I've tested the certificate creation commands only on Windows using the AWS CLI. I think they should work on the AWS CLI of other platforms.
My python programs run perfectly on:
Based on AWS docs found here: http://docs.aws.amazon.com/iot/latest/developerguide/secure-communication.html
Create one thing in aws IoT:
aws iot create-thing --thing-name "myThingName"
list the things you now have:
aws iot list-things
create certificate and keys:
aws iot create-keys-and-certificate --set-as-active --certificate-pem-outfile cert.pem --public-key-outfile publicKey.pem --private-key-outfile privkey.pem
take note of the certificate-arn in the output or, if you forgot to copy the certificate-arn you can get it listing the certificates with:
aws iot list-certificates
download root certificate from this URL using your browser and save it with filename: aws-iot-rootCA.crt
create a policy from the file provided:
aws iot create-policy --policy-name "PubSubToAnyTopic" --policy-document file://iotpolicy.json
paste your certificate-arn inside the following command before entering it:
aws iot attach-principal-policy --principal "certificate-arn" --policy-name "PubSubToAnyTopic"
Two options about the configuration of your endpoint:
aws iot describe-endpoint
At this point my sample python programs ( awsiotpub.py and awsiotsub.py ) should run correctly but the AWS documentation specifies to also enter the following to attach the certificate to the thing:
aws iot attach-thing-principal --thing-name "myThingName" --principal "certificate-arn"
You can check the sources and modify the topics used by both programs to better fit your needs. Currently, awsiotsub.py subscribes to any topic and will show all of the received msgs.
Enjoy MQTT and AWS IoT in your Python programs!