I'm using provision by claim in AWS IoT core to provision a fleet of devices.

At this moment I'm able to publish to $aws/certificates/create/json topic and receive the following values: -Certificate Id -Certificate -Private Key -Certificate ownership token

Now, I'm trying to publish to $aws/provisioning-templates/esp32_fleet_prov_template/provision/json topic. I get the following error in the $aws/provisioning-templates/esp32_fleet_prov_template/provision/json/rejectedtopic: -{"statusCode":400,"errorCode":"InvalidParameters","errorMessage":"Cannot resolve reference value: SerialNumber"}

As far as I understand, I need to create a JSON with the ownership certificate which is what I do here:

    DynamicJsonDocument registerDoc(2000);
    registerDoc["certificateOwnershipToken"] = ownerToken;
    char jsonRegister[2000]; 
    serializeJson(registerDoc, jsonRegister); // print to client    
    client.publish("$aws/provisioning-templates/esp32_fleet_prov_template/provision/json", jsonRegister);

My policies are: esp32_claim_policy (for the claim certificate)

  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": [
      "Resource": [
      "Effect": "Allow",
      "Action": [
      "Resource": [
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": [


  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": "arn:aws:iot:sa-east-1:195542078145:*"

I couldn't find the documentation for the JSON on the AWS site, so I'm following this one I think I need to add a serial number and certificateId in the JSON? I tested different formats but all of them result in the same error, so I muss be missing something, but I can't find too much documentation about it.

Hi juanGomez,

from the error message you get I assume that you are referencing a serial number in your provisioning template but you did not provide a serial number. You can find a fleet provisioning example in the AWS IoT Device Management workshop. More details about provisioning templates can be found in the AWS IoT Core developer guide.


