Index | Prev | Next

Commissioning controllers with JITP

The following process describes how you can commission controllers using Just In Time Provisioning.
Image
  1. The AWSIoTThingsRegistration role is assigned to an AWS access key.
  2. A CA certificate is registered along with a provisioning template policy by a process authorized by that role.
  3. Any device trying to connect to the AWS IoT endpoint for that account will initially have the connection rejected.
  4. However, if that certificate presented as authentication was signed by the CA registered in step 1, AWS will then automatically commission a Thing to represent your device according to the rules in the provisioning template, thereby using values from the certificate. When the device makes a subsequent connection attempt, it will be granted access.

The functionality within the AWS service allows a Niagara Workbench user to perform the task of optionally generating a new CA certificate or using a user-imported one, and performing the CA registration and template creation with AWS via their REST API.

The provisioning template created by Niagara Workbench will result in the following:

  • The Thing name within AWS matches the Common Name value of the device certificate.
  • The Thing will be granted a policy allowing the following permissions for all resources:
    • iot:Connect
    • iot:Publish
    • iot:Subscribe
    • iot:Receive
    • iot:GetRetainedMessage
    • iot:ListRetainedMessages
    • iot:RetainPublish

Related Links

  • Setting up JITP for devices
  • Configuring Just In Time Provisioning (JITP) (Parent Topic)

    • Index | Prev | Next