Request Syntax URI Request Parameters Request Body Response Syntax Response Elements Errors See Also

CreateDomainConfiguration

Creates a domain configuration.

Requires permission to access the CreateDomainConfiguration action.

Request Syntax


POST /domainConfigurations/domainConfigurationName HTTP/1.1
Content-type: application/json

{
   "applicationProtocol": "string",
   "authenticationType": "string",
   "authorizerConfig": { 
      "allowAuthorizerOverride": boolean,
      "defaultAuthorizerName": "string"
   },
   "clientCertificateConfig": { 
      "clientCertificateCallbackArn": "string"
   },
   "domainName": "string",
   "serverCertificateArns": [ "string" ],
   "serverCertificateConfig": { 
      "enableOCSPCheck": boolean,
      "ocspAuthorizedResponderArn": "string",
      "ocspLambdaArn": "string"
   },
   "serviceType": "string",
   "tags": [ 
      { 
         "Key": "string",
         "Value": "string"
      }
   ],
   "tlsConfig": { 
      "securityPolicy": "string"
   },
   "validationCertificateArn": "string"
}

URI Request Parameters

The request uses the following URI parameters.

domainConfigurationName

The name of the domain configuration. This value must be unique to a region.

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w.-]+

Required: Yes

Request Body

The request accepts the following data in JSON format.

applicationProtocol

An enumerated string that speciﬁes the application-layer protocol.

SECURE_MQTT - MQTT over TLS.

MQTT_WSS - MQTT over WebSocket.

HTTPS - HTTP over TLS.

DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. For more information, see Device communication protocols.

Type: String

Valid Values: SECURE_MQTT | MQTT_WSS | HTTPS | DEFAULT

Required: No

authenticationType

An enumerated string that speciﬁes the authentication type.

CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.

CUSTOM_AUTH - Use custom authentication and authorization. For more information, see Custom authentication and authorization.

AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information, see X.509 client certificates.

AWS_SIGV4 - Use AWS Signature Version 4. For more information, see IAM users, groups, and roles.

DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type. For more information, see Device communication protocols.

Type: String

Valid Values: CUSTOM_AUTH_X509 | CUSTOM_AUTH | AWS_X509 | AWS_SIGV4 | DEFAULT

Required: No

authorizerConfig

An object that specifies the authorization service for a domain.

Type: AuthorizerConfig object

Required: No

clientCertificateConfig

An object that speciﬁes the client certificate conﬁguration for a domain.

Type: ClientCertificateConfig object

Required: No

domainName

The name of the domain.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 253.

Pattern: [\s\S]*

Required: No

serverCertificateArns

The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS-managed domains.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 1 item.

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: arn:aws(-cn|-us-gov|-iso-b|-iso)?:acm:[a-z]{2}-(gov-|iso-|isob-)?[a-z]{4,9}-\d{1}:\d{12}:certificate/[a-zA-Z0-9/-]+

Required: No

serverCertificateConfig

The server certificate configuration.

Type: ServerCertificateConfig object

Required: No

serviceType

The type of service delivered by the endpoint.

Note

AWS IoT Core currently supports only the DATA service type.

Type: String

Valid Values: DATA | CREDENTIAL_PROVIDER | JOBS

Required: No

tags

Metadata which can be used to manage the domain configuration.

Note

For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

Type: Array of Tag objects

Required: No

tlsConfig

An object that specifies the TLS configuration for a domain.

Type: TlsConfig object

Required: No

validationCertificateArn

The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for AWS-managed domains.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: arn:aws(-cn|-us-gov|-iso-b|-iso)?:acm:[a-z]{2}-(gov-|iso-|isob-)?[a-z]{4,9}-\d{1}:\d{12}:certificate/[a-zA-Z0-9/-]+

Required: No

Response Syntax


HTTP/1.1 200
Content-type: application/json

{
   "domainConfigurationArn": "string",
   "domainConfigurationName": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

domainConfigurationArn

The ARN of the domain configuration.

Type: String

domainConfigurationName

The name of the domain configuration.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w.-]+

Errors

CertificateValidationException

The certificate is invalid.

HTTP Status Code: 400

InternalFailureException

An unexpected error has occurred.

HTTP Status Code: 500

InvalidRequestException

The request is not valid.

HTTP Status Code: 400

LimitExceededException

A limit has been exceeded.

HTTP Status Code: 410

ResourceAlreadyExistsException

The resource already exists.

HTTP Status Code: 409

ServiceUnavailableException

The service is temporarily unavailable.

HTTP Status Code: 503

ThrottlingException

The rate exceeds the limit.

HTTP Status Code: 400

UnauthorizedException

You are not authorized to perform this operation.

HTTP Status Code: 401