How to Set Up and Use the Shelly AWS IoT Core Provisioning Script

Overview
This guide will walk you through the process of downloading, configuring, and running the Shelly AWS Provisioning Script. This script automates the setup of AWS CLI, AWS IoT Core resources, and configures your Shelly device to connect securely to AWS IoT Core.
Prerequisites
- A free AWS account with IoT Core service enabled, also free at the moment. 
- A Shelly Gen2+ device (e.g., Shelly 1 G3) connected to a network with internet access. 
- Basic knowledge of AWS IoT Core and MQTT. 
- Ensure your Shelly device has the latest firmware installed. 
- A computer running Ubuntu or Debian based Linux. 
- Administrative ( - root) access to your system.
- A Shelly device connected to your local network. 
Step-by-Step Instructions
Downloading and Setting up the script
Downloading the Script
- Open your terminal & navigate to the directory where you want to download the script. 
- Download the script from this link. 
- Verify the script is downloaded. 
Setting Permissions
To execute the script, you need to make it executable:
- Change the script’s permissions: 
sudo chmod +x shelly-aws-provision.shRunning the Script
The script must be run with root privileges:
- Run the script as root: 
sudo ./shelly-aws-provision.sh- Initial Script Output: 
Upon running the script, you will see an output similar to:
[INFO] Log file set to: /path/to/your/directory/shelly-aws-provision.log ----------- ############################| Phase 1 |############################ -----------Phase 1: AWS CLI Setup
Checking and Installing Prerequisites
Script Behavior:
- The script checks if each package is installed: - curl,- unzip,- python3, and- jq.
- If any are missing, it prompts to install them using apt. 
Example Output:

AWS CLI Installation
The script will detect if AWS CLI is already installed on your system.
If AWS CLI is Installed:
- Prompt: 
AWS CLI is already installed. Do you want to proceed with a fresh installation or update? (y/n):- 
Options: - Yes (y): Proceeds with the fresh installation or update. 
- No (n): Skips the installation and proceeds to AWS CLI configuration. 
 
If Proceeding with Installation or Update:
- Prompt for Installation Directory: 
- Press Enter to accept the default or specify a different directory. 
- The script will set the base directory for AWS CLI installation files and certificate storage. 
Example Output:

- Downloading AWS CLI: 
- The script will download the AWS CLI installer. 
- Progress will be shown in the terminal. 
- Unzipping and Installing AWS CLI: 
- The installer will be unzipped. 
- AWS CLI will be installed or updated. 
- Testing AWS CLI Installation: 
- The script verifies the AWS CLI installation. 
- It displays the installed version. 
- Cleaning Up Installation Files: 
- The script cleans up downloaded and unzipped AWS CLI files. 
- Only certificate directories remain in the base directory. 
Example Output:

- Choose Authentication Method: 
- 
Option 1: SSO - If you choose SSO, follow the prompts to configure AWS SSO. 
- You may need to open a browser and log in to your AWS account. 
 
- 
Option 2: Short-term Credentials - If you choose short-term credentials, enter your AWS Access Key ID and Secret Access Key when prompted. 
- Specify the default region and output format. 
 
Example Output:

Keep in mind that since we have already been using the CLI, we are signed in, hence we just get the suggested values on which we press Enter. If this is your first time, you need to enter the values manually.
Phase 2: AWS IoT Core Setup
Create an IoT Thing
List Existing Thing Types
- The script lists existing Thing Types retrieved from AWS IoT Core. 
- If you don’t have any, a new one needs to be created. 
If creating a new Thing Type
- Enter n to create a new Thing Type. 
- The script creates the new Thing Type and uses it for the new IoT Thing for the current script run. 
Enter Thing Name
- The script creates the IoT Thing with the specified name you have provided and the Thing Type you have chosen/created. 
Example Output:

Policy Management
List Existing Policies
- The script lists existing IoT policies. 
- If you don’t have any, a new one needs to be created. 
If Create a New Policy
- Enter n to create a new policy. 
- Enter a name for it 
- The script creates a new policy with default permissions (allows all IoT actions on all resources). 
Example Output:

Certificate Generation and Attachment
Generating Certificates
- The script generates a new certificate and private key for the IoT Thing. 
- Certificates are stored in a directory named after the Thing at - /aws/< thing_name>-cert.
Files Created:
- Device Certificate: deviceCert_ - .pem 
- Private Key: privateKey_ - .pem 
- Root CA: rootCA.pem 
Attach Policy to Certificate:
- The script attaches the selected or created policy to the certificate. 
Attach Certificate to Thing:
- The script attaches the certificate to the IoT Thing. 
Example Output:

Retrieve MQTT Client Information
- The script retrieves essential MQTT connection details for the Shelly device. 
Details Provided:
- AWS IoT Core/MQTT Endpoint 
- Client ID (Thing Name) 
- Paths to the Private Key, Certificate, and Root CA 
Example Output:

Phase 3: Shelly Device Setup
Provide Shelly Device IP
- Enter the IP of your Shelly Device. 
- 
The script validates the IP address format. - It attempts to connect to the Shelly device using the provided IP. 
- If unsuccessful, it prompts to re-enter the IP address. 
 
Firmware Check and Update
- 
Version Check: - The script checks the current firmware version of the Shelly device. 
- Minimum required version is 1.4.2. 
 
- 
Update Process: - If the firmware is outdated, the script initiates a firmware update. 
- The device may reboot during this process. 
 
Example Output:

Upload Certificates to Shelly Device
- The script uploads the certificates, which were downloaded in the Phase 2: AWS IoT Core Setup(step: Certificate Generation and Attachment) to the Shelly device. 
Configure MQTT on Shelly Device
- The script configures the Shelly device to connect to AWS IoT Core via MQTT over TLS. 
Configuration Settings:
- Server Endpoint: AWS IoT Core MQTT endpoint. 
- Client ID: IoT Thing Name. 
- SSL/TLS Settings: Uses the uploaded certificates. 
Reboot Shelly Device
- The script reboots the Shelly device to apply the new configurations. 
- It waits for the device to come back online, checking periodically. 
Example Output:

Conclusion
You have successfully set up your Shelly device to connect securely to AWS IoT Core using the provisioning script. Your device is now configured to communicate with AWS IoT Core, and you can begin monitoring and controlling it through AWS services.
Notes
Logs:
- The script generates a log file shelly-aws-provision.log in the directory where you run it. 
- Review this file for detailed logs of the script execution. 
Certificates Directory
- Keep your certificates secure. 
- Do not share the private key. 
- Certificates are located in the directory: /path/to/aws/ - -cert .
Troubleshooting
Permission Errors:
- Ensure you run the script with sudo. 
- Verify that the directories used by the script are writable. 
Connectivity Issues:
- Ensure your computer and Shelly device are on the same network. 
- Verify the IP address of the Shelly device is correct. 
- Check your internet connection. 
AWS Permissions:
- Ensure your AWS user has the necessary permissions. 
- If using AWS SSO or roles, verify that the permissions are correctly assigned. 
Firmware Update Failures:
- If the firmware update fails, try updating the Shelly device manually through its web interface. 
- Ensure the device is powered on and connected to the internet. 
Script Errors:
- Check the shelly-aws-provision.log file for detailed error messages. 
- Ensure all prerequisites are met. 
We Value Your Feedback!
Thank you for taking the time to read our article! Was it helpful or interesting?
Your insights can help us improve. We’d be grateful for any feedback. If you have a moment,
please share it with us at the following email: