1. tcsh

    Posted

    tcsh
Changes in title
+[JAWS-UG CLI] IoT #13 デバイス証明書の削除
Changes in tags
Changes in body
Source | HTML | Preview
@@ -0,0 +1,217 @@
+前提条件
+========
+
+
+IoTへの権限
+-----------
+
+AWS IoTに対してフル権限があること。
+
+
+AWS CLI
+-------
+
+以下のバージョンで動作確認済
+
+- AWS CLI 1.11.14
+
+```bash:コマンド:
+aws --version
+```
+
+```text:結果(例):
+ aws-cli/1.11.14 Python/2.7.10 Darwin/15.6.0 botocore/1.4.71
+```
+
+バージョンが古い場合は最新版に更新しましょう。
+
+```bash:コマンド:
+sudo -H pip install -U awscli
+```
+
+
+0. 準備
+=======
+
+
+0.1. リージョンの決定
+---------------------
+
+```bash:変数の設定
+export AWS_DEFAULT_REGION='ap-northeast-1'
+```
+
+
+0.2. 変数の確認
+---------------
+
+プロファイルが想定のものになっていることを確認します。
+
+```bash:変数の確認:
+aws configure list
+```
+
+```text:結果(例):
+ Name Value Type Location
+ ---- ----- ---- --------
+ profile iotFull-handson-mbpr13 env AWS_DEFAULT_PROFILE
+ access_key ****************XXXX shared-credentials-file
+ secret_key ****************XXXX shared-credentials-file
+ region ap-northeast-1 env AWS_DEFAULT_REGION
+```
+
+
+0.3. デバイス証明書のID指定
+---------------------------
+
+デバイス証明書のリストを確認し、利用するデバイス証明書のIDを変数に格納
+します。
+
+```bash:コマンド:
+aws iot list-certificates
+```
+
+```json:結果(例):
+ {
+ "certificates": [
+ {
+ "certificateArn": "arn:aws:iot:ap-northeast-1:xxxxxxxxxxxxxxert/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "status": "ACTIVE",
+ "creationDate": 1234567890.123,
+ "certificateId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ }
+ ]
+ }
+```
+
+```bash:変数の設定(例):
+IOT_CERT_ID='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
+```
+
+
+1. 事前作業
+===========
+
+
+1.1. 証明書の確認
+-----------------
+
+削除する前に内容を確認します。
+
+```bash:コマンド:
+aws iot describe-certificate \
+ --certificate-id ${IOT_CERT_ID}
+```
+
+```json:結果(例):
+ {
+ "certificateDescription": {
+ "certificateArn": "arn:aws:iot:ap-northeast-1:XXXXXXXXXXXX:cert/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "status": "ACTIVE",
+ "certificateId": "80a17bb1186611bbb862e975b2d320171fac1ef73c669f6293e14f63e2c6965d",
+ "lastModifiedDate": 1234567890.123,
+ "certificatePem": "-----BEGIN CERTIFICATE-----nMIIDWTCCAxGgAwIBAxIUY8xfeGP/fpZbXmn2mRa36jWYmccwDXYJKoZIhvcNAXELnBXAwTTFLMEkGA1UECwxCXW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20gnSW5jLiBMPVNlYXR0bGUgU1X9V2FzaGluZ3RvbiBDPVVTMB4XDTE1MTAyODE0MzAwnOFoXDTX5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTXVdTIElvVCBDZXJ0aWZpY2F0nZTCCASIwDXYJKoZIhvcNAXEBBXADggEPADCCAXoCggEBALzAjiFmnb7iGUa28xmtn88aXeOeubswXD4f5IOZnU+pPGEhiXaOkLGlUgWMJK8I/HMlKXwXVs3jXs9t4ssWNnSGT7rO/nVnHXBoN8gOA7ElveKWIU+YiPsXZPGMFY3YOLAvXIrYSw7Cs9hDwxkwy+nZSzkDC8XgyRkxnhdHijcdSX+kpfUbRYbt2sGdR5rh9dN+oYAchJY/fAqN8uw5KxtnjVezXe8+lmnPp8pVX3WpulL5syK2kzef3N90wnU2Fl0AsyWJe5lZunMX/l7P2HsjnOKzNT2ijEA/l6R2v0P4Jt7Sh0SUCghbpGMfFaca92fv+6ZF+TUm7XxuooWdII3m9nnOECAwEAAaNgMF4wHwYDVR0jBBgwFoAUflYWhwUohrr/9kXFX5SCO48he2MwHXYDnVR0OBBYEFPzCg7YGfwPe6eiqJFg3/86ZqpPOMAwGA1UdEwEB/wXCMAAwDgYDVR0PnAXH/BAXDAgeAMA0GCSqGSIb3DXEBCwUAA4IBAXBZaXOa5tR3yokq16yUIMLN7D3InWqP8Y1g6ge0dK1st76+LXWwkDd/F9T4jXWlAWF4e2+Xm8mDYwtP4Pcq+KwRwMr/bnbCXc/4xm86G1dDZbHfdYYLG/9TntV98NPAmtzl85olnmxA79jv5iXNFet7luxGKYn4hd3ypd1R93CwJvEWDIY33eLpXdaFMJdG2PiH/Z3/XXr4HueUR1KFAp2adbOfgbUnnAFVkVEXgcRyDqvnyTtmMOkYjfcerINXkva5z6y1+/1ENXyePT4v8712xWP+AgNknSmm79RMGHCzPED5lN3EuhJJyJf6yZVSfjx0+hF70alOcZiBPND0NYMIO/Xxxn-----END CERTIFICATE-----n",
+ "ownedBy": "XXXXXXXXXXXX",
+ "creationDate": 1234567890.012
+ }
+ }
+```
+
+
+1.2. 証明書の無効化
+-------------------
+
+削除する前に証明書を無効化します。
+
+```bash:コマンド:
+IOT_CERT_STATUS=$( \
+ aws iot describe-certificate \
+ --certificate-id ${IOT_CERT_ID} \
+ --query 'certificateDescription.status' \
+ --output text \
+) \
+ && echo ${IOT_CERT_STATUS}
+```
+
+```text:結果(例):
+ ACTIVE
+```
+
+```bash:変数の設定
+IOT_CERT_STATUS_NEW='REVOKED'
+```
+
+```bash:変数の確認:
+cat << ETX
+
+ IOT_CERT_ID: ${IOT_CERT_ID}
+ IOT_CERT_STATUS_NEW: ${IOT_CERT_STATUS_NEW}
+
+ETX
+```
+
+```bash:コマンド:
+aws iot update-certificate \
+ --certificate-id ${IOT_CERT_ID} \
+ --new-status ${IOT_CERT_STATUS_NEW}
+```
+
+```text:結果(例):
+ (戻り値なし)
+```
+
+```bash:コマンド:
+IOT_CERT_STATUS=$( \
+ aws iot describe-certificate \
+ --certificate-id ${IOT_CERT_ID} \
+ --query 'certificateDescription.status' \
+ --output text \
+) \
+ && echo ${IOT_CERT_STATUS}
+```
+
+```text:結果(例):
+ REVOKED
+```
+
+
+2. デバイス証明書の削除
+=======================
+
+
+2.2. デバイス証明書の削除
+-------------------------
+
+```bash:変数の確認:
+cat << ETX
+
+ IOT_CERT_ID: ${IOT_CERT_ID}
+
+ETX
+```
+
+```bash:コマンド:
+aws iot delete-certificate \
+ --certificate-id ${IOT_CERT_ID}
+```
+
+```text:結果(例):
+ (戻り値なし)
+```
+
+
+3. 事後作業
+===========
+
+```bash:コマンド:
+aws iot describe-certificate \
+ --certificate-id ${IOT_CERT_ID}
+```
+
+```text:結果(例):
+ An error occurred (ResourceNotFoundException) when calling the DescribeCertificate operation: CertificateId xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx does not exist
+```
+
+
+完了
+====