awslabs / aws-iot-certificate-vending-machine Goto Github PK

Hello,

Can anyone update the stack?

I tried to run the stack, it get error because lambda is nodejs 6.x, can anyone update the stack to meet the new version 10.x?

Thanks

In index.js, you said should write the certificate ID/Arn to indicate that the device has applied for a certificate. And the user can not apply again.
I do not understand this code, how to ensure one sn has one cert. Is it:

1. DDB do not allow set certinfo the same value?

Looking forward to your reply.

I need the template.yaml to creat the CVM, and the accessToken and serialNumber can create multiple certificates ,but just return once. So,need I do extra something to avoid it?

the second creatition log is:
2018-04-18T11:13:25.351Z 81e505c0-42f9-11e8-8dcd-5360239d60ce { certificateArn: 'arn:aws:iot:us-east-1:506128028316:cert/5596bd96e0c1219b61f2a03742add29415513eb6c08d6d4788f69bd85e12809c',
certificateId: '5596bd96e0c1219b61f2a03742add29415513eb6c08d6d4788f69bd85e12809c',
certificatePem: '-----BEGIN CERTIFICATE-----\nMIIDWTCCAkGgAwIBAgIUE2bS8YcsygTpkMq6Rtr/feBXuRgwDQYJKoZIhvcNAQEL\nBQAwTTFLMEkGA1UECwxCQW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20g\nSW5jLiBMPVNlYXR0bGUgU1Q9V2FzaGluZ3RvbiBDPVVTMB4XDTE4MDQxODExMTEy\nNVoXDTQ5MTIzMTIzNTk1OVowHjEcMBoGA1UEAwwTQVdTIElvVCBDZXJ0aWZpY2F0\nZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtgSKmSQADPNUaushpm\nLkmsZMxchFQCey412TFObBV11c5qar3R/svKe3os54hKj26c0ZgOTXRc0iyamTQF\nTZi4CDgkTQCMFW3Tgxh9M6Vrod81HlwbY0M7OhizP8iQIrieZyZdVTZhCUlM4Vpg\n/JAnXn7an2u8Yn6Pz6BBjssLoUu2J5F7DcTLvYuz9GnaAJkjju7bAghfTeV+8zkR\nXK5AwaF/DCj5UslGRjcHg/2G2oF7756iYFTHrIwl/7Aro0bMFqC1COWq3draqc1O\n/nYBTZM5l9n0wLTuMWPKHBWXvU3zGhvh2T7dhuEusxTwVVrFWNCO8Dd9VE7yV6Ol\nUU8CAwEAAaNgMF4wHwYDVR0jBBgwFoAUn6U7r6r9aZ/Y5cFEb7OoXT9Z86gwHQYD\nVR0OBBYEFFgSG7bOFp76sc0+sWmj/F+2K5BLMAwGA1UdEwEB/wQCMAAwDgYDVR0P\nAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQC7Qi1U1bWeoV0aueQ38U0y5wT+\nLDE+drrbHTrfFnk7hLqXs1MWRqjjbwiNCXAKAzrIgDg3LAEIhbU3NhEe0wweYQj0\nNqEJfPNAZhEOOu0tlRKWTX7f54tIu83m5fwsvnYJv5h3dVmJqMyfzzBjbSJBP5Ar\nrvf8J93mlEnJjfv+vcX0WSAkH4MOoGs70a/DnDSzvG1GR2NlOq6f9JYnL09Qp9nB\nZMW7pEkmL6BzFHSpQL/n50KuJwvYSX49tEN1Z0dbjS8lLhTcSfvf7ZLAi/P4FqfL\nF4eMEVY2xrEzLxx73iknPvXzqQs4Hqvp3LgGYUjg7UEGJUfDIKzZWG8746vC\n-----END CERTIFICATE-----\n',
keyPair:
{ PublicKey: '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2BIqZJAAM81Rq6yGmYu\nSaxkzFyEVAJ7LjXZMU5sFXXVzmpqvdH+y8p7eizniEqPbpzRmA5NdFzSLJqZNAVN\nmLgIOCRNAIwVbdODGH0zpWuh3zUeXBtjQzs6GLM/yJAiuJ5nJl1VNmEJSUzhWmD8\nkCdeftqfa7xifo/PoEGOywuhS7YnkXsNxMu9i7P0adoAmSOO7tsCCF9N5X7zORFc\nrkDBoX8MKPlSyUZGNweD/YbagXvvnqJgVMesjCX/sCujRswWoLUI5ard2tqpzU7+\ndgFNkzmX2fTAtO4xY8ocFZe9TfMaG+HZPt2G4S6zFPBVWsVY0I7wN31UTvJXo6VR\nTwIDAQAB\n-----END PUBLIC KEY-----\n',
PrivateKey: '-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAu2BIqZJAAM81Rq6yGmYuSaxkzFyEVAJ7LjXZMU5sFXXVzmpq\nvdH+y8p7eizniEqPbpzRmA5NdFzSLJqZNAVNmLgIOCRNAIwVbdODGH0zpWuh3zUe\nXBtjQzs6GLM/yJAiuJ5nJl1VNmEJSUzhWmD8kCdeftqfa7xifo/PoEGOywuhS7Yn\nkXsNxMu9i7P0adoAmSOO7tsCCF9N5X7zORFcrkDBoX8MKPlSyUZGNweD/YbagXvv\nnqJgVMesjCX/sCujRswWoLUI5ard2tqpzU7+dgFNkzmX2fTAtO4xY8ocFZe9TfMa\nG+HZPt2G4S6zFPBVWsVY0I7wN31UTvJXo6VRTwIDAQABAoIBACDJAQ3CjDZYCx9Z\n88nQtSqo4l4rle/JG1qDi4QoD5tVqdpbHmAmPSnVPPOspbpgKWaWQ8oSPpUspI2v\nYz0J7IDbOnzwRRTibeFwj9CaH45DHeibN7uwAxdBZrHpszBZn+mjtbKtw/om0mQj\n8o5IyAhFCzCw+hH0vVsduJt2vRBjpMnm8hfVBvutz4xPAAeu4C6hSwyqBDq/5Ioh\nuFHNyWpU4AD5/ITjB+AQfgOGN1dDIjIWkloSnp7+IPeZGD6Sk7iBcSc47zWfh4t7\n4V4HB88x9HgSe+ty6tVB+7cDwe3IhnlIVPUgXsOByMN0OMi6Iyk4eaN6pAKWDo5K\nX921eiECgYEA58vOKLAIWyQSAkKIdBKByrtPJw18LD+CcgG3Od4axReNqL92LkOy\nXZZuMv7NOd5VlRFZCahbzzKuGTu6ztqNgUcybo8K0pStJiBovyVmapWNf7jDQVr0\nwi6/DuLnw/d0Rji3Q5KM9J81gxnu9M1EBvzj2qqOjZ/Ga8Nu7Dg51x8CgYEAzvET\nxmGXKJO29U4/bhBrnSFf1QckjAzzd7edm/ES33jpYkpnZtylwTlazuH1gmomJKj7\nFUbHrcjlIpROtSloO98GRmHxgiRHsuIsgwDXl44q/NjEQIeks4fiid4xG5rnBp09\n14flP59xclN448l408t7Z2w1Cem2ZEjJIwpSL9ECgYB+PAzjNbLnR8aS+n7rj6Sl\nrsqVfw+P3WqCAhMx7ZZwnbolG1gWLAH4W9NZ7FAB4uaCzzbJPqn5NiWAUnoS6w1D\nSW3argX71sJRUDcbWhfjldzAoPOdJRbEpcahKcuEesAU+hA8OZSQKCBxbG8pXJxe\nndzNGjOWR1w9FerTtG8ziwKBgAROmC7E0TSS/nfUjRVpWhQHIct5PpV7n4WaWLlq\nJw5nodPd4JEPfpOq8ezkXwu70ddpfPBQbM99Iue5VnoGxpiYZ7UHTNN8ldFvS6Xe\nWp5Y4yQoDs2ZBSCHb3uXGEaOzsggda0KswbD9sR+YEG9a7pcvdDFO8VdC+LCcQ09\npcBBAoGBAIAK75kv2qOZhTbkk/T4UuohQuwG0iqCPReG2/inH5gsfeRmblSrq50W\nqC1xhMbQosBR7t9OGkCF1yypW8qW3a8wh2JoOXV1tbjc6lC9DTsuVL/VXi3s1IbG\nJkWq4RTi9oTCwudLYUZyQuB6+2HCDP7SkWeCdEiH6vnbqEnufCSt\n-----END RSA PRIVATE KEY-----\n' } }
2018-04-18T11:13:25.531Z 81e505c0-42f9-11e8-8dcd-5360239d60ce { ResourceAlreadyExistsException: Policy cannot be created - name already exists (name=value1)
at Object.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:48:27)
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/rest_json.js:52:8)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)
message: 'Policy cannot be created - name already exists (name=value1)',
code: 'ResourceAlreadyExistsException',
time: 2018-04-18T11:13:25.528Z,
requestId: '8370610f-42f9-11e8-a62d-6119292db4d5',
statusCode: 409,
retryable: false,
retryDelay: 28.728075605593983 } 'ResourceAlreadyExistsException: Policy cannot be created - name already exists (name=value1)\n at Object.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:48:27)\n at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/rest_json.js:52:8)\n at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)\n at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)\n at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)\n at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10\n at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)\n at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)'

In config.js line 11;

// In actual production, the policy document should be generated dynamically.

Isn't it a waste that generating a policy for every single thing? Assume that thousands of devices for an IoT solution. I think it should be only a single policy which allows publish and subscribe to topics by their certificate ID's. An example from AWS IoT docs is like this:

{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Action":["iot:Publish"],
        "Resource": ["arn:aws:iot:us-east-1:123456789012:topic/${iot:CertificateId}"]
    },
    {
        "Effect": "Allow",
        "Action": ["iot:Connect"],
        "Resource": ["*"]
    }]
}

What do you think about this, what are your recommendations about that?

The "Launch Stack" button on the README is broken; the bucket you deployed the processed template to was deleted.

S3 error: The specified bucket does not exist For more information check http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html

Hi,
when we request the API gateway(URL) for second time with the same serialNumber and deviceToken it shows the "null" response, instead of null response i want to show other message like Access deny etc.. Can you elaborate how you pass the "null" in response and how it change?
Thanks

An error occurred at creation of AWS IOT Certificate Vending machine in CloudFormation operation:
Your access has been denied by S3, please make sure your request credentials have permission to GetObject for pubz/cvm-iot.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: AWSLambda; Status Code: 403; Error Code: AccessDeniedException; Request ID: 98b6421b-a700-11e8-b7f3-3ddf2523b8eb)
Please HELP asap I need this working very soon.

Thanks