## IMPORTANT Methods

* delete_thing()
* create_thing()
* create_policy()
* attach_policy()
* detach_policy()
* get_policy()
* create_job()
* cancel_job()
* disable_topic_rule()
* enable_topic_rule()
* register_ca_certificate()
* register_certificate()
* register_thing()
* list_ca_certificates()
* list_certificates()
* list_certificates_by_ca()
* list_jobs()
* list_policies()
* list_thing_types()
* list_things()
* list_thing_registration_task_reports()
* list_thing_registration_tasks()
* list_topic_rules()
* set_default_authorizer()
* set_default_policy_version()
* start_on_demand_audit_task()
* start_thing_registration_task()
* stop_thing_registration_task()
* test_authorization()
* test_invoke_authorizer()
* describe_endpoint()


* **attach_policy()** attaches the spcific policy to a target. a Thing or certificate with ARN
    
    response = client.attach_policy(
        policyName='string',
        target='string'
    )
* **create_keys_and_certificate()** Creates a 2048-bit RSA key pair and issues an X.509 certificate using the issued public key.
    
    response = client.create_keys_and_certificate(
    setAsActive=True|False
    )



## IoT DEVICE REQUIREMENTS
* **identifier / license**    MUST BE KNOWN ALREADY BY DEVICE
* **host / IoT endpoint**     a32h6mx1kypes3.iot.eu-central-1.amazonaws.com - MUST BE KNOWN ALREADY BY DEVICE
* **rootCA**                  x509_root.crt
* **cert**                    18ffc00ad9-certificate.pem.crt.txt
* **key**                     18ffc00ad9-private.pem.ke
* **topics**                  sdk/test/Python, sdk/test/Python2

In [20]:
import boto3
from botocore.exceptions import ClientError
import botocore.exceptions

import pprint
import json

In [21]:
session = boto3.Session(profile_name = 'agrimoduleApp')

In [22]:
iot = session.client('iot')

In [23]:
# dir(iot)

## Create TYPES of THINGS

#### AGRIMODULE, AGRISENSOR, AGRIPUMP

In [24]:
def create_thing_type(type_name, list_attributes, type_description, client):
    """Creates a thing type regardless if already exist in AWS IoT."""
    try:
        device_type = client.create_thing_type(
            thingTypeName = type_name,
            thingTypeProperties = {
                'thingTypeDescription': type_description,
                'searchableAttributes': list_attributes
            }
        )
        return device_type
    except ClientError as error:
        print(error)
        if error.response['Error']['Code'] == 'ResourceAlreadyExistsException':
            device_type = type_name
            return device_type
        else:
            raise error
    
        
# -----------------------------------------------------------------------------
# class DeviceType:
#     def __init__(self, type_name, list_attributes, type_description):
#         self.type_name = type_name
#         self.list_attributes = list_attributes
#         self.type_description = type_description
    
# agrimodule = DeviceType(
#     type_name = 'agrimodule',
#     list_attributes = ['agrimodule','agrimodule-type'],
#     type_description = 'agrimodule works as the gateway/hub for all other things (agrisensors, agripumps) communication to AWS IoT'
# )
  
# agrisensor = DeviceType(
#     type_name = 'agrisensor',
#     list_attributes = ['agrisensor','agrisensor-type'],
#     type_description = 'agrisensor works as a sensor communication to the gateway/agrimodule to send the data to the AWS IoT'
# )

# agripump = DeviceType(
#     type_name = 'agripump',
#     list_attributes = ['agripump','agripump-type'],
#     type_description = 'agripump works as an remote switch to control the irrigation system and communicates to the gateway/agrimodule to receive commands or send the data to the AWS IoT'
# )
    
agrimodule = dict(
    type_name = 'agrimodule',
    list_attributes = ['agrimodule','agrimodule-type'],
    type_description = 'agrimodule works as the gateway/hub for all other things (agrisensors, agripumps) communication to AWS IoT'
)
  
agrisensor = dict(
    type_name = 'agrisensor',
    list_attributes = ['agrisensor','agrisensor-type'],
    type_description = 'agrisensor works as a sensor communication to the gateway/agrimodule to send the data to the AWS IoT'
)

agripump = dict(
    type_name = 'agripump',
    list_attributes = ['agripump','agripump-type'],
    type_description = 'agripump works as an remote switch to control the irrigation system and communicates to the gateway/agrimodule to receive commands or send the data to the AWS IoT'
)
    
    
# CALL METHOD
print('Agrimodule')
print('----------------------------')
agrimodule = create_thing_type(**agrimodule, client = iot)
print(agrimodule)
print()

print('Agrisensor')
print('----------------------------')
agrisensor = create_thing_type(**agrisensor, client = iot)
print(agrisensor)
print()

print('Agripump')
print('----------------------------')
agripump = create_thing_type(**agripump, client = iot)
print(agripump)
print()

Agrimodule
----------------------------
{'ResponseMetadata': {'RequestId': '4a36cebc-b29f-11e8-98a3-19379f750671', 'HTTPStatusCode': 200, 'HTTPHeaders': {'content-type': 'application/json', 'content-length': '160', 'connection': 'keep-alive', 'date': 'Fri, 07 Sep 2018 13:09:44 GMT', 'x-amzn-requestid': '4a36cebc-b29f-11e8-98a3-19379f750671', 'access-control-allow-origin': '*', 'x-amz-apigw-id': 'M2fH5E8tFiAFdJw=', 'x-amzn-trace-id': 'Root=1-5b927898-7934e6394a355af1a9cf57f9', 'x-cache': 'Miss from cloudfront', 'via': '1.1 709dc82c12bfdfc2826d5d578d7721fa.cloudfront.net (CloudFront)', 'x-amz-cf-id': 'lcxgJNfTZrCEKgxy7j1vSq1pFSko_Pnr76rPdqongg8AkRzWQTn4Hg=='}, 'RetryAttempts': 0}, 'thingTypeName': 'agrimodule', 'thingTypeArn': 'arn:aws:iot:eu-central-1:532242313684:thingtype/agrimodule', 'thingTypeId': '0456bd81-1575-411a-a43c-f9bcd26e199a'}

Agrisensor
----------------------------
{'ResponseMetadata': {'RequestId': '4a43c689-b29f-11e8-97d9-d30f571a92aa', 'HTTPStatusCode': 200, 'HTTPHead

## Create THING

In [31]:
thing_agrimodule = iot.create_thing(
    thingName = 'agrimodule-gw-1',
    thingTypeName = 'agrimodule',
    attributePayload = {
        'attributes': {
            'gateway': 'agrimodule'
        },
    }
)

print(thing_agrimodule['thingName'])
thing_agrimodule

agrimodule-gw-1


{'ResponseMetadata': {'RequestId': '88566e46-b29f-11e8-85ca-7fb2af1a0086',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'content-type': 'application/json',
   'content-length': '154',
   'connection': 'keep-alive',
   'date': 'Fri, 07 Sep 2018 13:11:29 GMT',
   'x-amzn-requestid': '88566e46-b29f-11e8-85ca-7fb2af1a0086',
   'access-control-allow-origin': '*',
   'x-amz-apigw-id': 'M2fYLGrYliAFv0A=',
   'x-amzn-trace-id': 'Root=1-5b927901-ba72daf8038fbf2c5dba4fa4',
   'x-cache': 'Miss from cloudfront',
   'via': '1.1 709dc82c12bfdfc2826d5d578d7721fa.cloudfront.net (CloudFront)',
   'x-amz-cf-id': 'gzMOCEr9L3BBe6dLSW7yWYHiR-R1rKLye2tOr0_5Qi9iTuSAcL9rzw=='},
  'RetryAttempts': 0},
 'thingName': 'agrimodule-gw-1',
 'thingArn': 'arn:aws:iot:eu-central-1:532242313684:thing/agrimodule-gw-1',
 'thingId': 'ce1d2a4d-85ef-4e03-8fb5-0ce931cb3b33'}

## Create Certificates public, private key and thing certificate 

In [26]:
def create_and_get_keys_and_certificate(client):
    thing_certs = client.create_keys_and_certificate(
        setAsActive=True
    )
    return thing_certs
# get CERT ARN
# get the each cert string and put it in variable
# get the names of each cert;s file and extensiion.
thing_certs = create_and_get_keys_and_certificate(iot)

In [27]:
filenames = {
    'cert' : 'certificate.pem.crt',
    'key' : 'private.pem.key',
    'rootCA' : 'x509_root.crt',
}


cert_id = thing_certs['certificateId']
cert_public_key = thing_certs['keyPair']['PublicKey']


cert_arn = thing_certs['certificateArn']

# cert_rootCA = thing_certs['']
cert_cert = thing_certs['certificatePem']
cert_key = thing_certs['keyPair']['PrivateKey']

print('CERTIFICATES:')
print('--------------------------')
print('ARN:')
print(cert_arn)
print()

print('--------------------------')
print('rootCA:')
# print(filenames['rootCA'])
# print(cert_rootCA)
print()

print('--------------------------')
print('cert:')
print(filenames['cert'])
print(cert_cert)
print()

print('--------------------------')
print('key:')
print(filenames['key'])
print(cert_key)
print()

thing_certs

CERTIFICATES:
--------------------------
ARN:
arn:aws:iot:eu-central-1:532242313684:cert/4e6f87176923d2c8adea3629a96f34f25f2420e769cd723768a63bda9fd5b64a

--------------------------
rootCA:

--------------------------
cert:
certificate.pem.crt
-----BEGIN CERTIFICATE-----
MIIDWjCCAkKgAwIBAgIVAJrx/aFYfo2EpzmF9bODNFtyK5mXMA0GCSqGSIb3DQEB
CwUAME0xSzBJBgNVBAsMQkFtYXpvbiBXZWIgU2VydmljZXMgTz1BbWF6b24uY29t
IEluYy4gTD1TZWF0dGxlIFNUPVdhc2hpbmd0b24gQz1VUzAeFw0xODA5MDcxMzA3
NDVaFw00OTEyMzEyMzU5NTlaMB4xHDAaBgNVBAMME0FXUyBJb1QgQ2VydGlmaWNh
dGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1gOQa/5UkXu5UOWn5
qq0MsiOBjzT2DtnXzxDT2z/lh7ALuGPiPLdZxd71zN4Vr1hsVpsZop+oZhhkWRVN
KkWs47NJ/Jo/ZbLqrMM6N9ti7rVrgR76mOcMtE2YYo86LhWCM0zlWFwPX0d/QwXf
97pSfXTl7NIyAudV9Y3hwCvj0yH9Qb4HUhBQTMHo2IY5Z1nEMbL5iMC2/nvsF9Yg
LkW6O5Ej587Ca/R0jIz3czK7VMAAp5fmXPapoFK9QTOM2IaEqxt3FQg1ug5jQEKB
yIrSQs9PxewFaUHnyRcphfta+kDTfW3XB5aYzY/xpUr6XiZ8Xun1Rkhni2it/jYd
fkeJAgMBAAGjYDBeMB8GA1UdIwQYMBaAFCcnGoMLILstkkngJbr8HHu2QO4XMB0G
A1UdDgQWBBTIQ

{'ResponseMetadata': {'RequestId': '4a657f59-b29f-11e8-afb6-ed2a10841445',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'content-type': 'application/json',
   'content-length': '3681',
   'connection': 'keep-alive',
   'date': 'Fri, 07 Sep 2018 13:09:45 GMT',
   'x-amzn-requestid': '4a657f59-b29f-11e8-afb6-ed2a10841445',
   'access-control-allow-origin': '*',
   'x-amz-apigw-id': 'M2fH8EprliAFiKg=',
   'x-amzn-trace-id': 'Root=1-5b927899-b2d2f59638b6cbae50f68f9e',
   'x-cache': 'Miss from cloudfront',
   'via': '1.1 709dc82c12bfdfc2826d5d578d7721fa.cloudfront.net (CloudFront)',
   'x-amz-cf-id': 'IJZWZ4nABCWX7UVxLPmCLhRerltQ8NGXMK_RPhgw9wxs3M9kTr5F_Q=='},
  'RetryAttempts': 0},
 'certificateArn': 'arn:aws:iot:eu-central-1:532242313684:cert/4e6f87176923d2c8adea3629a96f34f25f2420e769cd723768a63bda9fd5b64a',
 'certificateId': '4e6f87176923d2c8adea3629a96f34f25f2420e769cd723768a63bda9fd5b64a',
 'certificatePem': '-----BEGIN CERTIFICATE-----\nMIIDWjCCAkKgAwIBAgIVAJrx/aFYfo2EpzmF9bODNFtyK5mXMA

## Create RootCA Certificate

In [28]:
rootCA_string= '''-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEA9H9u0Xd177cp31HVXYw5BvEWoYiXJwRrqc2Bntpsf43MDYAh
g8hc9tFVViqIiXqV4PvHa+7g82+LkPFHZVa93xPFVpneCdHG8sxZh46B3Il79S4l
p3LTGDahiNxLAWhf8aPiwoPVM/Fc4vygUE0xsyAtzZOGPXjzhoB4kNEA9ZnnpRXa
u9SQkVPZH1CnIDXXADImtGmXkYU/IX17dU7wjQl7qvciU3lJlQuNCUr+Et1ad4gd
cooLicZ5KU9sRhHPremvFVJ7pMsIhQ+Pkt4B1Rp/uNz53iozlDyver/gvipuYoCo
bIqxUl9mBCAAZrJKGUpRjMkKLrWYJ4GvzGoxHwIDAQABAoIBAQDo+y2saLt3TACY
jzBUTjRhSwcXskLmqS22xt+HcfgFrCcPjlNhcmIzx9Ibo7gr2SZNF182mJC/KEHE
QkaYaInRstNO7JxKmx2La/K8W62fa1s1jV3QLHi/D//pnJHUq5MRfeutE1bsgkjS
+4wAOS7s0/MRfExk84aLWoyI4sCZRsxKBDxJ84LPxQyWO33Q6ls+d8Foto7ip9q9
3s5FRmp0fJRSCJpIvz/DnKaVCj9zwp8Rmg8OKkJKzgmQxOyAAFw48RWy56KwI6RQ
U2t4yry4ZpOJ86IADA4bSxi76+F8In+g8tsv4Pd4h+9WVG0ifMR5HvXT5R4dmpnU
FBq9rTBRAoGBAPpVdZZb8xYBOmp92weL6i1SoSLhqmToXi2POIXQdQ7keVSxOMoN
+ziQZI/kqmhy7khNRtvcMsbPXTnXtYb/HUvJrysMLSXdZ/hA3TsMBT7qgvL2zaiC
1pmRWnO3Htw0xkgEPvkEKoTWiVhxdO9jy1jtJHSUBjUIeHb8mwPGGGQDAoGBAPoI
KDTFm/wR/Vvb4+kA/+ID3lxTIu1DX2dFo6kX+wu2no/fpMv6+kffBwSMMj8KK6WO
zjxli77drhKd7X/TDHALsOquhY4WZSb+MLD5CyjxWbmJUi1f5JetZo7eaUDpKrY0
upjTbHMdyvxKDffFvcPVuq31Ko1zNDQi4hXrDSm1AoGBAIXLNRyWqlZhc6pE99KR
uihdGFg/SkXCV8t715bVcirye9KDIboEPPffXI/3hAhtHOOxwaRyjQTrAYWPv6qW
IT9HXQLh8CNjsVTivhr38rnMtw5KUGK3AyFyqWhdP/Yrkqoc8tc+ncb/rsqBYSEt
MhqmLCzOjH69tzzJB8S9lH2nAoGBAIJ5NTnskKxmWtbPlUvmqKCxshxticFUMfm7
Hl9D005WesHLS7zh+C7/FDNsUWASF5qqPbbIqrbsCUVPwjq80DW79BNTBQCTcS96
37/KBefUoiSuowJokuoPo4AUUcp8ojw4odLUKTidKGqk3ksYliEWa/cRA6aSooA+
X8peQR0tAoGBANfGYr0bnKZnp6+yIJ+X3liMRuMH1FMOoLTJWZGj+ugEJBv2XXF1
/LQMoSk1+0W2jAQ5ah6UmZpKjLQdEy9g03fZAUQlnVbKnk0j6SC1GQOumpRrb+5e
OBPQ4yu0VFBtwLWuIQIquq8V0U4yMpYBiNmuOR5z6jT4qvVo+/Y5QIC7
-----END RSA PRIVATE KEY-----'''


In [29]:
rootCA = iot.register_ca_certificate(
    caCertificate = rootCA_string,
    verificationCertificate='string',
)
rootCA

InvalidRequestException: An error occurred (InvalidRequestException) when calling the RegisterCACertificate operation: Contents of the CA Certificate certificate are not correct

In [None]:
cert_id = ''

describe_ca_certificate = client.describe_ca_certificate(certificateId = cert_id)
describe_ca_certificate

## List RootCA Certificates

In [None]:
list_ca_certs = iot.list_ca_certificates(ascendingOrder=True)
list_ca_certs

In [None]:
# list_ca_certs = iot.list_ca_certificates(ascendingOrder=True)
# list_ca_certs

list_certs = iot.list_certificates(ascendingOrder=True)
list_certs

## Create Policy

In [None]:
policy_document_one = {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Receive"
      ],
      "Resource": [
        "arn:aws:iot:eu-central-1:532242313684:topic/sdk/test/java",
        "arn:aws:iot:eu-central-1:532242313684:topic/sdk/test/Python",
        "arn:aws:iot:eu-central-1:532242313684:topic/topic_1",
        "arn:aws:iot:eu-central-1:532242313684:topic/topic_2"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Subscribe"
      ],
      "Resource": [
        "arn:aws:iot:eu-central-1:532242313684:topicfilter/sdk/test/java",
        "arn:aws:iot:eu-central-1:532242313684:topicfilter/sdk/test/Python",
        "arn:aws:iot:eu-central-1:532242313684:topicfilter/topic_1",
        "arn:aws:iot:eu-central-1:532242313684:topicfilter/topic_2"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Connect"
      ],
      "Resource": [
        "arn:aws:iot:eu-central-1:532242313684:client/sdk-java",
        "arn:aws:iot:eu-central-1:532242313684:client/basicPubSub",
        "arn:aws:iot:eu-central-1:532242313684:client/sdk-nodejs-*"
      ]
    }
  ]
}

policy_document_two = {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:*",
      "Resource": "*"
    }
  ]
}

In [None]:
def create_or_get_policy(policy_name, policy_document, client):
    """Creates a policy or gets the current policy if it has already been create."""
    try:
        thing_policy = client.create_policy(
            policyName = policy_name,
            policyDocument = json.dumps(policy_document)
        )
        return thing_policy
    except ClientError as error:
        print(error)
        if error.response['Error']['Code'] == 'ResourceAlreadyExistsException':
            thing_policy = client.get_policy(policyName = policy_name)
            return thing_policy
        else:
            raise error

        
# VARIABLES        
policy_name = 'agrimodule-policy'

# METHOD CALL
create_or_get_policy(policy_name, policy_document_two, iot)

## Attach POLICY to CERTIFICATE

In [34]:
attach_policy = iot.attach_policy(
  policyName = 'agrimodule-policy',
  target = cert_arn
)
attach_policy

{'ResponseMetadata': {'RequestId': '97c23a42-b2a0-11e8-8f2a-677c8761ef45',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'content-type': 'application/json',
   'content-length': '0',
   'connection': 'keep-alive',
   'date': 'Fri, 07 Sep 2018 13:19:04 GMT',
   'x-amzn-requestid': '97c23a42-b2a0-11e8-8f2a-677c8761ef45',
   'access-control-allow-origin': '*',
   'x-amz-apigw-id': 'M2gfVHwrFiAFQYg=',
   'x-amzn-trace-id': 'Root=1-5b927ac8-0fc8244e23888b4208df94db',
   'x-cache': 'Miss from cloudfront',
   'via': '1.1 fc8079312db6046d812ded83f2668ac6.cloudfront.net (CloudFront)',
   'x-amz-cf-id': 'sbn6apxToRQM4QZW9pTeQ1LYxweG3k5o-1obvE2uQExNqnlY-pPySg=='},
  'RetryAttempts': 0}}

## Attach THING to CERTIFICATE

In [35]:
attach_thing_to_cert = iot.attach_thing_principal(
    thingName = thing_agrimodule['thingName'], # comes from create thing
    principal = cert_arn # comes from createkeysand cert
)
attach_thing_to_cert

{'ResponseMetadata': {'RequestId': '9f3bae2d-b2a0-11e8-a05a-65b607584753',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'content-type': 'application/json',
   'content-length': '3',
   'connection': 'keep-alive',
   'date': 'Fri, 07 Sep 2018 13:19:17 GMT',
   'x-amzn-requestid': '9f3bae2d-b2a0-11e8-a05a-65b607584753',
   'access-control-allow-origin': '*',
   'x-amz-apigw-id': 'M2ghSH_MFiAFQyQ=',
   'x-amzn-trace-id': 'Root=1-5b927ad5-1ce99ae07fb9eb3cbb09533e',
   'x-cache': 'Miss from cloudfront',
   'via': '1.1 fc8079312db6046d812ded83f2668ac6.cloudfront.net (CloudFront)',
   'x-amz-cf-id': '9mSUhA3qudIPErLjCvg1Cbygj44J4OsgFzVzYQvtZEO-44aB0zPvUQ=='},
  'RetryAttempts': 0}}

## Describe CERTIFICATE

In [None]:
cert_description = iot.describe_certificate(
    certificateId='18ffc00ad953ae875dbca977b86f7c3f6ecad337f639b028db64a49468ea90a3'
)
cert_description

## Describe THING

In [None]:
thing_description = iot.describe_thing(
    thingName='RASP'
)
thing_description

In [None]:
attach_policy_to_thing = iot.attach_policy(

  policyName = 'agrimodule-policy',
  target = 'arn:aws:iot:eu-central-1:532242313684:cert/05328647162dbaae4bbfae8d7b7ebde7c279eb93936bc255b2a36beb81e953d4'
)

## Get Thing Shadow

HTTP GET https://endpoint/things/thingName/shadow

## Update Thing Shadow

https://docs.aws.amazon.com/iot/latest/developerguide/API_UpdateThingShadow.html

HTTP POST https://endpoint/things/thingName/shadow
BODY: request state document