Hello,
I am trying to build a project with esp32 s3 module where I want to claim and provision the device with aws. I looked at the fleet provisioning with csr examples in esp-aws-iot and aws sdk but unfortunately I am not able to compile the code or use them. i even looked at the aws iot sdk embedded c.
I am use esp idf version 5.4
What I need:
I have a esp32 device. I receive a temporary certificate from the App.
now using the temporary certificate the esp32 connects to aws cloud
from the aws cloud a unique certificate is sent to the esp32
the esp32 stores this certificate and performs all future mqtt connections
Can anybody help me or point me to the correct working example ? help would be highly appreciated
Thank you!
Help with esp32 AWS fleet provisioning with csr
-
imdahisaria
- Posts: 9
- Joined: Thu Sep 29, 2016 7:40 am
Re: Help with esp32 AWS fleet provisioning with csr
Hi,
its over 5 years when i worked with esp32 and aws, but i believe you need this
https://docs.aws.amazon.com/iot/latest/ ... oning.html
https://aws.amazon.com/blogs/iot/settin ... -iot-core/
JIT - Just In Time provisioning
There is also JITR but i believe that JIT is better
https://aws.amazon.com/blogs/iot/just-i ... n-aws-iot/
its over 5 years when i worked with esp32 and aws, but i believe you need this
https://docs.aws.amazon.com/iot/latest/ ... oning.html
https://aws.amazon.com/blogs/iot/settin ... -iot-core/
JIT - Just In Time provisioning
There is also JITR but i believe that JIT is better
https://aws.amazon.com/blogs/iot/just-i ... n-aws-iot/
-
imdahisaria
- Posts: 9
- Joined: Thu Sep 29, 2016 7:40 am
Re: Help with esp32 AWS fleet provisioning with csr
Thank you @chegewara, but what I need is a solution on esp32 side. I see that there are examples available but I am having difficulty in using them. Aws side everything is up and running.
Re: Help with esp32 AWS fleet provisioning with csr
I'm working on a project that is similar to what you're describing, although I'm letting AWS be the CA rather than use a different CA and a CSR. In my case I'm using the standard IDF MQTT client without the AWS IoT SDK.
On the ESP side I used the web server component to expose a post endpoint that the user/app/whatever uses to send the temporary certs to the ESP device. The device then uses the certs to connect to AWS MQTT and perform the provisioning steps to create permanent certificates and register the Thing with IoT core. If those steps are successful the device saves the permanent certs to flash.
It is a bit of a manual process, but in practice it only takes a second or two to complete. I've not had any issues doing the entire process from within the http endpoint handler.
I'm sure there are other ways to do this, but in my project I was already using the web server component, so using it for AWS provisioning seemed like a good fit.
Hope this helps.
On the ESP side I used the web server component to expose a post endpoint that the user/app/whatever uses to send the temporary certs to the ESP device. The device then uses the certs to connect to AWS MQTT and perform the provisioning steps to create permanent certificates and register the Thing with IoT core. If those steps are successful the device saves the permanent certs to flash.
It is a bit of a manual process, but in practice it only takes a second or two to complete. I've not had any issues doing the entire process from within the http endpoint handler.
I'm sure there are other ways to do this, but in my project I was already using the web server component, so using it for AWS provisioning seemed like a good fit.
Hope this helps.
Who is online
Users browsing this forum: No registered users and 140 guests