In this chapter, you’ll provision the device for connectivity to AWS IoT Core using the on-board Microchip ATTECC608 Trust&GO secure element to establish a TLS connection. The built-in hardware root of trust allows you to have a simplified and expedited provisioning path while never exposing the private key. You can retrieve the device certificate that is built into the device and create a manifest file to create a AWS IoT thing (a representation and record of your device). This device’s client Id will be registered and identified in AWS IoT Core by the secure element serial number. You can use similar processes to automate the fleet deployment of thousands or millions of devices at a time.
Please reference Espressif’s offical doc for establishing serial connections with the ESP32. The port of your device will vary based on your OS. For macOS, the device is typically on
/dev/cu.SLAB_USBtoUART or will start with
/dev/cu.usbserial-. For Linux, the device is typically on
/dev/ttyUSB0 (user needs to be added to dialout group). For Windows, it will start with a
COM and end with a number.
We have simplified the process of retrieving the device certificate from the Core2 for AWS IoT EduKit reference hardware’s secure element, generating a device manifest by signing the device certificate with a x.509 certificate (includes your AWS IoT registration code), registering the device in AWS IoT with the device certificate, and attaching a secure policy to the AWS IoT thing.
Go into the project’s AWS IoT registration helper directory and install necessary dependencies with pip:
cd Core2-for-AWS-IoT-EduKit/Blinky-Hello-World/utilities/AWS_IoT_registration_helper/ pip3 install -r requirements.txt
Next, you’ll need to run the Python script that executes all the steps for registering the device to your AWS account. Be sure to first replace «DEVICE_PORT» with the serial port your Core2 for AWS IoT EduKit device is connected to:
python registration_helper.py -p <<DEVICE_PORT>>
If you close your shell or open a new shell, you’ll need to re-enter
conda activate edukit to reactivate the virtual environment and source ESP-IDF’s
export.sh (macOS/Linux) or
export.bat (Windows) to re-add the ESP-IDF tools to your path each time.
With the device successfully registered and provisioned in AWS IoT, go back to the Blinky-Hello-World directory by entering:
In this chapter, you used the secure element to create an AWS IoT thing, set up a permissions policy for your thing, and attached the device certificate to it. All of this was done without ever exposing the secret private key and removing a potential avenue for it to be compromised.
On to Connecting to AWS IoT Core.