Single device provisioning

In this exercise you will provision a single device with the register-thing API call. In this provisioning example the thing will be assigned to a thing group and a thing type will be assigned. Group and type must exist before the provisioning is started.

Provision a thing with a single API call (register-thing) and a provisioning template. A key for the device and a CSR are also required to provision the device.

You will find a provisioning template in your home directory. The filename is templateBody.json

Create keys, CSR and input parameter with the script “” for a single device. The output is applied through the Parameters section in the provisioning template to the register-thing API.

The device that will be created will also be put into a thing group and thing type will be also assigned. This is done through the provisioning template. However group and type must exist before the provisioning process starts.


Use the directory ~/provisioning for the exercises in this chapter.

cd ~/provisioning

Provision a single device

Create a thing group in AWS IoT

aws iot create-thing-group --thing-group-name bulk-group

Create a thing type in AWS IoT

aws iot create-thing-type --thing-type-name bulk-type

Create key, CSR and parameters:

# set you thing name
THING_NAME=my-second-thing $THING_NAME

Provision the thing. Copy the output within the curly brackets including the curly brackets and replace it in the following command in the –parameters section

aws iot register-thing --template-body file://~/templateBody.json --parameters '[OUTPUT_FROM_THE_PREVIOUS_COMMAND]'

As output from the previous command you receive the certificate for your thing. Copy the certificate pem from the output and save it into a file with the following command


Go to the AWS AWS IoT Core console

  1. Manage
  2. Things
  3. Click on my-second-thing
  4. Security
  5. Click the certificate
  6. Policies
  7. Click the Policy name

Go to the AWS IoT Core console

  • Subscribe to the topic: iot/ws

In a Cloud9 terminal:

# publish a message to AWS IoT
mosquitto_pub --cafile ~/ \
  --cert $THING_NAME.crt --key $THING_NAME.key \
  -h $IOT_ENDPOINT -p 8883 -q 0 -t iot/ws \
  -i $THING_NAME --tls-version tlsv1.2 \
  -m "{\"prov\": \"second\", \"date\": \"$(date)\"}" -d

Go to the AWS IoT Core console and validate that a message has been published.