What precisely does 'mos aws-iot-setup' do?

#1

We need to send devices out into the field without running ‘mos aws-iot-setup’ first. Our plan is to have the devices connect to an AWS lambda function that will create the things in AWS, and that function will do all the setup, and then tell the device where to get it’s .key and .pem files (or perhaps send those down in the response).

It looks like some other people are going down a similar road, judging from AWS with existing certifcates and AWT IOT with pre-existing certs,key and policy.

I understand that ‘aws-iot-setup’ runs some AWS APIs to create the thing and setup some policies. At first blush, it looks like it does at least RegisterThing, and creates a certificate tied to the created thing, and ties that cert to the ‘mos-default’ policy, but it’s not clear how the keys and pem files are generated.

Are the precise APIs that are called documented anywhere?

#2

Eventually found my own answer. The source for the mos tool is available, so answers are in there.

the mos tools generates it’s own CSR and sends it to AWS.