in deployment_lambda/lambda_function.py [0:0]
def register_ca(ca_arn):
acm_pca = boto3.client('acm-pca')
iot = boto3.client('iot')
reg_code = iot.get_registration_code()['registrationCode']
ca_cert_pem = acm_pca.get_certificate_authority_certificate(CertificateAuthorityArn=ca_arn)['Certificate']
ca_cert = load_certificate(FILETYPE_PEM, ca_cert_pem)
ca_cert.get_subject().CN = reg_code
csr = create_csr(ca_cert.get_subject())
verification_cert_arn = acm_pca.issue_certificate(
CertificateAuthorityArn=ca_arn,
Csr=csr,
SigningAlgorithm='SHA256WITHRSA',
Validity={'Value': 15, 'Type': 'YEARS'},
)['CertificateArn']
verification_cert_pem = get_certificate(ca_arn, verification_cert_arn)
iot_ca_arn = iot.register_ca_certificate(
caCertificate=ca_cert_pem, verificationCertificate=verification_cert_pem, setAsActive=True
)['certificateArn']
# tag ca_arn for update/delete purpose
iot.tag_resource(resourceArn=iot_ca_arn, tags=[{'Key': ACMPCA_TAG, 'Value': ca_arn}])
return iot_ca_arn