Last active
January 31, 2023 17:14
-
-
Save bml1g12/19f141aae3094c233ff3ecfdbe1795e7 to your computer and use it in GitHub Desktop.
A bash script to test if AWS IoT Device Certificate is working as expected on a Greengrass v2 device
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -Eeuxo pipefail | |
| # If running this script on a Greengrass v2 device, it should return a dictionary containing temporary credentials. | |
| # If it fails, check if the THING_NAME, ROLE_ALIAS and IOT_GET_CREDENTIAL_ENDPOINT are correct | |
| # IOT_GET_CREDENTIAL_ENDPOINT can be verified via running ` aws iot describe-endpoint --endpoint-type iot:CredentialProvider --output text` | |
| # on a different device with sufficent IAM to run this command, in the same AWS account and region. | |
| THING_NAME=`sudo cat /greengrass/v2/config/effectiveConfig.yaml | grep -i thingName | awk '{ print $2 }' | tr -d '"'` | |
| ROLE_ALIAS=`sudo cat /greengrass/v2/config/effectiveConfig.yaml | grep -i rolealias | awk '{ print $2 }' | tr -d '"'` | |
| IOT_GET_CREDENTIAL_ENDPOINT=`sudo cat /greengrass/v2/config/effectiveConfig.yaml | grep iotCredEndpoint | awk '{print $2}' | tr -d '"'` | |
| PRIVATE_KEY_PATH=/greengrass/v2/privKey.key | |
| CA_CERT_PATH=/greengrass/v2/rootCA.pem | |
| CERT_PATH=/greengrass/v2/thingCert.crt | |
| curl --cert ${CERT_PATH} --key ${PRIVATE_KEY_PATH} -H "x-amzn-iot-thingname: ${THING_NAME}" --cacert ${CA_CERT_PATH} https://${IOT_GET_CREDENTIAL_ENDPOINT}/role-aliases/${ROLE_ALIAS}/credentials |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment