AWS API Changes

2022/07/07 - AWS IoT - 2 updated api methods

Changes This release adds support to register a CA certificate without having to provide a verification certificate. This also allows multiple AWS accounts to register the same CA in the same region.

DescribeCACertificate (updated)

Link ¶
Changes (response)

{'certificateDescription': {'certificateMode': 'DEFAULT | SNI_ONLY'}}

Describes a registered CA certificate.

Requires permission to access the DescribeCACertificate action.

See also: AWS API Documentation

Request Syntax

client.describe_ca_certificate(
    certificateId='string'
)

type certificateId:

string

param certificateId:

[REQUIRED]

The CA certificate identifier.

rtype:

dict

returns:

Response Syntax

{
    'certificateDescription': {
        'certificateArn': 'string',
        'certificateId': 'string',
        'status': 'ACTIVE'|'INACTIVE',
        'certificatePem': 'string',
        'ownedBy': 'string',
        'creationDate': datetime(2015, 1, 1),
        'autoRegistrationStatus': 'ENABLE'|'DISABLE',
        'lastModifiedDate': datetime(2015, 1, 1),
        'customerVersion': 123,
        'generationId': 'string',
        'validity': {
            'notBefore': datetime(2015, 1, 1),
            'notAfter': datetime(2015, 1, 1)
        },
        'certificateMode': 'DEFAULT'|'SNI_ONLY'
    },
    'registrationConfig': {
        'templateBody': 'string',
        'roleArn': 'string'
    }
}

Response Structure

(dict) --

The output from the DescribeCACertificate operation.
- certificateDescription (dict) --
  
  The CA certificate description.
  - certificateArn (string) --
    
    The CA certificate ARN.
  - certificateId (string) --
    
    The CA certificate ID.
  - status (string) --
    
    The status of a CA certificate.
  - certificatePem (string) --
    
    The CA certificate data, in PEM format.
  - ownedBy (string) --
    
    The owner of the CA certificate.
  - creationDate (datetime) --
    
    The date the CA certificate was created.
  - autoRegistrationStatus (string) --
    
    Whether the CA certificate configured for auto registration of device certificates. Valid values are "ENABLE" and "DISABLE"
  - lastModifiedDate (datetime) --
    
    The date the CA certificate was last modified.
  - customerVersion (integer) --
    
    The customer version of the CA certificate.
  - generationId (string) --
    
    The generation ID of the CA certificate.
  - validity (dict) --
    
    When the CA certificate is valid.
    - notBefore (datetime) --
      
      The certificate is not valid before this date.
    - notAfter (datetime) --
      
      The certificate is not valid after this date.
  - certificateMode (string) --
    
    The mode of the CA.
    
    All the device certificates that are registered using this CA will be registered in the same mode as the CA. For more information about certificate mode for device certificates, see certificate mode.
- registrationConfig (dict) --
  
  Information about the registration configuration.
  - templateBody (string) --
    
    The template body.
  - roleArn (string) --
    
    The ARN of the role.

RegisterCACertificate (updated)

Link ¶
Changes (request)

{'certificateMode': 'DEFAULT | SNI_ONLY'}

Registers a CA certificate with Amazon Web Services IoT Core. There is no limit to the number of CA certificates you can register in your Amazon Web Services account. You can register up to 10 CA certificates with the same CA subject field per Amazon Web Services account.

Requires permission to access the RegisterCACertificate action.

See also: AWS API Documentation

Request Syntax

client.register_ca_certificate(
    caCertificate='string',
    verificationCertificate='string',
    setAsActive=True|False,
    allowAutoRegistration=True|False,
    registrationConfig={
        'templateBody': 'string',
        'roleArn': 'string'
    },
    tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    certificateMode='DEFAULT'|'SNI_ONLY'
)

type caCertificate:

string

param caCertificate:

[REQUIRED]

The CA certificate.

type verificationCertificate:

string

param verificationCertificate:

The private key verification certificate. If certificateMode is SNI_ONLY, the verificationCertificate field must be empty. If certificateMode is DEFAULT or not provided, the verificationCertificate field must not be empty.

type setAsActive:

boolean

param setAsActive:

A boolean value that specifies if the CA certificate is set to active.

Valid values: ACTIVE | INACTIVE

type allowAutoRegistration:

boolean

param allowAutoRegistration:

Allows this CA certificate to be used for auto registration of device certificates.

type registrationConfig:

dict

param registrationConfig:

Information about the registration configuration.

templateBody (string) --

The template body.
roleArn (string) --

The ARN of the role.

type tags:

list

param tags:

Metadata which can be used to manage the CA certificate.

(dict) --

A set of key/value pairs that are used to manage the resource.
- Key (string) -- [REQUIRED]
  
  The tag's key.
- Value (string) --
  
  The tag's value.

type certificateMode:

string

param certificateMode:

Describes the certificate mode in which the Certificate Authority (CA) will be registered. If the verificationCertificate field is not provided, set certificateMode to be SNI_ONLY. If the verificationCertificate field is provided, set certificateMode to be DEFAULT. When certificateMode is not provided, it defaults to DEFAULT. All the device certificates that are registered using this CA will be registered in the same certificate mode as the CA. For more information about certificate mode for device certificates, see certificate mode.

rtype:

dict

returns:

Response Syntax

{
    'certificateArn': 'string',
    'certificateId': 'string'
}

Response Structure

(dict) --

The output from the RegisterCACertificateResponse operation.
- certificateArn (string) --
  
  The CA certificate ARN.
- certificateId (string) --
  
  The CA certificate identifier.