Contents

Greengrass base infrastructure deployment

Iot Aws Greengrass 515 words 3 minutes

Overview

AWS IoT Greengrass is an open source Internet of Things edge runtime and cloud service. It enables efficient management of a huge fleet of IoT devices (called Greengrass Core Devices) and remote deployment + execution of applications at the edge.

In this post, I will present a way to deploy the infrastructure required by Greengrass.

Note: This setup is for educational purposes. It can be used for production deployment but is not designed for onboarding a huge fleet of Greengrass devices.

We need to configure local and cloud infrastructure to use the Greengrass service.

/posts/ggv2_base_infra/gg_basic_infra-resources.png

Sample Deployment

I propose to use a Python script and AWS Cloud Development Kit (CDK) during our sample deployment.

Greengrass deployment
Greengrass deployment

CDK is a great tool to manage infrastructure in the AWS Cloud, but it can not configure our local device.
I use a Python script to configure the local device as it is easier to maintain than a Bash script and can be used on any Operating System.

Local assets (1/2)

As the first step, we need to generate the Private Key for our Greengrass device. The Private Key should remain “private” - it should be handled with care and, if possible, generated at the device itself.

Based on that Private Key, we create the Certificate Signing Request (CSR). That file will be used at the next step to generate the X.509 Certificate at AWS without revealing the Private Key.

If you want to learn more about Private Keys and CSR, please check this post.

Local Greengrass assets
Local Greengrass assets

AWS Cloud assets

This stage takes the output of the previous step (CSR file) and creates the AWS infrastructure required by the Greengrass service.

AWS Cloud Greengrass assets
AWS Cloud Greengrass assets

AWS Cloud assets:

  • IoT Thing
  • X.509 Certificate
  • IoT Policy
  • Role Alias
  • IAM Role
  • IAM Policy

If you want to learn more about the permissions required by Greengrass, please check this post.

I use the CDK to obtain IoT Core Data and Credentials Endpoints, required by Greengrass configuration.

Local assets (2/2)

This is the last step, we obtain AWS Cloud assets required by Greengrass:

  • X.509 Certificate
  • IoT Core Data Endpoint
  • IoT Core Credentials Endpoints

Local Greengrass assets
Local Greengrass assets

At this stage, we are ready to generate the Greengrass configuration file.

Sample config.yaml:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

services:
  aws.greengrass.Nucleus:
    componentType: NUCLEUS
    configuration:
      awsRegion: eu-west-1
      greengrassDataPlanePort: 443
      iotCredEndpoint: c3ddorpfzt0aol.credentials.iot.eu-west-1.amazonaws.com
      iotDataEndpoint: a1pnmrdn6yc5il-ats.iot.eu-west-1.amazonaws.com
      iotRoleAlias: GGAlias
      mqtt:
        port: 443
    version: 2.9.2
system:
  certificateFilePath: /ggv2/gg-thing-0001.pem
  privateKeyPath: /ggv2/gg-thing-0001.key
  rootCaPath: /ggv2/AmazonRootCA1.pem
  rootpath: /ggv2
  thingName: gg-thing-0001

Final Setup

This is the final setup of our deployment.

Final Setup
Final Setup

We created the core local and cloud infrastructure required by the Greengrass service.

Cloud assets are managed by the CDK which enables:

  • automatic deployment to other AWS Region and/or Account
  • tracking changes in infrastructure definition
  • extending this setup with additional capabilities and services (allowing for easy rollback in case of any issues)

Implementation of this setup will be included in the Greengrass training I am preparing.

Please subscribe and reply to the “welcome message” if you are interested in attending this training!


Support quality content❤️ Donate💰

Sign up for news: (by subscribing you accept the privacy policy)
    Iot  Aws  Greengrass