[ { 'Key': 'string', 'Value': 'string' }, ] )
string
[REQUIRED]
The name of the domain configuration. This value must be unique to a region.
string
The name of the domain.
list
The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS-managed domains.
(string) --
string
The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for AWS-managed domains.
dict
An object that specifies the authorization service for a domain.
defaultAuthorizerName (string) --
The name of the authorization service for a domain configuration.
allowAuthorizerOverride (boolean) --
A Boolean that specifies whether the domain configuration's authorization service can be overridden.
string
The type of service delivered by the endpoint.
Note
AWS IoT Core currently supports only the DATA service type.
list
Metadata which can be used to manage the domain configuration.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) -- [REQUIRED]
The tag's key.
Value (string) --
The tag's value.
dict
Response Syntax
{ 'domainConfigurationName': 'string', 'domainConfigurationArn': 'string' }
Response Structure
(dict) --
domainConfigurationName (string) --
The name of the domain configuration.
domainConfigurationArn (string) --
The ARN of the domain configuration.
{'tags': [{'Key': 'string', 'Value': 'string'}]}
Creates an AWS IoT policy.
The created policy is the default version for the policy. This operation creates a policy version with a version identifier of 1 and sets 1 as the policy's default version.
See also: AWS API Documentation
Request Syntax
client.create_policy( policyName='string', policyDocument='string', tags=[ { 'Key': 'string', 'Value': 'string' }, ] )
string
[REQUIRED]
The policy name.
string
[REQUIRED]
The JSON document that describes the policy. policyDocument must have a minimum length of 1, with a maximum length of 2048, excluding whitespace.
list
Metadata which can be used to manage the policy.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) -- [REQUIRED]
The tag's key.
Value (string) --
The tag's value.
dict
Response Syntax
{ 'policyName': 'string', 'policyArn': 'string', 'policyDocument': 'string', 'policyVersionId': 'string' }
Response Structure
(dict) --
The output from the CreatePolicy operation.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
policyDocument (string) --
The JSON document that describes the policy.
policyVersionId (string) --
The policy version ID.
{'preProvisioningHook': {'payloadVersion': 'string', 'targetArn': 'string'}}
Creates a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
client.create_provisioning_template( templateName='string', description='string', templateBody='string', enabled=True|False, provisioningRoleArn='string', preProvisioningHook={ 'payloadVersion': 'string', 'targetArn': 'string' }, tags=[ { 'Key': 'string', 'Value': 'string' }, ] )
string
[REQUIRED]
The name of the fleet provisioning template.
string
The description of the fleet provisioning template.
string
[REQUIRED]
The JSON formatted contents of the fleet provisioning template.
boolean
True to enable the fleet provisioning template, otherwise false.
string
[REQUIRED]
The role ARN for the role associated with the fleet provisioning template. This IoT role grants permission to provision a device.
dict
Creates a pre-provisioning hook template.
payloadVersion (string) --
The payload that was sent to the target function.
Note: Only Lambda functions are currently supported.
targetArn (string) -- [REQUIRED]
The ARN of the target function.
Note: Only Lambda functions are currently supported.
list
Metadata which can be used to manage the fleet provisioning template.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) -- [REQUIRED]
The tag's key.
Value (string) --
The tag's value.
dict
Response Syntax
{ 'templateArn': 'string', 'templateName': 'string', 'defaultVersionId': 123 }
Response Structure
(dict) --
templateArn (string) --
The ARN that identifies the provisioning template.
templateName (string) --
The name of the fleet provisioning template.
defaultVersionId (integer) --
The default version of the fleet provisioning template.
{'tags': [{'Key': 'string', 'Value': 'string'}]}
Creates a role alias.
See also: AWS API Documentation
Request Syntax
client.create_role_alias( roleAlias='string', roleArn='string', credentialDurationSeconds=123, tags=[ { 'Key': 'string', 'Value': 'string' }, ] )
string
[REQUIRED]
The role alias that points to a role ARN. This allows you to change the role without having to update the device.
string
[REQUIRED]
The role ARN.
integer
How long (in seconds) the credentials will be valid.
list
Metadata which can be used to manage the role alias.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) -- [REQUIRED]
The tag's key.
Value (string) --
The tag's value.
dict
Response Syntax
{ 'roleAlias': 'string', 'roleAliasArn': 'string' }
Response Structure
(dict) --
roleAlias (string) --
The role alias.
roleAliasArn (string) --
The role alias ARN.
{'certificateDescription': {'certificateMode': 'DEFAULT | SNI_ONLY'}}
Gets information about the specified certificate.
See also: AWS API Documentation
Request Syntax
client.describe_certificate( certificateId='string' )
string
[REQUIRED]
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
dict
Response Syntax
{ 'certificateDescription': { 'certificateArn': 'string', 'certificateId': 'string', 'caCertificateId': 'string', 'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION', 'certificatePem': 'string', 'ownedBy': 'string', 'previousOwnedBy': 'string', 'creationDate': datetime(2015, 1, 1), 'lastModifiedDate': datetime(2015, 1, 1), 'customerVersion': 123, 'transferData': { 'transferMessage': 'string', 'rejectReason': 'string', 'transferDate': datetime(2015, 1, 1), 'acceptDate': datetime(2015, 1, 1), 'rejectDate': datetime(2015, 1, 1) }, 'generationId': 'string', 'validity': { 'notBefore': datetime(2015, 1, 1), 'notAfter': datetime(2015, 1, 1) }, 'certificateMode': 'DEFAULT'|'SNI_ONLY' } }
Response Structure
(dict) --
The output of the DescribeCertificate operation.
certificateDescription (dict) --
The description of the certificate.
certificateArn (string) --
The ARN of the certificate.
certificateId (string) --
The ID of the certificate.
caCertificateId (string) --
The certificate ID of the CA certificate used to sign this certificate.
status (string) --
The status of the certificate.
certificatePem (string) --
The certificate data, in PEM format.
ownedBy (string) --
The ID of the AWS account that owns the certificate.
previousOwnedBy (string) --
The ID of the AWS account of the previous owner of the certificate.
creationDate (datetime) --
The date and time the certificate was created.
lastModifiedDate (datetime) --
The date and time the certificate was last modified.
customerVersion (integer) --
The customer version of the certificate.
transferData (dict) --
The transfer data.
transferMessage (string) --
The transfer message.
rejectReason (string) --
The reason why the transfer was rejected.
transferDate (datetime) --
The date the transfer took place.
acceptDate (datetime) --
The date the transfer was accepted.
rejectDate (datetime) --
The date the transfer was rejected.
generationId (string) --
The generation ID of the certificate.
validity (dict) --
When the certificate is valid.
notBefore (datetime) --
The certificate is not valid before this date.
notAfter (datetime) --
The certificate is not valid after this date.
certificateMode (string) --
The mode of the certificate.
{'preProvisioningHook': {'payloadVersion': 'string', 'targetArn': 'string'}}
Returns information about a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
client.describe_provisioning_template( templateName='string' )
string
[REQUIRED]
The name of the fleet provisioning template.
dict
Response Syntax
{ 'templateArn': 'string', 'templateName': 'string', 'description': 'string', 'creationDate': datetime(2015, 1, 1), 'lastModifiedDate': datetime(2015, 1, 1), 'defaultVersionId': 123, 'templateBody': 'string', 'enabled': True|False, 'provisioningRoleArn': 'string', 'preProvisioningHook': { 'payloadVersion': 'string', 'targetArn': 'string' } }
Response Structure
(dict) --
templateArn (string) --
The ARN of the fleet provisioning template.
templateName (string) --
The name of the fleet provisioning template.
description (string) --
The description of the fleet provisioning template.
creationDate (datetime) --
The date when the fleet provisioning template was created.
lastModifiedDate (datetime) --
The date when the fleet provisioning template was last modified.
defaultVersionId (integer) --
The default fleet template version ID.
templateBody (string) --
The JSON formatted contents of the fleet provisioning template.
enabled (boolean) --
True if the fleet provisioning template is enabled, otherwise false.
provisioningRoleArn (string) --
The ARN of the role associated with the provisioning template. This IoT role grants permission to provision a device.
preProvisioningHook (dict) --
Gets information about a pre-provisioned hook.
payloadVersion (string) --
The payload that was sent to the target function.
Note: Only Lambda functions are currently supported.
targetArn (string) --
The ARN of the target function.
Note: Only Lambda functions are currently supported.
{'certificates': {'certificateMode': 'DEFAULT | SNI_ONLY'}}
Lists the certificates registered in your AWS account.
The results are paginated with a default page size of 25. You can use the returned marker to retrieve additional results.
See also: AWS API Documentation
Request Syntax
client.list_certificates( pageSize=123, marker='string', ascendingOrder=True|False )
integer
The result page size.
string
The marker for the next set of results.
boolean
Specifies the order for results. If True, the results are returned in ascending order, based on the creation date.
dict
Response Syntax
{ 'certificates': [ { 'certificateArn': 'string', 'certificateId': 'string', 'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION', 'certificateMode': 'DEFAULT'|'SNI_ONLY', 'creationDate': datetime(2015, 1, 1) }, ], 'nextMarker': 'string' }
Response Structure
(dict) --
The output of the ListCertificates operation.
certificates (list) --
The descriptions of the certificates.
(dict) --
Information about a certificate.
certificateArn (string) --
The ARN of the certificate.
certificateId (string) --
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
status (string) --
The status of the certificate.
The status value REGISTER_INACTIVE is deprecated and should not be used.
certificateMode (string) --
The mode of the certificate.
creationDate (datetime) --
The date and time the certificate was created.
nextMarker (string) --
The marker for the next set of results, or null if there are no additional results.
{'certificates': {'certificateMode': 'DEFAULT | SNI_ONLY'}}
List the device certificates signed by the specified CA certificate.
See also: AWS API Documentation
Request Syntax
client.list_certificates_by_ca( caCertificateId='string', pageSize=123, marker='string', ascendingOrder=True|False )
string
[REQUIRED]
The ID of the CA certificate. This operation will list all registered device certificate that were signed by this CA certificate.
integer
The result page size.
string
The marker for the next set of results.
boolean
Specifies the order for results. If True, the results are returned in ascending order, based on the creation date.
dict
Response Syntax
{ 'certificates': [ { 'certificateArn': 'string', 'certificateId': 'string', 'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION', 'certificateMode': 'DEFAULT'|'SNI_ONLY', 'creationDate': datetime(2015, 1, 1) }, ], 'nextMarker': 'string' }
Response Structure
(dict) --
The output of the ListCertificatesByCA operation.
certificates (list) --
The device certificates signed by the specified CA certificate.
(dict) --
Information about a certificate.
certificateArn (string) --
The ARN of the certificate.
certificateId (string) --
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
status (string) --
The status of the certificate.
The status value REGISTER_INACTIVE is deprecated and should not be used.
certificateMode (string) --
The mode of the certificate.
creationDate (datetime) --
The date and time the certificate was created.
nextMarker (string) --
The marker for the next set of results, or null if there are no additional results.
{'tags': [{'Key': 'string', 'Value': 'string'}]}
Registers a CA certificate with AWS IoT. This CA certificate can then be used to sign device certificates, which can be then registered with AWS IoT. You can register up to 10 CA certificates per AWS account that have the same subject field. This enables you to have up to 10 certificate authorities sign your device certificates. If you have more than one CA certificate registered, make sure you pass the CA certificate when you register your device certificates with the RegisterCertificate API.
See also: AWS API Documentation
Request Syntax
client.register_ca_certificate( caCertificate='string', verificationCertificate='string', setAsActive=True|False, allowAutoRegistration=True|False, registrationConfig={ 'templateBody': 'string', 'roleArn': 'string' }, tags=[ { 'Key': 'string', 'Value': 'string' }, ] )
string
[REQUIRED]
The CA certificate.
string
[REQUIRED]
The private key verification certificate.
boolean
A boolean value that specifies if the CA certificate is set to active.
boolean
Allows this CA certificate to be used for auto registration of device certificates.
dict
Information about the registration configuration.
templateBody (string) --
The template body.
roleArn (string) --
The ARN of the role.
list
Metadata which can be used to manage the CA certificate.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) -- [REQUIRED]
The tag's key.
Value (string) --
The tag's value.
dict
Response Syntax
{ 'certificateArn': 'string', 'certificateId': 'string' }
Response Structure
(dict) --
The output from the RegisterCACertificateResponse operation.
certificateArn (string) --
The CA certificate ARN.
certificateId (string) --
The CA certificate identifier.
{'preProvisioningHook': {'payloadVersion': 'string', 'targetArn': 'string'}, 'removePreProvisioningHook': 'boolean'}
Updates a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
client.update_provisioning_template( templateName='string', description='string', enabled=True|False, defaultVersionId=123, provisioningRoleArn='string', preProvisioningHook={ 'payloadVersion': 'string', 'targetArn': 'string' }, removePreProvisioningHook=True|False )
string
[REQUIRED]
The name of the fleet provisioning template.
string
The description of the fleet provisioning template.
boolean
True to enable the fleet provisioning template, otherwise false.
integer
The ID of the default provisioning template version.
string
The ARN of the role associated with the provisioning template. This IoT role grants permission to provision a device.
dict
Updates the pre-provisioning hook template.
payloadVersion (string) --
The payload that was sent to the target function.
Note: Only Lambda functions are currently supported.
targetArn (string) -- [REQUIRED]
The ARN of the target function.
Note: Only Lambda functions are currently supported.
boolean
Removes pre-provisioning hook template.
dict
Response Syntax
{}
Response Structure
(dict) --