AWS IoT

2020/04/30 - AWS IoT - 1 new 11 updated api methods

Changes  AWS IoT Core released Fleet Provisioning for scalable onboarding of IoT devices to the cloud. This release includes support for customer's Lambda functions to validate devices during onboarding. Fleet Provisioning also allows devices to send Certificate Signing Requests (CSR) to AWS IoT Core for signing and getting a unique certificate. Lastly, AWS IoT Core added a feature to register the same certificate for multiple accounts in the same region without needing to register the certificate authority (CA).

RegisterCertificateWithoutCA (new) Link ¶

Register a certificate that does not have a certificate authority (CA).

See also: AWS API Documentation

Request Syntax

client.register_certificate_without_ca(
    certificatePem='string',
    status='ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION'
)
type certificatePem

string

param certificatePem

[REQUIRED]

The certificate data, in PEM format.

type status

string

param status

The status of the register certificate request.

rtype

dict

returns

Response Syntax

{
    'certificateArn': 'string',
    'certificateId': 'string'
}

Response Structure

  • (dict) --

    • certificateArn (string) --

      The Amazon Resource Name (ARN) of the registered certificate.

    • certificateId (string) --

      The ID of the registered certificate. (The last part of the certificate ARN contains the certificate ID.

CreateAuthorizer (updated) Link ¶
Changes (request)
{'tags': [{'Key': 'string', 'Value': 'string'}]}

Creates an authorizer.

See also: AWS API Documentation

Request Syntax

client.create_authorizer(
    authorizerName='string',
    authorizerFunctionArn='string',
    tokenKeyName='string',
    tokenSigningPublicKeys={
        'string': 'string'
    },
    status='ACTIVE'|'INACTIVE',
    tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    signingDisabled=True|False
)
type authorizerName

string

param authorizerName

[REQUIRED]

The authorizer name.

type authorizerFunctionArn

string

param authorizerFunctionArn

[REQUIRED]

The ARN of the authorizer's Lambda function.

type tokenKeyName

string

param tokenKeyName

The name of the token key used to extract the token from the HTTP headers.

type tokenSigningPublicKeys

dict

param tokenSigningPublicKeys

The public keys used to verify the digital signature returned by your custom authentication service.

  • (string) --

    • (string) --

type status

string

param status

The status of the create authorizer request.

type tags

list

param tags

Metadata which can be used to manage the custom authorizer.

Note

For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

  • (dict) --

    A set of key/value pairs that are used to manage the resource.

    • Key (string) -- [REQUIRED]

      The tag's key.

    • Value (string) --

      The tag's value.

type signingDisabled

boolean

param signingDisabled

Specifies whether AWS IoT validates the token signature in an authorization request.

rtype

dict

returns

Response Syntax

{
    'authorizerName': 'string',
    'authorizerArn': 'string'
}

Response Structure

  • (dict) --

    • authorizerName (string) --

      The authorizer's name.

    • authorizerArn (string) --

      The authorizer ARN.

CreateDomainConfiguration (updated) Link ¶
Changes (request)
{'tags': [{'Key': 'string', 'Value': 'string'}]}

Creates a domain configuration.

Note

The domain configuration feature is in public preview and is subject to change.

See also: AWS API Documentation

Request Syntax

client.create_domain_configuration(
    domainConfigurationName='string',
    domainName='string',
    serverCertificateArns=[
        'string',
    ],
    validationCertificateArn='string',
    authorizerConfig={
        'defaultAuthorizerName': 'string',
        'allowAuthorizerOverride': True|False
    },
    serviceType='DATA'|'CREDENTIAL_PROVIDER'|'JOBS',
    tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
type domainConfigurationName

string

param domainConfigurationName

[REQUIRED]

The name of the domain configuration. This value must be unique to a region.

type domainName

string

param domainName

The name of the domain.

type serverCertificateArns

list

param serverCertificateArns

The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS-managed domains.

  • (string) --

type validationCertificateArn

string

param validationCertificateArn

The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for AWS-managed domains.

type authorizerConfig

dict

param authorizerConfig

An object that specifies the authorization service for a domain.

  • defaultAuthorizerName (string) --

    The name of the authorization service for a domain configuration.

  • allowAuthorizerOverride (boolean) --

    A Boolean that specifies whether the domain configuration's authorization service can be overridden.

type serviceType

string

param serviceType

The type of service delivered by the endpoint.

Note

AWS IoT Core currently supports only the DATA service type.

type tags

list

param tags

Metadata which can be used to manage the domain configuration.

Note

For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

  • (dict) --

    A set of key/value pairs that are used to manage the resource.

    • Key (string) -- [REQUIRED]

      The tag's key.

    • Value (string) --

      The tag's value.

rtype

dict

returns

Response Syntax

{
    'domainConfigurationName': 'string',
    'domainConfigurationArn': 'string'
}

Response Structure

  • (dict) --

    • domainConfigurationName (string) --

      The name of the domain configuration.

    • domainConfigurationArn (string) --

      The ARN of the domain configuration.

CreatePolicy (updated) Link ¶
Changes (request)
{'tags': [{'Key': 'string', 'Value': 'string'}]}

Creates an AWS IoT policy.

The created policy is the default version for the policy. This operation creates a policy version with a version identifier of 1 and sets 1 as the policy's default version.

See also: AWS API Documentation

Request Syntax

client.create_policy(
    policyName='string',
    policyDocument='string',
    tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
type policyName

string

param policyName

[REQUIRED]

The policy name.

type policyDocument

string

param policyDocument

[REQUIRED]

The JSON document that describes the policy. policyDocument must have a minimum length of 1, with a maximum length of 2048, excluding whitespace.

type tags

list

param tags

Metadata which can be used to manage the policy.

Note

For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

  • (dict) --

    A set of key/value pairs that are used to manage the resource.

    • Key (string) -- [REQUIRED]

      The tag's key.

    • Value (string) --

      The tag's value.

rtype

dict

returns

Response Syntax

{
    'policyName': 'string',
    'policyArn': 'string',
    'policyDocument': 'string',
    'policyVersionId': 'string'
}

Response Structure

  • (dict) --

    The output from the CreatePolicy operation.

    • policyName (string) --

      The policy name.

    • policyArn (string) --

      The policy ARN.

    • policyDocument (string) --

      The JSON document that describes the policy.

    • policyVersionId (string) --

      The policy version ID.

CreateProvisioningTemplate (updated) Link ¶
Changes (request)
{'preProvisioningHook': {'payloadVersion': 'string', 'targetArn': 'string'}}

Creates a fleet provisioning template.

See also: AWS API Documentation

Request Syntax

client.create_provisioning_template(
    templateName='string',
    description='string',
    templateBody='string',
    enabled=True|False,
    provisioningRoleArn='string',
    preProvisioningHook={
        'payloadVersion': 'string',
        'targetArn': 'string'
    },
    tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
type templateName

string

param templateName

[REQUIRED]

The name of the fleet provisioning template.

type description

string

param description

The description of the fleet provisioning template.

type templateBody

string

param templateBody

[REQUIRED]

The JSON formatted contents of the fleet provisioning template.

type enabled

boolean

param enabled

True to enable the fleet provisioning template, otherwise false.

type provisioningRoleArn

string

param provisioningRoleArn

[REQUIRED]

The role ARN for the role associated with the fleet provisioning template. This IoT role grants permission to provision a device.

type preProvisioningHook

dict

param preProvisioningHook

Creates a pre-provisioning hook template.

  • payloadVersion (string) --

    The payload that was sent to the target function.

    Note: Only Lambda functions are currently supported.

  • targetArn (string) -- [REQUIRED]

    The ARN of the target function.

    Note: Only Lambda functions are currently supported.

type tags

list

param tags

Metadata which can be used to manage the fleet provisioning template.

Note

For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

  • (dict) --

    A set of key/value pairs that are used to manage the resource.

    • Key (string) -- [REQUIRED]

      The tag's key.

    • Value (string) --

      The tag's value.

rtype

dict

returns

Response Syntax

{
    'templateArn': 'string',
    'templateName': 'string',
    'defaultVersionId': 123
}

Response Structure

  • (dict) --

    • templateArn (string) --

      The ARN that identifies the provisioning template.

    • templateName (string) --

      The name of the fleet provisioning template.

    • defaultVersionId (integer) --

      The default version of the fleet provisioning template.

CreateRoleAlias (updated) Link ¶
Changes (request)
{'tags': [{'Key': 'string', 'Value': 'string'}]}

Creates a role alias.

See also: AWS API Documentation

Request Syntax

client.create_role_alias(
    roleAlias='string',
    roleArn='string',
    credentialDurationSeconds=123,
    tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
type roleAlias

string

param roleAlias

[REQUIRED]

The role alias that points to a role ARN. This allows you to change the role without having to update the device.

type roleArn

string

param roleArn

[REQUIRED]

The role ARN.

type credentialDurationSeconds

integer

param credentialDurationSeconds

How long (in seconds) the credentials will be valid.

type tags

list

param tags

Metadata which can be used to manage the role alias.

Note

For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

  • (dict) --

    A set of key/value pairs that are used to manage the resource.

    • Key (string) -- [REQUIRED]

      The tag's key.

    • Value (string) --

      The tag's value.

rtype

dict

returns

Response Syntax

{
    'roleAlias': 'string',
    'roleAliasArn': 'string'
}

Response Structure

  • (dict) --

    • roleAlias (string) --

      The role alias.

    • roleAliasArn (string) --

      The role alias ARN.

DescribeCertificate (updated) Link ¶
Changes (response)
{'certificateDescription': {'certificateMode': 'DEFAULT | SNI_ONLY'}}

Gets information about the specified certificate.

See also: AWS API Documentation

Request Syntax

client.describe_certificate(
    certificateId='string'
)
type certificateId

string

param certificateId

[REQUIRED]

The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)

rtype

dict

returns

Response Syntax

{
    'certificateDescription': {
        'certificateArn': 'string',
        'certificateId': 'string',
        'caCertificateId': 'string',
        'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION',
        'certificatePem': 'string',
        'ownedBy': 'string',
        'previousOwnedBy': 'string',
        'creationDate': datetime(2015, 1, 1),
        'lastModifiedDate': datetime(2015, 1, 1),
        'customerVersion': 123,
        'transferData': {
            'transferMessage': 'string',
            'rejectReason': 'string',
            'transferDate': datetime(2015, 1, 1),
            'acceptDate': datetime(2015, 1, 1),
            'rejectDate': datetime(2015, 1, 1)
        },
        'generationId': 'string',
        'validity': {
            'notBefore': datetime(2015, 1, 1),
            'notAfter': datetime(2015, 1, 1)
        },
        'certificateMode': 'DEFAULT'|'SNI_ONLY'
    }
}

Response Structure

  • (dict) --

    The output of the DescribeCertificate operation.

    • certificateDescription (dict) --

      The description of the certificate.

      • certificateArn (string) --

        The ARN of the certificate.

      • certificateId (string) --

        The ID of the certificate.

      • caCertificateId (string) --

        The certificate ID of the CA certificate used to sign this certificate.

      • status (string) --

        The status of the certificate.

      • certificatePem (string) --

        The certificate data, in PEM format.

      • ownedBy (string) --

        The ID of the AWS account that owns the certificate.

      • previousOwnedBy (string) --

        The ID of the AWS account of the previous owner of the certificate.

      • creationDate (datetime) --

        The date and time the certificate was created.

      • lastModifiedDate (datetime) --

        The date and time the certificate was last modified.

      • customerVersion (integer) --

        The customer version of the certificate.

      • transferData (dict) --

        The transfer data.

        • transferMessage (string) --

          The transfer message.

        • rejectReason (string) --

          The reason why the transfer was rejected.

        • transferDate (datetime) --

          The date the transfer took place.

        • acceptDate (datetime) --

          The date the transfer was accepted.

        • rejectDate (datetime) --

          The date the transfer was rejected.

      • generationId (string) --

        The generation ID of the certificate.

      • validity (dict) --

        When the certificate is valid.

        • notBefore (datetime) --

          The certificate is not valid before this date.

        • notAfter (datetime) --

          The certificate is not valid after this date.

      • certificateMode (string) --

        The mode of the certificate.

DescribeProvisioningTemplate (updated) Link ¶
Changes (response)
{'preProvisioningHook': {'payloadVersion': 'string', 'targetArn': 'string'}}

Returns information about a fleet provisioning template.

See also: AWS API Documentation

Request Syntax

client.describe_provisioning_template(
    templateName='string'
)
type templateName

string

param templateName

[REQUIRED]

The name of the fleet provisioning template.

rtype

dict

returns

Response Syntax

{
    'templateArn': 'string',
    'templateName': 'string',
    'description': 'string',
    'creationDate': datetime(2015, 1, 1),
    'lastModifiedDate': datetime(2015, 1, 1),
    'defaultVersionId': 123,
    'templateBody': 'string',
    'enabled': True|False,
    'provisioningRoleArn': 'string',
    'preProvisioningHook': {
        'payloadVersion': 'string',
        'targetArn': 'string'
    }
}

Response Structure

  • (dict) --

    • templateArn (string) --

      The ARN of the fleet provisioning template.

    • templateName (string) --

      The name of the fleet provisioning template.

    • description (string) --

      The description of the fleet provisioning template.

    • creationDate (datetime) --

      The date when the fleet provisioning template was created.

    • lastModifiedDate (datetime) --

      The date when the fleet provisioning template was last modified.

    • defaultVersionId (integer) --

      The default fleet template version ID.

    • templateBody (string) --

      The JSON formatted contents of the fleet provisioning template.

    • enabled (boolean) --

      True if the fleet provisioning template is enabled, otherwise false.

    • provisioningRoleArn (string) --

      The ARN of the role associated with the provisioning template. This IoT role grants permission to provision a device.

    • preProvisioningHook (dict) --

      Gets information about a pre-provisioned hook.

      • payloadVersion (string) --

        The payload that was sent to the target function.

        Note: Only Lambda functions are currently supported.

      • targetArn (string) --

        The ARN of the target function.

        Note: Only Lambda functions are currently supported.

ListCertificates (updated) Link ¶
Changes (response)
{'certificates': {'certificateMode': 'DEFAULT | SNI_ONLY'}}

Lists the certificates registered in your AWS account.

The results are paginated with a default page size of 25. You can use the returned marker to retrieve additional results.

See also: AWS API Documentation

Request Syntax

client.list_certificates(
    pageSize=123,
    marker='string',
    ascendingOrder=True|False
)
type pageSize

integer

param pageSize

The result page size.

type marker

string

param marker

The marker for the next set of results.

type ascendingOrder

boolean

param ascendingOrder

Specifies the order for results. If True, the results are returned in ascending order, based on the creation date.

rtype

dict

returns

Response Syntax

{
    'certificates': [
        {
            'certificateArn': 'string',
            'certificateId': 'string',
            'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION',
            'certificateMode': 'DEFAULT'|'SNI_ONLY',
            'creationDate': datetime(2015, 1, 1)
        },
    ],
    'nextMarker': 'string'
}

Response Structure

  • (dict) --

    The output of the ListCertificates operation.

    • certificates (list) --

      The descriptions of the certificates.

      • (dict) --

        Information about a certificate.

        • certificateArn (string) --

          The ARN of the certificate.

        • certificateId (string) --

          The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)

        • status (string) --

          The status of the certificate.

          The status value REGISTER_INACTIVE is deprecated and should not be used.

        • certificateMode (string) --

          The mode of the certificate.

        • creationDate (datetime) --

          The date and time the certificate was created.

    • nextMarker (string) --

      The marker for the next set of results, or null if there are no additional results.

ListCertificatesByCA (updated) Link ¶
Changes (response)
{'certificates': {'certificateMode': 'DEFAULT | SNI_ONLY'}}

List the device certificates signed by the specified CA certificate.

See also: AWS API Documentation

Request Syntax

client.list_certificates_by_ca(
    caCertificateId='string',
    pageSize=123,
    marker='string',
    ascendingOrder=True|False
)
type caCertificateId

string

param caCertificateId

[REQUIRED]

The ID of the CA certificate. This operation will list all registered device certificate that were signed by this CA certificate.

type pageSize

integer

param pageSize

The result page size.

type marker

string

param marker

The marker for the next set of results.

type ascendingOrder

boolean

param ascendingOrder

Specifies the order for results. If True, the results are returned in ascending order, based on the creation date.

rtype

dict

returns

Response Syntax

{
    'certificates': [
        {
            'certificateArn': 'string',
            'certificateId': 'string',
            'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION',
            'certificateMode': 'DEFAULT'|'SNI_ONLY',
            'creationDate': datetime(2015, 1, 1)
        },
    ],
    'nextMarker': 'string'
}

Response Structure

  • (dict) --

    The output of the ListCertificatesByCA operation.

    • certificates (list) --

      The device certificates signed by the specified CA certificate.

      • (dict) --

        Information about a certificate.

        • certificateArn (string) --

          The ARN of the certificate.

        • certificateId (string) --

          The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)

        • status (string) --

          The status of the certificate.

          The status value REGISTER_INACTIVE is deprecated and should not be used.

        • certificateMode (string) --

          The mode of the certificate.

        • creationDate (datetime) --

          The date and time the certificate was created.

    • nextMarker (string) --

      The marker for the next set of results, or null if there are no additional results.

RegisterCACertificate (updated) Link ¶
Changes (request)
{'tags': [{'Key': 'string', 'Value': 'string'}]}

Registers a CA certificate with AWS IoT. This CA certificate can then be used to sign device certificates, which can be then registered with AWS IoT. You can register up to 10 CA certificates per AWS account that have the same subject field. This enables you to have up to 10 certificate authorities sign your device certificates. If you have more than one CA certificate registered, make sure you pass the CA certificate when you register your device certificates with the RegisterCertificate API.

See also: AWS API Documentation

Request Syntax

client.register_ca_certificate(
    caCertificate='string',
    verificationCertificate='string',
    setAsActive=True|False,
    allowAutoRegistration=True|False,
    registrationConfig={
        'templateBody': 'string',
        'roleArn': 'string'
    },
    tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
type caCertificate

string

param caCertificate

[REQUIRED]

The CA certificate.

type verificationCertificate

string

param verificationCertificate

[REQUIRED]

The private key verification certificate.

type setAsActive

boolean

param setAsActive

A boolean value that specifies if the CA certificate is set to active.

type allowAutoRegistration

boolean

param allowAutoRegistration

Allows this CA certificate to be used for auto registration of device certificates.

type registrationConfig

dict

param registrationConfig

Information about the registration configuration.

  • templateBody (string) --

    The template body.

  • roleArn (string) --

    The ARN of the role.

type tags

list

param tags

Metadata which can be used to manage the CA certificate.

Note

For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

  • (dict) --

    A set of key/value pairs that are used to manage the resource.

    • Key (string) -- [REQUIRED]

      The tag's key.

    • Value (string) --

      The tag's value.

rtype

dict

returns

Response Syntax

{
    'certificateArn': 'string',
    'certificateId': 'string'
}

Response Structure

  • (dict) --

    The output from the RegisterCACertificateResponse operation.

    • certificateArn (string) --

      The CA certificate ARN.

    • certificateId (string) --

      The CA certificate identifier.

UpdateProvisioningTemplate (updated) Link ¶
Changes (request)
{'preProvisioningHook': {'payloadVersion': 'string', 'targetArn': 'string'},
 'removePreProvisioningHook': 'boolean'}

Updates a fleet provisioning template.

See also: AWS API Documentation

Request Syntax

client.update_provisioning_template(
    templateName='string',
    description='string',
    enabled=True|False,
    defaultVersionId=123,
    provisioningRoleArn='string',
    preProvisioningHook={
        'payloadVersion': 'string',
        'targetArn': 'string'
    },
    removePreProvisioningHook=True|False
)
type templateName

string

param templateName

[REQUIRED]

The name of the fleet provisioning template.

type description

string

param description

The description of the fleet provisioning template.

type enabled

boolean

param enabled

True to enable the fleet provisioning template, otherwise false.

type defaultVersionId

integer

param defaultVersionId

The ID of the default provisioning template version.

type provisioningRoleArn

string

param provisioningRoleArn

The ARN of the role associated with the provisioning template. This IoT role grants permission to provision a device.

type preProvisioningHook

dict

param preProvisioningHook

Updates the pre-provisioning hook template.

  • payloadVersion (string) --

    The payload that was sent to the target function.

    Note: Only Lambda functions are currently supported.

  • targetArn (string) -- [REQUIRED]

    The ARN of the target function.

    Note: Only Lambda functions are currently supported.

type removePreProvisioningHook

boolean

param removePreProvisioningHook

Removes pre-provisioning hook template.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --