Skip to content
Associate balena devices with AWS IoT when they ping a lambda endpoint
Branch: master
Clone or download
Latest commit 6c2d890 Oct 15, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs Rename process Oct 15, 2018
resin-aws base64 encode Aug 22, 2016
resin-integrator base64 encode Aug 22, 2016
.env init Aug 11, 2016
.gitignore base64 encode Aug 22, 2016 URL correction Oct 15, 2018
context.json init Aug 11, 2016
deploy.env init Aug 11, 2016
event.json base64 encode Aug 22, 2016
index.js init Aug 11, 2016
package.json update deps Nov 23, 2016
policy.json init Aug 11, 2016


This is a lambda function which creates the relevant certificates and policies needed for AWS IoT and sets them as per device environment variables on the balena device which invoked the Lambda function. The device can then use the set environment variables to authenticate requests to the AWS IoT API.

Use Case

AWS IoT is amazingly powerful and secure way to process data produced by physical devices. But owning to this security there are some complexities when setting up a new AWS IoT client or device. This is because the AWS IoT Device SDK uses per device certificates to authenticate request between the device and AWS. This is great and fairly simple to set up once off, but using more than one device with AWS IoT you'll want to do this certificate provisioning a more automated way.

Running and Testing:

Clone this repo

$ git clone

I use node-lambda to handle testing and deployment.

Install it first install node-lambda:

npm install -g node-lambda

Fill in your details in env.json you'll need the following vars:


Variables from .env are injected when running locally allowing you to easy test the function with out deploying.

You'll also need to simulate event data for test. There is some dummy data in event.json, if you like you can replace the uuid with a real balena devices UUID.

Once those two files are ready, run:

node-lambda run

You should get a lovely success message. And you should have a AWS thing with an attached policy and certificate in the AWS IoT console. You'll also have balena environment variables set on each the device you specified in event.json.

Now we are ready to deploy to AWS. Ensure you have Added your balena credentials to deploy.env first then run:

node-lambda deploy -f deploy.env


Then login to AWS console and visit the lambda console, you should see a fresh new lambda function. Next add a API Gateway trigger. Make sure it is a POST Method and Security is open (though you could add this later).



Now we have an public endpoint for the devices to request to be provisioned.

All that's left to do deploy the device portion to the devices. And your balena app has the right environment variables configured

NOTE: During testing you may want to flush, both balena environment variables and AWS IoT things, policies and certificates so I've created a couple scripts to do that.

You can’t perform that action at this time.