IoT Core configuration Certificate management

Vehicle connectivity

The vehicle connectivity layer configures AWS IoT Core for secure vehicle connectivity.

IoT Core configuration

Thing types:

cms-vehicle: Standard vehicle type
cms-ev: Electric vehicle type
cms-commercial: Commercial vehicle type

IoT policies:

Policies restrict device permissions to specific MQTT topics.


{
  "Version": "2012-10-17" ,
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["iot:Connect"],
      "Resource": "arn:aws:iot:*:*:client/${iot:Connection.Thing.ThingName}"
    },
    {
      "Effect": "Allow",
      "Action": ["iot:Publish"],
      "Resource": "arn:aws:iot:*:*:topic/cms/telemetry/${iot:Connection.Thing.ThingName}"
    }
  ]
}

Certificate management

Provisioning workflow:

Vehicle requests certificate using claim certificate
Pre-provisioning Lambda validates vehicle authorization
IoT Core creates thing and activates certificate
Post-provisioning Lambda updates DynamoDB
Vehicle receives unique certificate and private key

Certificate rotation:

Certificates valid for 365 days
Automatic rotation 30 days before expiration
Old certificates deactivated after rotation

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Message streaming

Telemetry ingestion