:doc:`IoT <../../iot>` / Client / create_certificate_provider

***************************
create_certificate_provider
***************************



.. py:method:: IoT.Client.create_certificate_provider(**kwargs)

  

  Creates an Amazon Web Services IoT Core certificate provider. You can use Amazon Web Services IoT Core certificate provider to customize how to sign a certificate signing request (CSR) in IoT fleet provisioning. For more information, see `Customizing certificate signing using Amazon Web Services IoT Core certificate provider <https://docs.aws.amazon.com/iot/latest/developerguide/provisioning-cert-provider.html>`__ from *Amazon Web Services IoT Core Developer Guide*.

   

  Requires permission to access the `CreateCertificateProvider <https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions>`__ action.

   

  .. warning::

     

    After you create a certificate provider, the behavior of `CreateCertificateFromCsr API for fleet provisioning <https://docs.aws.amazon.com/iot/latest/developerguide/fleet-provision-api.html#create-cert-csr>`__ will change and all API calls to ``CreateCertificateFromCsr`` will invoke the certificate provider to create the certificates. It can take up to a few minutes for this behavior to change after a certificate provider is created.

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/iot-2015-05-28/CreateCertificateProvider>`_  


  **Request Syntax**
  ::

    response = client.create_certificate_provider(
        certificateProviderName='string',
        lambdaFunctionArn='string',
        accountDefaultForOperations=[
            'CreateCertificateFromCsr',
        ],
        clientToken='string',
        tags=[
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    )
    
  :type certificateProviderName: string
  :param certificateProviderName: **[REQUIRED]** 

    The name of the certificate provider.

    

  
  :type lambdaFunctionArn: string
  :param lambdaFunctionArn: **[REQUIRED]** 

    The ARN of the Lambda function that defines the authentication logic.

    

  
  :type accountDefaultForOperations: list
  :param accountDefaultForOperations: **[REQUIRED]** 

    A list of the operations that the certificate provider will use to generate certificates. Valid value: ``CreateCertificateFromCsr``.

    

  
    - *(string) --* 

    

  :type clientToken: string
  :param clientToken: 

    A string that you can optionally pass in the ``CreateCertificateProvider`` request to make sure the request is idempotent.

    This field is autopopulated if not provided.

  
  :type tags: list
  :param tags: 

    Metadata which can be used to manage the certificate provider.

    

  
    - *(dict) --* 

      A set of key/value pairs that are used to manage the resource.

      

    
      - **Key** *(string) --* **[REQUIRED]** 

        The tag's key.

        

      
      - **Value** *(string) --* 

        The tag's value.

        

      
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'certificateProviderName': 'string',
          'certificateProviderArn': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **certificateProviderName** *(string) --* 

        The name of the certificate provider.

        
      

      - **certificateProviderArn** *(string) --* 

        The ARN of the certificate provider.

        
  
  **Exceptions**
  
  *   :py:class:`IoT.Client.exceptions.LimitExceededException`

  
  *   :py:class:`IoT.Client.exceptions.ResourceAlreadyExistsException`

  
  *   :py:class:`IoT.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`IoT.Client.exceptions.ThrottlingException`

  
  *   :py:class:`IoT.Client.exceptions.UnauthorizedException`

  
  *   :py:class:`IoT.Client.exceptions.ServiceUnavailableException`

  
  *   :py:class:`IoT.Client.exceptions.InternalFailureException`

  