This is a lambda function which creates the relevant certificates and policies needed for AWS IoT and sets them as per device environment variables on the balena device which invoked the Lambda function. The device can then use the set environment variables to authenticate requests to the AWS IoT API.
AWS IoT is amazingly powerful and secure way to process data produced by physical devices. But owning to this security there are some complexities when setting up a new AWS IoT client or device. This is because the AWS IoT Device SDK uses per device certificates to authenticate request between the device and AWS. This is great and fairly simple to set up once off, but using more than one device with AWS IoT you'll want to do this certificate provisioning a more automated way.
Running and Testing:
Clone this repo
$ git clone https://github.com/balena-projects/balena-aws-lambda
I use node-lambda to handle testing and deployment.
Install it first install
npm install -g node-lambda
Fill in your details in
env.json you'll need the following vars:
.env are injected when running locally allowing you to easy test the function with out deploying.
You'll also need to simulate event data for test. There is some dummy data in
event.json, if you like you can replace the
uuid with a real balena devices UUID.
Once those two files are ready, run:
You should get a lovely success message. And you should have a AWS thing with an attached policy and certificate in the AWS IoT console. You'll also have balena environment variables set on each the device you specified in
Now we are ready to deploy to AWS. Ensure you have Added your balena credentials to
deploy.env first then run:
node-lambda deploy -f deploy.env
Then login to AWS console and visit the lambda console, you should see a fresh new lambda function. Next add a
API Gateway trigger. Make sure it is a
open (though you could add this later).
Now we have an public endpoint for the devices to request to be provisioned.
NOTE: During testing you may want to flush, both balena environment variables and AWS IoT things, policies and certificates so I've created a couple scripts to do that.