Sync inicial

0-lab-setup/1-setup-cloud9.md

@@ -0,0 +1,67 @@
+# Setup AWS Cloud9
+
+In this lab you will configure a working environment for the 2 initial labs. By the end of the module you will:
+
+* Have an operational integrated development environment (IDE) usable by the 2 initial labs. This will include the base AWS Cloud9 instance along with installation of all dependencies.
+* Know how to interact with the IDE via a web browser, upload or download files between it and your local workstation/laptop.
+* Know how to pause and restart the instance as-needed if unused for a period of time to save costs.
+* Understand why reproducible environments such as AWS Cloud9 can reduce errors and provide consistency to architecting and development efforts.
+
+Why should you use a cloud-based IDE when you have a powerful computer right in front of you? Developing workloads normally requires installation and management of development tools such as languages, compilers, and other specific tools. It is common that when going though workshops over time, your local computer or laptop will have multiple versions of languages, such as Python 2.7, 3.6, 3.7, and 3.8, each with a different set of packages. This is also true for other applications.
+
+Or, your laptop may be running one operating system such a macOS Mojave (or Catalina), while the person next to you is running Windows 10 (or 7, or 8), and the person on the other side you is running some version of Linux. So by setting up and using a common IDE, which also includes a common operating system, the other lab instructions can be completed without having to spend time installing or resolving issues. IDE hygiene!
+
+> [!NOTE]
+> If you do wish to use your own laptop, review the [Install All Lab Dependencies](/0-lab-setup/1-setup-cloud9?id=_2-install-all-lab-dependencies) step below to ensure you have the same ones installed and available on your laptop.
+
+## 1. Create a new Cloud9 IDE Instance
+
+From the AWS Console, navigate to Cloud9, select the region you will be working in for the 2 initial labs, then create a new environment with the following environment settings:
+
+1. Sign in to the AWS Management Console and open the Cloud9 console at https://console.aws.amazon.com/cloud9/
+2. From the upper right on the menu bar, select the region drop-down and set to the region where you will be running all the labs. We will use Ireland, or eu-west-1 during lab examples
+3. From the Cloud9 page, choose on **Create environment**
+4. Fill out the **Name** box with *iotworkshop* and optionally the **Description**, then choose **Next step:**
+5. Under Environment settings left the default values, choose **Next step:**
+6. Review the values, choose **Create environment**. This will change to the IDE window, and after a couple minutes the IDE will appear similar to this:
+![image](img/cloud9-screen.png)
+7. Close the Welcome tab and launch a New terminal tab in its place
+
+## 2. Install All Lab Dependencies
+
+To complete the 2 initial labs, there may be additional software or configuration changes required. The Command Input below will go through and perform these installations.
+
+```bash
+### For copying, include this line
+
+# Install dependencies
+sudo yum -y install jq
+
+# Create openssl.cnf file
+cat <<EOT >> ~/openssl.cnf
+[req]
+distinguished_name=dn
+[ dn ]
+countryName			= Country Name (2 letter code)
+countryName_default		= ES
+countryName_min			= 2
+countryName_max			= 2
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+localityName			= Locality Name (eg, city)
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= IoT power SA
+organizationalUnitName		= Organizational Unit Name (eg, section)
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+commonName_max			= 64
+emailAddress			= Email Address
+emailAddress_max		= 64
+[ ext ]
+basicConstraints=CA:TRUE,pathlen:0
+EOT
+
+echo "********* Your Cloud9 IDE is ready for use"
+### For copying, include this line
+```
+
+Now you have the IDE needed for the 2 initial labs.

0-lab-setup/2-deploy-iot-simulator.md

@@ -0,0 +1,32 @@
+# Deploy IoT Device Simulator
+
+In order to facilitate the the creation of simulated IoT devices we will used a solution designed by AWS, [IoT Device Simulator](https://aws.amazon.com/solutions/implementations/iot-device-simulator/).
+
+This solution provides a web-based graphical user interface (GUI) console that enables customers to create and simulate hundreds of virtual connected devices, without having to configure and manage physical devices, or develop time-consuming scripts.
+
+The diagram below presents the architecture you will deploy using the AWS CloudFormation template.
+
+![image](img/iot-device-simulator-architecture.png)
+
+
+## 1. Deploy the CloudFormation
+
+1. Sign in to the AWS Management Console and click the button to launch the iot-device-simulator AWS CloudFormation template.
+
+[![image](img/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/new?templateURL=https:%2F%2Fs3.amazonaws.com%2Fsolutions-reference%2Fiot-device-simulator%2Flatest%2Fiot-device-simulator.template)
+
+2. The template launches in the EU West (Ireland), we will use this Region for the labs.
+3. On the **Select Template** page, verify that you selected the correct template and choose **Next**.
+4. On the **Stack name** text box, assign a name to your solution stack, *iot-device-simulator*.
+5. Under **Parameters**, review the parameters for the template and fill them:
+  1. Introduce an **Administrator Name**.
+  2. Introduce a valid email, you will need to validate it, **Administrator email address**.
+6. Choose **Next**.
+7. On the Options page, choose **Next**.
+8. On the Review page, review and confirm the settings. Check the box acknowledging that the template will create AWS Identity and Access Management (IAM) resources.
+9. Choose Create to deploy the stack.
+You can view the status of the stack in the AWS CloudFormation console in the **Status** column. You should see a status of **CREATE_COMPLETE** in approximately 10 minutes.
+
+After setup, the solution sends the administrator an email invitation to join the IoT Device Simulator web console.
+
+10. In the email, follow the instructions to sign in to the web console

1-bring-your-own-ca/1-create-ca.md

@@ -0,0 +1,158 @@
+# Create your own CA
+
+In this lab you setup your very own Certificate Authority (CA) to issue device certificates that can be registered by AWS IoT. By the end of this lab you will:
+
+  * Understand how to create an offline CA used to create device certificates.
+  * How to use the AWS Console to register your CA with AWS IoT and a trusted issuer of certificates.
+  * Be able to navigate in the AWS Console to view the status of the CA and issued certificates.
+
+
+## 1. Obtain a New Private Root CA Registration Code
+
+1. From the AWS Console, navigate to AWS IoT Core->**Secure**->**CAs**->**Register a CA** (if you don’t have any, otherwise Register).
+
+![image](img/register-ca.png)
+
+2. From the Select a CA page, click on **Register CA** to start the process of creating and validating a new CA.
+
+![image](img/register-ca2.png)
+
+3. From the **Register a CA Certificate** page, this will show the steps needed to register the new CA. We won’t use these exact steps, but the registration code is needed to sign a certificate to verify CA ownership. Copy the **registration code** to a temporary location.
+
+![image](img/register-ca3.png)
+
+> [!DANGER]
+> Reminder! Keep this browser open, you will come back to it to enter the CA and verification certificates.
+
+## 2. Create Your Local Root CA
+
+
+A root or issuing CA is normally stored and accessed from a controlled location. For this lab, you will create a *root CA* in your home directory. This will also be the location where all related files are created.
+
+Use OpenSSL to create a private key that will be used for the root CA. Once complete, use OpenSSL to create a self-signed root CA certificate with the <mark>openssl.cnf</mark> configuration file that will add the needed extensions to work with AWS IoT. When done you will have a private key file named <mark>rootCA.key</mark> and the corresponding root certificate named <mark>rootCA.pem</mark>.
+
+1. From the Cloud9 terminal, generate a private key file with a 4096-bit RSA key:
+
+**Command Input:**
+
+```bash
+openssl genrsa -out rootCA.key 4096
+```
+**Command Output:**
+
+```bash
+Generating RSA private key, 4096 bit long modulus
+.................++
+....................................................................................++
+e is 65537 (0x10001)
+```
+
+2. Now use the private key to create a self-signed root CA certificate. By being self-signed, this is certificate that will be used to verify control to AWS IoT:
+
+**Command Input:**
+
+```bash
+openssl req -x509 \
+        -new \
+        -nodes \
+        -key rootCA.key \
+        -sha256 \
+        -days 1024 \
+        -out rootCA.pem \
+        -config openssl.cnf \
+        -extensions ext
+```
+Interactive Command Output, enter **Common Name** value of *My Test CA* on highlighted line:
+
+```bash
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [ES]:
+State or Province Name (full name) [Some-State]:
+Locality Name (eg, city) []:
+Organization Name (eg, company) [IoT power SA]:
+Organizational Unit Name (eg, section) []:
+Common Name (e.g. server FQDN or YOUR name) []:My Test CA
+Email Address []:
+```
+
+## 3. Generate and sign the Verification Certificate
+
+With the root CA created locally, now use the registration code obtained from the AWS Console to create and sign the verification certificate. The registration code will be the value for the Common Name of the certificate. By creating a certificate request with this common name value, and by having it signed by the root CA, these two components validate ownership to AWS IoT. Follow these steps:
+
+1. Generate a private key to be used for verification certificate.
+
+**Command Input:**
+
+```bash
+openssl genrsa -out verificationCert.key 2048
+```
+
+**Command Output:**
+
+```bash
+Generating RSA private key, 2048 bit long modulus
+............+++
+....+++
+```
+2. Create the certificate signing request (CSR) using the registration code as the Common Name
+
+**Command Input:**
+
+```bash
+openssl req -new -key verificationCert.key -out verificationCert.csr
+```
+
+Interactive Command Output, for the **Common Name** field, replace with your *registration code*, press enter for all others to accept defaults:
+
+```bash
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [ES]:
+State or Province Name (full name) [Some-State]:
+Locality Name (eg, city) []:
+Organization Name (eg, company) [IoT power SA]:
+Organizational Unit Name (eg, section) []:
+Common Name (e.g. server FQDN or YOUR name) []:b47bxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx97edc
+Email Address []:
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:
+
+```
+
+3. Use the CSR file (verificationCert.csr) and create the verification certificate using the root CA. This will create the fully signed verificationCert.crt file.
+
+**Command Input:**
+
+```bash
+openssl x509 \
+    -req \
+    -in verificationCert.csr \
+    -CA rootCA.pem \
+    -CAkey rootCA.key \
+    -CAcreateserial \
+    -out verificationCert.crt \
+    -days 500 \
+    -sha256
+```
+
+**Command Output** (CN= value will be your unique registration code):
+
+```bash
+Signature ok
+subject=/C=ES/ST=Some-State/O=IoT power SA/CN=b47bxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx97edc
+Getting CA Private Key
+```

1-bring-your-own-ca/2-deploy-ca.md

@@ -0,0 +1,23 @@
+# Deploy your own CA
+
+With the root CA and verification certificate created locally, go back to your web browser where we left off the CA creation process. Here, select the <mark>rootCA.pem</mark> file, and the <mark>verificationCert.crt</mark> file. Then check the Activate CA Certificate and finally click on Register CA certificate. This will complete the process and return to the list of registered CA’s, now including this one!
+
+> [!NOTE]
+> The location of <mark>rootCA.pem</mark>  and <mark>verificationCert.crt</mark> files need to be local to your web browser. If using Cloud9, you will need to download the files locally (navigate to the files from the left pane then right-click on each file and download to your laptop or workstation).
+
+## 1. Complete the Registration of Your Root CA and Activate
+
+1. From the browser, click and complete the <mark>rootCA.pem</mark> file, the <mark>verificationCert.crt</mark> file, and check Activate CA Certificate. When done, finally click on Register CA certificate.
+
+![image](img/register-ca4.png)
+
+2. When successfully completed, you will return to the list of registered CA’s, including this one!
+
+![image](img/register-ca5.png)
+
+
+###  Outcomes
+
+By creating and validating a CA in AWS IoT, you now have a method to generate device certificates to meet your specific needs, and can do so without having to interact with AWS IoT services directly.
+
+Also, the same CA can be registered in multiple regions by going through the registration process above for each region. This allows for a device to have a single certificate that can be presented to different AWS regions.