Extend createiotthings py functionality

docs/components/aws_iot/aws_tool.md

@@ -78,6 +78,8 @@ Performing an OTA update will require you to:
   * Create a policy that allows to connect to MQTT and attach it to the thing.
   * Finally, create and run the OTA update campaign
 
+It is possible to run all subsequent commands with without any arguments, instead storing parameters in a `.json` file. See `--config_file_path` and [the overview of the .json config file](#overview-of-the-json-config-file).
+
 Create a thing, an IOT policy, and attach the two together with:
 ```sh
 python tools/scripts/createIoTThings.py create-thing-and-policy --thing_name <your_thing_name> --policy_name <your_policy_name> --target_application <target_application_name>
@@ -128,7 +130,7 @@ python tools/scripts/createIoTThings.py delete-thing -p --thing_name <your_thing
 
 ## Creating AWS IoT firmware update job (simplified)
 
-The `create-update-simplified` command that (1) creates a Thing and Policy, (2) runs build, (3) creates a bucket, role, and update.
+The `create-update-simplified` command (1) creates a Thing and Policy, (2) runs build, (3) creates a bucket, role, and update.
 This command also re-uses AWS entities where possible, validating entities being re-used.
 
 
@@ -158,7 +160,7 @@ To create a new OTA update but keep the old one, modify the `update_name` field
 
 ```json
 {
-    # There are only 3 required fields. These need to be filled in step (1) of using this command.
+    # There are only 4 required fields. These need to be filled in step (1) of using this command.
     "thing_name":"<your_thing_name>",
     "permissions_boundary":"arn:aws:iam::<account_no>:policy/<boundary_name>",
     "role_prefix":"<prefix>",
@@ -191,6 +193,10 @@ To create a new OTA update but keep the old one, modify the `update_name` field
     "toolchain":"",
     "clean_build":"",
 
+    # Used by list-* and delete-* commands in the script
+    "max_listed": "",
+    "force_delete": "",
+
     # Default values are below.
     "policy_name_DEFAULT":"${thing_name}_policy",
     "bucket_name_DEFAULT":"${thing_name}_bucket",
@@ -208,7 +214,9 @@ To create a new OTA update but keep the old one, modify the `update_name` field
     "inference_DEFAULT":"SOFTWARE",
     "audio_DEFAULT":"ROM",
     "toolchain_DEFAULT":"GNU",
-    "clean_build_DEFAULT":"auto"
+    "clean_build_DEFAULT":"auto",
+    "max_listed_DEFAULT":"25",
+    "force_delete_DEFAULT":"false"
 }
 ```
 Note the \# comments are not valid JSON syntax and are purely included for this documentation.
@@ -222,6 +230,8 @@ Some of the less obvious settings include:
 - `clean_build`: if `auto`, will run the `build.sh` script for a clean build (with the `-c` flag) only when necessary. I.e. if `aws_clientcredential` is updated by the script. Otherwise, the script runs `build.sh` not from clean. If `true`, always run `build.sh` for a clean build.
 - `existing_certificate_arn` should be set to either a valid ARN for a certificate, or if you want the script to generate certificates for you, should be set to `CREATE_NEW_CERTIFICATE`.
 - `target_application` can be specified in the `.json` file, and <b>if not otherwise specified on the command line</b> this value will be taken as a default by the script.
+- `max_listed` is the number of items listed by each `list-*`  command, and for `list-all` the number listed by each category of AWS entity.
+- `force_delete`: if `true` then all `delete-*` commands with a `force-delete` parameter will force-delete, otherwise (assuming the force delete flag is not specified on command line), these deletion commands will not force-delete. For what the term `force-delete` means, see each command's `--help` description.
 
 Changing the `_DEFAULT` setting values is not recommended. Try to <b>change the user settings instead of the default settings</b>.
 Other commands in the Python file (such as `create-policy-only`) will <b>not</b> adhere to changes made to this settings file.
@@ -244,6 +254,30 @@ If you want to add a setting, for example `update_name` to the definitions you c
 
 The `target_application` setting is special because it is not defined in the `json` file but can still be mentioned in definitions.
 
+## Cleaning up after AWS IoT firmware update job (simplified)
+
+The `cleanup-simplified` command uses the config file from `create-update-simplified` and deletes all AWS entities described there.
+Optionally, this command will check all credential files (such as certificates) to identify other Things created by the script.
+These Things are deleted with their certificates.
+The script identifies possibly linked AWS entities by using the .json config file to generate entity names. E.g. if the certificates for 'myTestThing' are found, and you have specified that 'policy_name' is '${thing_name}_policy', then the script will attempt to delete 'myTestThing_policy'.
+
+To use this command:
+1. Fill the following fields in the `.json` config file:
+    * `thing_name` with the name of your AWS Thing.
+    * `role_prefix` with the prefix for your role. This prefix will be pre-pended to your role name with a hyphen by default. For example, with the prefix `Proj` and role name `role`, the completed role name will become `Proj-role`.
+2. Set up following [prerequisites](#prerequisites).
+3. Run the command below.
+
+```sh
+python tools/scripts/createIoTThings.py cleanup-simplified
+```
+
+That's it. Your AWS entities created by this script should now be deleted.
+
+The only time this command will fail to find or remove all AWS entities is if:
+1. You have created an update, and deleted the role associated before the update is deleted. You need to try re-creating the role (e.g. via re-running `create-update-simplified` with the same config). You may see an error message indicating that you `cannot assume a role` to delete an OTA update.
+2. You have run `create-update-simplified` with config A, then used config B which specifies a different role, policy, update, or bucket name <b>format</b> from A. For example, changing `policy_name` from `${thing_name}_policy` in A to `myTestPolicy` in B will mean that `cleanup-simplified` cannot find `${thing_name}_policy` if run with config B. To fix this, run `cleanup-simplified` with each config separately.
+
 ## Troubleshooting
 
 ##### 1. My AWS credentials are rejected, despite being accepted earlier.

release_changes/202409131621.change

@@ -0,0 +1 @@
+tools: Add command for automatically cleaning up all AWS entities created by 'createIoTThings.py create-update-simplified'

release_changes/202409162029.change

@@ -0,0 +1 @@
+tools: All commands in createIoTThings.py now accept JSON config inputs.