Provisioning
data class ProvisioningTemplateArgs(val description: Output<String>? = null, val enabled: Output<Boolean>? = null, val name: Output<String>? = null, val preProvisioningHook: Output<ProvisioningTemplatePreProvisioningHookArgs>? = null, val provisioningRoleArn: Output<String>? = null, val tags: Output<Map<String, String>>? = null, val templateBody: Output<String>? = null, val type: Output<String>? = null) : ConvertibleToJava<ProvisioningTemplateArgs>
Manages an IoT fleet provisioning template. For more info, see the AWS documentation on fleet provisioning.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const iotAssumeRolePolicy = aws.iam.getPolicyDocument({
statements: [{
actions: ["sts:AssumeRole"],
principals: [{
type: "Service",
identifiers: ["iot.amazonaws.com"],
}],
}],
});
const iotFleetProvisioning = new aws.iam.Role("iot_fleet_provisioning", {
name: "IoTProvisioningServiceRole",
path: "/service-role/",
assumeRolePolicy: iotAssumeRolePolicy.then(iotAssumeRolePolicy => iotAssumeRolePolicy.json),
});
const iotFleetProvisioningRegistration = new aws.iam.RolePolicyAttachment("iot_fleet_provisioning_registration", {
role: iotFleetProvisioning.name,
policyArn: "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration",
});
const devicePolicy = aws.iam.getPolicyDocument({
statements: [{
actions: ["iot:Subscribe"],
resources: ["*"],
}],
});
const devicePolicyPolicy = new aws.iot.Policy("device_policy", {
name: "DevicePolicy",
policy: devicePolicy.then(devicePolicy => devicePolicy.json),
});
const fleet = new aws.iot.ProvisioningTemplate("fleet", {
name: "FleetTemplate",
description: "My provisioning template",
provisioningRoleArn: iotFleetProvisioning.arn,
enabled: true,
templateBody: pulumi.jsonStringify({
Parameters: {
SerialNumber: {
Type: "String",
},
},
Resources: {
certificate: {
Properties: {
CertificateId: {
Ref: "AWS::IoT::Certificate::Id",
},
Status: "Active",
},
Type: "AWS::IoT::Certificate",
},
policy: {
Properties: {
PolicyName: devicePolicyPolicy.name,
},
Type: "AWS::IoT::Policy",
},
},
}),
});Content copied to clipboard
import pulumi
import json
import pulumi_aws as aws
iot_assume_role_policy = aws.iam.get_policy_document(statements=[{
"actions": ["sts:AssumeRole"],
"principals": [{
"type": "Service",
"identifiers": ["iot.amazonaws.com"],
}],
}])
iot_fleet_provisioning = aws.iam.Role("iot_fleet_provisioning",
name="IoTProvisioningServiceRole",
path="/service-role/",
assume_role_policy=iot_assume_role_policy.json)
iot_fleet_provisioning_registration = aws.iam.RolePolicyAttachment("iot_fleet_provisioning_registration",
role=iot_fleet_provisioning.name,
policy_arn="arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration")
device_policy = aws.iam.get_policy_document(statements=[{
"actions": ["iot:Subscribe"],
"resources": ["*"],
}])
device_policy_policy = aws.iot.Policy("device_policy",
name="DevicePolicy",
policy=device_policy.json)
fleet = aws.iot.ProvisioningTemplate("fleet",
name="FleetTemplate",
description="My provisioning template",
provisioning_role_arn=iot_fleet_provisioning.arn,
enabled=True,
template_body=pulumi.Output.json_dumps({
"Parameters": {
"SerialNumber": {
"Type": "String",
},
},
"Resources": {
"certificate": {
"Properties": {
"CertificateId": {
"Ref": "AWS::IoT::Certificate::Id",
},
"Status": "Active",
},
"Type": "AWS::IoT::Certificate",
},
"policy": {
"Properties": {
"PolicyName": device_policy_policy.name,
},
"Type": "AWS::IoT::Policy",
},
},
}))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var iotAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"sts:AssumeRole",
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"iot.amazonaws.com",
},
},
},
},
},
});
var iotFleetProvisioning = new Aws.Iam.Role("iot_fleet_provisioning", new()
{
Name = "IoTProvisioningServiceRole",
Path = "/service-role/",
AssumeRolePolicy = iotAssumeRolePolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var iotFleetProvisioningRegistration = new Aws.Iam.RolePolicyAttachment("iot_fleet_provisioning_registration", new()
{
Role = iotFleetProvisioning.Name,
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration",
});
var devicePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"iot:Subscribe",
},
Resources = new[]
{
"*",
},
},
},
});
var devicePolicyPolicy = new Aws.Iot.Policy("device_policy", new()
{
Name = "DevicePolicy",
PolicyDocument = devicePolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var fleet = new Aws.Iot.ProvisioningTemplate("fleet", new()
{
Name = "FleetTemplate",
Description = "My provisioning template",
ProvisioningRoleArn = iotFleetProvisioning.Arn,
Enabled = true,
TemplateBody = Output.JsonSerialize(Output.Create(new Dictionary<string, object?>
{
["Parameters"] = new Dictionary<string, object?>
{
["SerialNumber"] = new Dictionary<string, object?>
{
["Type"] = "String",
},
},
["Resources"] = new Dictionary<string, object?>
{
["certificate"] = new Dictionary<string, object?>
{
["Properties"] = new Dictionary<string, object?>
{
["CertificateId"] = new Dictionary<string, object?>
{
["Ref"] = "AWS::IoT::Certificate::Id",
},
["Status"] = "Active",
},
["Type"] = "AWS::IoT::Certificate",
},
["policy"] = new Dictionary<string, object?>
{
["Properties"] = new Dictionary<string, object?>
{
["PolicyName"] = devicePolicyPolicy.Name,
},
["Type"] = "AWS::IoT::Policy",
},
},
})),
});
});Content copied to clipboard
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
iotAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Actions: []string{
"sts:AssumeRole",
},
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"iot.amazonaws.com",
},
},
},
},
},
}, nil)
if err != nil {
return err
}
iotFleetProvisioning, err := iam.NewRole(ctx, "iot_fleet_provisioning", &iam.RoleArgs{
Name: pulumi.String("IoTProvisioningServiceRole"),
Path: pulumi.String("/service-role/"),
AssumeRolePolicy: pulumi.String(iotAssumeRolePolicy.Json),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "iot_fleet_provisioning_registration", &iam.RolePolicyAttachmentArgs{
Role: iotFleetProvisioning.Name,
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration"),
})
if err != nil {
return err
}
devicePolicy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Actions: []string{
"iot:Subscribe",
},
Resources: []string{
"*",
},
},
},
}, nil)
if err != nil {
return err
}
devicePolicyPolicy, err := iot.NewPolicy(ctx, "device_policy", &iot.PolicyArgs{
Name: pulumi.String("DevicePolicy"),
Policy: pulumi.String(devicePolicy.Json),
})
if err != nil {
return err
}
_, err = iot.NewProvisioningTemplate(ctx, "fleet", &iot.ProvisioningTemplateArgs{
Name: pulumi.String("FleetTemplate"),
Description: pulumi.String("My provisioning template"),
ProvisioningRoleArn: iotFleetProvisioning.Arn,
Enabled: pulumi.Bool(true),
TemplateBody: devicePolicyPolicy.Name.ApplyT(func(name string) (pulumi.String, error) {
var _zero pulumi.String
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Parameters": map[string]interface{}{
"SerialNumber": map[string]interface{}{
"Type": "String",
},
},
"Resources": map[string]interface{}{
"certificate": map[string]interface{}{
"Properties": map[string]interface{}{
"CertificateId": map[string]interface{}{
"Ref": "AWS::IoT::Certificate::Id",
},
"Status": "Active",
},
"Type": "AWS::IoT::Certificate",
},
"policy": map[string]interface{}{
"Properties": map[string]interface{}{
"PolicyName": name,
},
"Type": "AWS::IoT::Policy",
},
},
})
if err != nil {
return _zero, err
}
json0 := string(tmpJSON0)
return pulumi.String(json0), nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.iot.Policy;
import com.pulumi.aws.iot.PolicyArgs;
import com.pulumi.aws.iot.ProvisioningTemplate;
import com.pulumi.aws.iot.ProvisioningTemplateArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var iotAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("sts:AssumeRole")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("iot.amazonaws.com")
.build())
.build())
.build());
var iotFleetProvisioning = new Role("iotFleetProvisioning", RoleArgs.builder()
.name("IoTProvisioningServiceRole")
.path("/service-role/")
.assumeRolePolicy(iotAssumeRolePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var iotFleetProvisioningRegistration = new RolePolicyAttachment("iotFleetProvisioningRegistration", RolePolicyAttachmentArgs.builder()
.role(iotFleetProvisioning.name())
.policyArn("arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration")
.build());
final var devicePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("iot:Subscribe")
.resources("*")
.build())
.build());
var devicePolicyPolicy = new Policy("devicePolicyPolicy", PolicyArgs.builder()
.name("DevicePolicy")
.policy(devicePolicy.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var fleet = new ProvisioningTemplate("fleet", ProvisioningTemplateArgs.builder()
.name("FleetTemplate")
.description("My provisioning template")
.provisioningRoleArn(iotFleetProvisioning.arn())
.enabled(true)
.templateBody(devicePolicyPolicy.name().applyValue(name -> serializeJson(
jsonObject(
jsonProperty("Parameters", jsonObject(
jsonProperty("SerialNumber", jsonObject(
jsonProperty("Type", "String")
))
)),
jsonProperty("Resources", jsonObject(
jsonProperty("certificate", jsonObject(
jsonProperty("Properties", jsonObject(
jsonProperty("CertificateId", jsonObject(
jsonProperty("Ref", "AWS::IoT::Certificate::Id")
)),
jsonProperty("Status", "Active")
)),
jsonProperty("Type", "AWS::IoT::Certificate")
)),
jsonProperty("policy", jsonObject(
jsonProperty("Properties", jsonObject(
jsonProperty("PolicyName", name)
)),
jsonProperty("Type", "AWS::IoT::Policy")
))
))
))))
.build());
}
}Content copied to clipboard
resources:
iotFleetProvisioning:
type: aws:iam:Role
name: iot_fleet_provisioning
properties:
name: IoTProvisioningServiceRole
path: /service-role/
assumeRolePolicy: ${iotAssumeRolePolicy.json}
iotFleetProvisioningRegistration:
type: aws:iam:RolePolicyAttachment
name: iot_fleet_provisioning_registration
properties:
role: ${iotFleetProvisioning.name}
policyArn: arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration
devicePolicyPolicy:
type: aws:iot:Policy
name: device_policy
properties:
name: DevicePolicy
policy: ${devicePolicy.json}
fleet:
type: aws:iot:ProvisioningTemplate
properties:
name: FleetTemplate
description: My provisioning template
provisioningRoleArn: ${iotFleetProvisioning.arn}
enabled: true
templateBody:
fn::toJSON:
Parameters:
SerialNumber:
Type: String
Resources:
certificate:
Properties:
CertificateId:
Ref: AWS::IoT::Certificate::Id
Status: Active
Type: AWS::IoT::Certificate
policy:
Properties:
PolicyName: ${devicePolicyPolicy.name}
Type: AWS::IoT::Policy
variables:
iotAssumeRolePolicy:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- actions:
- sts:AssumeRole
principals:
- type: Service
identifiers:
- iot.amazonaws.com
devicePolicy:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- actions:
- iot:Subscribe
resources:
- '*'Content copied to clipboard
Import
Using pulumi import, import IoT fleet provisioning templates using the name. For example:
$ pulumi import aws:iot/provisioningTemplate:ProvisioningTemplate fleet FleetProvisioningTemplateContent copied to clipboard
Constructors
Link copied to clipboard
constructor(description: Output<String>? = null, enabled: Output<Boolean>? = null, name: Output<String>? = null, preProvisioningHook: Output<ProvisioningTemplatePreProvisioningHookArgs>? = null, provisioningRoleArn: Output<String>? = null, tags: Output<Map<String, String>>? = null, templateBody: Output<String>? = null, type: Output<String>? = null)
Properties
Link copied to clipboard
The description of the fleet provisioning template.
Link copied to clipboard
Creates a pre-provisioning hook template. Details below.
Link copied to clipboard
The role ARN for the role associated with the fleet provisioning template. This IoT role grants permission to provision a device.
Link copied to clipboard
The JSON formatted contents of the fleet provisioning template.