Skip to content


Lamassu Compose is the official release containing the scripts and resources required to deploy all microservices such as the CA component, the VA component or the RA components to name a few.



  1. Define the domain to be used by exporting the DOMAIN variable. Otherwise a default value of will be used:
  2. Get and run the installer script:

    curl -fsSL | bash -s -

  3. OPTIONAL: Import your certificates:

    The script also generates self-signed for the downstream certificates. It is possible to provide other valid certificates by replacing the following files:

    ├── upstream
    │   └── ...
    └── downstream
        ├── tls.crt     <----- Provide your certificate
        └── tls.key     <----- Provide your private key

    Once you replace this certificates, restart the api-gateway to obtain the imported certificates:

    docker-compose rm -s -f api-gateway dms-default
    docker-compose up -d api-gateway dms-default
  4. Final notes:

    🚀 You are ready to go 🚀


    Keycloak is your auth provider. During the installation process, the service is provisioned with 2 users with different roles:

    Username: enroller
    Password: enroller
    Role: admin
    Username: operator
    Password: operator
    Role: operator
    You can change those credentials (or create new users) using keycloak's UI available at: https://auth.<DOMAIN>

Deploy AWS IoT Core connectors


In order tu run the connector, you must have:


  1. Download the AWS Connector source code:

    git clone

  2. Configure the AWS Credentials. Those values will be used by the Lamassu AWS Connector as well as the CDK.


  3. Provide a friendly name for the Lamassu AWS Connector. This name will be displayed in the UI

    export CONNECTOR_NAME=Lamassu IoT AWS Account

  4. Substitute the aws-connector .env file:

    envsubst < .env | tee .env

  5. Generate the TLS certificates used by the connector. You must have access to the main CA certificate and private key that where generated during Lamassu installation.

    export INTERNAL_CA_CERT=<CHANGE_TO_LAMASSU_INSTALLATION_PATH>/tls-certificates/upstream/ca.crt
    export INTERNAL_CA_KEY=<CHANGE_TO_LAMASSU_INSTALLATION_PATH>/tls-certificates/upstream/ca.key
    After defining those variables, run the following OpenSSL commands:
    openssl genrsa -out aws-connector.key 4096
    openssl req -new -key aws-connector.key -out aws-connector.csr -subj "/CN=aws-connector" 
    openssl x509 -req -extfile <(printf "subjectAltName=DNS:aws-connector") -in aws-connector.csr -days 365 -CA $INTERNAL_CA_CERT -CAkey $INTERNAL_CA_KEY -CAcreateserial -out aws.crt

  6. Deploy the required AWS services by using the CDK:

    cd aws-connector
    npm i
    cdk deploy

  7. Start the connector:

    docker-compose up -d