forked from aws-samples/amazon-kinesis-video-streams-demos
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcert_setup.sh
executable file
·23 lines (21 loc) · 1.66 KB
/
cert_setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#!/bin/bash
prefix=$1
thingName="p${prefix}_thing"
thingTypeName="p${prefix}_thing_type"
iotPolicyName="p${prefix}_policy"
kvsPolicyName="p${prefix}_policy"
iotRoleName="p${prefix}_role"
iotRoleAlias="p${prefix}_role_alias"
iotCert="p${prefix}_certificate.pem"
iotPublicKey="p${prefix}_public.key"
iotPrivateKey="p${prefix}_private.key"
# Create the certificate to which you must attach the policy for IoT that you created above.
aws --profile default iot create-keys-and-certificate --set-as-active --certificate-pem-outfile $iotCert --public-key-outfile $iotPublicKey --private-key-outfile $iotPrivateKey > certificate
# Attach the policy for IoT (KvsCameraIoTPolicy created above) to this certificate.
aws --profile default iot attach-policy --policy-name $iotPolicyName --target $(jq --raw-output '.certificateArn' certificate)
# Attach your IoT thing (kvs_example_camera_stream) to the certificate you just created:
aws --profile default iot attach-thing-principal --thing-name $thingName --principal $(jq --raw-output '.certificateArn' certificate)
# In order to authorize requests through the IoT credentials provider, you need the IoT credentials endpoint which is unique to your AWS account ID. You can use the following command to get the IoT credentials endpoint.
aws --profile default iot describe-endpoint --endpoint-type iot:CredentialProvider --output text > iot-credential-provider.txt
# In addition to the X.509 cerficiate created above, you must also have a CA certificate to establish trust with the back-end service through TLS. You can get the CA certificate using the following command:
curl 'https://www.amazontrust.com/repository/SFSRootCAG2.pem' --output cacert.pem