## AWS IoT Thing, Certificate, and Policy Construct Library
[](https://www.npmjs.com/package/@cdklabs/cdk-aws-iot-thing-certificate-policy)
[](https://pypi.org/project/cdklabs.cdk-aws-iot-thing-certificate-policy/)
[](https://central.sonatype.com/artifact/io.github.cdklabs/cdk-aws-iot-thing-certificate-policy)
[](https://www.nuget.org/packages/Cdklabs.CdkAwsIotThingCertificatePolicy)
[](https://github.com/cdklabs/cdk-aws-iot-thing-certificate-policy-go)
[](https://github.com/cdklabs/cdk-aws-iot-thing-certificate-policy/blob/main/LICENSE)
<!--BEGIN STABILITY BANNER-->---
> The APIs of higher level constructs in this module are experimental and under active development.
> They are subject to non-backward compatible changes or removal in any future version. These are
> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be
> announced in the release notes. This means that while you may use them, you may need to update
> your source code when upgrading to a newer version of this package.
---
<!--END STABILITY BANNER-->
[](https://constructs.dev/packages/@cdklabs/cdk-aws-iot-thing-certificate-policy)
An [L3 CDK construct](https://docs.aws.amazon.com/cdk/v2/guide/constructs.html#constructs_lib) to create and associate a singular AWS IoT Thing, Certificate, and IoT Policy. The construct also retrieves and returns AWS IoT account specific details such as the AWS IoT data endpoint and the AWS IoT Credential provider endpoint.
The certificate and its private key are stored as AWS Systems Manager Parameter Store parameters that can be retrieved via the AWS Console or programmatically via construct members.
## Installing
### TypeScript/JavaScript
```shell
npm install @cdklabs/cdk-aws-iot-thing-certificate-policy
```
### Python
```shell
pip install cdklabs.cdk-aws-iot-thing-certificate-policy
```
### Java
```xml
// add this to your pom.xml
<dependency>
<groupId>io.github.cdklabs</groupId>
<artifactId>cdk-aws-iot-thing-certificate-policy</artifactId>
<version>0.0.0</version> // replace with version
</dependency>
```
### .NET
```plaintext
dotnet add package Cdklabs.CdkAwsIotThingCertificatePolicy --version X.X.X
```
## Go
```go
// Add this
import "github.com/cdklabs/cdk-aws-iot-thing-certificate-policy-go/cdklabscdkawsiotthingcertificatepolicy"
```
## Usage
```python
from cdklabs.cdk_aws_iot_thing_certificate_policy import PolicyMapping, PolicyMapping
import aws_cdk as cdk
from cdklabs.cdk_aws_iot_thing_certificate_policy import IotThingCertificatePolicy
#
# A minimum IoT Policy template using substitution variables for actual
# policy to be deployed for "region", "account", and "thingname". Allows
# the thing to publish and subscribe on any topics under "thing/*" topic
# namespace. Normal IoT Policy conventions such as "*", apply.
#
minimal_iot_policy = """{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["iot:Connect"],
"Resource": "arn:aws:iot:{{region}}:{{account}}:client/{{thingname}}"
},
{
"Effect": "Allow",
"Action": ["iot:Publish"],
"Resource": [
"arn:aws:iot:{{region}}:{{account}}:topic/{{thingname}}/*"
]
},
{
"Effect": "Allow",
"Action": ["iot:Subscribe"],
"Resource": [
"arn:aws:iot:{{region}}:{{account}}:topicfilter/{{thingname}}/*"
]
},
{
"Effect": "Allow",
"Action": ["iot:Receive"],
"Resource": [
"arn:aws:iot:{{region}}:{{account}}:topic/{{thingname}}/*"
]
}
]
}"""
app = cdk.App()
#
# Create the thing, certificate, and policy, then associate the
# certificate to both the thing and the policy and fully activate.
#
foo_thing = IotThingCertificatePolicy(app, "MyFooThing",
thing_name="foo-thing", # Name to assign to AWS IoT thing, and value for {{thingname}} in policy template
iot_policy_name="foo-iot-policy", # Name to assign to AWS IoT policy
iot_policy=minimal_iot_policy, # Policy with or without substitution parameters from above
encryption_algorithm="ECC", # Algorithm to use to private key (RSA or ECC)
policy_parameter_mapping=[PolicyMapping(
name="region",
value=cdk.Fn.ref("AWS::Region")
), PolicyMapping(
name="account",
value=cdk.Fn.ref("AWS::AccountId")
)
]
)
# The AWS IoT Thing Arn as a stack output
cdk.CfnOutput(app, "ThingArn",
value=foo_thing.thing_arn
)
# The AWS account unique endpoint for the MQTT data connection
# See API for other available public values that can be referenced
cdk.CfnOutput(app, "IotEndpoint",
value=foo_thing.data_ats_endpoint_address
)
```
Raw data
{
"_id": null,
"home_page": "https://github.com/cdklabs/cdk-aws-iot-thing-certificate-policy.git",
"name": "cdklabs.cdk-aws-iot-thing-certificate-policy",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Amazon Web Services<aws-cdk-dev@amazon.com>",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/2a/d7/82a842e8f2f55b9f9ef9612af26854d3706dd1b77dad7fc96ff30c710f32/cdklabs.cdk-aws-iot-thing-certificate-policy-0.0.5.tar.gz",
"platform": null,
"description": "## AWS IoT Thing, Certificate, and Policy Construct Library\n\n[](https://www.npmjs.com/package/@cdklabs/cdk-aws-iot-thing-certificate-policy)\n[](https://pypi.org/project/cdklabs.cdk-aws-iot-thing-certificate-policy/)\n[](https://central.sonatype.com/artifact/io.github.cdklabs/cdk-aws-iot-thing-certificate-policy)\n[](https://www.nuget.org/packages/Cdklabs.CdkAwsIotThingCertificatePolicy)\n[](https://github.com/cdklabs/cdk-aws-iot-thing-certificate-policy-go)\n[](https://github.com/cdklabs/cdk-aws-iot-thing-certificate-policy/blob/main/LICENSE)\n\n<!--BEGIN STABILITY BANNER-->---\n\n\n\n\n> The APIs of higher level constructs in this module are experimental and under active development.\n> They are subject to non-backward compatible changes or removal in any future version. These are\n> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be\n> announced in the release notes. This means that while you may use them, you may need to update\n> your source code when upgrading to a newer version of this package.\n\n---\n<!--END STABILITY BANNER-->\n\n[](https://constructs.dev/packages/@cdklabs/cdk-aws-iot-thing-certificate-policy)\n\nAn [L3 CDK construct](https://docs.aws.amazon.com/cdk/v2/guide/constructs.html#constructs_lib) to create and associate a singular AWS IoT Thing, Certificate, and IoT Policy. The construct also retrieves and returns AWS IoT account specific details such as the AWS IoT data endpoint and the AWS IoT Credential provider endpoint.\n\nThe certificate and its private key are stored as AWS Systems Manager Parameter Store parameters that can be retrieved via the AWS Console or programmatically via construct members.\n\n## Installing\n\n### TypeScript/JavaScript\n\n```shell\nnpm install @cdklabs/cdk-aws-iot-thing-certificate-policy\n```\n\n### Python\n\n```shell\npip install cdklabs.cdk-aws-iot-thing-certificate-policy\n```\n\n### Java\n\n```xml\n// add this to your pom.xml\n<dependency>\n <groupId>io.github.cdklabs</groupId>\n <artifactId>cdk-aws-iot-thing-certificate-policy</artifactId>\n <version>0.0.0</version> // replace with version\n</dependency>\n```\n\n### .NET\n\n```plaintext\ndotnet add package Cdklabs.CdkAwsIotThingCertificatePolicy --version X.X.X\n```\n\n## Go\n\n```go\n// Add this\nimport \"github.com/cdklabs/cdk-aws-iot-thing-certificate-policy-go/cdklabscdkawsiotthingcertificatepolicy\"\n```\n\n## Usage\n\n```python\nfrom cdklabs.cdk_aws_iot_thing_certificate_policy import PolicyMapping, PolicyMapping\nimport aws_cdk as cdk\nfrom cdklabs.cdk_aws_iot_thing_certificate_policy import IotThingCertificatePolicy\n#\n# A minimum IoT Policy template using substitution variables for actual\n# policy to be deployed for \"region\", \"account\", and \"thingname\". Allows\n# the thing to publish and subscribe on any topics under \"thing/*\" topic\n# namespace. Normal IoT Policy conventions such as \"*\", apply.\n#\nminimal_iot_policy = \"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\"iot:Connect\"],\n \"Resource\": \"arn:aws:iot:{{region}}:{{account}}:client/{{thingname}}\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\"iot:Publish\"],\n \"Resource\": [\n \"arn:aws:iot:{{region}}:{{account}}:topic/{{thingname}}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\"iot:Subscribe\"],\n \"Resource\": [\n \"arn:aws:iot:{{region}}:{{account}}:topicfilter/{{thingname}}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\"iot:Receive\"],\n \"Resource\": [\n \"arn:aws:iot:{{region}}:{{account}}:topic/{{thingname}}/*\"\n ]\n }\n ]\n}\"\"\"\n\napp = cdk.App()\n\n#\n# Create the thing, certificate, and policy, then associate the\n# certificate to both the thing and the policy and fully activate.\n#\nfoo_thing = IotThingCertificatePolicy(app, \"MyFooThing\",\n thing_name=\"foo-thing\", # Name to assign to AWS IoT thing, and value for {{thingname}} in policy template\n iot_policy_name=\"foo-iot-policy\", # Name to assign to AWS IoT policy\n iot_policy=minimal_iot_policy, # Policy with or without substitution parameters from above\n encryption_algorithm=\"ECC\", # Algorithm to use to private key (RSA or ECC)\n policy_parameter_mapping=[PolicyMapping(\n name=\"region\",\n value=cdk.Fn.ref(\"AWS::Region\")\n ), PolicyMapping(\n name=\"account\",\n value=cdk.Fn.ref(\"AWS::AccountId\")\n )\n ]\n)\n\n# The AWS IoT Thing Arn as a stack output\ncdk.CfnOutput(app, \"ThingArn\",\n value=foo_thing.thing_arn\n)\n# The AWS account unique endpoint for the MQTT data connection\n# See API for other available public values that can be referenced\ncdk.CfnOutput(app, \"IotEndpoint\",\n value=foo_thing.data_ats_endpoint_address\n)\n```\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Creates an AWS IoT thing, certificate, policy, and associates the three together",
"version": "0.0.5",
"project_urls": {
"Homepage": "https://github.com/cdklabs/cdk-aws-iot-thing-certificate-policy.git",
"Source": "https://github.com/cdklabs/cdk-aws-iot-thing-certificate-policy.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "9ac5a9110e2ecd4f70f15057ed586c64966046d2da7a2d980cd0ff130555b45b",
"md5": "7a2a0f201898c96bccefd99dacccbed3",
"sha256": "0e5fcee49e1d3124b3233f50387834ad4e03da9a8a63958c746d057feaefd513"
},
"downloads": -1,
"filename": "cdklabs.cdk_aws_iot_thing_certificate_policy-0.0.5-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7a2a0f201898c96bccefd99dacccbed3",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 1225525,
"upload_time": "2024-06-10T18:13:58",
"upload_time_iso_8601": "2024-06-10T18:13:58.649192Z",
"url": "https://files.pythonhosted.org/packages/9a/c5/a9110e2ecd4f70f15057ed586c64966046d2da7a2d980cd0ff130555b45b/cdklabs.cdk_aws_iot_thing_certificate_policy-0.0.5-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "2ad782a842e8f2f55b9f9ef9612af26854d3706dd1b77dad7fc96ff30c710f32",
"md5": "3cf971617d3316d3c0a4261f9b3d29ed",
"sha256": "135d73f28ed8262b8d9826943c59a2884f8611cfbae22cf3cd78b625fc747acf"
},
"downloads": -1,
"filename": "cdklabs.cdk-aws-iot-thing-certificate-policy-0.0.5.tar.gz",
"has_sig": false,
"md5_digest": "3cf971617d3316d3c0a4261f9b3d29ed",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 1226493,
"upload_time": "2024-06-10T18:14:00",
"upload_time_iso_8601": "2024-06-10T18:14:00.243812Z",
"url": "https://files.pythonhosted.org/packages/2a/d7/82a842e8f2f55b9f9ef9612af26854d3706dd1b77dad7fc96ff30c710f32/cdklabs.cdk-aws-iot-thing-certificate-policy-0.0.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-10 18:14:00",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cdklabs",
"github_project": "cdk-aws-iot-thing-certificate-policy",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cdklabs.cdk-aws-iot-thing-certificate-policy"
}
JSON
