问题描述
我正在尝试使用无服务器框架创建一个AWS IoT东西。以下是我的YAML文件。
我收到“操作'无效的证书资源配置'时发生错误。。
任何线索可能是什么问题?
service: winds-delivery-infra
provider:
name: aws
runtime: nodejs12.x
stage: dev
region: ap-south-1
functions:
hello:
handler: handler.hello
resources:
Resources:
Iotthing:
Type: AWS::IoT::Thing
IoTPolicy:
Type: AWS::IoT::Policy
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: ["iot:Connect"]
Resource: "*"
- Effect: "Allow"
Action: ["iot:Publish","iot:Subscribe","iot:Receive"]
Resource: "*"
IoTCertificate:
Type: AWS::IoT::Certificate
Properties:
Status: "ACTIVE"
PolicyPrincipalAttachmentCert:
Type: AWS::IoT::PolicyPrincipalAttachment
Properties:
PolicyName:
Ref: IoTPolicy
Principal: { Fn::GetAtt: [IoTCertificate,Arn] }
解决方法
如果您希望 AWS CloudFormation 为您颁发 IoT 证书,您需要告诉它您自己的 CSR(证书签名请求)。例如,您可以使用 openssl 为您生成 CSR:
openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr
获得 CSR 后,您可以使用它更新您的 CloudFormation,如下所示,它会起作用:
IoTCertificate:
Type: AWS::IoT::Certificate
Properties:
Status: "ACTIVE"
CertificateSigningRequest: "-----BEGIN CERTIFICATE REQUEST-----\nMIIE0DCCArgCAQAwg......uOQIKNqgCxzmqy\n-----END CERTIFICATE REQUEST-----\n"