AWT IOT with pre-existing certs,key and policy

  1. My goal is: to get aws pub/sub working using pre-existing aws setup (topic, certs, key and policy)

  2. My actions are: [describe your actions - code, commands, etc]
    modified the example init.js file for button shadow and manually setup all of the aws parameters and loaded the certs and key into the file system. Everything seems to function except it never connects to aws.

  3. The result I see is: [show the result - log, etc]
    the Event.CLOUD_CONNECTED event never happens

  4. My expectation & question is: [describe your expectation and your question]
    The only obvious thing I see wrong is the the aws-iot-setup routine has an option for mos default policy. I already have a policy tied to the pre-existing certs when they were created months ago for another project. Can I use the existing setup without using the aws-iot-setup policy? What migh I be missing in setting up aws pub/sub?

image

Do you have your AWS thing name defined? E.g.:

  "aws": {
    "thing_name": "your_thing_name"
  }

Make sure this matches the thing name that AWS expects.

-AD

Already did that. Also as mentioned in the code somewhere, The device_id is used if thing_name is undefined.

OK… Here’s a thought:

  1. Start up your default image (not on AWS)
  2. Run ‘mos config-get’ and save the results to a file
  3. Run 'mos aws-iot-setup – --aws-iot-thing ’ to have mos properly register your device on AWS
  4. Run ‘mos config-get’ and save the results to a new file
  5. Diff the two files generated from 2 & 4

These steps should tell you specifically how mos would setup your AWS config. With that info hopefully you’ll have a recipe on how to pre-provision your device.

Crude but maybe effective?
-AD

@Autodog even easier: the diff will be the conf9.json (modulo wifi config) plus two cert files.

1 Like

Good suggestions.
Where does the conf9.json file hide. I haven’t seen it anywhere.
I did find out that using the AWSCA1 root cert instead of using the mongoose os pre-packaged certs was what was causing it to fail. I don’t know why that is the case as our legacy products work just fine using the AWS cert. Another mystery of life.

conf9.json should live in the same directory as conf0.json

-AD