Amazon Web Services (AWS)

  • Amazon Web Services offers reliable, scalable, and inexpensive cloud computing services. Refer to AWS Documentation for more details.

AWS CA Certitifcate Registration

  1. Create a CA certificate, a client certificate and a client key using the Openssl Certificate Creation documentation.

  2. Open AWS

  3. Login using your AWS credentials

  4. Register the CA Certificate in AWS:

    • Go to Security -> Certificate Authorities and Register CA Certificate

    • Select Register CA in the Multi-account mode

    • Choose the CA certificate that you previously created in the Openssl Certificate Creation (CA.crt) step in the CA certificate registration, and set the CA status to Active and the Automatic certificate registration option to ON

    • Register the CA.

  5. Go to Security -> Policies and select Create Policy. Enter the policy name (ex: DIC_POLICY) and in the policy statements select JSON and replace the contents with the JSON provided below:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "*",
      "Resource": "*"
    }
  ]
}

Once done, select Create.

  1. Steps to generate the certificate for your Matter application to use in the dic_config.h header.

    • Go to All Devices -> Things and select Create Things.

    • Select Create Single Thing and click Next.

    • Specify thing properties Info -> Give the thing a name (Note: Client ID) and click Next.

    • Configure the device certificate - optional Info -> Use my certificate.

    • Certificate details -> Choose CA is registered with AWS IOT and Select the CA that registered with AWS in Step 4.

    • Certificate -> Choose file (Choose Client certificate generated in Openssl Certificate Creation ex: device.crt) and set the certificate status to Active. Click Next.

    • Use the policy(ex: DIC_POLICY) created in AWS Certificate Creation.

  2. Repeat Step 5 to create a new thing to use in MQTT Explorer using the certificate created for MQTT explorer ( from Openssl Certificate Creation ex: explorer.crt)

    • NOTE:

      • Thing name must be unique as it will be used as CLIENT ID.

  3. Copy the contents of AWS_CA CERT and create a .pem file to use as a SERVER CERTIFICATE in MQTT Explorer.