Build a C2C (Cloud-to-Cloud) connector - Managed integrations for AWS IoT Device Management
PrerequisitesC2C connector requirements

Build a C2C (Cloud-to-Cloud) connector

The following sections cover the steps to build a C2C (Cloud-to-Cloud) connector for managed integrations for AWS IoT Device Management.

Topics

Prerequisites

Before you create a C2C (Cloud-to-Cloud) connector, you need the following:

  • An AWS account to host your C2C connector and to register it through managed integrations. For more information, see Create an AWS account.

  • When you build your connector, you need certain IAM permissions. To use the

  • Ensure that the third-party cloud providers that the connector is intended for, support OAuth 2.0 authorization. For more information, see OAuth 2.0 requirements for account linking.

    In addition, to test the connector, the developer of the connector must have the following:

    • A client ID from the third-party cloud to associate with your C2C connector

    • A client secret from the third-party cloud to associate with your C2C connector

    • An OAuth 2.0 authorization URL

    • An OAuth 2.0 token URL

  • Any API keys required by your third-party API

  • Any API keys that are required by your third-party API registration or allowlisting for the OAuth callback URL hosted by AWS. Some third parties explicitly allowlist an OAuth redirect URL, while others have a workflow where users can log in and register the OAuth URL. Consult with the specific third party to understand what is required to allowlist the managed integrations OAuth redirection endpoint

Required permissions

When you build your connector, you need certain IAM permissions. In addition to the iotmanagedintegrations: permissions for the actions, you need the following permissions:

For more information about iotmanagedintegrations: permissions and actions, see Actions defined by AWS Managed integrations

C2C connector requirements

The C2C connector you develop facilitates the bidirectional communication between managed integrations for AWS IoT Device Management and a third-party vendor cloud. The connector must implement interfaces for managed integrations for AWS IoT Device Management to perform actions on behalf of end users. These interfaces provide the functionality to discover end-user devices, initiate device commands that are sent from managed integrations for AWS IoT Device Management, and identify users based on an access token. To support the device operations, the connector must manage the translation of the request and response messages between managed integrations for AWS IoT Device Management and the related third party platform.

The following are requirements for the C2C connector:

  • The third-party Authorization server must conform to OAuth 2.0 standards as well as the configurations listed in OAuth configuration requirements.

  • A C2C connector will be required to interpret identifiers from AWS implementations of the Matter Data Model and must emit the responses and events that are compliant with AWS implementations of the Matter Data Model. For more information, see AWS implementation of the Matter data model

  • A C2C connector must be able to call the managed integrations for AWS IoT Device Management APIs with SigV4 authentication. For asynchronous events sent with the SendConnectorEvent API, the same AWS account credentials used to register the connector must be used to sign the related SendConnectorEvent request.

  • The connector must implement the AWS.ActivateUser, AWS.DiscoverDevices, AWS.SendCommand, and AWS.DeactivateUser operations.

  • When your C2C connector receives third-party events related to device command responses or device discovery, it must forward them to managed integrations with the SendConnectorEvent API. For more information on these events and the SendConnectorEvent API, see SendConnectorEvent.

Note

The SendConnectorEvent API is part of managed integrations SDK and is used, instead of manual building and signing of requests.