IoT / Client / create_certificate_provider



Creates an Amazon Web Services IoT Core certificate provider. You can use Amazon Web Services IoT Core certificate provider to customize how to sign a certificate signing request (CSR) in IoT fleet provisioning. For more information, see Customizing certificate signing using Amazon Web Services IoT Core certificate provider from Amazon Web Services IoT Core Developer Guide.

Requires permission to access the CreateCertificateProvider action.


After you create a certificate provider, the behavior of CreateCertificateFromCsr API for fleet provisioning will change and all API calls to CreateCertificateFromCsr will invoke the certificate provider to create the certificates. It can take up to a few minutes for this behavior to change after a certificate provider is created.

See also: AWS API Documentation

Request Syntax

response = client.create_certificate_provider(
            'Key': 'string',
            'Value': 'string'
  • certificateProviderName (string) –


    The name of the certificate provider.

  • lambdaFunctionArn (string) –


    The ARN of the Lambda function that defines the authentication logic.

  • accountDefaultForOperations (list) –


    A list of the operations that the certificate provider will use to generate certificates. Valid value: CreateCertificateFromCsr.

    • (string) –

  • clientToken (string) –

    A string that you can optionally pass in the CreateCertificateProvider request to make sure the request is idempotent.

    This field is autopopulated if not provided.

  • tags (list) –

    Metadata which can be used to manage the certificate provider.

    • (dict) –

      A set of key/value pairs that are used to manage the resource.

      • Key (string) – [REQUIRED]

        The tag’s key.

      • Value (string) –

        The tag’s value.

Return type:



Response Syntax

    'certificateProviderName': 'string',
    'certificateProviderArn': 'string'

Response Structure

  • (dict) –

    • certificateProviderName (string) –

      The name of the certificate provider.

    • certificateProviderArn (string) –

      The ARN of the certificate provider.


  • IoT.Client.exceptions.LimitExceededException

  • IoT.Client.exceptions.ResourceAlreadyExistsException

  • IoT.Client.exceptions.InvalidRequestException

  • IoT.Client.exceptions.ThrottlingException

  • IoT.Client.exceptions.UnauthorizedException

  • IoT.Client.exceptions.ServiceUnavailableException

  • IoT.Client.exceptions.InternalFailureException