Wow, I tried this (or another similar project) a few years back and loved it. Nice work! Sorry it is still pending though. I don’t work on the SDKs unfortunately.
On the auth side, the major change since then is that you can use the IoT credentials provider to provide certificate based auth to all services (https://docs.aws.amazon.com/iot/latest/developerguide/author...). You don’t need to be using any of the other IoT services. It was created to make it easier for devices to use AWS services but can be used by anyone/anything.
What we did was combine the AWS CLI feature to source credentials from an external process (https://docs.aws.amazon.com/cli/latest/userguide/cli-configu...) with a script to do the certificate based auth. This allows you to obtain STS credentials using a certificate and pass them to the CLI (access key, secret key, session token). Your secure hardware just needs to do the normal work of assisting in the mutual TLS auth which in our case was done with curl and Zymbit’s OpenSSL engine. We are releasing that code along with a SoftHSM2 setup so people can see how it works in a test environment.
On the auth side, the major change since then is that you can use the IoT credentials provider to provide certificate based auth to all services (https://docs.aws.amazon.com/iot/latest/developerguide/author...). You don’t need to be using any of the other IoT services. It was created to make it easier for devices to use AWS services but can be used by anyone/anything.
What we did was combine the AWS CLI feature to source credentials from an external process (https://docs.aws.amazon.com/cli/latest/userguide/cli-configu...) with a script to do the certificate based auth. This allows you to obtain STS credentials using a certificate and pass them to the CLI (access key, secret key, session token). Your secure hardware just needs to do the normal work of assisting in the mutual TLS auth which in our case was done with curl and Zymbit’s OpenSSL engine. We are releasing that code along with a SoftHSM2 setup so people can see how it works in a test environment.