2024/11/15 - AWS IoT - 3 new7 updated api methods
Changes This release allows AWS IoT Core users to enrich MQTT messages with propagating attributes, to associate a thing to a connection, and to enable Online Certificate Status Protocol (OCSP) stapling for TLS X.509 server certificates through private endpoints.
Lists the things associated with the specified principal. A principal can be an X.509 certificate or an Amazon Cognito ID.
Requires permission to access the ListPrincipalThings action.
See also: AWS API Documentation
Request Syntax
client.list_principal_things_v2(
nextToken='string',
maxResults=123,
principal='string',
thingPrincipalType='EXCLUSIVE_THING'|'NON_EXCLUSIVE_THING'
)
string
To retrieve the next set of results, the nextToken value from a previous response; otherwise null to receive the first set of results.
integer
The maximum number of results to return in this operation.
string
[REQUIRED]
The principal. A principal can be an X.509 certificate or an Amazon Cognito ID.
string
The type of the relation you want to filter in the response. If no value is provided in this field, the response will list all things, including both the EXCLUSIVE_THING and NON_EXCLUSIVE_THING attachment types.
EXCLUSIVE_THING - Attaches the specified principal to the specified thing, exclusively. The thing will be the only thing that’s attached to the principal.
NON_EXCLUSIVE_THING - Attaches the specified principal to the specified thing. Multiple things can be attached to the principal.
dict
Response Syntax
{
'principalThingObjects': [
{
'thingName': 'string',
'thingPrincipalType': 'EXCLUSIVE_THING'|'NON_EXCLUSIVE_THING'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
principalThingObjects (list) --
A list of thingPrincipalObject that represents the principal and the type of relation it has with the thing.
(dict) --
An object that represents the thing and the type of relation it has with the principal.
thingName (string) --
The name of the thing.
thingPrincipalType (string) --
The type of the relation you want to specify when you attach a principal to a thing. The value defaults to NON_EXCLUSIVE_THING.
EXCLUSIVE_THING - Attaches the specified principal to the specified thing, exclusively. The thing will be the only thing that’s attached to the principal.
NON_EXCLUSIVE_THING - Attaches the specified principal to the specified thing. Multiple things can be attached to the principal.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Lists the principals associated with the specified thing. A principal can be an X.509 certificate or an Amazon Cognito ID.
Requires permission to access the ListThingPrincipals action.
See also: AWS API Documentation
Request Syntax
client.list_thing_principals_v2(
nextToken='string',
maxResults=123,
thingName='string',
thingPrincipalType='EXCLUSIVE_THING'|'NON_EXCLUSIVE_THING'
)
string
To retrieve the next set of results, the nextToken value from a previous response; otherwise null to receive the first set of results.
integer
The maximum number of results to return in this operation.
string
[REQUIRED]
The name of the thing.
string
The type of the relation you want to filter in the response. If no value is provided in this field, the response will list all principals, including both the EXCLUSIVE_THING and NON_EXCLUSIVE_THING attachment types.
EXCLUSIVE_THING - Attaches the specified principal to the specified thing, exclusively. The thing will be the only thing that’s attached to the principal.
NON_EXCLUSIVE_THING - Attaches the specified principal to the specified thing. Multiple things can be attached to the principal.
dict
Response Syntax
{
'thingPrincipalObjects': [
{
'principal': 'string',
'thingPrincipalType': 'EXCLUSIVE_THING'|'NON_EXCLUSIVE_THING'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
thingPrincipalObjects (list) --
A list of thingPrincipalObject that represents the principal and the type of relation it has with the thing.
(dict) --
An object that represents the principal and the type of relation it has with the thing.
principal (string) --
The principal of the thing principal object.
thingPrincipalType (string) --
The type of the relation you want to specify when you attach a principal to a thing. The value defaults to NON_EXCLUSIVE_THING.
EXCLUSIVE_THING - Attaches the specified principal to the specified thing, exclusively. The thing will be the only thing that’s attached to the principal.
NON_EXCLUSIVE_THING - Attaches the specified principal to the specified thing. Multiple things can be attached to the principal.
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
Updates a thing type.
See also: AWS API Documentation
Request Syntax
client.update_thing_type(
thingTypeName='string',
thingTypeProperties={
'thingTypeDescription': 'string',
'searchableAttributes': [
'string',
],
'mqtt5Configuration': {
'propagatingAttributes': [
{
'userPropertyKey': 'string',
'thingAttribute': 'string',
'connectionAttribute': 'string'
},
]
}
}
)
string
[REQUIRED]
The name of a thing type.
dict
The ThingTypeProperties contains information about the thing type including: a thing type description, and a list of searchable thing attribute names.
thingTypeDescription (string) --
The description of the thing type.
searchableAttributes (list) --
A list of searchable thing attribute names.
(string) --
mqtt5Configuration (dict) --
The configuration to add user-defined properties to enrich MQTT 5 messages.
propagatingAttributes (list) --
An object that represents the propagating thing attributes and the connection attributes.
(dict) --
An object that represents the connection attribute, thing attribute, and the user property key.
userPropertyKey (string) --
The key of the user property key-value pair.
thingAttribute (string) --
The user-defined thing attribute that is propagating for MQTT 5 message enrichment.
connectionAttribute (string) --
The attribute associated with the connection between a device and Amazon Web Services IoT Core.
dict
Response Syntax
{}
Response Structure
(dict) --
{'thingPrincipalType': 'EXCLUSIVE_THING | NON_EXCLUSIVE_THING'}
Attaches the specified principal to the specified thing. A principal can be X.509 certificates, Amazon Cognito identities or federated identities.
Requires permission to access the AttachThingPrincipal action.
See also: AWS API Documentation
Request Syntax
client.attach_thing_principal(
thingName='string',
principal='string',
thingPrincipalType='EXCLUSIVE_THING'|'NON_EXCLUSIVE_THING'
)
string
[REQUIRED]
The name of the thing.
string
[REQUIRED]
The principal, which can be a certificate ARN (as returned from the CreateCertificate operation) or an Amazon Cognito ID.
string
The type of the relation you want to specify when you attach a principal to a thing.
EXCLUSIVE_THING - Attaches the specified principal to the specified thing, exclusively. The thing will be the only thing that’s attached to the principal.
NON_EXCLUSIVE_THING - Attaches the specified principal to the specified thing. Multiple things can be attached to the principal.
dict
Response Syntax
{}
Response Structure
(dict) --
The output from the AttachThingPrincipal operation.
{'serverCertificateConfig': {'ocspAuthorizedResponderArn': 'string',
'ocspLambdaArn': 'string'}}
Creates a domain configuration.
Requires permission to access the CreateDomainConfiguration action.
See also: AWS API Documentation
Request Syntax
client.create_domain_configuration(
domainConfigurationName='string',
domainName='string',
serverCertificateArns=[
'string',
],
validationCertificateArn='string',
authorizerConfig={
'defaultAuthorizerName': 'string',
'allowAuthorizerOverride': True|False
},
serviceType='DATA'|'CREDENTIAL_PROVIDER'|'JOBS',
tags=[
{
'Key': 'string',
'Value': 'string'
},
],
tlsConfig={
'securityPolicy': 'string'
},
serverCertificateConfig={
'enableOCSPCheck': True|False,
'ocspLambdaArn': 'string',
'ocspAuthorizedResponderArn': 'string'
},
authenticationType='CUSTOM_AUTH_X509'|'CUSTOM_AUTH'|'AWS_X509'|'AWS_SIGV4'|'DEFAULT',
applicationProtocol='SECURE_MQTT'|'MQTT_WSS'|'HTTPS'|'DEFAULT',
clientCertificateConfig={
'clientCertificateCallbackArn': 'string'
}
)
string
[REQUIRED]
The name of the domain configuration. This value must be unique to a region.
string
The name of the domain.
list
The ARNs of the certificates that IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for Amazon Web Services-managed domains.
(string) --
string
The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for Amazon Web Services-managed domains.
dict
An object that specifies the authorization service for a domain.
defaultAuthorizerName (string) --
The name of the authorization service for a domain configuration.
allowAuthorizerOverride (boolean) --
A Boolean that specifies whether the domain configuration's authorization service can be overridden.
string
The type of service delivered by the endpoint.
list
Metadata which can be used to manage the domain configuration.
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) -- [REQUIRED]
The tag's key.
Value (string) --
The tag's value.
dict
An object that specifies the TLS configuration for a domain.
securityPolicy (string) --
The security policy for a domain configuration. For more information, see Security policies in the Amazon Web Services IoT Core developer guide.
dict
The server certificate configuration.
enableOCSPCheck (boolean) --
A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not.
For more information, see Server certificate configuration for OCSP stapling from Amazon Web Services IoT Core Developer Guide.
ocspLambdaArn (string) --
The Amazon Resource Name (ARN) for a Lambda function that acts as a Request for Comments (RFC) 6960-compliant Online Certificate Status Protocol (OCSP) responder, supporting basic OCSP responses. The Lambda function accepts a JSON string that's Base64-encoded. Therefore, you must convert your OCSP response, which is typically in the Distinguished Encoding Rules (DER) format, into a JSON string that's Base64-encoded. The Lambda function's response is also a Base64-encoded JSON string and the response payload must not exceed 8 kilobytes (KiB) in size. The Lambda function must be in the same Amazon Web Services region and account as the domain configuration.
ocspAuthorizedResponderArn (string) --
The Amazon Resource Name (ARN) for an X.509 certificate stored in Amazon Web Services Certificate Manager (ACM). If provided, Amazon Web Services IoT Core will use this certificate to validate the signature of the received OCSP response. The OCSP responder must sign responses using either this authorized responder certificate or the issuing certificate, depending on whether the ARN is provided or not. The certificate must be in the same Amazon Web Services region and account as the domain configuration.
string
An enumerated string that specifies the authentication type.
CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.
CUSTOM_AUTH - Use custom authentication and authorization. For more information, see Custom authentication and authorization.
AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information, see X.509 client certificates.
AWS_SIGV4 - Use Amazon Web Services Signature Version 4. For more information, see IAM users, groups, and roles.
DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type. For more information, see Device communication protocols.
string
An enumerated string that specifies the application-layer protocol.
SECURE_MQTT - MQTT over TLS.
MQTT_WSS - MQTT over WebSocket.
HTTPS - HTTP over TLS.
DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. For more information, see Device communication protocols.
dict
An object that specifies the client certificate configuration for a domain.
clientCertificateCallbackArn (string) --
The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection.
dict
Response Syntax
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string'
}
Response Structure
(dict) --
domainConfigurationName (string) --
The name of the domain configuration.
domainConfigurationArn (string) --
The ARN of the domain configuration.
{'thingTypeProperties': {'mqtt5Configuration': {'propagatingAttributes': [{'connectionAttribute': 'string',
'thingAttribute': 'string',
'userPropertyKey': 'string'}]}}}
Creates a new thing type. If this call is made multiple times using the same thing type name and configuration, the call will succeed. If this call is made with the same thing type name but different configuration a ResourceAlreadyExistsException is thrown.
Requires permission to access the CreateThingType action.
See also: AWS API Documentation
Request Syntax
client.create_thing_type(
thingTypeName='string',
thingTypeProperties={
'thingTypeDescription': 'string',
'searchableAttributes': [
'string',
],
'mqtt5Configuration': {
'propagatingAttributes': [
{
'userPropertyKey': 'string',
'thingAttribute': 'string',
'connectionAttribute': 'string'
},
]
}
},
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
[REQUIRED]
The name of the thing type.
dict
The ThingTypeProperties for the thing type to create. It contains information about the new thing type including a description, and a list of searchable thing attribute names.
thingTypeDescription (string) --
The description of the thing type.
searchableAttributes (list) --
A list of searchable thing attribute names.
(string) --
mqtt5Configuration (dict) --
The configuration to add user-defined properties to enrich MQTT 5 messages.
propagatingAttributes (list) --
An object that represents the propagating thing attributes and the connection attributes.
(dict) --
An object that represents the connection attribute, thing attribute, and the user property key.
userPropertyKey (string) --
The key of the user property key-value pair.
thingAttribute (string) --
The user-defined thing attribute that is propagating for MQTT 5 message enrichment.
connectionAttribute (string) --
The attribute associated with the connection between a device and Amazon Web Services IoT Core.
list
Metadata which can be used to manage the thing type.
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) -- [REQUIRED]
The tag's key.
Value (string) --
The tag's value.
dict
Response Syntax
{
'thingTypeName': 'string',
'thingTypeArn': 'string',
'thingTypeId': 'string'
}
Response Structure
(dict) --
The output of the CreateThingType operation.
thingTypeName (string) --
The name of the thing type.
thingTypeArn (string) --
The Amazon Resource Name (ARN) of the thing type.
thingTypeId (string) --
The thing type ID.
{'serverCertificateConfig': {'ocspAuthorizedResponderArn': 'string',
'ocspLambdaArn': 'string'}}
Gets summary information about a domain configuration.
Requires permission to access the DescribeDomainConfiguration action.
See also: AWS API Documentation
Request Syntax
client.describe_domain_configuration(
domainConfigurationName='string'
)
string
[REQUIRED]
The name of the domain configuration.
dict
Response Syntax
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string',
'domainName': 'string',
'serverCertificates': [
{
'serverCertificateArn': 'string',
'serverCertificateStatus': 'INVALID'|'VALID',
'serverCertificateStatusDetail': 'string'
},
],
'authorizerConfig': {
'defaultAuthorizerName': 'string',
'allowAuthorizerOverride': True|False
},
'domainConfigurationStatus': 'ENABLED'|'DISABLED',
'serviceType': 'DATA'|'CREDENTIAL_PROVIDER'|'JOBS',
'domainType': 'ENDPOINT'|'AWS_MANAGED'|'CUSTOMER_MANAGED',
'lastStatusChangeDate': datetime(2015, 1, 1),
'tlsConfig': {
'securityPolicy': 'string'
},
'serverCertificateConfig': {
'enableOCSPCheck': True|False,
'ocspLambdaArn': 'string',
'ocspAuthorizedResponderArn': 'string'
},
'authenticationType': 'CUSTOM_AUTH_X509'|'CUSTOM_AUTH'|'AWS_X509'|'AWS_SIGV4'|'DEFAULT',
'applicationProtocol': 'SECURE_MQTT'|'MQTT_WSS'|'HTTPS'|'DEFAULT',
'clientCertificateConfig': {
'clientCertificateCallbackArn': 'string'
}
}
Response Structure
(dict) --
domainConfigurationName (string) --
The name of the domain configuration.
domainConfigurationArn (string) --
The ARN of the domain configuration.
domainName (string) --
The name of the domain.
serverCertificates (list) --
A list containing summary information about the server certificate included in the domain configuration.
(dict) --
An object that contains information about a server certificate.
serverCertificateArn (string) --
The ARN of the server certificate.
serverCertificateStatus (string) --
The status of the server certificate.
serverCertificateStatusDetail (string) --
Details that explain the status of the server certificate.
authorizerConfig (dict) --
An object that specifies the authorization service for a domain.
defaultAuthorizerName (string) --
The name of the authorization service for a domain configuration.
allowAuthorizerOverride (boolean) --
A Boolean that specifies whether the domain configuration's authorization service can be overridden.
domainConfigurationStatus (string) --
A Boolean value that specifies the current state of the domain configuration.
serviceType (string) --
The type of service delivered by the endpoint.
domainType (string) --
The type of the domain.
lastStatusChangeDate (datetime) --
The date and time the domain configuration's status was last changed.
tlsConfig (dict) --
An object that specifies the TLS configuration for a domain.
securityPolicy (string) --
The security policy for a domain configuration. For more information, see Security policies in the Amazon Web Services IoT Core developer guide.
serverCertificateConfig (dict) --
The server certificate configuration.
enableOCSPCheck (boolean) --
A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not.
For more information, see Server certificate configuration for OCSP stapling from Amazon Web Services IoT Core Developer Guide.
ocspLambdaArn (string) --
The Amazon Resource Name (ARN) for a Lambda function that acts as a Request for Comments (RFC) 6960-compliant Online Certificate Status Protocol (OCSP) responder, supporting basic OCSP responses. The Lambda function accepts a JSON string that's Base64-encoded. Therefore, you must convert your OCSP response, which is typically in the Distinguished Encoding Rules (DER) format, into a JSON string that's Base64-encoded. The Lambda function's response is also a Base64-encoded JSON string and the response payload must not exceed 8 kilobytes (KiB) in size. The Lambda function must be in the same Amazon Web Services region and account as the domain configuration.
ocspAuthorizedResponderArn (string) --
The Amazon Resource Name (ARN) for an X.509 certificate stored in Amazon Web Services Certificate Manager (ACM). If provided, Amazon Web Services IoT Core will use this certificate to validate the signature of the received OCSP response. The OCSP responder must sign responses using either this authorized responder certificate or the issuing certificate, depending on whether the ARN is provided or not. The certificate must be in the same Amazon Web Services region and account as the domain configuration.
authenticationType (string) --
An enumerated string that specifies the authentication type.
CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.
CUSTOM_AUTH - Use custom authentication and authorization. For more information, see Custom authentication and authorization.
AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information, see X.509 client certificates.
AWS_SIGV4 - Use Amazon Web Services Signature Version 4. For more information, see IAM users, groups, and roles.
DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type. For more information, see Device communication protocols.
applicationProtocol (string) --
An enumerated string that specifies the application-layer protocol.
SECURE_MQTT - MQTT over TLS.
MQTT_WSS - MQTT over WebSocket.
HTTPS - HTTP over TLS.
DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. For more information, see Device communication protocols.
clientCertificateConfig (dict) --
An object that specifies the client certificate configuration for a domain.
clientCertificateCallbackArn (string) --
The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection.
{'thingTypeProperties': {'mqtt5Configuration': {'propagatingAttributes': [{'connectionAttribute': 'string',
'thingAttribute': 'string',
'userPropertyKey': 'string'}]}}}
Gets information about the specified thing type.
Requires permission to access the DescribeThingType action.
See also: AWS API Documentation
Request Syntax
client.describe_thing_type(
thingTypeName='string'
)
string
[REQUIRED]
The name of the thing type.
dict
Response Syntax
{
'thingTypeName': 'string',
'thingTypeId': 'string',
'thingTypeArn': 'string',
'thingTypeProperties': {
'thingTypeDescription': 'string',
'searchableAttributes': [
'string',
],
'mqtt5Configuration': {
'propagatingAttributes': [
{
'userPropertyKey': 'string',
'thingAttribute': 'string',
'connectionAttribute': 'string'
},
]
}
},
'thingTypeMetadata': {
'deprecated': True|False,
'deprecationDate': datetime(2015, 1, 1),
'creationDate': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
The output for the DescribeThingType operation.
thingTypeName (string) --
The name of the thing type.
thingTypeId (string) --
The thing type ID.
thingTypeArn (string) --
The thing type ARN.
thingTypeProperties (dict) --
The ThingTypeProperties contains information about the thing type including description, a list of searchable thing attribute names, and MQTT5 configuration.
thingTypeDescription (string) --
The description of the thing type.
searchableAttributes (list) --
A list of searchable thing attribute names.
(string) --
mqtt5Configuration (dict) --
The configuration to add user-defined properties to enrich MQTT 5 messages.
propagatingAttributes (list) --
An object that represents the propagating thing attributes and the connection attributes.
(dict) --
An object that represents the connection attribute, thing attribute, and the user property key.
userPropertyKey (string) --
The key of the user property key-value pair.
thingAttribute (string) --
The user-defined thing attribute that is propagating for MQTT 5 message enrichment.
connectionAttribute (string) --
The attribute associated with the connection between a device and Amazon Web Services IoT Core.
thingTypeMetadata (dict) --
The ThingTypeMetadata contains additional information about the thing type including: creation date and time, a value indicating whether the thing type is deprecated, and a date and time when it was deprecated.
deprecated (boolean) --
Whether the thing type is deprecated. If true, no new things could be associated with this type.
deprecationDate (datetime) --
The date and time when the thing type was deprecated.
creationDate (datetime) --
The date and time when the thing type was created.
{'thingTypes': {'thingTypeProperties': {'mqtt5Configuration': {'propagatingAttributes': [{'connectionAttribute': 'string',
'thingAttribute': 'string',
'userPropertyKey': 'string'}]}}}}
Lists the existing thing types.
Requires permission to access the ListThingTypes action.
See also: AWS API Documentation
Request Syntax
client.list_thing_types(
nextToken='string',
maxResults=123,
thingTypeName='string'
)
string
To retrieve the next set of results, the nextToken value from a previous response; otherwise null to receive the first set of results.
integer
The maximum number of results to return in this operation.
string
The name of the thing type.
dict
Response Syntax
{
'thingTypes': [
{
'thingTypeName': 'string',
'thingTypeArn': 'string',
'thingTypeProperties': {
'thingTypeDescription': 'string',
'searchableAttributes': [
'string',
],
'mqtt5Configuration': {
'propagatingAttributes': [
{
'userPropertyKey': 'string',
'thingAttribute': 'string',
'connectionAttribute': 'string'
},
]
}
},
'thingTypeMetadata': {
'deprecated': True|False,
'deprecationDate': datetime(2015, 1, 1),
'creationDate': datetime(2015, 1, 1)
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
The output for the ListThingTypes operation.
thingTypes (list) --
The thing types.
(dict) --
The definition of the thing type, including thing type name and description.
thingTypeName (string) --
The name of the thing type.
thingTypeArn (string) --
The thing type ARN.
thingTypeProperties (dict) --
The ThingTypeProperties for the thing type.
thingTypeDescription (string) --
The description of the thing type.
searchableAttributes (list) --
A list of searchable thing attribute names.
(string) --
mqtt5Configuration (dict) --
The configuration to add user-defined properties to enrich MQTT 5 messages.
propagatingAttributes (list) --
An object that represents the propagating thing attributes and the connection attributes.
(dict) --
An object that represents the connection attribute, thing attribute, and the user property key.
userPropertyKey (string) --
The key of the user property key-value pair.
thingAttribute (string) --
The user-defined thing attribute that is propagating for MQTT 5 message enrichment.
connectionAttribute (string) --
The attribute associated with the connection between a device and Amazon Web Services IoT Core.
thingTypeMetadata (dict) --
The ThingTypeMetadata contains additional information about the thing type including: creation date and time, a value indicating whether the thing type is deprecated, and a date and time when it was deprecated.
deprecated (boolean) --
Whether the thing type is deprecated. If true, no new things could be associated with this type.
deprecationDate (datetime) --
The date and time when the thing type was deprecated.
creationDate (datetime) --
The date and time when the thing type was created.
nextToken (string) --
The token for the next set of results. Will not be returned if operation has returned all results.
{'serverCertificateConfig': {'ocspAuthorizedResponderArn': 'string',
'ocspLambdaArn': 'string'}}
Updates values stored in the domain configuration. Domain configurations for default endpoints can't be updated.
Requires permission to access the UpdateDomainConfiguration action.
See also: AWS API Documentation
Request Syntax
client.update_domain_configuration(
domainConfigurationName='string',
authorizerConfig={
'defaultAuthorizerName': 'string',
'allowAuthorizerOverride': True|False
},
domainConfigurationStatus='ENABLED'|'DISABLED',
removeAuthorizerConfig=True|False,
tlsConfig={
'securityPolicy': 'string'
},
serverCertificateConfig={
'enableOCSPCheck': True|False,
'ocspLambdaArn': 'string',
'ocspAuthorizedResponderArn': 'string'
},
authenticationType='CUSTOM_AUTH_X509'|'CUSTOM_AUTH'|'AWS_X509'|'AWS_SIGV4'|'DEFAULT',
applicationProtocol='SECURE_MQTT'|'MQTT_WSS'|'HTTPS'|'DEFAULT',
clientCertificateConfig={
'clientCertificateCallbackArn': 'string'
}
)
string
[REQUIRED]
The name of the domain configuration to be updated.
dict
An object that specifies the authorization service for a domain.
defaultAuthorizerName (string) --
The name of the authorization service for a domain configuration.
allowAuthorizerOverride (boolean) --
A Boolean that specifies whether the domain configuration's authorization service can be overridden.
string
The status to which the domain configuration should be updated.
boolean
Removes the authorization configuration from a domain.
dict
An object that specifies the TLS configuration for a domain.
securityPolicy (string) --
The security policy for a domain configuration. For more information, see Security policies in the Amazon Web Services IoT Core developer guide.
dict
The server certificate configuration.
enableOCSPCheck (boolean) --
A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not.
For more information, see Server certificate configuration for OCSP stapling from Amazon Web Services IoT Core Developer Guide.
ocspLambdaArn (string) --
The Amazon Resource Name (ARN) for a Lambda function that acts as a Request for Comments (RFC) 6960-compliant Online Certificate Status Protocol (OCSP) responder, supporting basic OCSP responses. The Lambda function accepts a JSON string that's Base64-encoded. Therefore, you must convert your OCSP response, which is typically in the Distinguished Encoding Rules (DER) format, into a JSON string that's Base64-encoded. The Lambda function's response is also a Base64-encoded JSON string and the response payload must not exceed 8 kilobytes (KiB) in size. The Lambda function must be in the same Amazon Web Services region and account as the domain configuration.
ocspAuthorizedResponderArn (string) --
The Amazon Resource Name (ARN) for an X.509 certificate stored in Amazon Web Services Certificate Manager (ACM). If provided, Amazon Web Services IoT Core will use this certificate to validate the signature of the received OCSP response. The OCSP responder must sign responses using either this authorized responder certificate or the issuing certificate, depending on whether the ARN is provided or not. The certificate must be in the same Amazon Web Services region and account as the domain configuration.
string
An enumerated string that specifies the authentication type.
CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.
CUSTOM_AUTH - Use custom authentication and authorization. For more information, see Custom authentication and authorization.
AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information, see X.509 client certificates.
AWS_SIGV4 - Use Amazon Web Services Signature Version 4. For more information, see IAM users, groups, and roles.
DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type. For more information, see Device communication protocols.
string
An enumerated string that specifies the application-layer protocol.
SECURE_MQTT - MQTT over TLS.
MQTT_WSS - MQTT over WebSocket.
HTTPS - HTTP over TLS.
DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. For more information, see Device communication protocols.
dict
An object that specifies the client certificate configuration for a domain.
clientCertificateCallbackArn (string) --
The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection.
dict
Response Syntax
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string'
}
Response Structure
(dict) --
domainConfigurationName (string) --
The name of the domain configuration that was updated.
domainConfigurationArn (string) --
The ARN of the domain configuration that was updated.