CreateCertificateProvider

Creates an AWS IoT Core certificate provider. You can use AWS IoT Core certificate provider to customize how to sign a certificate signing request (CSR) in AWS IoT fleet provisioning. For more information, see Customizing certificate signing using AWS IoT Core certificate provider from AWS IoT Core Developer Guide.

Requires permission to access the CreateCertificateProvider action.

Important

After you create a certificate provider, the behavior of CreateCertificateFromCsr API for fleet provisioning will change and all API calls to CreateCertificateFromCsr will invoke the certificate provider to create the certificates. It can take up to a few minutes for this behavior to change after a certificate provider is created.

Request Syntax

POST /certificate-providers/certificateProviderName HTTP/1.1
Content-type: application/json

{
   "accountDefaultForOperations": [ "string" ],
   "clientToken": "string",
   "lambdaFunctionArn": "string",
   "tags": [ 
      { 
         "Key": "string",
         "Value": "string"
      }
   ]
}

URI Request Parameters

The request uses the following URI parameters.

certificateProviderName

The name of the certificate provider.

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w=,@-]+

Required: Yes

Request Body

The request accepts the following data in JSON format.

accountDefaultForOperations

A list of the operations that the certificate provider will use to generate certificates. Valid value: CreateCertificateFromCsr.

Type: Array of strings

Array Members: Fixed number of 1 item.

Valid Values: CreateCertificateFromCsr

Required: Yes

clientToken

A string that you can optionally pass in the CreateCertificateProvider request to make sure the request is idempotent.

Type: String

Length Constraints: Minimum length of 36. Maximum length of 64.

Pattern: \S{36,64}

Required: No

lambdaFunctionArn

The ARN of the Lambda function that defines the authentication logic.

Type: String

Length Constraints: Maximum length of 2048.

Pattern: [\s\S]*

Required: Yes

tags

Metadata which can be used to manage the certificate provider.

Type: Array of Tag objects

Required: No

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "certificateProviderArn": "string",
   "certificateProviderName": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

certificateProviderArn

The ARN of the certificate provider.

Type: String

Length Constraints: Maximum length of 2048.

certificateProviderName

The name of the certificate provider.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w=,@-]+

Errors

InternalFailureException

An unexpected error has occurred.

HTTP Status Code: 500

InvalidRequestException

The request is not valid.

HTTP Status Code: 400

LimitExceededException

A limit has been exceeded.

HTTP Status Code: 410

ResourceAlreadyExistsException

The resource already exists.

HTTP Status Code: 409

ServiceUnavailableException

The service is temporarily unavailable.

HTTP Status Code: 503

ThrottlingException

The rate exceeds the limit.

HTTP Status Code: 400

UnauthorizedException

You are not authorized to perform this operation.

HTTP Status Code: 401

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go v2

• AWS SDK for Java V2

• AWS SDK for JavaScript V3

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3