Posted On: Feb 28, 2023
Today, AWS Private Certificate Authority (Private CA) released sample AWS Cloud Development Kit (CDK) scripts and AWS CloudFormation stack templates to help you create Certificate Authorites (CAs) that issue Matter Device Attestation Certificates (DACs). Matter is a new standard for smart home security and device interoperability. Matter uses X.509 digital certificates to identify devices. Matter certificates can be issued only by CAs that comply with the Matter PKI Certificate Policy (CP). You can use the AWS CDK and CloudFormation samples to help you configure Matter-compliant CAs. The samples not only construct the CA, but they also create the configuration and auditing infrastructure needed to help you comply with the Matter PKI CP. This includes AWS Identity and Access Management (IAM) roles & permissions, log configuration & retention policies.
The Matter PKI CP has specific requirements for the separation of CA roles, and record keeping of CA operations. Before issuing device attestation certificates, you have to provide evidence to the CSA that your Matter CAs are operated in compliance with the Matter PKI CP. The samples released today help you create Matter CAs for issuing DACs. The samples also configure other AWS services like IAM, AWS CloudTrail, Amazon CloudWatch, Amazon S3 and AWS Backup to setup CA roles and access policies, and the recording and retention of CA operations. You can now provision Matter CAs as well as setup other AWS services to help you meet the requirements of the Matter PKI CP, as part of your infrastructure deployments.
To get started, download the samples from Github. To learn more about how you can use AWS Private CA to help you create and operate Matter compliant CAs, you can download the Matter PKI Compliance Customer Guide. To learn more about AWS Private CA, read the service documentation.