Alchemy

Appearance

CertificateProvider ​

The CertificateProvider resource allows you to manage AWS IoT CertificateProviders which are used to create and manage device certificates for secure communication in IoT applications.

Minimal Example ​

Create a basic CertificateProvider with required properties and one optional property.

ts
import AWS from "alchemy/aws/control";

const basicCertificateProvider = await AWS.IoT.CertificateProvider("basicCertificateProvider", {
  LambdaFunctionArn: "arn:aws:lambda:us-east-1:123456789012:function:MyCertificateFunction",
  AccountDefaultForOperations: ["account1", "account2"],
  CertificateProviderName: "MyCertificateProvider"
});

Advanced Configuration ​

Configure a CertificateProvider with tags and the adoption flag for existing resources.

ts
const advancedCertificateProvider = await AWS.IoT.CertificateProvider("advancedCertificateProvider", {
  LambdaFunctionArn: "arn:aws:lambda:us-east-1:123456789012:function:MyAdvancedCertificateFunction",
  AccountDefaultForOperations: ["account3"],
  Tags: [
    { Key: "Environment", Value: "Production" },
    { Key: "Project", Value: "IoTDeployment" }
  ],
  adopt: true
});

Using Multiple Accounts ​

Create a CertificateProvider that operates across multiple accounts to streamline certificate management.

ts
const multiAccountCertificateProvider = await AWS.IoT.CertificateProvider("multiAccountCertificateProvider", {
  LambdaFunctionArn: "arn:aws:lambda:us-east-1:123456789012:function:MultiAccountCertFunction",
  AccountDefaultForOperations: ["accountA", "accountB", "accountC"],
  CertificateProviderName: "MultiAccountProvider"
});

Integration with Other IoT Resources ​

Demonstrate how to integrate the CertificateProvider with other AWS IoT resources, such as an IoT Policy.

ts
import AWS from "alchemy/aws/control";

const iotPolicy = await AWS.IoT.Policy("devicePolicy", {
  PolicyName: "DeviceIoTPolicy",
  PolicyDocument: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: "iot:Connect",
        Resource: "*"
      },
      {
        Effect: "Allow",
        Action: "iot:Publish",
        Resource: "arn:aws:iot:us-east-1:123456789012:topic/+/status"
      }
    ]
  })
});

const integratedCertificateProvider = await AWS.IoT.CertificateProvider("integratedCertificateProvider", {
  LambdaFunctionArn: "arn:aws:lambda:us-east-1:123456789012:function:IntegratedCertFunction",
  AccountDefaultForOperations: ["accountX"],
  CertificateProviderName: "IntegratedProvider"
});