Skip to content


Lamassu Compose is the official release containing the scripts and resources required to deploy all microservices such as the CA component, the VA component or the RA components to name a few.



  1. Get and run the installer script:
curl -fsSL -o
sudo bash --domain --with-simulators --compose-version develop --simulation-version main
  1. OPTIONAL: Import your certificates:

The script also generates self-signed for the downstream certificates. It is possible to provide other valid certificates by replacing the following files:

├── upstream
│   └── ...
└── downstream
    ├── tls.crt     <----- Provide your certificate
    └── tls.key     <----- Provide your private key

Once you replace this certificates, restart the api-gateway to obtain the imported certificates:

docker-compose rm -s -f api-gateway dms-default
docker-compose up -d api-gateway dms-default
  1. Final notes:

🚀 You are ready to go 🚀

!!! note

 Keycloak is your auth provider. During the installation process, the service is provisioned with 2 users with different roles:
     Username: enroller
     Password: enroller
     Role: admin
     Username: operator
     Password: operator
     Role: operator
 You can change those credentials (or create new users) using keycloak's UI available at: `https://auth.<DOMAIN>`

Deploy AWS IoT Core connectors


In order tu run the connector, you must have:


  1. Download the AWS Connector source code:
git clone
  1. Configure the AWS Credentials. Those values will be used by the Lamassu AWS Connector as well as the CDK.
  1. Provide a friendly name for the Lamassu AWS Connector. This name will be displayed in the UI
export CONNECTOR_NAME=Lamassu IoT AWS Account
  1. Substitute the aws-connector .env file:
envsubst < .env | tee .env
  1. Generate the TLS certificates used by the connector. You must have access to the main CA certificate and private key that where generated during Lamassu installation.
export INTERNAL_CA_CERT=<CHANGE_TO_LAMASSU_INSTALLATION_PATH>/tls-certificates/upstream/ca.crt
export INTERNAL_CA_KEY=<CHANGE_TO_LAMASSU_INSTALLATION_PATH>/tls-certificates/upstream/ca.key

After defining those variables, run the following OpenSSL commands:

openssl genrsa -out aws-connector.key 4096
openssl req -new -key aws-connector.key -out aws-connector.csr -subj "/CN=aws-connector" 
openssl x509 -req -extfile <(printf "subjectAltName=DNS:aws-connector") -in aws-connector.csr -days 365 -CA $INTERNAL_CA_CERT -CAkey $INTERNAL_CA_KEY -CAcreateserial -out aws.crt
  1. Deploy the required AWS services by using the CDK:
cd aws-connector
npm i
cdk deploy
  1. Start the connector:
docker-compose up -d