-
Notifications
You must be signed in to change notification settings - Fork 1
/
deploy.sh
executable file
·72 lines (62 loc) · 2.21 KB
/
deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/bash
STACK_NAME="greengrass-cdk"
THING_NAME="lila"
AWS_REGION="us-east-1"
AWS_ACCOUNT_ID=$(aws sts get-caller-identity | jq -r '.Account')
cdk deploy --context=device_name=${THING_NAME}
certificateId=$(aws cloudformation describe-stacks \
--stack-name ${STACK_NAME} \
--query 'Stacks[0].Outputs[?OutputKey==`certificateId`].OutputValue' \
--region ${AWS_REGION} \
--output text)
certificatePem=$(aws cloudformation describe-stacks \
--stack-name ${STACK_NAME} \
--query 'Stacks[0].Outputs[?OutputKey==`certificatePem`].OutputValue' \
--region ${AWS_REGION} \
--output text)
certificatePrivateKey=$(aws cloudformation describe-stacks \
--stack-name ${STACK_NAME} \
--query 'Stacks[0].Outputs[?OutputKey==`privateKey`].OutputValue' \
--region ${AWS_REGION} \
--output text)
iotEndpoint=$(aws cloudformation describe-stacks \
--stack-name ${STACK_NAME} \
--query 'Stacks[0].Outputs[?OutputKey==`iotEndpoint`].OutputValue' \
--region ${AWS_REGION} \
--output text)
mkdir certs
mkdir config
echo -n "${certificatePem}" > certs/${certificateId}.pem
echo -n "${certificatePrivateKey}" > certs/${certificateId}.key
wget -O certs/root.ca.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem
cat <<EOT > config/config.json
{
"coreThing" : {
"caPath" : "root.ca.pem",
"certPath" : "${certificateId}.pem",
"keyPath" : "${certificateId}.key",
"thingArn" : "arn:aws:iot:${AWS_REGION}:${AWS_ACCOUNT_ID}:thing/${THING_NAME}",
"iotHost" : "${iotEndpoint}",
"ggHost" : "greengrass-ats.iot.${AWS_REGION}.amazonaws.com"
},
"runtime" : {
"cgroup" : {
"useSystemd" : "yes"
}
},
"managedRespawn" : false,
"crypto" : {
"principals" : {
"SecretsManager" : {
"privateKeyPath" : "file:///greengrass/certs/${certificateId}.key"
},
"IoTCertificate" : {
"privateKeyPath" : "file:///greengrass/certs/${certificateId}.key",
"certificatePath" : "file:///greengrass/certs/${certificateId}.pem"
}
},
"caPath" : "file:///greengrass/certs/root.ca.pem"
}
}
EOT
tar -czvf ${THING_NAME}-setup.tar.gz certs/ config/