1 Answer
- Newest
- Most votes
- Most comments
1
Hi. There are lots of ways this could be done, but one way is to bake it into your manufacturing process. As each device or batch of devices is produced, the MAC addresses or serial numbers etc are appended to the database. This might be a script that runs at the factory, perhaps part of the automated flashing and testing of each device on the manufacturing line. So your script would use the AWS SDK or CLI to add the new entries to the database.
Relevant content
- Accepted Answerasked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
Hi Greg, thanks for the response. I believe this would be the most recommended approach. Thanks for sharing all the ideas. Can there be another approach in case we cannot build a database in advance?
These optional checks are to try to make sure that it's a valid device that's trying to use fleet provisioning. Making sure in some way other than it just having a valid claim certificate. So you kind of need to know something about the valid devices, ahead of time. Maybe you know the MAC address range, and it just has to be in range. Or it sends a serial number and you regex it to make sure it's the right format and length, and not a repeat of something already provisioned. These approaches are weaker than an allow list.