AWS Fleet Provisioning (by claim) using JS

#1

Hello everyone,

I’ve been trying to follow the following AWS Workflow:

  1. My goal is: To be able to complete the provisioning workflow using a boostrapped certificate.

  2. My actions are: I try to connect do AWS IoT using a bootstrap certificate, the device seems to be connecting to AWS and instantly disconnecting as per picture:

I’d like to know how can I adapt the Python example to Mongoose OS JS, so i can go through this fleet provisioning workflow.

Many thanks,

#2

Have you been able to connect to AWS in the easy, tutorial-like, way ?
AFAIK, and IIRC, those bootstrap certificates are intended for a one-time connection, that is:

  • the device connects with bootstrap certificate
  • AWS identifies the device, sends proper credentials, and disconnects
  • the device is expected to install new credentials and use them from now on
  • the device reconnects with new credentials

You don’t “adapt” a Python example to Javascript (or C), you understand the example and write Javascript (or C) code; basically, you have to write code for the process described above, using the Python example as a guide.

#3

Hi @scaprile,

Thanks for your reply.

Yes, I have been able to connect to AWS the easy tutorial-like way, no problem with that.

The thing is that by trying to follow this method, you provide a bootstrap certificate with very limited policy restrictions (basically enough to connect and generate a definitive credential inside AWS), but my device is instantly disconnecting I’m not sure why.

One thing I did as a debug was to change the device policy to a less restrictive one and the device was then able to connect, but that’s not what is intended.

What I meant by adapting was understanding what the example does and translating it into JS, but until now I couldn’t come up with a solution.

The second step you mention " * AWS identifies the device, sends proper credentials, and disconnects" is the one I believe is not happening.

#4

I already explained why your device disconnects:

Tutorial: no disconnects, AWS verifies valid certificate and communication goes on. This has to work if you did things right. Otherwise, check again.
Bootstrap: AWS disconnects the device, it must connect again with a proper (valid) certificate.

I understand all your concerns, that is why AWS provides a robust and scalable method, and that is your responsibility to implement. Otherwise: generate and load one certificate for each device as the tutorial suggests, and manage your devices one by one or in groups, as you see fit, without bootstrapping or other job related stuff. This has no security concerns (if properly done), except for the hassle of manually adding devices.

If AWS is not sending proper credentials is because you did not properly configure AWS to do that.
If the tutorial works then all things mOS-related are working and what you need is a properly configured AWS environment for bootstrapping, and proper mOS code to interface with AWS in the bootstrapping process. Unfortunately no one has written that as a library (AFAIK) so you’ll (quite likely) have to do it yourself.