Consider that you have an office in a certain city. You have special assets within the office, so you don't allow people to come without your permission. Each person that comes to your office you will ask about their identity and purpose. If you feel that they have a vague identity, you can prevent them from coming to your office. This situation can be applied in AWS IoT.
Amazon AWS IoT applies identity and security to all IoT devices that want to access AWS IoT resources. All IoT devices should be registered to AWS IoT Management Console. You can perform this task using a browser and navigating to https://console.aws.amazon.com/iot. In the Manage section in the left-hand menu, you can add your IoT devices. You can see the AWS IoT Management Console in the following screenshot. AWS will charge based on the number of registered IoT devices:
The task of registering IoT devices has already been covered in Chapter 1, Getting Started with AWS IoT, and you can read and review it. The result of registration is getting an AWS IoT device certificate. It consists of certificate and key files.
You also can register IoT devices using the command line through AWS CLI. You can use the create-keys-and-certificate command. Please read how to use it on https://docs.aws.amazon.com/cli/latest/reference/iot/create-keys-and-certificate.html. To perform this task, you should install AWS CLI. You can read the installation instructions for AWS CLI at https://github.com/aws/aws-cli.
Each IoT device will have its own security certificate. When you register a new IoT device, AWS IoT will generate a security certificate for your IoT device. AWS also provides a custom security certificate. You can bring your own security certificate and then upload it to AWS IoT.
If you want to use your own security certificate, you can create a new certificate from the AWS IoT Management Console. Proceed with the following steps:
- You can select the Use my certificate option by clicking on the Get started button, as shown in the following screenshot:
- Next, you should see the screen that is shown in the following screenshot. You can click on the Register CA button to create a new security certificate:
- The next screen shows some steps to generate a certificate using openssl. Complete these steps to generate a certificate file that you can upload to AWS IoT:
After performing these steps, you can use own security certificate on AWS IoT. You probably can attach your own security certificate file for all IoT devices.