Bulk provisioning

In this exercise you will bulk provision multiple things with one API call: start-thing-registration-task

The API call start-thing-registration-task can be used to provision things in bulk. To provision things in bulk you need the same parameters as with single device provisioning with the register-thing API call. But you will put multiple parameters into file which then must be stored in an Amazon S3 bucket.

An IAM role is also required to allow AWS IoT to access the S3 bucket and provision devices in your account. The role was created already through CloudFormation. You can find the required role ARN in the outputs section of the CloudFormation stack.

The parameters file which you need to store in the Amazon S3 bucket contains the values used to replace the parameters in the template. The file must be a newline-delimited JSON file. Each line contains all of the parameter values for provisioning a single device.

You can create keys, CSR and input parameter with the script “mk-bulk.sh” for multiple devices. The script mk-bulk.sh will create a directory and put all the keys, CSRs and a file bulk.json into this directory.

To create a bulk provisioning the required S3 bucket must exist in the same region where the devices should be provisioned. This bucket was already created for the workshop and can be found in the shell variable S3_BUCKET


Use the directory ~/provisioning for the exercises in this chapter.

cd ~/provisioning

Create keys and certificate signing requests (CSRs)


# number of things to create


Keys, CSRs and the file bulk.json are created in a directory with the naming-scheme $THING_NAME-YYYY-mm-dd_H-M-S

Copy the file bulk.json to your S3 bucket and verify that it was copied. The name of your S3 bucket has been copied during the setup of the workshop to the shell variable S3_BUCKET

# cd to the directory where keys/CSRs where created
# copy bulk.json to S3
aws s3 cp bulk.json s3://$S3_BUCKET/

# verify that the file was copied
aws s3 ls s3://$S3_BUCKET/

Create a bulk thing registration task

To create a bulk registration task a role is required that grants permission to access the input file. This role has been already created by CloudFormation and the name of the role has been copied during the setup of the workshop to the shell variable $ARN_IOT_PROVISIONING_ROLE.

aws iot start-thing-registration-task \
  --template-body file://~/templateBody.json \
  --input-file-bucket $S3_BUCKET \
  --input-file-key bulk.json --role-arn $ARN_IOT_PROVISIONING_ROLE

If the command is successful you’ll get back a task-id. You can verify the state of the task for ERRORS or RESULTS with the following commands:

aws iot list-thing-registration-task-reports \
  --report-type ERRORS --task-id [YOUR_TASK_ID]

aws iot list-thing-registration-task-reports \
  --report-type RESULTS --task-id [YOUR_TASK_ID]		

If you get output from the report-type RESULTS from the command above you can download the output for this command from a URL. The output will be stored in the file results.json

wget -O results.json $(aws iot list-thing-registration-task-reports --task-id [YOUR_TASK_ID] --report-type RESULTS | jq -r '.resourceLinks[]')

If you encounter errors use the following command to download the error messages. They are stored in the file errors.json. Examine the messages and solve the root cause.

wget -O errors.json $(aws iot list-thing-registration-task-reports --task-id [YOUR_TASK_ID] --report-type ERRORS | jq -r '.resourceLinks[]')

Take a look at the file results.json

Write all the certificates from the file results.json to files for the related thing. Do it on your own or use a python script that we have prepared for you:

bulk-result.py results.json

Verify that the certificates have been written

ls -l

Publish messages with your bulk provisioned devices

List the things in the AWS IoT device registry

aws iot list-things

Now try to publish with one of the things that you created. Subscribe to the topic “iot/ws” before

# replace XX with a number of the things you created

mosquitto_pub --cafile ~/root.ca.bundle.pem \
  --cert $THING_NAME.crt --key $THING_NAME.key \
  -h $IOT_ENDPOINT -p 8883 -q 0 -t iot/ws \
  -i $THING_NAME	 --tls-version tlsv1.2 \
  -m "{\"prov\": \"bulk\", \"date\": \"$(date)\"}" -d

Exercise: publish with all the things that you bulk provisioned.

Think at something like:

for i in {1..20}; do