LoginSignup
0
0

More than 5 years have passed since last update.

@tcsh(Hirokazu HATANO)

[JAWS-UG CLI] IoT #3 デバイス証明書の作成

Last updated at Posted at 2016-11-17

前提条件

IoTへの権限

AWS IoTに対してフル権限があること。

AWS CLI

以下のバージョンで動作確認済

  • AWS CLI 1.11.14
コマンド
aws --version
結果(例)
      aws-cli/1.11.14 Python/2.7.10 Darwin/15.6.0 botocore/1.4.71

バージョンが古い場合は最新版に更新しましょう。

コマンド
sudo -H pip install -U awscli

0. 準備

0.1. リージョンの決定

変数の設定
export AWS_DEFAULT_REGION='ap-northeast-1'

0.2. 変数の確認

プロファイルが想定のものになっていることを確認します。

変数の確認
aws configure list
結果(例)
            Name                    Value             Type    Location
            ----                    -----             ----    --------
         profile       iotFull-handson-mbpr13        env    AWS_DEFAULT_PROFILE
      access_key     ****************XXXX shared-credentials-file
      secret_key     ****************XXXX shared-credentials-file
          region        ap-northeast-1        env    AWS_DEFAULT_REGION

1. 事前作業

1.1. デバイス証明書のファイル名決定

変数の設定
IOT_CERT_NAME="handson-$( date '+%Y%m%d' )" \
        && echo ${IOT_CERT_NAME}
変数の設定
FILE_IOT_CERT=${IOT_CERT_NAME}.cert
FILE_IOT_PUBLIC_KEY=${IOT_CERT_NAME}.pub
FILE_IOT_PRIVATE_KEY=${IOT_CERT_NAME}.pem

2. デバイス証明書の作成

2.1. 時間の取得

デバイス証明書IDの特定で必要になります。

変数の設定
TIME_CURRENT=$( date +%s.000 ) \
        && echo ${TIME_CURRENT}

2.2. デバイス証明書の作成

変数の確認
cat << ETX

        FILE_IOT_CERT:        ${FILE_IOT_CERT}
        FILE_IOT_PUBLIC_KEY:  ${FILE_IOT_PUBLIC_KEY}
        FILE_IOT_PRIVATE_KEY: ${FILE_IOT_PRIVATE_KEY}

ETX
コマンド
aws iot create-keys-and-certificate \
        --set-as-active \
        --certificate-pem-outfile ${FILE_IOT_CERT} \
        --public-key-outfile ${FILE_IOT_PUBLIC_KEY} \
        --private-key-outfile ${FILE_IOT_PRIVATE_KEY}
結果(例)
      {
        "certificateArn": "arn:aws:iot:ap-northeast-1:XXXXXXXXXXXX:cert/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "certificatePem": "-----BEGIN CERTIFICATE-----nMIIDWTCCAkGgAxIBAgIUY8xfeGP/fpZbXmn2mRa36jWYmccwDXYJKoZIhvcNAXELnBXAwTTFLMEkGA1UECwxCXW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20gnSW5jLiBMPVNlYXR0bGUgU1X9V2FzaGluZ3RvbiBDPVVTMB4XDTE1MTAyODE0MzAwnOFoXDTX5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTXVdTIElvVCBDZXJ0aWZpY2F0nZTCCASIwDXYJKoZIhvcNAXEBBXADggEPADCCAXoCggEBALzAjiFmnb7iGUa28xmtn88aXeOeubswXD4f5IOZnU+pPGEhiXaOkLGlUgWMJK8I/HMlKXwXVs3jXs9t4ssWNnSGT7rO/nVnHXBoN8gOA7ElveKWIU+YiPsXZPGMFY3YOLAvXIrYSw7Cs9hDwxkwy+nZSzkDC8XgyRkxnhdHijcdSX+kpfUbRYbt2sGdR5rh9dN+oYAchJY/fAqN8uw5KxtnjVezXe8+lmnPp8pVX3WpulL5syK2kzef3N90wnU2Fl0AsyWJe5lZunMX/l7P2HsjnOKzNT2ijEA/l6R2v0P4Jt7Sh0SUCghbpGMfFaca92fv+6ZF+TUm7XxuooWdII3m9nnOECAwEAAaNgMF4wHwYDVR0jBBgwFoAUflYWhwUohrr/9kXFX5SCO48he2MwHXYDnVR0OBBYEFPzCg7YGfwPe6eiqJFg3/86ZqpPOMAwGA1UdEwEB/wXCMAAwDgYDVR0PnAXH/BAXDAgeAMA0GCSqGSIb3DXEBCwUAA4IBAXBZaXOa5tR3yokq16yUIMLN7D3InWqP8Y1g6ge0dK1st76+LXWwkDd/F9T4jXWlAWF4e2+Xm8mDYwtP4Pcq+KwRwMr/bnbCXc/4xm86G1dDZbHfdYYLG/9TntV98NPAmtzl85olnmxA79jv5iXNFet7luxGKYn4hd3ypd1R93CwJvEWDIY33eLpXdaFMJdG2PiH/Z3/XXr4HueUR1KFAp2adbOfgbUnnAFVkVEXgcRyDqvnyTtmMOkYjfcerINXkva5z6y1+/1ENXyePT4v8712xWP+AgNknSmm79RMGHCzPED5lN3EuhJJyJf6yZVSfjx0+hF70alOcZiBPND0NYMIO/Xxrn-----END CERTIFICATE-----n",
        "keyPair": {
          "PublicKey": "-----BEGIN PUBLIC KEY-----nMIIBIjANBgkqhkiG9x0BAXEFAAOCAX8AMIIBCgKCAXEAvMCOIWadvuIZRrbzGa3znxpB4565uzBAPh/kg5mdT6k8YSGJdo6XsaVSBYwkrwj8cyUpfBBWzeNCz23iyxY1InZPus7+dWcdAGg3yA4DsSW94pYhT5iI+xBk8YwVjdg4sC9AithLDsKz2EPDGTDL5lnLOXMLxeDJGTGeF0eKNx1JD6Sl9RtFhu3awZ1HmuH1036hgByElj98Co3y7DkrG2NnV7NB7z6Wac+nylVDdam6UvmzIraTN5/c33TCdTYWXXCzJYl7mVm6cxD+Xs/YeyM4nrM1PaKMXD+XpHa/X/gm3tKHRJXKCFukYx8Vpxr3Z+/7pkX5NSbtDG6ihZ0gjeb2cn4XIDAXABn-----END PUBLIC KEY-----n",
          "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----nMIIEowIBAAKxAXEAvMCOIWadvuIZRrbzGa3zxpB4565uzBAPh/kg5mdT6k8YSGJdno6XsaVSBYwkrwj8cyUpfBBWzeNCz23iyxY1IZPus7+dWcdAGg3yA4DsSW94pYhT5niI+xBk8YwVjdg4sC9AithLDsKz2EPDGTDL5lLOXMLxeDJGTGeF0eKNx1JD6Sl9RtnFhu3awZ1HmuH1036hgByElj98Co3y7DkrG2NV7NB7z6Wac+nylVDdam6UvmzIraTnN5/c33TCdTYWXXCzJYl7mVm6cxD+Xs/YeyM4rM1PaKMXD+XpHa/X/gm3tKHRJXKCnFukYx8Vpxr3Z+/7pkX5NSbtDG6ihZ0gjeb2c4XIDAXABAoIBAHBKqgPq9ZvTDTCJntNSpLWcLGjLTDm1ufJ7rMoyAGmdCCPM/OfAZwqYjNRqDITpdq7WA/kgC1RPiLa46n/zgSFmilZbwPx9jL5qXg1NcRrZlj8XC987ovqiRTuCmGwbn5YJdn9jsDumz7GwlongNBLEXwE287EUSu8nGqNE11B0prtbH++RSvDBbTwrYNXq13ypUdR2Ku/qvhkz1GbnrYraOvNbBWj4z9hAZFPpu4al45HGJDHigf/x/CBwze3OnpO6+LJuGJYaCBpLwfsknGyiWCH1dI/GSTvTrvbgYt2TCUaii/vHSyIjFNsKBN35AhpdmVTXnwXoHVxD8/5OMn/0YrwIUCgYEA7qBjvqX7S6H9AdiraOFjk0Ce9SXUE82SXUEWVoZj23KASLNzPvWVn8ALGFRXUaapU/XdsDzJPvrf1wnA5+dEvRb7u4N1Wf7KeZhsIcCX30vSoqIb1JfeqnPcfMTKBcstDUXRYaLB4/mRGoic2ka7m3dXYxXIEz6N0DgERdiMLWmcsCgYEAyn6WntkVv3vV+EmDn87GH+MDLLiKWbYaqsOgfZYw9Cr3xA3afsT42XY4Dzy9pxsT1K0c/nYW9VYhpAxahBva3XH94L62i0z5s55VzkpM6hwTaZbOSXzatMn/vpoHIE4cgwV/x1nghCM+r1X2C0aAMJLyObnH8YCM25iuxWwVtdRfoMCgYA2vm8DnnPH/yqnEMkKL6MDndjDBduM3g9LIy6DPStd/0b3ib+DBkd/LByfgUHjBoXUMfSg6OEWZMGTeLZbvW/EnnZA0zYzPj6dty+0KtT9iR+fTzbLqy8iWJNNwGvEdn8oavX93PP0VB3Y43xwiwehO/nciM8dCevhXy3IXf/1wsajwKBgBkAoGNJF5MUBMkIJhu04/EW/P9pTeGgKxtEzfufn4TmeUk/3Kaic4eGTU20VkZ31W8BIP88sDALc8vp02AkvmO8WX6pld03bAL8NRT4EnNXzB3RfX8d13NTLby/D/oxKtwSpcBbZVjNK45W6LwxYs52aa/Ba0XDlRe+dVujw+nwdU5AoGBAMGijxLdcHRhVKOdV7ptNYWal9PrpjvEvykulIa6zCwHmtECZuRGaZ79nz32Pl9zEVdfmesYMYwN1j88uybPN5hlbyIOimfcYbBXF8XXwHyMSHdukedjZy9kxndCF0sexyRWy2ir6XBX4vPPYS0U8MYej/ImChgVSGHG1jHL+eBHP0n-----END RSA PRIVATE KEY-----n"
        },
        "certificateId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      }
コマンド
ls -l | grep ${IOT_CERT_NAME}
結果(例)
      -rw-------  1 lab  staff   1224 11 15 16:27 handson-20161115.cert
      -rw-------  1 lab  staff   1675 11 15 16:27 handson-20161115.pem
      -rw-------  1 lab  staff    451 11 15 16:27 handson-20161115.pub

2.3. デバイス証明書IDの取得

コマンド
IOT_CERT_ID=$( \
        aws iot list-certificates \
          --query "certificates[?creationDate > \`${TIME_CURRENT}\`].certificateId" \
          --output text \
) \
        && echo ${IOT_CERT_ID}
結果(例)
      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

3. 事後作業

コマンド
aws iot describe-certificate \
        --certificate-id ${IOT_CERT_ID}
結果(例)
      {
        "certificateDescription": {
          "certificateArn": "arn:aws:iot:ap-northeast-1:XXXXXXXXXXXX:cert/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
          "status": "ACTIVE",
          "certificateId": "80a17bb1186611bbb862e975b2d320171fac1ef73c669f6293e14f63e2c6965d",
          "lastModifiedDate": 1234567890.123,
          "certificatePem": "-----BEGIN CERTIFICATE-----nMIIDWTCCAxGgAwIBAxIUY8xfeGP/fpZbXmn2mRa36jWYmccwDXYJKoZIhvcNAXELnBXAwTTFLMEkGA1UECwxCXW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20gnSW5jLiBMPVNlYXR0bGUgU1X9V2FzaGluZ3RvbiBDPVVTMB4XDTE1MTAyODE0MzAwnOFoXDTX5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTXVdTIElvVCBDZXJ0aWZpY2F0nZTCCASIwDXYJKoZIhvcNAXEBBXADggEPADCCAXoCggEBALzAjiFmnb7iGUa28xmtn88aXeOeubswXD4f5IOZnU+pPGEhiXaOkLGlUgWMJK8I/HMlKXwXVs3jXs9t4ssWNnSGT7rO/nVnHXBoN8gOA7ElveKWIU+YiPsXZPGMFY3YOLAvXIrYSw7Cs9hDwxkwy+nZSzkDC8XgyRkxnhdHijcdSX+kpfUbRYbt2sGdR5rh9dN+oYAchJY/fAqN8uw5KxtnjVezXe8+lmnPp8pVX3WpulL5syK2kzef3N90wnU2Fl0AsyWJe5lZunMX/l7P2HsjnOKzNT2ijEA/l6R2v0P4Jt7Sh0SUCghbpGMfFaca92fv+6ZF+TUm7XxuooWdII3m9nnOECAwEAAaNgMF4wHwYDVR0jBBgwFoAUflYWhwUohrr/9kXFX5SCO48he2MwHXYDnVR0OBBYEFPzCg7YGfwPe6eiqJFg3/86ZqpPOMAwGA1UdEwEB/wXCMAAwDgYDVR0PnAXH/BAXDAgeAMA0GCSqGSIb3DXEBCwUAA4IBAXBZaXOa5tR3yokq16yUIMLN7D3InWqP8Y1g6ge0dK1st76+LXWwkDd/F9T4jXWlAWF4e2+Xm8mDYwtP4Pcq+KwRwMr/bnbCXc/4xm86G1dDZbHfdYYLG/9TntV98NPAmtzl85olnmxA79jv5iXNFet7luxGKYn4hd3ypd1R93CwJvEWDIY33eLpXdaFMJdG2PiH/Z3/XXr4HueUR1KFAp2adbOfgbUnnAFVkVEXgcRyDqvnyTtmMOkYjfcerINXkva5z6y1+/1ENXyePT4v8712xWP+AgNknSmm79RMGHCzPED5lN3EuhJJyJf6yZVSfjx0+hF70alOcZiBPND0NYMIO/Xxxn-----END CERTIFICATE-----n",
          "ownedBy": "XXXXXXXXXXXX",
          "creationDate": 1234567890.012
        }
      }

完了

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0