AWS IoT Fleet Provisioning Library

By using AWS IoT fleet provisioning, AWS IoT can generate and securely deliver device certificates and private keys to your devices when they connect to AWS IoT for the first time. AWS IoT provides client certificates that are signed by the Amazon Root certificate authority (CA).

— Description of Fleet Provisioning from AWS IoT documentation https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html

For an overview of device provisioning options available with AWS IoT, see Device Provisioning.

AWS IoT Fleet Provisioning allows you to provision devices without pre-installed unique client certificates. There are two ways to use Fleet Provisioning: by claim, or by trusted user. If provisioning by claim, devices used a provisioning claim certificate and private key registered with AWS IoT to obtain unique device certificates. If provisioning by trusted user, a trusted user, such as an end user or installation technician, uses a mobile app to configure the device in its deployed location.

There are two options for obtaining unique client certificates with AWS IoT Fleet Provisioning: CreateCertificateFromCsr and CreateKeysAndCertificate. CreateCertificateFromCsr allows the device to obtain a certificate by providing a certificate signing request, keeping the private key secure on the device. CreateKeysAndCertificate provides a new certificate and corresponding private key.

Memory Requirements

Memory requirements of the AWS IoT Fleet Provisioning Library.

Code Size of AWS IoT Fleet Provisioning (example generated with GCC for ARM Cortex-M)
File	With -O1 Optimization	With -Os Optimization
fleet_provisioning.c	1.0K	0.9K
Total estimates	1.0K	0.9K