IoT / Client / create_domain_configuration

create_domain_configuration#

IoT.Client.create_domain_configuration(**kwargs)#

Creates a domain configuration.

Requires permission to access the CreateDomainConfiguration action.

See also: AWS API Documentation

Request Syntax

response = client.create_domain_configuration(
    domainConfigurationName='string',
    domainName='string',
    serverCertificateArns=[
        'string',
    ],
    validationCertificateArn='string',
    authorizerConfig={
        'defaultAuthorizerName': 'string',
        'allowAuthorizerOverride': True|False
    },
    serviceType='DATA'|'CREDENTIAL_PROVIDER'|'JOBS',
    tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    tlsConfig={
        'securityPolicy': 'string'
    },
    serverCertificateConfig={
        'enableOCSPCheck': True|False,
        'ocspLambdaArn': 'string',
        'ocspAuthorizedResponderArn': 'string'
    },
    authenticationType='CUSTOM_AUTH_X509'|'CUSTOM_AUTH'|'AWS_X509'|'AWS_SIGV4'|'DEFAULT',
    applicationProtocol='SECURE_MQTT'|'MQTT_WSS'|'HTTPS'|'DEFAULT',
    clientCertificateConfig={
        'clientCertificateCallbackArn': 'string'
    }
)
Parameters:
  • domainConfigurationName (string) –

    [REQUIRED]

    The name of the domain configuration. This value must be unique to a region.

  • domainName (string) – The name of the domain.

  • serverCertificateArns (list) –

    The ARNs of the certificates that IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for Amazon Web Services-managed domains.

    • (string) –

  • validationCertificateArn (string) – The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for Amazon Web Services-managed domains.

  • authorizerConfig (dict) –

    An object that specifies the authorization service for a domain.

    • defaultAuthorizerName (string) –

      The name of the authorization service for a domain configuration.

    • allowAuthorizerOverride (boolean) –

      A Boolean that specifies whether the domain configuration’s authorization service can be overridden.

  • serviceType (string) –

    The type of service delivered by the endpoint.

    Note

    Amazon Web Services IoT Core currently supports only the DATA service type.

  • tags (list) –

    Metadata which can be used to manage the domain configuration.

    Note

    For URI Request parameters use format: …key1=value1&key2=value2…

    For the CLI command-line parameter use format: &&tags “key1=value1&key2=value2…”

    For the cli-input-json file use format: “tags”: “key1=value1&key2=value2…”

    • (dict) –

      A set of key/value pairs that are used to manage the resource.

      • Key (string) – [REQUIRED]

        The tag’s key.

      • Value (string) –

        The tag’s value.

  • tlsConfig (dict) –

    An object that specifies the TLS configuration for a domain.

    • securityPolicy (string) –

      The security policy for a domain configuration. For more information, see Security policies in the Amazon Web Services IoT Core developer guide.

  • serverCertificateConfig (dict) –

    The server certificate configuration.

    • enableOCSPCheck (boolean) –

      A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not.

      For more information, see Server certificate configuration for OCSP stapling from Amazon Web Services IoT Core Developer Guide.

    • ocspLambdaArn (string) –

      The Amazon Resource Name (ARN) for a Lambda function that acts as a Request for Comments (RFC) 6960-compliant Online Certificate Status Protocol (OCSP) responder, supporting basic OCSP responses. The Lambda function accepts a JSON string that’s Base64-encoded. Therefore, you must convert your OCSP response, which is typically in the Distinguished Encoding Rules (DER) format, into a JSON string that’s Base64-encoded. The Lambda function’s response is also a Base64-encoded JSON string and the response payload must not exceed 8 kilobytes (KiB) in size. The Lambda function must be in the same Amazon Web Services region and account as the domain configuration.

    • ocspAuthorizedResponderArn (string) –

      The Amazon Resource Name (ARN) for an X.509 certificate stored in Amazon Web Services Certificate Manager (ACM). If provided, Amazon Web Services IoT Core will use this certificate to validate the signature of the received OCSP response. The OCSP responder must sign responses using either this authorized responder certificate or the issuing certificate, depending on whether the ARN is provided or not. The certificate must be in the same Amazon Web Services region and account as the domain configuration.

  • authenticationType (string) –

    An enumerated string that specifies the authentication type.

    • CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.

    • CUSTOM_AUTH - Use custom authentication and authorization. For more information, see Custom authentication and authorization.

    • AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information, see X.509 client certificates.

    • AWS_SIGV4 - Use Amazon Web Services Signature Version 4. For more information, see IAM users, groups, and roles.

    • DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type. For more information, see Device communication protocols.

  • applicationProtocol (string) –

    An enumerated string that specifies the application-layer protocol.

    • SECURE_MQTT - MQTT over TLS.

    • MQTT_WSS - MQTT over WebSocket.

    • HTTPS - HTTP over TLS.

    • DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. For more information, see Device communication protocols.

  • clientCertificateConfig (dict) –

    An object that specifies the client certificate configuration for a domain.

    • clientCertificateCallbackArn (string) –

      The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection.

Return type:

dict

Returns:

Response Syntax

{
    'domainConfigurationName': 'string',
    'domainConfigurationArn': 'string'
}

Response Structure

  • (dict) –

    • domainConfigurationName (string) –

      The name of the domain configuration.

    • domainConfigurationArn (string) –

      The ARN of the domain configuration.

Exceptions