Onboard your hubs to managed integrations

Set up your hub devices to communicate with managed integrations by configuring the required directory structure, certificates, and device configuration files. This section describes how the hub onboarding subsystem components work together, where to store certificates and configuration files, how to create and modify the device configuration file, and the steps to complete the hub provisioning process.

Hub onboarding subsystem

The hub onboarding subsystem uses these core components to manage device provisioning and configuration:

Hub onboarding component

Manages the hub onboarding process by coordinating hub state, provisioning approach, and authentication materials.

Device config file

Stores essential hub configuration data on the device, including:

Device provisioning state (provisioned or non-provisioned)
Certificate and key locations
Authentication information Other SDK processes, such as the MQTT proxy, reference this file to determine hub state and connection settings.

Certificate handler interface

Provides a utility interface for reading and writing device certificates and keys. You can implement this interface to work with:

File system storage
Hardware security modules (HSM)
Trusted platform modules (TPM)
Custom secure storage solutions

MQTT proxy component

Manages device-to-cloud communication using:

Provisioned client certificates and keys
Device state information from the config file
MQTT connections to managed integrations

The following diagram describes the hub onboarding subsystem architecture and its components. If you're not using AWS IoT Greengrass, you can disregard that component of the diagram.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Deploy Hub SDK with systemd

Setup for onboarding