AWS IoT Greengrass Developer Guide

User Manual:

Open the PDF directly: View PDF .
Page Count: 432 [warning: Documents this large are best viewed by clicking the View PDF Link!]

AWS IoT Greengrass
Table of Contents
What Is AWS IoT Greengrass?
Getting Started with AWS IoT Greengrass
OTA Updates of AWS IoT Greengrass Core Software
Reset Deployments
Create Bulk Deployments For Groups
Run Lambda Functions on the AWS IoT Greengrass Core
Access Local Resources with Lambda Functions
Perform Machine Learning Inference
Deploy Secrets to the AWS IoT Greengrass Core
Integrate with Services and Protocols Using Greengrass Connectors
Greengrass Discovery RESTful API
Use Greengrass OPC-UA to Communicate with Industrial Equipment
AWS IoT Greengrass Security
Monitoring with AWS IoT Greengrass Logs
AWS IoT Device Tester for AWS IoT Greengrass User Guide
Troubleshooting AWS IoT Greengrass
Document History for AWS IoT Greengrass
- Earlier Updates

AWS IoT Greengrass

Developer Guide

AWS IoT Greengrass Developer Guide

AWS IoT Greengrass: Developer Guide

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner

that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not

owned by Amazon are the property of their respective owners, who may or may not be aﬃliated with, connected to, or sponsored by

Amazon.

AWS IoT Greengrass Developer Guide

Table of Contents

What Is AWS IoT Greengrass? .............................................................................................................. 1

AWS IoT Greengrass Core Software .............................................................................................. 2

AWS IoT Greengrass Core Versions ....................................................................................... 2

AWS IoT Greengrass Groups ........................................................................................................ 5

Devices in AWS IoT Greengrass .................................................................................................... 6

SDKs ......................................................................................................................................... 7

Supported Platforms and Requirements ...................................................................................... 14

AWS IoT Greengrass Downloads ................................................................................................. 19

AWS IoT Greengrass Core Software .................................................................................... 19

AWS IoT Greengrass Core SDK Software .............................................................................. 19

AWS IoT Greengrass Docker Software ................................................................................. 20

AWS IoT Greengrass ML SDK Software ................................................................................ 20

We Want to Hear from You ....................................................................................................... 20

AWS IoT Greengrass Core .......................................................................................................... 20

AWS IoT Greengrass Core Conﬁguration File ........................................................................ 21

Endpoints Must Match the Certiﬁcate Type .......................................................................... 32

Connect on Port 443 or Through a Network Proxy ............................................................... 32

Write Directory ................................................................................................................ 35

MQTT Message Queue ...................................................................................................... 37

Activate Automatic IP Detection ......................................................................................... 40

Start Greengrass on System Boot ....................................................................................... 42

See Also .......................................................................................................................... 43

Getting Started with AWS IoT Greengrass ........................................................................................... 44

Requirements ........................................................................................................................... 44

Create an AWS Account ............................................................................................................. 45

Module 1: Environment Setup for Greengrass .............................................................................. 45

Setting Up a Raspberry Pi ................................................................................................. 45

Setting Up an Amazon EC2 Instance ................................................................................... 50

Setting Up Other Devices .................................................................................................. 54

Module 2: Installing the Greengrass Core Software ....................................................................... 55

Conﬁgure AWS IoT Greengrass on AWS IoT ......................................................................... 56

Start AWS IoT Greengrass on the Core Device ...................................................................... 61

Module 3 (Part 1): Lambda Functions on AWS IoT Greengrass ........................................................ 63

Create and Package a Lambda Function .............................................................................. 64

Conﬁgure the Lambda Function for AWS IoT Greengrass ....................................................... 70

Deploy Cloud Conﬁgurations to a Core Device ..................................................................... 75

Verify the Lambda Function Is Running on the Device ........................................................... 76

Module 3 (Part 2): Lambda Functions on AWS IoT Greengrass ........................................................ 79

Create and Package the Lambda Function ........................................................................... 79

Conﬁgure Long-Lived Lambda Functions for AWS IoT Greengrass ........................................... 81

Test Long-Lived Lambda Functions ..................................................................................... 82

Test On-Demand Lambda Functions ................................................................................... 87

Module 4: Interacting with Devices in an AWS IoT Greengrass Group ............................................... 91

Create AWS IoT Devices in an AWS IoT Greengrass Group ...................................................... 91

Conﬁgure Subscriptions .................................................................................................... 95

Install the AWS IoT Device SDK for Python .......................................................................... 96

Test Communications ...................................................................................................... 101

Module 5: Interacting with Device Shadows ............................................................................... 104

Conﬁgure Devices and Subscriptions ................................................................................. 105

Download Required Files ................................................................................................. 108

Test Communications (Device Syncs Disabled) .................................................................... 109

Test Communications (Device Syncs Enabled) ..................................................................... 112

Module 6: Accessing Other AWS Services ................................................................................... 114

Conﬁgure IAM Roles ....................................................................................................... 115

iii

AWS IoT Greengrass Developer Guide

Create and Conﬁgure the Lambda Function ....................................................................... 116

Conﬁgure Subscriptions ................................................................................................... 121

Test Communications ...................................................................................................... 122

Module 7: Simulating Hardware Security Integration ................................................................... 124

Install SoftHSM .............................................................................................................. 125

Conﬁgure SoftHSM ......................................................................................................... 125

Import the Private Key .................................................................................................... 126

Conﬁgure the Greengrass Core ......................................................................................... 126

Test the Conﬁguration .................................................................................................... 128

See Also ........................................................................................................................ 128

OTA Updates of AWS IoT Greengrass Core Software ........................................................................... 129

Greengrass OTA Agent ............................................................................................................ 130

Integration with Init systems .................................................................................................... 132

OTA Self-Update with Managed Respawn .......................................................................... 133

AWS IoT Greengrass Core Update with Managed Respawn ................................................... 133

OTA Agent Self-Update ........................................................................................................... 133

Greengrass Core Software Update ............................................................................................ 134

Reset Deployments ......................................................................................................................... 135

Create Bulk Deployments For Groups ................................................................................................ 137

Prerequisites .......................................................................................................................... 137

Create and Upload the Bulk Deployment Input File ..................................................................... 137

Create and Conﬁgure an IAM Execution Role .............................................................................. 139

Allow Your Execution Role Access to Your S3 Bucket ................................................................... 140

Deploy the Groups .................................................................................................................. 141

Test the Deployment .............................................................................................................. 143

Troubleshooting Bulk Deployments ........................................................................................... 144

Troubleshoot input ﬁle errors ........................................................................................... 144

Check for concurrent bulk deployments ............................................................................ 145

Check ErrorDetails .......................................................................................................... 145

Check the AWS IoT Greengrass Core Log ........................................................................... 145

Additional Resources .............................................................................................................. 146

Run Local Lambda Functions ........................................................................................................... 147

SDKs ..................................................................................................................................... 147

Migrating Cloud-Based Lambda Functions ......................................................................... 149

Function Aliases and Versions .................................................................................................. 149

Controlling Greengrass Lambda Function Execution .................................................................... 150

Running a Lambda Function as Root ................................................................................. 152

Considerations When Choosing Lambda Function Containerization ........................................ 153

Setting Default Containerization for Lambda Functions in a Group ........................................ 155

Communication Flows ............................................................................................................. 155

Communication Using MQTT Messages ............................................................................. 155

Other Communication Flows ............................................................................................ 156

Lifecycle Conﬁguration ............................................................................................................ 156

Lambda Executables ............................................................................................................... 157

Create a Lambda Executable ............................................................................................ 158

Run AWS IoT Greengrass in a Docker Container .......................................................................... 159

Prerequisites .................................................................................................................. 159

Get the AWS IoT Greengrass Container Image from Amazon ECR .......................................... 160

Create and Conﬁgure the Greengrass Group and Core ......................................................... 162

Run AWS IoT Greengrass Locally ...................................................................................... 162

Conﬁgure "No container" Containerization for the Group ..................................................... 165

Deploy Lambda Functions to the Docker Container ............................................................. 165

(Optional) Deploy Devices that Interact with Greengrass in the Docker Container ..................... 166

Stopping the AWS IoT Greengrass Docker Container ........................................................... 166

Troubleshooting AWS IoT Greengrass in a Docker Container ................................................. 166

Access Local Resources with Lambda Functions .................................................................................. 169

Supported Resource Types ....................................................................................................... 169

AWS IoT Greengrass Developer Guide

Requirements ......................................................................................................................... 170

Volume Resources Under the /proc Directory ..................................................................... 170

Group Owner File Access Permission ......................................................................................... 170

See Also ........................................................................................................................ 171

Using the CLI ......................................................................................................................... 171

Create Local Resources .................................................................................................... 171

Create the Greengrass Function ........................................................................................ 172

Add the Lambda Function to the Group ............................................................................ 173

Troubleshooting ............................................................................................................. 175

Using the Console .................................................................................................................. 175

Prerequisites .................................................................................................................. 176

Create a Lambda Function Deployment Package ................................................................. 176

Create and Publish a Lambda Function ............................................................................. 180

Add the Lambda Function to the Group ............................................................................ 183

Add a Local Resource to the Group ................................................................................... 186

Add Subscriptions to the Group ....................................................................................... 188

Deploy the Group ........................................................................................................... 190

Test Local Resource Access .............................................................................................. 191

Perform Machine Learning Inference ................................................................................................. 195

How AWS IoT Greengrass ML Inference Works ............................................................................ 195

Machine Learning Resources .................................................................................................... 195

Supported Model Sources ................................................................................................ 196

Requirements ......................................................................................................................... 198

Runtimes and Precompiled Framework Libraries for ML Inference ................................................. 198

Amazon SageMaker Neo deep learning runtime .................................................................. 198

MXNet Versioning ........................................................................................................... 198

MXNet on Raspberry Pi ................................................................................................... 199

TensorFlow Model-Serving Limitations on Raspberry Pi ....................................................... 199

How to Conﬁgure Machine Learning Inference ........................................................................... 199

Prerequisites .................................................................................................................. 200

Conﬁgure the Raspberry Pi .............................................................................................. 200

Install the MXNet Framework ........................................................................................... 201

Create a Model Package .................................................................................................. 203

Create and Publish a Lambda Function ............................................................................. 203

Add the Lambda Function to the Group ............................................................................ 208

Add Resources to the Group ............................................................................................ 210

Add a Subscription to the Group ...................................................................................... 214

Deploy the Group ........................................................................................................... 215

Test the App .................................................................................................................. 216

Next Steps ..................................................................................................................... 220

Conﬁguring an NVIDIA Jetson TX2 .................................................................................... 220

How to Conﬁgure Optimized Machine Learning Inference ............................................................ 220

Prerequisites .................................................................................................................. 200

Conﬁgure the Raspberry Pi .............................................................................................. 221

Install the Neo deep learning runtime ............................................................................... 222

Create an Inference Lambda Function ............................................................................... 224

Add the Lambda Function to the Group ............................................................................ 228

Add Neo Optimized Model Resource to the Group .............................................................. 229

Add Your Camera Device Resource to the Group ................................................................. 230

Add Subscriptions to the Group ....................................................................................... 233

Deploy the Group ........................................................................................................... 234

Test the Example ............................................................................................................ 216

Conﬁguring an Intel Atom ............................................................................................... 238

Conﬁguring an NVIDIA Jetson TX2 .................................................................................... 239

Troubleshooting AWS IoT Greengrass ML Inference ............................................................. 218

Next Steps ..................................................................................................................... 242

Deploy Secrets to the Core .............................................................................................................. 243

AWS IoT Greengrass Developer Guide

Secrets Encryption .................................................................................................................. 244

Requirements ......................................................................................................................... 244

Specify the Private Key for Secret Encryption ............................................................................. 245

Allow AWS IoT Greengrass to Get Secret Values ......................................................................... 246

See Also ................................................................................................................................ 247

Work with Secret Resources ..................................................................................................... 247

Creating and Managing Secrets ........................................................................................ 247

Using Local Secrets ......................................................................................................... 250

How To Create a Secret Resource (Console) ................................................................................ 252

Prerequisites .................................................................................................................. 253

Create a Secrets Manager Secret ...................................................................................... 253

Add a Secret Resource to a Group .................................................................................... 254

Create a Lambda Function Deployment Package ................................................................. 255

Create a Lambda Function ............................................................................................... 258

Add the Function to the Group ........................................................................................ 260

Attach the Secret Resource to the Function ....................................................................... 261

Add Subscriptions to the Group ....................................................................................... 261

Deploy the Group ........................................................................................................... 262

Test the Function ........................................................................................................... 263

See Also ........................................................................................................................ 265

Integrate with Services and Protocols Using Connectors ...................................................................... 266

Requirements ......................................................................................................................... 267

Using AWS IoT Greengrass Connectors ...................................................................................... 267

Conﬁguration Parameters ........................................................................................................ 269

Parameters Used to Access Group Resources ...................................................................... 269

Updating Connector Parameters ....................................................................................... 269

Inputs and Outputs ................................................................................................................ 270

Input Topics ................................................................................................................... 270

Logging ................................................................................................................................. 270

AWS-Provided Greengrass Connectors ....................................................................................... 271

CloudWatch Metrics ........................................................................................................ 271

Device Defender ............................................................................................................. 277

Image Classiﬁcation ........................................................................................................ 280

Kinesis Firehose .............................................................................................................. 290

Modbus-RTU Protocol Adapter ......................................................................................... 294

Raspberry Pi GPIO .......................................................................................................... 303

Serial Stream ................................................................................................................. 308

ServiceNow MetricBase Integration ................................................................................... 314

SNS .............................................................................................................................. 320

Splunk Integration .......................................................................................................... 324

Twilio Notiﬁcations ......................................................................................................... 328

Get Started with Connectors (Console) ...................................................................................... 335

.................................................................................................................................... 335

Prerequisites .................................................................................................................. 336

Create a Secrets Manager Secret ...................................................................................... 336

Add a Secret Resource to a Group .................................................................................... 337

Add a Connector to the Group ......................................................................................... 338

Create a Lambda Function Deployment Package ................................................................. 339

Create a Lambda Function ............................................................................................... 342

Add a Function to the Group ........................................................................................... 344

Add Subscriptions to the Group ....................................................................................... 344

Deploy the Group ........................................................................................................... 345

Test the Solution ............................................................................................................ 346

See Also ........................................................................................................................ 348

Get Started with Connectors (CLI) ............................................................................................ 348

.................................................................................................................................... 348

Prerequisites .................................................................................................................. 350

AWS IoT Greengrass Developer Guide

Create a Secrets Manager Secret ...................................................................................... 350

Create a Resource Deﬁnition and Version ........................................................................... 351

Create a Connector Deﬁnition and Version ......................................................................... 351

Create a Lambda Function Deployment Package ................................................................. 352

Create a Lambda Function ............................................................................................... 355

Create a Function Deﬁnition and Version ........................................................................... 356

Create a Subscription Deﬁnition and Version ...................................................................... 357

Create a Group Version ................................................................................................... 358

Create a Deployment ...................................................................................................... 359

Test the Solution ............................................................................................................ 360

See Also ........................................................................................................................ 362

Greengrass Discovery RESTful API ..................................................................................................... 363

Request ................................................................................................................................. 363

Response ............................................................................................................................... 363

Authorization ......................................................................................................................... 363

Example Discover Response Documents ..................................................................................... 364

Greengrass OPC-UA ........................................................................................................................ 366

Architectural Overview ............................................................................................................ 366

Set Up a Test OPC-UA Server ................................................................................................... 367

Make sure your Greengrass Group is ready ................................................................................. 367

Use Greengrass OPC-UA to Interact with your OPC-UA Server ...................................................... 368

Verify that your Lambda function is receiving OPC-UA Publishes and posting them onto Greengrass ... 370

Next Steps ............................................................................................................................. 370

AWS IoT Greengrass Security ........................................................................................................... 371

Conﬁguring Greengrass Security ............................................................................................... 372

Minimal AWS IoT Policy for the AWS IoT Greengrass Core Device .......................................... 372

Device Connection Workﬂow .................................................................................................... 374

Greengrass Messaging Workﬂow .............................................................................................. 375

MQTT Core Server Certiﬁcate Rotation ...................................................................................... 375

AWS IoT Greengrass Cipher Suites ............................................................................................ 375

Hardware Security .................................................................................................................. 376

Requirements ................................................................................................................. 377

Hardware Security Conﬁguration ...................................................................................... 377

Provisioning Practices .................................................................................................... 380

Supported Cipher Suites .................................................................................................. 382

Conﬁgure OTA Updates ................................................................................................... 382

Backward Compatibility ................................................................................................... 383

Hardware Without PKCS#11 Support ................................................................................ 384

See Also ........................................................................................................................ 384

Monitoring ..................................................................................................................................... 385

CloudWatch Logs .................................................................................................................... 385

File System Logs .................................................................................................................... 385

Default Logging Conﬁguration ................................................................................................. 386

Conﬁgure Logging for AWS IoT Greengrass ................................................................................ 386

Conﬁgure Logging (Console) ............................................................................................ 387

Conﬁgure Logging (API) .................................................................................................. 387

Conﬁguration Example .................................................................................................... 388

Logging Limitations ................................................................................................................ 389

Transactions per Second .................................................................................................. 389

Memory ......................................................................................................................... 389

Clock Skew .................................................................................................................... 389

Disk Usage ..................................................................................................................... 389

Log Loss ........................................................................................................................ 390

Logging AWS IoT Greengrass API Calls with AWS CloudTrail ......................................................... 390

AWS IoT Greengrass Information in CloudTrail ................................................................... 390

Understanding AWS IoT Greengrass Log File Entries ............................................................ 391

CloudTrail Logs ...................................................................................................................... 393

vii

AWS IoT Greengrass Developer Guide

AWS IoT Device Tester for AWS IoT Greengrass User Guide ................................................................. 394

Prerequisites .......................................................................................................................... 394

Download the Latest Version of AWS IoT Device Tester for AWS IoT Greengrass ....................... 394

Create and Conﬁgure an AWS Account .............................................................................. 394

Install the AWS Command Line Interface (CLI) .................................................................... 395

Conﬁgure the AWS IoT Greengrass Service Role ................................................................. 395

Verify AWS IoT Greengrass Dependencies on the Device Under Test ...................................... 396

Conﬁgure the AWS IoT Greengrass Software ...................................................................... 396

Conﬁgure Your Host Computer to Access Your Device Under Test .......................................... 397

Root Access ................................................................................................................... 398

Setting Conﬁguration to Run the AWS IoT Greengrass Qualiﬁcation Suite ...................................... 398

Conﬁgure Your AWS Credentials ....................................................................................... 398

Conﬁguring AWS Credentials with a Credentials File ............................................................ 399

Device Conﬁguration ....................................................................................................... 400

Running the Test Suite .................................................................................................... 401

Results and Logs ............................................................................................................ 402

Testing Infrastructure .............................................................................................................. 404

Test Organization ................................................................................................................... 404

Troubleshooting ..................................................................................................................... 405

Troubleshooting Device Conﬁguration ............................................................................... 405

Permissions Policy Template .................................................................................................... 407

Test Group Descriptions .......................................................................................................... 408

Troubleshooting ............................................................................................................................. 410

............................................................................................................................................ 410

Troubleshooting with Logs ....................................................................................................... 415

Troubleshooting Storage Issues ................................................................................................ 418

Troubleshooting Messages ....................................................................................................... 418

Troubleshooting Shadow Synchronization Timeout Issues ............................................................ 419

Document History .......................................................................................................................... 423

Earlier Updates ....................................................................................................................... 424

viii

AWS IoT Greengrass Developer Guide

What Is AWS IoT Greengrass?

AWS IoT Greengrass is software that extends cloud capabilities to local devices. This enables devices to

collect and analyze data closer to the source of information, react autonomously to local events, and

communicate securely with each other on local networks. AWS IoT Greengrass developers can use AWS

Lambda functions and prebuilt connectors (p. 266) to create serverless applications that are deployed

to devices for local execution.

The following diagram shows the basic architecture of AWS IoT Greengrass.

AWS IoT Greengrass makes it possible for customers to build IoT devices and application logic.

Speciﬁcally, AWS IoT Greengrass provides cloud-based management of application logic that runs on

devices. Locally deployed Lambda functions and connectors are triggered by local events, messages from

the cloud, or other sources.

In AWS IoT Greengrass, devices securely communicate on a local network and exchange messages

with each other without having to connect to the cloud. AWS IoT Greengrass provides a local pub/sub

message manager that can intelligently buﬀer messages if connectivity is lost so that inbound and

outbound messages to the cloud are preserved.

AWS IoT Greengrass protects user data:

• Through the secure authentication and authorization of devices.

• Through secure connectivity in the local network.

• Between local devices and the cloud.

Device security credentials function in a group until they are revoked, even if connectivity to the cloud is

disrupted, so that the devices can continue to securely communicate locally.

AWS IoT Greengrass provides secure, over-the-air software updates of Lambda functions.

AWS IoT Greengrass consists of:

• Software distributions

• AWS IoT Greengrass core software

• AWS IoT Greengrass core SDK

• Cloud service

• AWS IoT Greengrass API

AWS IoT Greengrass Developer Guide

AWS IoT Greengrass Core Software

• Features

• Lambda runtime

• Shadows implementation

• Message manager

• Group management

• Discovery service

• Over-the-air update agent

• Local resource access

• Machine learning inference

• Local secrets manager

AWS IoT Greengrass Core Software

The AWS IoT Greengrass core software provides the following functionality:

• Deployment and local execution of connectors and Lambda functions.

• Secure, encrypted storage of local secrets and controlled access by connectors and Lambda functions.

• MQTT messaging over the local network between devices, connectors, and Lambda functions using

managed subscriptions.

• MQTT messaging between AWS IoT and devices, connectors, and Lambda functions using managed

subscriptions.

• Secure connections between devices and the cloud using device authentication and authorization.

• Local shadow synchronization of devices. Shadows can be conﬁgured to sync with the cloud.

• Controlled access to local device and volume resources.

• Deployment of cloud-trained machine learning models for running local inference.

• Automatic IP address detection that enables devices to discover the Greengrass core device.

• Central deployment of new or updated group conﬁguration. After the conﬁguration data is

downloaded, the core device is restarted automatically.

• Secure, over-the-air software updates of user-deﬁned Lambda functions.

AWS IoT Greengrass core instances are conﬁgured through AWS IoT Greengrass APIs that create and

update AWS IoT Greengrass group deﬁnitions stored in the cloud.

AWS IoT Greengrass Core Versions

The following tabs describe what's new and changed in AWS IoT Greengrass core software versions.

GGC v1.7.0

Current version.

New features:

• Greengrass connectors provide built-in integration with local infrastructure, device protocols,

AWS, and other cloud services. For more information, see Integrate with Services and Protocols

Using Connectors (p. 266).

• AWS IoT Greengrass extends AWS Secrets Manager to core devices, which makes your passwords,

tokens, and other secrets available to connectors and Lambda functions. Secrets are encrypted in

transit and at rest. For more information, see Deploy Secrets to the Core (p. 243).

AWS IoT Greengrass Developer Guide

AWS IoT Greengrass Core Versions

• Support for a hardware root of trust security option. For more information, see the section called

“Hardware Security” (p. 376).

• Isolation and permission settings that allow Lambda functions to run without Greengrass

containers and to use the permissions of a speciﬁed user and group. For more information, see the

section called “Controlling Greengrass Lambda Function Execution” (p. 150).

• You can run AWS IoT Greengrass in a Docker container (on Windows, macOS, or Linux) by

conﬁguring your Greengrass group to run with no containerization. For more information, see the

section called “Run AWS IoT Greengrass in a Docker Container” (p. 159).

• MQTT messaging on port 443 with Application Layer Protocol Negotiation (ALPN) or connection

through a network proxy. For more information, see the section called “Connect on Port 443 or

Through a Network Proxy” (p. 32).

• The Amazon SageMaker Neo deep learning runtime, which supports machine learning models

that have been optimized by the Amazon SageMaker Neo deep learning compiler. For information

about the Neo deep learning runtime, see the section called “Runtimes and Precompiled

Framework Libraries for ML Inference” (p. 198).

• Support for Raspbian Stretch (2018-06-27) on Raspberry Pi core devices.

Bug ﬁxes and improvements:

• General performance improvements and bug ﬁxes.

In addition, the following features are available with this release:

• The AWS IoT Device Tester for AWS IoT Greengrass, which you can use to verify that your

CPU architecture, kernel conﬁguration, and drivers work with AWS IoT Greengrass. For more

information, see AWS IoT Device Tester for AWS IoT Greengrass User Guide (p. 394).

• The AWS IoT Greengrass Core Software, AWS IoT Greengrass Core SDK, and AWS IoT Greengrass

Machine Learning SDK packages are available for dowload through Amazon CloudFront. For more

information, see the section called “AWS IoT Greengrass Downloads” (p. 19).

GGC v1.6.0

New features:

• Lambda executables that run binary code on the Greengrass core. Use the new AWS IoT

Greengrass Core SDK for C to write Lambda executables in C and C++. For more information, see

the section called “Lambda Executables” (p. 157).

• Optional local storage message cache that can persist across restarts. You can conﬁgure the

storage settings for MQTT messages that are queued for processing. For more information, see the

section called “MQTT Message Queue” (p. 37).

• Conﬁgurable maximum reconnect retry interval for when the core device is disconnected. For

more information, see the mqttMaxConnectionRetryInterval property in the section called

“AWS IoT Greengrass Core Conﬁguration File” (p. 21).

• Local resource access to the host /proc directory. For more information, see Access Local Resources

with Lambda Functions (p. 169).

• Conﬁgurable write directory. The AWS IoT Greengrass core software can be deployed to read-only

and read-write locations. For more information, see the section called “Write Directory” (p. 35).

Bug ﬁxes and improvements:

• Performance improvement for publishing messages in the Greengrass core and between devices

and the core.

AWS IoT Greengrass Developer Guide

AWS IoT Greengrass Core Versions

• Reduced the compute resources required to process logs generated by user-deﬁned Lambda

functions.

GGC v1.5.0

New features:

• AWS IoT Greengrass Machine Learning (ML) Inference is generally available. You can perform ML

inference locally on AWS IoT Greengrass devices using models that are built and trained in the

cloud. For more information, see Perform Machine Learning Inference (p. 195).

• Greengrass Lambda functions now support binary data as input payload, in addition to JSON. To

use this feature, you must upgrade to AWS IoT Greengrass Core SDK version 1.1.0, which you can

download from the Software page in the AWS IoT console.

Bug ﬁxes and improvements:

• Reduced the overall memory footprint.

• Performance improvements for sending messages to the cloud.

• Performance and stability improvements for the download agent, Device Certiﬁcate Manager, and

OTA update agent.

• Minor bug ﬁxes.

GGC v1.3.0

New features:

• Over-the-air (OTA) update agent capable of handling cloud-deployed, Greengrass update jobs.

The agent is found under the new /greengrass/ota directory. For more information, see OTA

Updates of AWS IoT Greengrass Core Software (p. 129).

• Local resource access feature allows Greengrass Lambda functions to access local resources, such

as peripheral devices and volumes. For more information, see Access Local Resources with Lambda

Functions (p. 169).

GGC v1.1.0

New features:

• Deployed AWS IoT Greengrass groups can be reset by deleting Lambda functions, subscriptions,

and conﬁgurations. For more information, see Reset Deployments (p. 135).

• Support for Node.js 6.10 and Java 8 Lambda runtimes, in addition to Python 2.7.

To migrate from the previous version of the AWS IoT Greengrass core:

• Copy certiﬁcates from the /greengrass/configuration/certs folder to /greengrass/

certs.

• Copy /greengrass/configuration/config.json to /greengrass/config/config.json.

• Run /greengrass/ggc/core/greengrassd instead of /greengrass/greengrassd.

• Deploy the group to the new core.

GGC v1.0.0

Initial version.

AWS IoT Greengrass Developer Guide

AWS IoT Greengrass Groups

An AWS IoT Greengrass group is a collection of settings and components, such as an AWS IoT Greengrass

core, devices, and subscriptions. Groups are used to deﬁne a scope of interaction. For example, a group

might represent one ﬂoor of a building, one truck, or an entire mining site. The following diagram shows

the components that can make up an Greengrass group.

In the preceding diagram:

A: AWS IoT Greengrass group deﬁnition

A collection of information about the AWS IoT Greengrass group.

B: AWS IoT Greengrass group settings

These include:

• AWS IoT Greengrass group role.

• Certiﬁcation authority and local connection conﬁguration.

• AWS IoT Greengrass core connectivity information.

• Default Lambda runtime environment. For more information, see the section called “Setting

Default Containerization for Lambda Functions in a Group” (p. 155).

• CloudWatch and local logs conﬁguration. For more information, see Monitoring (p. 385).

C: AWS IoT Greengrass core

The AWS IoT thing that represents the AWS IoT Greengrass core. For more information, see the

section called “AWS IoT Greengrass Core” (p. 20).

D: Lambda function deﬁnition

A list of Lambda functions that run locally on the core, with associated conﬁguration data. For more

information, see Run Local Lambda Functions (p. 147).

E: Subscription deﬁnition

A list of subscriptions that enable communication using MQTT messages. A subscription deﬁnes:

AWS IoT Greengrass Developer Guide

Devices in AWS IoT Greengrass

• A message source and message target. These can be devices, Lambda functions, connectors, AWS

IoT, and the local shadow service

• A subject, which is an MQTT topic or topic ﬁlter that's used to ﬁlter message data.

For more information, see the section called “Greengrass Messaging Workﬂow” (p. 375).

F: Connector deﬁnition

A list of connectors that run locally on the core, with associated conﬁguration data. For more

information, see Integrate with Services and Protocols Using Connectors (p. 266).

G: Device deﬁnition

A list of AWS IoT things (devices) that are members of the AWS IoT Greengrass group, with

associated conﬁguration data. For more information, see the section called “Devices in AWS IoT

Greengrass” (p. 6).

H: Resource deﬁnition

A list of local resources, machine learning resources, and secret resources on the AWS IoT Greengrass

core, with associated conﬁguration data. For more information, see Access Local Resources with

Lambda Functions (p. 169), Perform Machine Learning Inference (p. 195), and Deploy Secrets to the

Core (p. 243).

When deployed, the AWS IoT Greengrass group deﬁnition, Lambda functions, connectors, resources, and

subscription table are copied to an AWS IoT Greengrass core device.

Devices in AWS IoT Greengrass

There are two types of devices:

AWS IoT Greengrass cores

A Greengrass core is an AWS IoT device that runs the AWS IoT Greengrass core software, which

enables it to communicate directly with the AWS IoT and AWS IoT Greengrass cloud services. A core

has its own certiﬁcate used for authenticating with AWS IoT. It has a device shadow and exists in the

AWS IoT device registry. AWS IoT Greengrass cores run a local Lambda runtime, a deployment agent,

and an IP address tracker that sends IP address information to the AWS IoT Greengrass cloud service

to allow Greengrass devices to automatically discover their group and core connection information.

For more information, see the section called “AWS IoT Greengrass Core” (p. 20).

AWS IoT devices connected to a Greengrass core

These Greengrass devices are added to a Greengrass group and run Amazon FreeRTOS or have the

AWS IoT Device SDK installed. For more information, see AWS IoT Greengrass Discovery Library in

the Amazon FreeRTOS User Guide or AWS IoT SDKs in the AWS IoT Developer Guide.

Greengrass devices connect to an AWS IoT Greengrass core. They can also be conﬁgured to

communicate with Lambda functions, connectors, and other devices in the group, and with AWS IoT

or the local shadow service. If the core device loses connectivity to the cloud, devices can continue

to communicate over the local network. Devices can vary in size, from smaller microcontroller-based

devices to large appliances.

The following table shows how these device types are related.

AWS IoT Greengrass Developer Guide

SDKs

The AWS IoT Greengrass core device stores certiﬁcates in two locations:

• Core device certiﬁcate in /greengrass/certs - The core device certiﬁcate is named hash.cert.pem (for

example, 86c84488a5.cert.pem). This certiﬁcate is used to authenticate the core when connecting

to the AWS IoT and AWS IoT Greengrass services.

• MQTT core server certiﬁcate in /greengrass-root/ggc/var/state/server - The MQTT core server

certiﬁcate is named server.crt. This certiﬁcate is used for mutual authentication between the local

MQTT service (that's on the Greengrass core) and Greengrass devices before messages are exchanged.

SDKs

The following AWS-provided SDKs are used to work with AWS IoT Greengrass:

GGC 1.7.0

AWS SDK

Use the AWS SDK to build applications that interact with any AWS service, including Amazon

S3, Amazon DynamoDB, AWS IoT, AWS IoT Greengrass, and more. In the context of AWS IoT

Greengrass, you can use the AWS SDK in deployed Lambda functions to make direct calls to any

AWS service. For more information, see AWS SDKs (p. 148).

AWS IoT Greengrass Developer Guide

SDKs

AWS IoT Device SDK

The AWS IoT Device SDK helps devices connect to AWS IoT or AWS IoT Greengrass services.

Devices must know which AWS IoT Greengrass group they belong to and the IP address of the

AWS IoT Greengrass core that they should connect to.

Although you can use any of the AWS IoT Device SDK platforms to connect to an AWS

IoT Greengrass core, only the C++ and Python SDKs provide AWS IoT Greengrass-speciﬁc

functionality, such as access to the AWS IoT Greengrass Discovery Service and AWS IoT

Greengrass core root CA downloads. For more information, see AWS IoT Device SDK.

AWS IoT Greengrass Core SDK

The AWS IoT Greengrass Core SDK enables Lambda functions to interact with the Greengrass

core, publish messages to AWS IoT, interact with the local shadow service, invoke other

deployed Lambda functions, and access secret resources. This SDK is used by Lambda functions

that run on an AWS IoT Greengrass core. For more information, see AWS IoT Greengrass Core

SDK (p. 147).

AWS IoT Greengrass Machine Learning SDK

The AWS IoT Greengrass Machine Learning SDK enables Lambda functions to consume machine

learning models that are deployed to the Greengrass core as machine learning resources. This

SDK is used by Lambda functions that run on an AWS IoT Greengrass core and interact with

a local inference service. For more information, see AWS IoT Greengrass Machine Learning

SDK (p. 148).

GGC 1.6.0

AWS SDKs

Using the AWS SDKs, you can build applications that work with any AWS service, including

Amazon S3, Amazon DynamoDB, AWS IoT, AWS IoT Greengrass, and more. In the context of

AWS IoT Greengrass, you can use the AWS SDK in deployed Lambda functions to make direct

calls to any AWS service. For more information, see the section called “SDKs” (p. 147).

AWS IoT Device SDKs

The AWS IoT Device SDKs helps devices connect to AWS IoT or AWS IoT Greengrass services.

Devices must know which AWS IoT Greengrass group they belong to and the IP address of the

AWS IoT Greengrass core that they should connect to.

Although you can use any of the AWS IoT Device SDKs to connect to an AWS IoT Greengrass

core, only the C++ and Python Device SDKs provide AWS IoT Greengrass-speciﬁc functionality,

such as access to the AWS IoT Greengrass Discovery Service and AWS IoT Greengrass core root

CA downloads. For more information, see AWS IoT Device SDK.

AWS IoT Greengrass Core SDK

The AWS IoT Greengrass Core SDK enables Lambda functions to interact with the AWS IoT

Greengrass core on which they run in order to publish messages, interact with the local Device

Shadow service, or invoke other deployed Lambda functions. This SDK is used exclusively for

writing Lambda functions running in the Lambda runtime on an AWS IoT Greengrass core. For

more information, see the section called “SDKs” (p. 147).

GGC v1.5.0

AWS SDKs

Using the AWS SDKs, you can build applications that work with any AWS service, including

Amazon S3, Amazon DynamoDB, AWS IoT, AWS IoT Greengrass, and more. In the context of

AWS IoT Greengrass Developer Guide

SDKs

AWS IoT Greengrass, you can use the AWS SDK inside deployed Lambda functions to make

direct calls to any AWS service.

AWS IoT Device SDKs

The AWS IoT Device SDKs helps devices connect to AWS IoT or AWS IoT Greengrass services.

Devices must know which AWS IoT Greengrass group they belong to and the IP address of the

AWS IoT Greengrass core that they should connect to.

Although you can use any of the AWS IoT Device SDKs to connect to an AWS IoT Greengrass

core, only the C++ and Python Device SDKs provide AWS IoT Greengrass-speciﬁc functionality,

such as access to the AWS IoT Greengrass Discovery Service and AWS IoT Greengrass core root

CA downloads. For more information, see AWS IoT Device SDK.

AWS IoT Greengrass Core SDK

The AWS IoT Greengrass Core SDK enables Lambda functions to interact with the AWS IoT

Greengrass core on which they run in order to publish messages, interact with the local Device

Shadow service, or invoke other deployed Lambda functions. This SDK is used exclusively for

writing Lambda functions running in the Lambda runtime on an AWS IoT Greengrass core.

Lambda functions running on an AWS IoT Greengrass core can interact with AWS cloud services

directly using the AWS SDK. The AWS IoT Greengrass Core SDK and the AWS SDK are contained

in diﬀerent packages, so you can use both packages simultaneously. You can download the AWS

IoT Greengrass Core SDK from the Software page of the AWS IoT console.

The AWS IoT Greengrass Core SDK follows the AWS SDK programming model. It allows you to

easily port Lambda functions developed for the cloud to Lambda functions that run on an AWS

IoT Greengrass core. For example, using the AWS SDK, the following Lambda function publishes

a message to the topic "/some/topic" in the cloud:

import boto3

client = boto3.client('iot-data')

response = client.publish(

topic = "/some/topic",

qos = 0,

payload = "Some payload".encode()

)

To port this Lambda function for execution on an AWS IoT Greengrass core, replace the import

boto3 statement with the import greengrasssdk, as shown in the following snippet:

Note

The AWS IoT Greengrass Core SDK only supports sending MQTT messages with QoS =

import greengrasssdk

client = greengrasssdk.client('iot-data')

response = client.publish(

topic='/some/topic',

qos=0,

payload='some payload'.encode()

)

This allows you to test your Lambda functions in the cloud and migrate them to AWS IoT

Greengrass with minimal eﬀort.

Note

The AWS SDK is natively part of the environment of a Lambda function that runs in the

AWS cloud. If you want to use boto3 in a Lambda function that's deployed to an AWS IoT

AWS IoT Greengrass Developer Guide

SDKs

Greengrass core, make sure to include the AWS SDK in your package. In addition, if you use

both the AWS IoT Greengrass Core SDK and the AWS SDK in the same package, make sure

that your Lambda functions use the correct namespaces. For more information about how

to create your deployment package, see:

•Creating a Deployment Package (Python)

•Creating a Deployment Package (Node.js)

•Creating a Deployment Package (Java)