AWS IoT prerequisites AWS IoT Things AWS IoT certificates AWS IoT policies

Working with AWS IoT in AWS Cloud9 IDE

With AWS IoT in AWS Cloud9 IDE, you can interact with the AWS IoT service while minimizing interruptions to your work flow in AWS Cloud9. This guide covers how you can get started using the AWS IoT service features that are available in the AWS Cloud9 IDE. For more information, see What is AWS IoT? in the AWS IoT Developer Guide.

AWS IoT prerequisites

To get started using AWS IoT in AWS Cloud9 IDE, make sure your AWS account and AWS Cloud9 setup meet all the requirements. For information about the AWS account requirements and AWS user permissions specific to the AWS IoT service, see the Getting Started with AWS IoT Core in the AWS IoT Developer Guide.

AWS IoT Things

AWS IoT connects devices to AWS services and AWS resources. You can connect your devices to AWS IoT by using objects called things. A thing is a representation of a specific device or logical entity. It can be a physical device or sensor (for example, a light bulb or a switch on a wall). For more information about AWS IoT things, see Managing devices with AWS IoT in the AWS IoT Developer Guide.

Managing AWS IoT things

The AWS Cloud9 IDE has several features that make your thing management efficient. To manage your AWS IoT things, follow these steps:

Create a thing
Attach a certificate to a thing
Detach a certificate from a thing
Delete a thing

To create a thing

From the AWS Explorer, expand the IoT service section.
Open the context (right-click) menu for the thing and choose Create Thing.
Enter a name for the thing in the Thing Name field and follow the prompt.
When this step is complete, a thing icon followed by the name that you specified is visible in the Thing section.

To attach a certificate to a thing

From the AWS Explorer, expand the IoT service section.
Under the Things subsection, locate the thing where you're attaching the certificate.
Open the context (right-click) menu for the thing and choose Attach Certificate from the context-menu, to open an input selector with a list of your certificates.
From the list, choose the certificate ID that corresponds to the certificate that you want to attach to your thing.
After this step is complete, your certificate is accessible in the AWS Explorer as an item of the thing that you attached it to.

To detach a certificate from a thing

From the AWS Explorer, expand the IoT service section.
In the Things subsection, locate the thing that you want to detach a certificate from.
Open the context (right-click) menu for the thing and choose Attach Certificate.
After this step is complete, the detached certificate is no longer displayed under the thing in the AWS Explorer. However, it's still accessible from the Certificates subsection.

To delete a thing

From the AWS Explorer, expand the IoT service section.
In the Things subsection, locate the thing that you want to delete.
Open the context (right-click) menu for the thing and choose Delete Thing.
After this step is completed, the deleted thing is no longer available from the Things subsection.

Note
You can only delete a thing that doesn't have a certificate attached to it.

AWS IoT certificates

Certificates are a common way to create a secure connection between your AWS IoT services and devices. X.509 certificates are digital certificates that use the X.509 public key infrastructure standard to associate a public key with an identity contained in a certificate. For more information about AWS IoT certificates, see Authentication (IoT) in the AWS IoT Developer Guide.

Managing certificates

The AWS toolkit offers a variety of ways for you to manage your AWS IoT certificates directly from the AWS Explorer. They're outlined in the following steps:

Create a certificate
Change a certificate status
Attach a policy to a certificate
Delete a certificate

To create an AWS IoT certificate

An X.509 certificate is used to connect with your instance of AWS IoT.

From the AWS Explorer, expand the IoT service section, and open (right-click) Certificates.
To open a dialog box, choose Create Certificate from the context-menu.
To save your RSA key pair and X.509 certificate, select a directory in your local file system.
Note
- The default file names contain the certificate ID as a prefix.
- Only the X.509 certificate is stored with your AWS account, through the AWS IoT service.
- Your RSA key pair can only be issued once, save them to a secure location in your file system when you're prompted.
- If the certificate or the key pair can't be saved to your file system, then the AWS Toolkit deletes the certificate from your AWS account.

To modify a certificate status

The status of an individual certificate is displayed next to the certificate ID in the AWS Explorer and can be set to active, inactive, or revoked.

Note

Your certificate needs an active status before you can use it to connect your device to your AWS IoT service.
An inactive certificate can be activated, whether it was deactivated previously or is inactive by default.
A certificate that has been revoked can't be reactivated.

From the AWS Explorer, expand the IoT service section.
In the Certificates subsection, locate the certificate that you want to modify.
Open the context (right-click) menu for the certificate that displays the status change options available for that certificate.

If a certificate has the status inactive, choose activate to change the status to active.
If a certificate has the status active, choose deactivate to change the status to inactive.
If a certificate has either an active or inactive status, choose revoke to change the status to revoked.

Note

Each of these status-changing actions is available if you select a certificate that is attached to a thing while displayed in the Things subsection.

To attach an IoT policy to a certificate

From the AWS Explorer, expand the IoT service section.
In the Certificates subsection, locate the certificate that you want to modify.
Open the context (right-click) menu for the certificate and choose Attach Policy to open an input selector with a list of your available policies.
Choose the policy that you want to attach to the certificate.
When this step is completed, the policy that you selected is added to the certificate as a sub-menu item.

To detach an IoT policy from a certificate

From the AWS Explorer, expand the IoT service section.
In the Certificates subsection, locate the certificate that you want to modify.
Expand the certificate and locate the policy that you want to detach.
Open the context (right-click) menu for the policy and choose Detach from the context menu.
When this step is completed, the policy is no longer accessible from your certificate, it's available from the Policy subsection.

To delete a certificate

From the AWS Explorer, expand the IoT service heading.
In the Certificates subsection, locate the certificate that you want to delete.
Open the context (right-click) menu for the certificate and choose Delete Certificate from the context menu.

Note
You can't delete a certificate if it's attached to a thing or has an active status. You can delete a certificate that has attached policies.

AWS IoT policies

AWS IoT Core policies are defined through JSON documents. Each contains at least one policy statement. Policies define how AWS IoT, AWS, and your device can interact with each other. For more information about how to create a policy document, see IoT Polices in the AWS IoT Developer Guide.

Note

Named policies are versioned so that you can roll them back. In the AWS Explorer, your IoT polices are listed under the Policies subsection in the AWS IoT service. You can view policy versions by expanding a policy. The default version is denoted by an asterisk (*).

Managing policies

The AWS Cloud9 IDE offers several ways for you to manage your AWS IoT service policies. These are ways that you can manage or modify your policies directly from the AWS Explorer in VS Code:

Create a policy
Upload a new policy version
Edit a policy version
Change the policy version defualt
Change the policy version defualt

To create an AWS IoT policy

Note

You can create a new policy from the AWS Explorer. However, the JSON document that defines the policy must already exist in your file system.

From the AWS Explorer, expand the IoT service section.
Open the context (right-click) menu for the Policies subsection and to open the Policy Name input field choose Create Policy from Document.
Enter a name and follow the prompts to open a dialog asking you to select a JSON document from your file system.
Choose the JSON file that contains your policy definitions, the policy is available in the AWS explorer after this is complete.

To upload a new AWS IoT policy version

You can create a new version of a policy by uploading a JSON document to the policy.

Note

The new JSON document must be present on your file system to create a new version using the AWS Explorer.

From the AWS Explorer, expand the IoT service section.
Expand the Policies subsection to view your AWS IoT policies.
Open the context (right-click) menu for the policy that you want to update and choose Create new version from Document.
When the dialog opens, choose the JSON file that contains the updates to your policy definitions.

The new version is accessible from your policy in the AWS Explorer.

To edit an AWS IoT policy version

You can open and edit a policy document using AWS Cloud9. When you finished editing the document, save it to your file system. Then, upload it to your AWS IoT service from the AWS Explorer.

From the AWS Explorer, expand the IoT service section.
Expand the Policies subsection and locate the policy you want to update.
To open the Policy Name, choose Create Policy from Document.
Expand the policy that you want to update and then open the context (right-click) menu for the policy version that you want to edit.
To open the policy version in AWS Cloud9, choose View from the context-menu to open the policy version.
When the policy document is opened, edit and save the changes.

Note
At this point, the changes that you made to the policy are only saved to your local file system. To update the version and track it with the AWS Explorer, repeat the steps in Upload a new policy version.

To select a new policy version default

From the AWS Explorer, expand the IoT service section.
Expand the Policies subsection and locate the policy that you want to update.
Expand the policy that you want to update, and then open the context (right-click) menu for the policy version that you want to set and choose Set as Default.

When this is complete, the new default version that you selected has a star next to it.

To delete policies

Note

Before you can delete a policy or a policy version, make sure that the following conditions are met:

You can't delete a policy if that policy is attached to a certificate.
You can't delete a policy if that policy has any non-default versions.
You can only delete the default version of a policy if a new default version is selected or the entire policy is deleted.
Before you delete an entire policy, you must delete all of the non-default version of that same policy.

From the AWS Explorer, expand the IoT service section.
Expand the Policies subsection and locate the policy that you want to update.
Expand the policy that you want to update, and open the context (right-click) menu for the policy version that you want delete and choose Delete.
When a version is deleted, it's no longer visible from the AWS Explorer.
If only the default version of a policy is left, open the context (right-click) menu for the parent policy and choose Delete.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using Amazon ECR with AWS Cloud9 IDE

Amazon ECS