Terraform-provider-aws: New Resource: AWS IoT Fleet Provisioning Template

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

AWS recently launched a beta for fleet provisioning, which allows IoT to generate certificates and private keys for devices as they connect to IoT with a provisioning template.

New or Affected Resource(s)

• aws_iot_provisioning_template

Potential Terraform Configuration

data "aws_iam_policy_document" "iot_assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["iot.amazonaws.com"]
    }
  }
}

resource "aws_iam_role" "iot_fleet_provisioning" {
  name = "IoTProvisioningServiceRole"
  path = "/service-role/"
  assume_role_policy = data.aws_iam_policy_document.iot_assume_role_policy.json
}

resource "aws_iam_role_policy_attachment" "iot_fleet_provisioning_registration" {
  role       = aws_iam_role.iot_fleet_provisioning.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration"
}

resource "aws_iot_provisioning_template" "fleet" {
  template_name         = "FleetProvisioningTemplate"
  description           = "My fleet provisioning template"
  provisioning_role_arn = aws_iam_role.iot_fleet_provisioning

  template_body = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "iot:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOF
}

Optional: provide a data source to allow cleaner generation of template bodies.

References

None