Using Cognito Identity Pool and CreateKeysAndCertificate Workflow with SDK V2 for provisioning Android devices

[KamleshAtTray]

In my previous implementation using SDK v1, I connected Android devices to AWS IoT Core by leveraging the Cognito Identity Pool ID. This approach used the AWSIotClient with CognitoCachingCredentialsProvider for authentication and certificate creation. Here's the relevant code:

mIotAndroidClient = new AWSIotClient(new CognitoCachingCredentialsProvider(context, mCognitoPoolId, mRegion));
mIotAndroidClient.setRegion(Region.getRegion(mRegion));

// Create a new private key and certificate. This call
// creates both on the server and returns them to the
// device.
CreateKeysAndCertificateRequest createKeysAndCertificateRequest =
    new CreateKeysAndCertificateRequest();
createKeysAndCertificateRequest.setSetAsActive(true);
final CreateKeysAndCertificateResult createKeysAndCertificateResult;
createKeysAndCertificateResult =
    mIotAndroidClient.createKeysAndCertificate(createKeysAndCertificateRequest);

// store in keystore for use in MQTT client
// saved as alias "default" so a new certificate isn't
// generated each run of this application
AWSIotKeystoreHelper.saveCertificateAndPrivateKey(mCertificateId,
    createKeysAndCertificateResult.getCertificatePem(),
    createKeysAndCertificateResult.getKeyPair().getPrivateKey(),
    mKeystorePath, mKeystoreName, mKeystorePassword);

// load keystore from file into memory to pass on
// connection
mClientKeyStore = AWSIotKeystoreHelper.getIotKeystore(mCertificateId,
    mKeystorePath, mKeystoreName, mKeystorePassword);

// Attach a policy to the newly created certificate.
// This flow assumes the policy was already created in
// AWS IoT and we are now just attaching it to the
// certificate.
AttachPrincipalPolicyRequest policyAttachRequest =
    new AttachPrincipalPolicyRequest();
policyAttachRequest.setPolicyName(mAWSIoTPolicyName);
policyAttachRequest.setPrincipal(createKeysAndCertificateResult.getCertificateArn());
mIotAndroidClient.attachPrincipalPolicy(policyAttachRequest);

mMqttManager.connect(mClientKeyStore, new AWSIotMqttClientStatusCallback() {
        @Override
        public void onStatusChanged(final AWSIotMqttClientStatus status,
                                    final Throwable throwable) {
            mStatus = String.valueOf(status);
            if (status == AWSIotMqttClientStatusCallback.AWSIotMqttClientStatus.Connected) {
                    subscribe(mTopics);
            }
        }
    });

This workflow uses the Cognito Identity Pool for authentication, then calls CreateKeysAndCertificate to generate a certificate, which is then stored in a keystore. The policy is attached to the newly created certificate.

I’m looking to implement the same functionality using SDK v2 and would like to know if it’s possible to use the Cognito Identity Pool for authentication and certificate creation, without relying on the Fleet Provisioning sample. Is there a recommended approach in SDK v2 to achieve this?