awslabs / aws-iot-certificate-vending-machine Goto Github PK
View Code? Open in Web Editor NEWThe CVM allows a device to apply for its own certificate and installation.
License: Apache License 2.0
The CVM allows a device to apply for its own certificate and installation.
License: Apache License 2.0
Hello,
Can anyone update the stack?
I tried to run the stack, it get error because lambda is nodejs 6.x, can anyone update the stack to meet the new version 10.x?
Thanks
In index.js, you said should write the certificate ID/Arn to indicate that the device has applied for a certificate. And the user can not apply again.
I do not understand this code, how to ensure one sn has one cert. Is it:
Looking forward to your reply.
I need the template.yaml to creat the CVM, and the accessToken and serialNumber can create multiple certificates ,but just return once. So,need I do extra something to avoid it?
the second creatition log is:
2018-04-18T11:13:25.351Z 81e505c0-42f9-11e8-8dcd-5360239d60ce { certificateArn: 'arn:aws:iot:us-east-1:506128028316:cert/5596bd96e0c1219b61f2a03742add29415513eb6c08d6d4788f69bd85e12809c',
certificateId: '5596bd96e0c1219b61f2a03742add29415513eb6c08d6d4788f69bd85e12809c',
certificatePem: '-----BEGIN CERTIFICATE-----\nMIIDWTCCAkGgAwIBAgIUE2bS8YcsygTpkMq6Rtr/feBXuRgwDQYJKoZIhvcNAQEL\nBQAwTTFLMEkGA1UECwxCQW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20g\nSW5jLiBMPVNlYXR0bGUgU1Q9V2FzaGluZ3RvbiBDPVVTMB4XDTE4MDQxODExMTEy\nNVoXDTQ5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTQVdTIElvVCBDZXJ0aWZpY2F0\nZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtgSKmSQADPNUaushpm\nLkmsZMxchFQCey412TFObBV11c5qar3R/svKe3os54hKj26c0ZgOTXRc0iyamTQF\nTZi4CDgkTQCMFW3Tgxh9M6Vrod81HlwbY0M7OhizP8iQIrieZyZdVTZhCUlM4Vpg\n/JAnXn7an2u8Yn6Pz6BBjssLoUu2J5F7DcTLvYuz9GnaAJkjju7bAghfTeV+8zkR\nXK5AwaF/DCj5UslGRjcHg/2G2oF7756iYFTHrIwl/7Aro0bMFqC1COWq3draqc1O\n/nYBTZM5l9n0wLTuMWPKHBWXvU3zGhvh2T7dhuEusxTwVVrFWNCO8Dd9VE7yV6Ol\nUU8CAwEAAaNgMF4wHwYDVR0jBBgwFoAUn6U7r6r9aZ/Y5cFEb7OoXT9Z86gwHQYD\nVR0OBBYEFFgSG7bOFp76sc0+sWmj/F+2K5BLMAwGA1UdEwEB/wQCMAAwDgYDVR0P\nAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQC7Qi1U1bWeoV0aueQ38U0y5wT+\nLDE+drrbHTrfFnk7hLqXs1MWRqjjbwiNCXAKAzrIgDg3LAEIhbU3NhEe0wweYQj0\nNqEJfPNAZhEOOu0tlRKWTX7f54tIu83m5fwsvnYJv5h3dVmJqMyfzzBjbSJBP5Ar\nrvf8J93mlEnJjfv+vcX0WSAkH4MOoGs70a/DnDSzvG1GR2NlOq6f9JYnL09Qp9nB\nZMW7pEkmL6BzFHSpQL/n50KuJwvYSX49tEN1Z0dbjS8lLhTcSfvf7ZLAi/P4FqfL\nF4eMEVY2xrEzLxx73iknPvXzqQs4Hqvp3LgGYUjg7UEGJUfDIKzZWG8746vC\n-----END CERTIFICATE-----\n',
keyPair:
{ PublicKey: '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2BIqZJAAM81Rq6yGmYu\nSaxkzFyEVAJ7LjXZMU5sFXXVzmpqvdH+y8p7eizniEqPbpzRmA5NdFzSLJqZNAVN\nmLgIOCRNAIwVbdODGH0zpWuh3zUeXBtjQzs6GLM/yJAiuJ5nJl1VNmEJSUzhWmD8\nkCdeftqfa7xifo/PoEGOywuhS7YnkXsNxMu9i7P0adoAmSOO7tsCCF9N5X7zORFc\nrkDBoX8MKPlSyUZGNweD/YbagXvvnqJgVMesjCX/sCujRswWoLUI5ard2tqpzU7+\ndgFNkzmX2fTAtO4xY8ocFZe9TfMaG+HZPt2G4S6zFPBVWsVY0I7wN31UTvJXo6VR\nTwIDAQAB\n-----END PUBLIC KEY-----\n',
PrivateKey: '-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAu2BIqZJAAM81Rq6yGmYuSaxkzFyEVAJ7LjXZMU5sFXXVzmpq\nvdH+y8p7eizniEqPbpzRmA5NdFzSLJqZNAVNmLgIOCRNAIwVbdODGH0zpWuh3zUe\nXBtjQzs6GLM/yJAiuJ5nJl1VNmEJSUzhWmD8kCdeftqfa7xifo/PoEGOywuhS7Yn\nkXsNxMu9i7P0adoAmSOO7tsCCF9N5X7zORFcrkDBoX8MKPlSyUZGNweD/YbagXvv\nnqJgVMesjCX/sCujRswWoLUI5ard2tqpzU7+dgFNkzmX2fTAtO4xY8ocFZe9TfMa\nG+HZPt2G4S6zFPBVWsVY0I7wN31UTvJXo6VRTwIDAQABAoIBACDJAQ3CjDZYCx9Z\n88nQtSqo4l4rle/JG1qDi4QoD5tVqdpbHmAmPSnVPPOspbpgKWaWQ8oSPpUspI2v\nYz0J7IDbOnzwRRTibeFwj9CaH45DHeibN7uwAxdBZrHpszBZn+mjtbKtw/om0mQj\n8o5IyAhFCzCw+hH0vVsduJt2vRBjpMnm8hfVBvutz4xPAAeu4C6hSwyqBDq/5Ioh\nuFHNyWpU4AD5/ITjB+AQfgOGN1dDIjIWkloSnp7+IPeZGD6Sk7iBcSc47zWfh4t7\n4V4HB88x9HgSe+ty6tVB+7cDwe3IhnlIVPUgXsOByMN0OMi6Iyk4eaN6pAKWDo5K\nX921eiECgYEA58vOKLAIWyQSAkKIdBKByrtPJw18LD+CcgG3Od4axReNqL92LkOy\nXZZuMv7NOd5VlRFZCahbzzKuGTu6ztqNgUcybo8K0pStJiBovyVmapWNf7jDQVr0\nwi6/DuLnw/d0Rji3Q5KM9J81gxnu9M1EBvzj2qqOjZ/Ga8Nu7Dg51x8CgYEAzvET\nxmGXKJO29U4/bhBrnSFf1QckjAzzd7edm/ES33jpYkpnZtylwTlazuH1gmomJKj7\nFUbHrcjlIpROtSloO98GRmHxgiRHsuIsgwDXl44q/NjEQIeks4fiid4xG5rnBp09\n14flP59xclN448l408t7Z2w1Cem2ZEjJIwpSL9ECgYB+PAzjNbLnR8aS+n7rj6Sl\nrsqVfw+P3WqCAhMx7ZZwnbolG1gWLAH4W9NZ7FAB4uaCzzbJPqn5NiWAUnoS6w1D\nSW3argX71sJRUDcbWhfjldzAoPOdJRbEpcahKcuEesAU+hA8OZSQKCBxbG8pXJxe\nndzNGjOWR1w9FerTtG8ziwKBgAROmC7E0TSS/nfUjRVpWhQHIct5PpV7n4WaWLlq\nJw5nodPd4JEPfpOq8ezkXwu70ddpfPBQbM99Iue5VnoGxpiYZ7UHTNN8ldFvS6Xe\nWp5Y4yQoDs2ZBSCHb3uXGEaOzsggda0KswbD9sR+YEG9a7pcvdDFO8VdC+LCcQ09\npcBBAoGBAIAK75kv2qOZhTbkk/T4UuohQuwG0iqCPReG2/inH5gsfeRmblSrq50W\nqC1xhMbQosBR7t9OGkCF1yypW8qW3a8wh2JoOXV1tbjc6lC9DTsuVL/VXi3s1IbG\nJkWq4RTi9oTCwudLYUZyQuB6+2HCDP7SkWeCdEiH6vnbqEnufCSt\n-----END RSA PRIVATE KEY-----\n' } }
2018-04-18T11:13:25.531Z 81e505c0-42f9-11e8-8dcd-5360239d60ce { ResourceAlreadyExistsException: Policy cannot be created - name already exists (name=value1)
at Object.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:48:27)
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/rest_json.js:52:8)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)
message: 'Policy cannot be created - name already exists (name=value1)',
code: 'ResourceAlreadyExistsException',
time: 2018-04-18T11:13:25.528Z,
requestId: '8370610f-42f9-11e8-a62d-6119292db4d5',
statusCode: 409,
retryable: false,
retryDelay: 28.728075605593983 } 'ResourceAlreadyExistsException: Policy cannot be created - name already exists (name=value1)\n at Object.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:48:27)\n at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/rest_json.js:52:8)\n at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)\n at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)\n at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)\n at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10\n at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)\n at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)'
In config.js line 11;
// In actual production, the policy document should be generated dynamically.
Isn't it a waste that generating a policy for every single thing? Assume that thousands of devices for an IoT solution. I think it should be only a single policy which allows publish and subscribe to topics by their certificate ID's. An example from AWS IoT docs is like this:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action":["iot:Publish"],
"Resource": ["arn:aws:iot:us-east-1:123456789012:topic/${iot:CertificateId}"]
},
{
"Effect": "Allow",
"Action": ["iot:Connect"],
"Resource": ["*"]
}]
}
What do you think about this, what are your recommendations about that?
The "Launch Stack" button on the README is broken; the bucket you deployed the processed template to was deleted.
S3 error: The specified bucket does not exist For more information check http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
Hi,
when we request the API gateway(URL) for second time with the same serialNumber and deviceToken it shows the "null" response, instead of null response i want to show other message like Access deny etc.. Can you elaborate how you pass the "null" in response and how it change?
Thanks
An error occurred at creation of AWS IOT Certificate Vending machine in CloudFormation operation:
Your access has been denied by S3, please make sure your request credentials have permission to GetObject for pubz/cvm-iot.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: AWSLambda; Status Code: 403; Error Code: AccessDeniedException; Request ID: 98b6421b-a700-11e8-b7f3-3ddf2523b8eb)
Please HELP asap I need this working very soon.
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.