Each device certificate that is created in AWS IoT should be attached with a security policy. A device security policy consists of access permissions to the AWS IoT server. If you don't attach a security policy to your device certificate, your IoT device can't access AWS IoT.
You can follow these steps to configure a device security policy:
- Open a browser and navigate to the AWS IoT console, found at http://console.aws.amazon.com/iot/home.
- Log on with your AWS account; if you succeed, you should see the AWS IoT console.
- Click on the Secure | Policies menu so that you can get a web form, as shown in Figure 10.7.
- Click on the Create button, as shown in the following screenshot:
Figure 10.7: Creating a security policy
- After you have clicked on Create, you will get a web form as shown in Figure 10.8.
- Next, fill out your policy name.
- Add a policy statement with the iot:* Action and the * Resource ARN. This statement enables our IoT device to access AWT IoT services:
Figure 10.8: Giving the policy name and its permissions
- Create this security policy.
- Now you can click on the Secure | Certificates menu.
- Select your device certificate and click on the Actions menu.
- Click on Attach policy in the drop-down, as shown in Figure 10.9:
Figure 10.9: Attaching a security policy into a certificate
- After clicking on the menu, you should get a dialog box as shown in Figure 10.10.
- Select all of our security policies.
- When you are done, click on the Attach button:
Figure 10.10. Selecting a security policy
Now your device certificate has a security policy.
Next, we will develop an ESP32 program to access AWS IoT.