Provision Your Module with a YubiKey

The following tutorials walk you through how to provision an ACK module as a virtual product using a YubiKey. You can choose from one of the following two methods to program your YubiKeys.

  • Provision Your Module with a YubiKey provided from Amazon – Amazon supplies your YubiKeys. You must work with Amazon directly for initial or subsequent programming.
  • Provision Your Module with a self-serve YubiKey – You manage the lifecycle of your YubiKeys, including any initial or subsequent programming. Self-serve YubiKeys are only supported if you use the ACK Module Utility 5.0.67.0 or higher. If you aren't using this version of the ACK Module Utility, provision your device with a YubiKey provided by Amazon.

About module provisioning

For general information about how module provisioning works, see Understand Module Provisioning.

About YubiKey provisioning

When you mass produce ACK devices, you provision them with a YubiKey that contains an Amazon signed device attestation certificate. The following diagram outlines the basic YubiKey programming flow that you should follow in your manufacturing process.

Typical YubiKey Manufacturing Flow and Use
Typical YubiKey Manufacturing Flow and Use.
*Enable YubiKey programming is only applicable to self-serve YubiKeys.

About YubiKeys provided from Amazon

Amazon programs the attestation certificates on your keys and ships them to you. When you want to update or replace your YubiKeys, you must contact Amazon.

About self-serve YubiKeys

Self-serve YubiKeys allow you to purchase and program your own YubiKeys with the attestation certificate preinstalled upon arrival. Each individual YubiKey has a unique certificate installed on it that you use to provision your ACK modules. You can then distribute the YubiKeys to your manufacturing facilities to mass produce your ACK-based products. As a result, you don't have to contact Amazon to update or replace your YubiKeys.

Guide overview

Provision your module with a YubiKey provided from Amazon

This guide contains the following topics.

Provision your module with a self-serve YubiKey

This guide contains the following topics.