AWS API Changes

2024/10/03 - AWS IoT - 3 updated api methods

Changes This release adds support for Custom Authentication with X.509 Client Certificates, support for Custom Client Certificate validation, and support for selecting application protocol and authentication type without requiring TLS ALPN for customer's AWS IoT Domain Configurations.

CreateDomainConfiguration (updated)

Link ¶
Changes (request)

{'applicationProtocol': 'SECURE_MQTT | MQTT_WSS | HTTPS | DEFAULT',
 'authenticationType': 'CUSTOM_AUTH_X509 | CUSTOM_AUTH | AWS_X509 | AWS_SIGV4 '
                       '| DEFAULT',
 'clientCertificateConfig': {'clientCertificateCallbackArn': 'string'}}

Creates a domain configuration.

Requires permission to access the CreateDomainConfiguration action.

See also: AWS API Documentation

Request Syntax

client.create_domain_configuration(
    domainConfigurationName='string',
    domainName='string',
    serverCertificateArns=[
        'string',
    ],
    validationCertificateArn='string',
    authorizerConfig={
        'defaultAuthorizerName': 'string',
        'allowAuthorizerOverride': True|False
    },
    serviceType='DATA'|'CREDENTIAL_PROVIDER'|'JOBS',
    tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    tlsConfig={
        'securityPolicy': 'string'
    },
    serverCertificateConfig={
        'enableOCSPCheck': True|False
    },
    authenticationType='CUSTOM_AUTH_X509'|'CUSTOM_AUTH'|'AWS_X509'|'AWS_SIGV4'|'DEFAULT',
    applicationProtocol='SECURE_MQTT'|'MQTT_WSS'|'HTTPS'|'DEFAULT',
    clientCertificateConfig={
        'clientCertificateCallbackArn': 'string'
    }
)

type domainConfigurationName:

string

param domainConfigurationName:

[REQUIRED]

The name of the domain configuration. This value must be unique to a region.

type domainName:

string

param domainName:

The name of the domain.

type serverCertificateArns:

list

param serverCertificateArns:

The ARNs of the certificates that IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for Amazon Web Services-managed domains.

(string) --

type validationCertificateArn:

string

param validationCertificateArn:

The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for Amazon Web Services-managed domains.

type authorizerConfig:

dict

param authorizerConfig:

An object that specifies the authorization service for a domain.

defaultAuthorizerName (string) --

The name of the authorization service for a domain configuration.
allowAuthorizerOverride (boolean) --

A Boolean that specifies whether the domain configuration's authorization service can be overridden.

type serviceType:

string

param serviceType:

The type of service delivered by the endpoint.

type tags:

list

param tags:

Metadata which can be used to manage the domain configuration.

(dict) --

A set of key/value pairs that are used to manage the resource.
- Key (string) -- [REQUIRED]
  
  The tag's key.
- Value (string) --
  
  The tag's value.

type tlsConfig:

dict

param tlsConfig:

An object that specifies the TLS configuration for a domain.

securityPolicy (string) --

The security policy for a domain configuration. For more information, see Security policies in the Amazon Web Services IoT Core developer guide.

type serverCertificateConfig:

dict

param serverCertificateConfig:

The server certificate configuration.

enableOCSPCheck (boolean) --

A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not.

For more information, see Configuring OCSP server-certificate stapling in domain configuration from Amazon Web Services IoT Core Developer Guide.

type authenticationType:

string

param authenticationType:

An enumerated string that speciﬁes the authentication type.

CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.
CUSTOM_AUTH - Use custom authentication and authorization. For more information, see Custom authentication and authorization.
AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information, see X.509 client certificates.
AWS_SIGV4 - Use Amazon Web Services Signature Version 4. For more information, see IAM users, groups, and roles.
DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type. For more information, see Device communication protocols.

type applicationProtocol:

string

param applicationProtocol:

An enumerated string that speciﬁes the application-layer protocol.

SECURE_MQTT - MQTT over TLS.
MQTT_WSS - MQTT over WebSocket.
HTTPS - HTTP over TLS.
DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. For more information, see Device communication protocols.

type clientCertificateConfig:

dict

param clientCertificateConfig:

An object that speciﬁes the client certificate conﬁguration for a domain.

clientCertificateCallbackArn (string) --

The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection.

rtype:

dict

returns:

Response Syntax

{
    'domainConfigurationName': 'string',
    'domainConfigurationArn': 'string'
}

Response Structure

(dict) --
- domainConfigurationName (string) --
  
  The name of the domain configuration.
- domainConfigurationArn (string) --
  
  The ARN of the domain configuration.

DescribeDomainConfiguration (updated)

Link ¶
Changes (response)

{'applicationProtocol': 'SECURE_MQTT | MQTT_WSS | HTTPS | DEFAULT',
 'authenticationType': 'CUSTOM_AUTH_X509 | CUSTOM_AUTH | AWS_X509 | AWS_SIGV4 '
                       '| DEFAULT',
 'clientCertificateConfig': {'clientCertificateCallbackArn': 'string'}}

Gets summary information about a domain configuration.

Requires permission to access the DescribeDomainConfiguration action.

See also: AWS API Documentation

Request Syntax

client.describe_domain_configuration(
    domainConfigurationName='string'
)

type domainConfigurationName:

string

param domainConfigurationName:

[REQUIRED]

The name of the domain configuration.

rtype:

dict

returns:

Response Syntax

{
    'domainConfigurationName': 'string',
    'domainConfigurationArn': 'string',
    'domainName': 'string',
    'serverCertificates': [
        {
            'serverCertificateArn': 'string',
            'serverCertificateStatus': 'INVALID'|'VALID',
            'serverCertificateStatusDetail': 'string'
        },
    ],
    'authorizerConfig': {
        'defaultAuthorizerName': 'string',
        'allowAuthorizerOverride': True|False
    },
    'domainConfigurationStatus': 'ENABLED'|'DISABLED',
    'serviceType': 'DATA'|'CREDENTIAL_PROVIDER'|'JOBS',
    'domainType': 'ENDPOINT'|'AWS_MANAGED'|'CUSTOMER_MANAGED',
    'lastStatusChangeDate': datetime(2015, 1, 1),
    'tlsConfig': {
        'securityPolicy': 'string'
    },
    'serverCertificateConfig': {
        'enableOCSPCheck': True|False
    },
    'authenticationType': 'CUSTOM_AUTH_X509'|'CUSTOM_AUTH'|'AWS_X509'|'AWS_SIGV4'|'DEFAULT',
    'applicationProtocol': 'SECURE_MQTT'|'MQTT_WSS'|'HTTPS'|'DEFAULT',
    'clientCertificateConfig': {
        'clientCertificateCallbackArn': 'string'
    }
}

Response Structure

(dict) --
- domainConfigurationName (string) --
  
  The name of the domain configuration.
- domainConfigurationArn (string) --
  
  The ARN of the domain configuration.
- domainName (string) --
  
  The name of the domain.
- serverCertificates (list) --
  
  A list containing summary information about the server certificate included in the domain configuration.
  - (dict) --
    
    An object that contains information about a server certificate.
    - serverCertificateArn (string) --
      
      The ARN of the server certificate.
    - serverCertificateStatus (string) --
      
      The status of the server certificate.
    - serverCertificateStatusDetail (string) --
      
      Details that explain the status of the server certificate.
- authorizerConfig (dict) --
  
  An object that specifies the authorization service for a domain.
  - defaultAuthorizerName (string) --
    
    The name of the authorization service for a domain configuration.
  - allowAuthorizerOverride (boolean) --
    
    A Boolean that specifies whether the domain configuration's authorization service can be overridden.
- domainConfigurationStatus (string) --
  
  A Boolean value that specifies the current state of the domain configuration.
- serviceType (string) --
  
  The type of service delivered by the endpoint.
- domainType (string) --
  
  The type of the domain.
- lastStatusChangeDate (datetime) --
  
  The date and time the domain configuration's status was last changed.
- tlsConfig (dict) --
  
  An object that specifies the TLS configuration for a domain.
  - securityPolicy (string) --
    
    The security policy for a domain configuration. For more information, see Security policies in the Amazon Web Services IoT Core developer guide.
- serverCertificateConfig (dict) --
  
  The server certificate configuration.
  - enableOCSPCheck (boolean) --
    
    A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not.
    
    For more information, see Configuring OCSP server-certificate stapling in domain configuration from Amazon Web Services IoT Core Developer Guide.
- authenticationType (string) --
  
  An enumerated string that speciﬁes the authentication type.
  - CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.
  - CUSTOM_AUTH - Use custom authentication and authorization. For more information, see Custom authentication and authorization.
  - AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information, see X.509 client certificates.
  - AWS_SIGV4 - Use Amazon Web Services Signature Version 4. For more information, see IAM users, groups, and roles.
  - DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type. For more information, see Device communication protocols.
- applicationProtocol (string) --
  
  An enumerated string that speciﬁes the application-layer protocol.
  - SECURE_MQTT - MQTT over TLS.
  - MQTT_WSS - MQTT over WebSocket.
  - HTTPS - HTTP over TLS.
  - DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. For more information, see Device communication protocols.
- clientCertificateConfig (dict) --
  
  An object that speciﬁes the client certificate conﬁguration for a domain.
  - clientCertificateCallbackArn (string) --
    
    The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection.

UpdateDomainConfiguration (updated)

Link ¶
Changes (request)

{'applicationProtocol': 'SECURE_MQTT | MQTT_WSS | HTTPS | DEFAULT',
 'authenticationType': 'CUSTOM_AUTH_X509 | CUSTOM_AUTH | AWS_X509 | AWS_SIGV4 '
                       '| DEFAULT',
 'clientCertificateConfig': {'clientCertificateCallbackArn': 'string'}}

Updates values stored in the domain configuration. Domain configurations for default endpoints can't be updated.

Requires permission to access the UpdateDomainConfiguration action.

See also: AWS API Documentation

Request Syntax

client.update_domain_configuration(
    domainConfigurationName='string',
    authorizerConfig={
        'defaultAuthorizerName': 'string',
        'allowAuthorizerOverride': True|False
    },
    domainConfigurationStatus='ENABLED'|'DISABLED',
    removeAuthorizerConfig=True|False,
    tlsConfig={
        'securityPolicy': 'string'
    },
    serverCertificateConfig={
        'enableOCSPCheck': True|False
    },
    authenticationType='CUSTOM_AUTH_X509'|'CUSTOM_AUTH'|'AWS_X509'|'AWS_SIGV4'|'DEFAULT',
    applicationProtocol='SECURE_MQTT'|'MQTT_WSS'|'HTTPS'|'DEFAULT',
    clientCertificateConfig={
        'clientCertificateCallbackArn': 'string'
    }
)

type domainConfigurationName:

string

param domainConfigurationName:

[REQUIRED]

The name of the domain configuration to be updated.

type authorizerConfig:

dict

param authorizerConfig:

An object that specifies the authorization service for a domain.

defaultAuthorizerName (string) --

The name of the authorization service for a domain configuration.
allowAuthorizerOverride (boolean) --

A Boolean that specifies whether the domain configuration's authorization service can be overridden.

type domainConfigurationStatus:

string

param domainConfigurationStatus:

The status to which the domain configuration should be updated.

type removeAuthorizerConfig:

boolean

param removeAuthorizerConfig:

Removes the authorization configuration from a domain.

type tlsConfig:

dict

param tlsConfig:

An object that specifies the TLS configuration for a domain.

securityPolicy (string) --

The security policy for a domain configuration. For more information, see Security policies in the Amazon Web Services IoT Core developer guide.

type serverCertificateConfig:

dict

param serverCertificateConfig:

The server certificate configuration.

enableOCSPCheck (boolean) --

A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not.

For more information, see Configuring OCSP server-certificate stapling in domain configuration from Amazon Web Services IoT Core Developer Guide.

type authenticationType:

string

param authenticationType:

An enumerated string that speciﬁes the authentication type.

CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.
CUSTOM_AUTH - Use custom authentication and authorization. For more information, see Custom authentication and authorization.
AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information, see X.509 client certificates.
AWS_SIGV4 - Use Amazon Web Services Signature Version 4. For more information, see IAM users, groups, and roles.
DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type. For more information, see Device communication protocols.

type applicationProtocol:

string

param applicationProtocol:

An enumerated string that speciﬁes the application-layer protocol.

SECURE_MQTT - MQTT over TLS.
MQTT_WSS - MQTT over WebSocket.
HTTPS - HTTP over TLS.
DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. For more information, see Device communication protocols.

type clientCertificateConfig:

dict

param clientCertificateConfig:

An object that speciﬁes the client certificate conﬁguration for a domain.

clientCertificateCallbackArn (string) --

The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection.

rtype:

dict

returns:

Response Syntax

{
    'domainConfigurationName': 'string',
    'domainConfigurationArn': 'string'
}

Response Structure

(dict) --
- domainConfigurationName (string) --
  
  The name of the domain configuration that was updated.
- domainConfigurationArn (string) --
  
  The ARN of the domain configuration that was updated.