# AWS Disaster Recovery for IoT

You can use this series of Jupyter notebooks to create optional resources or test features for an AWS IoT Disaster Recover (DR) setup. 

* `01_IoTDR_Shared` (this notebook): Set variables that are used in other notebooks of this series.
* `02_IoTDR_ACM_PCA`: Setup your own private certificate authority with [AWS Certificate Manager Private Certificate Authority](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaWelcome.html). Your own CA can be registered with AWS IoT Core. It can be used to issue your device certificates. If you are using Just-in-Time Registration you must bring your own CA.
* `03_IoTDR_Reg_PCA`: Register your private CA with AWS IoT Core.
* `04_IoTDR_Device_Certs`: Issue certificates for devices with your private CA.
* `05_IoTDR_JITR_Device`: Register a device with AWS IoT Core by using Just-in-Time Registration.

### Permissions
If you run the Jupyter notebooks on Amazon EC2 or an Amazon SageMaker notebook instance you need to add the following permissions to your instance profile.

```
{
    "Effect": "Allow",
    "Action": [
        "acm-pca:*",
        "iot:*"
    ],
    "Resource": "*"
}
```

## Library

In [None]:
from os.path import exists, join

## Shared Variables
Variables which will be used in other notebooks of this series.

Modify the variables to reflect your setup.

* `aws_region_pca` AWS region where you are going to create the private CA. It can be in the primary or secondary or in another AWS region
* `aws_region_primary` AWS IoT DR primary region
* `aws_region_secondary` AWS IoT DR secondary region

**Hint**: If you have already an ACM private CA and you want to use it in these examples set the variable `Sub_CN` to the common name of your private CA.

In [None]:
CA_subject = {"C": "DE", "O": "AWS", "OU": "IoT", "ST": "Berlin", "L": "Berlin", "CN": "IoT DR CA"}
CA_directory = 'CA_{}'.format(CA_subject['CN'])
CA_key = 'ca.key.pem'
CA_cert = 'ca.crt.pem'

PCA_directory = join(CA_directory, 'PCA')

config = {}
config['aws_region_pca'] = "eu-west-1"
config['aws_region_primary'] = "us-east-1"
config['aws_region_secondary'] = "us-west-2"
config['CA_directory'] = CA_directory
config['CA_key'] = CA_key
config['CA_cert'] = CA_cert
config['PCA_directory'] = PCA_directory
config['CA_subject'] = CA_subject
config['Sub_CN'] = 'Subordinated IoT Device CA'
%store config