Resource: awsIotProvisioningTemplate
Manages an IoT fleet provisioning template. For more info, see the AWS documentation on fleet provisioning.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsIamPolicyDocumentDevicePolicy =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"device_policy",
{
statement: [
{
actions: ["iot:Subscribe"],
resources: ["*"],
},
],
}
);
const dataAwsIamPolicyDocumentIotAssumeRolePolicy =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"iot_assume_role_policy",
{
statement: [
{
actions: ["sts:AssumeRole"],
principals: [
{
identifiers: ["iot.amazonaws.com"],
type: "Service",
},
],
},
],
}
);
const awsIamRoleIotFleetProvisioning = new aws.iamRole.IamRole(
this,
"iot_fleet_provisioning",
{
assumeRolePolicy: dataAwsIamPolicyDocumentIotAssumeRolePolicy.json,
name: "IoTProvisioningServiceRole",
path: "/service-role/",
}
);
new aws.iamRolePolicyAttachment.IamRolePolicyAttachment(
this,
"iot_fleet_provisioning_registration",
{
policyArn: "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration",
role: awsIamRoleIotFleetProvisioning.name,
}
);
const awsIotPolicyDevicePolicy = new aws.iotPolicy.IotPolicy(
this,
"device_policy_4",
{
name: "DevicePolicy",
policy: dataAwsIamPolicyDocumentDevicePolicy.json,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIotPolicyDevicePolicy.overrideLogicalId("device_policy");
new aws.iotProvisioningTemplate.IotProvisioningTemplate(this, "fleet", {
description: "My provisioning template",
name: "FleetTemplate",
provisioningRoleArn: awsIamRoleIotFleetProvisioning.arn,
templateBody:
'${jsonencode({\n Parameters = {\n SerialNumber = { Type = "String" }\n }\n\n Resources = {\n certificate = {\n Properties = {\n CertificateId = { Ref = "AWS::IoT::Certificate::Id" }\n Status = "Active"\n }\n Type = "AWS::IoT::Certificate"\n }\n\n policy = {\n Properties = {\n PolicyName = aws_iot_policy.device_policy.name\n }\n Type = "AWS::IoT::Policy"\n }\n }\n })}',
});
Argument Reference
The following arguments are supported:
name
- (Required) The name of the fleet provisioning template.description
- (Optional) The description of the fleet provisioning template.enabled
- (Optional) True to enable the fleet provisioning template, otherwise false.preProvisioningHook
- (Optional) Creates a pre-provisioning hook template. Details below.provisioningRoleArn
- (Required) The role ARN for the role associated with the fleet provisioning template. This IoT role grants permission to provision a device.tags
- (Optional) A map of tags to assign to the resource. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.templateBody
- (Required) The JSON formatted contents of the fleet provisioning template.
preProvisioningHook
The preProvisioningHook
configuration block supports the following:
payloadVersion
- (Optional) The version of the payload that was sent to the target function. The only valid (and the default) payload version is"20200401"
.targetArn
- (Optional) The ARN of the target function.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- The ARN that identifies the provisioning template.defaultVersionId
- The default version of the fleet provisioning template.tagsAll
- A map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.
Import
IoT fleet provisioning templates can be imported using the name
, e.g.