https://catalog.us-east-1.prod.workshops.aws/workshops/b3e0b830-79b8-4c1d-8a4c-e10406600035/ja-JP
https://qiita.com/ekzemplaro/items/a95df050833204c266fb
モノ -- 証明書 -- ポリシー
-- 1. コマンド等のインストール
-- 1.1 aws cli version 2 インストール
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
-- 1.2 jqインストール
sudo yum -y install jq
-- 2. IoT Core のセットアップ
-- 2.1 ポリシーの作成
vim policy01.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:*",
"Resource": "*"
}
]
}
aws iot create-policy \
--policy-name policy01 \
--policy-document file://policy01.json
aws iot list-policies
aws iot get-policy \
--policy-name policy01
-- 2.2 モノの作成
aws iot create-thing \
--thing-name thing01
aws iot list-things
aws iot describe-thing \
--thing-name thing01
-- 2.3 証明書の作成
cd
aws iot create-keys-and-certificate \
--set-as-active \
--certificate-pem-outfile certificate.pem.crt \
--private-key-outfile private.pem.key
aws iot list-certificates
ls -ltr
-- 2.4 モノに証明書をアタッチ
aws iot attach-thing-principal \
--thing-name thing01 \
--principal arn:aws:iot:ap-northeast-1:999999999999:cert/1111111111111111111111111111111111111111111111111111111111111111
aws iot list-thing-principals \
--thing-name thing01
-- 2.5 証明書にポリシーをアタッチ
aws iot attach-principal-policy \
--principal arn:aws:iot:ap-northeast-1:999999999999:cert/1111111111111111111111111111111111111111111111111111111111111111 \
--policy-name policy01
aws iot list-principal-policies \
--principal arn:aws:iot:ap-northeast-1:999999999999:cert/1111111111111111111111111111111111111111111111111111111111111111
-- 3. デバイスのセットアップ
-- 3.1 AWS IoT Device SDK Python v2 を使った dummy client の設定
pip3 install --user awsiotsdk
mkdir -p ~/environment/dummy_client/certs/
cd ~/environment/dummy_client/
wget https://awsj-iot-handson.s3-ap-northeast-1.amazonaws.com/aws-iot-core-workshop/dummy_client/device_main.py -O device_main.py
-- 3.2 ルートCA証明書のダウンロード
cd ~/environment/dummy_client
wget https://www.amazontrust.com/repository/AmazonRootCA1.pem -O certs/AmazonRootCA1.pem
aws iot describe-endpoint \
--endpoint-type iot:Data-ATS
cd
cp certificate.pem.crt ~/environment/dummy_client/certs
cp private.pem.key ~/environment/dummy_client/certs
cd ~/environment/dummy_client/
python3 device_main.py --device_name thing01 --endpoint 22222222222222-ats.iot.ap-northeast-1.amazonaws.com
-- 3.4 疎通テスト
AWS IoT Coreのコンソール画面の「MQTT テストクライアント」から実施
data/thing01
-- 4. クリーンアップ
-- モノの削除
aws iot list-things
aws iot detach-thing-principal \
--thing-name thing01 \
--principal arn:aws:iot:ap-northeast-1:999999999999:cert/1111111111111111111111111111111111111111111111111111111111111111
aws iot delete-thing \
--thing-name thing01
-- 証明書の削除
aws iot list-certificates
aws iot update-certificate \
--certificate-id 1111111111111111111111111111111111111111111111111111111111111111 \
--new-status INACTIVE
aws iot delete-certificate \
--certificate-id 1111111111111111111111111111111111111111111111111111111111111111 \
--force-delete
-- ポリシーの削除
aws iot list-policies
aws iot delete-policy \
--policy-name policy01