Lab 00-05 - AWS Multi Account Registration
AWS MAR - A Simplified Approach to handle device Certificate
Multi-Account Registration introduces an optional simplified registration step where customers can register their device certificates without requiring a certificate authority (CA) to be registered with AWS IoT.
Each device must be individually registered in the AWS backend (see upcoming lab)
ST provides STSAFE-A110 secure elements loaded with certificates signed with the ST Generic CA private keys.
OEM registers the device certificates into their AWS IoT account and attach cloud identity and policies
After integration devices presenting these device certificates will be accepted automatically in the OEM AWS IoT account
The B-L4S5I-IOT01A Discovery board does include the STSAFE-A110 pre-configured for the AWS IoT Multi Account Registration
Ideal implementation for development / validation
Sweet spot for low volume production
A complete secure production flow
Multi-Account Registration sequence
Actions can also be done in parallel to prepare the credentials at pre-provision stage (endpoint, Thing name)
Create Thing & Policy
Register Certificate
Attach Policy To Certificate
Where are we now
At this stage, we have prepared everything required related to the Provisioning and SBSFU There will be no need to reproduce these steps. Their outputs will be automatically reused by the Step 3 compilation
On AWS we have registered our Device certificate so that when the board will present itself to AWS platform it will be automatically recognized and accepted
Here again there will be no need to reproduce that part