IoT Fleet Provisioning Template pre-validation lambda hook

[fredericbarthelet]

Use case description

IoT Core has a fleet provisioning features allowing automatic provisioning of new things.
This feature, called IoT Core Fleet Provisioning template, allows using a lambda as a pre-validation hook in order to validate thing registration within the fleet.
Link to the corresponding CF documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-provisioningtemplate.html

At the moment, the Serverless framework is not offering the possibility to provision this lambda and corresponding template.

Proposed solution

Add a new event type for lambda function called iotFleetProvisioning. Unlike Cognito User Pool trigger definition, where multiple trigger can be set for a user pool at different stage of the lifecycle, IoT Core Fleet Provisioning only allows one trigger, at pre-validation.

This event would require only one property at the first development stage of this feature, templateBody, corresponding to required CF property TemplateBody of the Provisioning Template.

This trigger will only handle creation of a new provisioning template, it will not allow adding a pre-validation hook on existing fleet provisioning template. This will remove the need for a custom resource creation handling modification of pre-existing AWS resource.

[medikoo]

@fredericbarthelet Thanks for proposal. I think it's valuable addition. Can you outline the implementations spec (list all properties as supported by event, and how they will be mapped to AWS CloudFromation, something as we done e.g. here: #8117 (?))

[fredericbarthelet]

Proposed mapping solution

Event name iotFleetProvisioning, creating among other thing a AWS::IoT::ProvisioningTemplate resource, with support for following properties:

templateBody: required, maps to TemplateBody
provisioningRoleArn: required, maps to ProvisioningRoleArn
name: optional, maps to TemplateName

Most configuration is directly part of JSON to be used as templateBody parameter (one exemple of such file can be found here).

IMHO, optional unmapped properties of AWS::IoT::ProvisioningTemplate, listed here after, do not need to be user configurable via dedicated options on this new lambda triggers and can be directly hydrated using serverless service information :

• Description: none
• Enabled: true
• PreProvisioningHook: this is where lambda reference is made
• Tags: none

@medikoo , WDYT ?

[medikoo]

It looks good. Considering Enabled field, not providing support for this, we do not provide a possibily to disable temporarily the mapping, but maybe in this case there's no value for that (?). In some other case we support that, as by preserving a turned off resource in AWS we maintain it's history)

[fredericbarthelet]

Fair enough, making enabled as one of iotFleetProvisioning allowed key, mapped to Enabled property