• Node.js version 12.x for functions that use the Node.js 12.x runtime.
• Node.js version 10.x for functions that use the Node.js 10.x runtime.
• Java version 8 or later for functions that use the Java 8 runtime.
For more information about AWS IoT Greengrass support for Lambda runtimes, see Run AWS Lambda functions (p. 555).
• To run containerized Lambda functions, your device must meet the following requirements:
• Linux kernel version 4.4 or later.
• The kernel must support cgroups v1, and you must enable and mount the following cgroups:
• The memory cgroup for AWS IoT Greengrass to set the memory limit for containerized Lambda functions.
• The devices cgroup for containerized Lambda functions to access system devices or volumes.
NoteThe AWS IoT Greengrass Core software doesn't support cgroups v2.
• You must enable the following Linux kernel configurations on the device:
• Namespace:
• CONFIG_IPC_NS
• CONFIG_UTS_NS
• CONFIG_USER_NS
• CONFIG_PID_NS
• Cgroups:
• CONFIG_CGROUP_DEVICE
• CONFIG_CGROUPS
• CONFIG_MEMCG
• Others:
• CONFIG_POSIX_MQUEUE
• CONFIG_OVERLAY_FS
• CONFIG_HAVE_ARCH_SECCOMP_FILTER
• CONFIG_SECCOMP_FILTER
• CONFIG_KEYS
• CONFIG_SECCOMP
• CONFIG_SHMEM
Feature considerations for Windows devices
Some AWS IoT Greengrass features aren't currently supported on Windows devices. Review the following considerations to confirm if a Windows device satisfies your feature requirements. For more information, see Greengrass feature compatibility by operating system (p. 5).
• You can't run Lambda functions.
• You can't configure system resource limits to customize the maximum amount of CPU and RAM usage that each component's processes can use on a core device.
• You can't pause and resume component processes using the PauseComponent (p. 638) and ResumeComponent (p. 638) interprocess communication operations.
• The following AWS-provided components (p. 183) are not currently supported:
• Kinesis Data Firehose
• Lambda launcher
Set up an AWS account
• Lambda manager
• Lambda runtimes
• Legacy subscription router
• Modbus-RTU protocol adapter
• Secure tunneling
• Amazon SNS
• AWS IoT SiteWise OPC-UA collector
• AWS IoT SiteWise publisher
• AWS IoT SiteWise processor
Set up an AWS account
If you do not have an AWS account, complete the following steps to create one.
To sign up for an AWS account
1. Open https://portal.aws.amazon.com/billing/signup.
2. Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.
To create an administrator user for yourself and add the user to an administrators group (console)
1. Sign in to the IAM console as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password.
NoteWe strongly recommend that you adhere to the best practice of using the Administrator IAM user that follows and securely lock away the root user credentials. Sign in as the root user only to perform a few account and service management tasks.
2. In the navigation pane, choose Users and then choose Add user.
3. For User name, enter Administrator.
4. Select the check box next to AWS Management Console access. Then select Custom password, and then enter your new password in the text box.
5. (Optional) By default, AWS requires the new user to create a new password when first signing in. You can clear the check box next to User must create a new password at next sign-in to allow the new user to reset their password after they sign in.
6. Choose Next: Permissions.
7. Under Set permissions, choose Add user to group.
8. Choose Create group.
9. In the Create group dialog box, for Group name enter Administrators.
10. Choose Filter policies, and then select AWS managed - job function to filter the table contents.
11. In the policy list, select the check box for AdministratorAccess. Then choose Create group.
Note
You must activate IAM user and role access to Billing before you can use the
AdministratorAccess permissions to access the AWS Billing and Cost Management console. To do this, follow the instructions in step 1 of the tutorial about delegating access to the billing console.
Install the AWS IoT Greengrass Core software
12. Back in the list of groups, select the check box for your new group. Choose Refresh if necessary to see the group in the list.
13. Choose Next: Tags.
14. (Optional) Add metadata to the user by attaching tags as key-value pairs. For more information about using tags in IAM, see Tagging IAM entities in the IAM User Guide.
15. Choose Next: Review to see the list of group memberships to be added to the new user. When you are ready to proceed, choose Create user.
You can use this same process to create more groups and users and to give your users access to your AWS account resources. To learn about using policies that restrict user permissions to specific AWS resources, see Access management and Example policies.
Install the AWS IoT Greengrass Core software
AWS IoT Greengrass extends AWS to edge devices so that they can act on the data they generate, while they use the AWS Cloud for management, analytics, and durable storage. Install the AWS IoT Greengrass Core software on edge devices to integrate with AWS IoT Greengrass and the AWS Cloud.
Important
Before you download and install the AWS IoT Greengrass Core software, check that your core device meets the requirements (p. 65) to install and run the AWS IoT Greengrass Core software v2.0.
The AWS IoT Greengrass Core software includes an installer that sets up your device as a Greengrass core device. When you run the installer, you can configure options, such as the root folder and the AWS Region to use. You can choose to have the installer create required AWS IoT and IAM resources for you.
You can also choose to deploy local development tools to configure a device that you use for custom component development.
The AWS IoT Greengrass Core software requires the following AWS IoT and IAM resources to connect to the AWS Cloud and operate:
• An AWS IoT thing. When you register a device as an AWS IoT thing, that device can use a digital certificate to authenticate with AWS. This certificate allows the device to communicate with AWS IoT and AWS IoT Greengrass. For more information, see Device authentication and authorization for AWS IoT Greengrass (p. 823).
• (Optional) An AWS IoT thing group. You use thing groups to manage fleets of Greengrass core devices.
When you deploy software components to your devices, you can choose to deploy to individual devices or to groups of devices. You can add a device to a thing group to deploy that thing group's software components to the device. For more information, see Deploy AWS IoT Greengrass components to devices (p. 519).
• An IAM role. Greengrass core devices use the AWS IoT Core credentials provider to authorize calls to AWS services with an IAM role. This role allows your device to interact with AWS IoT, send logs to Amazon CloudWatch Logs, and download custom component artifacts from Amazon Simple Storage Service (Amazon S3). For more information, see Authorize core devices to interact with AWS services (p. 843).
• An AWS IoT role alias. Greengrass core devices use the role alias to identify the IAM role to use. The role alias enables you to change the IAM role but keep the device configuration the same. For more information, see Authorizing direct calls to AWS services in the AWS IoT Core Developer Guide.
Choose one of the following options to install the AWS IoT Greengrass Core software on your core device.
Install the AWS IoT Greengrass Core software
• Quick installation
Choose this option to set up a Greengrass core device in as few steps as possible. The installer creates the required AWS IoT and IAM resources for you. This option requires you to provide AWS credentials to the installer to create resources in your AWS account.
You can't use this option to install behind a firewall or network proxy. If your devices are behind a firewall or network proxy, consider manual installation (p. 78).
For more information, see Install AWS IoT Greengrass Core software with automatic resource provisioning (p. 71).
• Manual installation
Choose this option to create the required AWS resources manually or to install behind a firewall or network proxy. By using a manual installation, you don't need to give the installer permission to create resources in your AWS account, because you create the required AWS IoT and IAM resources. You can also configure your device to connect on port 443 or through a network proxy. You can also configure the AWS IoT Greengrass Core software to use a private key and certificate that you store in a hardware security module (HSM), Trusted Platform Module (TPM), or another cryptographic element.
For more information, see Install AWS IoT Greengrass Core software with manual resource provisioning (p. 78).
• Installation with AWS IoT fleet provisioning
Choose this option to create the required AWS resources from an AWS IoT fleet provisioning template.
You might choose this option to create similar devices in a fleet, or if you manufacture devices that your customers later activate, such as vehicles or smart home devices. Devices use claim certificates to authenticate and provision AWS resources, including an X.509 client certificate that the device uses to connect to the AWS Cloud for normal operation. You can embed or flash the claim certificates into the device's hardware during manufacturing, and you can use the same claim certificate and key to provision multiple devices. You can also configure devices to connect on port 443 or through a network proxy.
For more information, see Install AWS IoT Greengrass Core software with AWS IoT fleet provisioning (p. 100).
• Installation with custom provisioning
Choose this option to develop a custom Java application that provisions the required AWS resources.
You might choose this option if you create your own X.509 client certificates or if you want more control over the provisioning process. AWS IoT Greengrass provides an interface that you can implement to exchange information between your custom provisioning application and the AWS IoT Greengrass Core software installer.
For more information, see Install AWS IoT Greengrass Core software with custom resource provisioning (p. 127).
AWS IoT Greengrass also provides containerized environments that run the AWS IoT Greengrass Core software. You can use a Dockerfile to run AWS IoT Greengrass in a Docker container (p. 141).
Topics
• Install AWS IoT Greengrass Core software with automatic resource provisioning (p. 71)
• Install AWS IoT Greengrass Core software with manual resource provisioning (p. 78)
• Install AWS IoT Greengrass Core software with AWS IoT fleet provisioning (p. 100)
• Install AWS IoT Greengrass Core software with custom resource provisioning (p. 127)
Install with automatic provisioning
Install AWS IoT Greengrass Core software with automatic resource provisioning
The AWS IoT Greengrass Core software includes an installer that sets up your device as a Greengrass core device. To set up a device quickly, the installer can provision the AWS IoT thing, AWS IoT thing group, IAM role, and AWS IoT role alias that the core device requires to operate. The installer can also deploy the local development tools to the core device, so you can use the device to develop and test custom software components. The installer requires AWS credentials to provision these resources and create the deployment.
If you can't provide AWS credentials to the device, you can provision the AWS resources that the core device requires to operate. You can also deploy the development tools to a core device to use as a development device. This enables you to provide fewer permissions to the device when you run the installer. For more information, see Install AWS IoT Greengrass Core software with manual resource provisioning (p. 78).
Important
Before you download the AWS IoT Greengrass Core software, check that your core device meets the requirements (p. 65) to install and run the AWS IoT Greengrass Core software v2.0.
Topics