AWS IoT Greengrass

(1)

AWS IoT Greengrass

Developer Guide, Version 2

(2)

AWS IoT Greengrass: Developer Guide, Version 2

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be aﬃliated with, connected to, or sponsored by Amazon.

(3)

What is AWS IoT Greengrass?

AWS IoT Greengrass is an open source Internet of Things (IoT) edge runtime and cloud service that helps you build, deploy and manage IoT applications on your devices. You can use AWS IoT Greengrass to build software that enables your devices to act locally on the data that they generate, run predictions based on machine learning models, and ﬁlter and aggregate device data. AWS IoT Greengrass enables your devices to collect and analyze data closer to where that data is generated, react autonomously to local events, and communicate securely with other devices on the local network. Greengrass devices can also communicate securely with AWS IoT Core and export IoT data to the AWS Cloud. You can use AWS IoT Greengrass to build edge applications using pre-built software modules, called components, that can connect your edge devices to AWS services or third-party services. You can also use AWS IoT Greengrass to package and run your software using Lambda functions, Docker containers, native operating system processes, or custom runtimes of your choice.

The following example shows how an AWS IoT Greengrass device interacts with the AWS Cloud.

For ﬁrst-time users of AWS IoT Greengrass

If you're new to AWS IoT Greengrass, we recommend that you review the following section:

• How AWS IoT Greengrass works (p. 2)

Next, follow the getting started tutorial (p. 32) to try out the basic features of AWS IoT Greengrass.

In this tutorial, you install the AWS IoT Greengrass Core software on a device, develop a Hello World component, and package that component for deployment.

For existing users of AWS IoT Greengrass

For current users of AWS IoT Greengrass, we recommend the following topics to help you understand the new features in AWS IoT Greengrass Version 2, and learn how to move from version 1 to version 2:

• What's new in AWS IoT Greengrass Version 2 (p. 12)

• Move from AWS IoT Greengrass Version 1 (p. 8)

(18)

How AWS IoT Greengrass works

The AWS IoT Greengrass client software, also called AWS IoT Greengrass Core software, runs on Windows and Linux-based distributions, such as Ubuntu or Raspberry Pi OS, for devices with ARM or x86 architectures. With AWS IoT Greengrass, you can program devices to act locally on the data they generate, run predictions based on machine learning models, and ﬁlter and aggregate device data.

AWS IoT Greengrass enables local execution of AWS Lambda functions, Docker containers, native OS processes, or custom runtimes of your choice.

AWS IoT Greengrass provides pre-built software modules called components that let you easily extend edge device functionality. AWS IoT Greengrass components enable you to connect to AWS services and third-party applications at the edge. After you develop your IoT applications, AWS IoT Greengrass enables you to remotely deploy, configure, and manage those applications on your fleet of devices in the field.

The following example shows how an AWS IoT Greengrass device interacts with the AWS IoT Greengrass cloud service and other AWS services in the AWS Cloud.

Key concepts for AWS IoT Greengrass

The following are essential concepts for understanding and using AWS IoT Greengrass:

Greengrass core device

A device that runs the AWS IoT Greengrass Core software. A Greengrass core device is an AWS IoT thing. You can add multiple core devices to AWS IoT thing groups to create and manage groups of Greengrass core devices. For more information, see Setting up AWS IoT Greengrass core devices (p. 64).

Greengrass client device

A device that connects to and communicates with a Greengrass core device over MQTT. A Greengrass client device is an AWS IoT thing. The core device can process, ﬁlter, and aggregate data from client

(19)

Key concepts

devices that connect to it. You can conﬁgure the core device to relay MQTT messages between client devices, the AWS IoT Core cloud service, and Greengrass components. For more information, see Interact with local IoT devices (p. 671).

Client devices can run FreeRTOS or use the AWS IoT Device SDK or Greengrass discovery API (p. 705) to get information about core devices to which they can connect.

Greengrass component

A software module that is deployed to and runs on a Greengrass core device. All software that is developed and deployed with AWS IoT Greengrass is modeled as a component. AWS IoT Greengrass provides pre-built public components that provide features and functionality that you can use in your applications. You can also develop your own custom components, on your local device or in the cloud. After you develop a custom component, you can use the AWS IoT Greengrass cloud service to deploy it to single or multiple core devices. You can create a custom component and deploy that component to a core device. When you do, the core device downloads the following resources to run the component:

• Recipe: A JSON or YAML file that describes the software module by defining component details, configuration, and parameters.

• Artifact: The source code, binaries, or scripts that deﬁne the software that will run on your device.

You can create artifacts from scratch, or you can create a component using a Lambda function, a Docker container, or a custom runtime.

• Dependency: The relationship between components that enables you to enforce automatic updates or restarts of dependent components. For example, you can have a secure message processing component dependent on an encryption component. This ensures that any updates to the encryption component automatically update and restart the message processing component.

For more information, see AWS-provided components (p. 183) and Develop AWS IoT Greengrass components (p. 467).

Deployment

The process to send components and apply the desired component conﬁguration to a destination target device, which can be a single Greengrass core device or a group of Greengrass core devices.

Deployments automatically apply any updated component configurations to the target and include any other components that are defined as dependencies. You can also clone an existing deployment to create a new deployment that uses the same components but is deployed to a different target.

Deployments are continuous, which means that any updates you make to the components or the component conﬁguration of a deployment automatically get sent to all destination targets. For more information, see Deploy AWS IoT Greengrass components to devices (p. 519).

AWS IoT Greengrass Core software

The set of all AWS IoT Greengrass software that you install on a core device. AWS IoT Greengrass Core software comprises the following:

• Nucleus: This required component provides the minimum functionality of the AWS IoT Greengrass Core software. The nucleus manages deployments, orchestration, and lifecycle management of other components. It also facilitates communication between AWS IoT Greengrass components locally on an individual device. For more information, see Greengrass nucleus (p. 189).

• Optional components: These conﬁgurable components are provided by AWS IoT Greengrass and enable additional features on your edge devices. Depending on your requirements, you can choose the optional components that you want to deploy to your device, such as data streaming, local machine learning inference, or a local command line interface. For more information, see AWS- provided components (p. 183).

You can upgrade your AWS IoT Greengrass Core software by deploying new versions of your components to your device.

(20)

Features of AWS IoT Greengrass

AWS IoT Greengrass Version 2 consists of the following elements:

• Software distributions

• The Greengrass nucleus component, which is the minimum installation of the AWS IoT Greengrass Core software. This component manages deployments, orchestration, and lifecycle management of Greengrass components.

• Additional optional components provided by AWS that integrate with services, protocols, and software.

• The AWS IoT Device SDK, which contains the interprocess communication (IPC) SDK and the Greengrass discovery SDK for client devices.

• The Stream Manager SDK.

• Cloud service

• AWS IoT Greengrass V2 API

• AWS IoT Greengrass V2 console

AWS IoT Greengrass Core software

You can use the AWS IoT Greengrass Core software that runs on your edge devices to do the following:

• Process data streams on the local device with automatic exports to the AWS Cloud. For more information, see Manage data streams on the AWS IoT Greengrass Core (p. 724).

• Support MQTT messaging between AWS IoT and components. For more information, see Publish/

subscribe AWS IoT Core MQTT messages (p. 618).

• Interact with local devices that connect and communicate over MQTT. For more information, see Interact with local IoT devices (p. 671).

• Support local publish and subscribe messaging between components. For more information, see Publish/subscribe local messages (p. 593).

• Deploy and invoke components and Lambda functions. For more information, see Deploy AWS IoT Greengrass components to devices (p. 519).

• Manage component lifecycles, such as with support for install and run scripts. For more information, see AWS IoT Greengrass component recipe reference (p. 500).

• Perform secure, over-the-air (OTA) software updates of the AWS IoT Greengrass Core software and custom components. For more information, see Update the AWS IoT Greengrass Core software (OTA) (p. 178) and Deploy AWS IoT Greengrass components to devices (p. 519).

• Provide secure, encrypted storage of local secrets and controlled access by components. For more information, see Secret manager (p. 393).

• Secure connections between devices and the AWS Cloud with device authentication and authorization.

For more information, see Device authentication and authorization for AWS IoT Greengrass (p. 823).

You conﬁgure and manage Greengrass core devices through AWS IoT Greengrass APIs where you create continuous software deployments. For more information, see Deploy AWS IoT Greengrass components to devices (p. 519).

Some features are supported on only certain platforms. For more information, see Greengrass feature compatibility by operating system (p. 5).

For more information about supported platforms, requirements, and downloads, see Setting up AWS IoT Greengrass core devices (p. 64).

By downloading this software, you agree to the Greengrass Core Software License Agreement.

(21)

Greengrass feature compatibility by operating system

AWS IoT Greengrass supports devices that run various operating systems. Some features are supported on only certain operating systems. Use the following tables to learn which features are available for each supported operating system. For more information about supported operating systems, requirements, and how to set up Greengrass core devices, see Setting up AWS IoT Greengrass core devices (p. 64).

Messaging

Feature Linux Windows

Exchange MQTT messages between AWS IoT and

components Yes Yes

Exchange local publish/

subscribe messages between

components Yes Yes

Interact with local IoT devices

over MQTT Yes Yes

Interact with local Modbus-RTU devices using the Modbus-RTU

component Yes No

Security

Secure connections with device

authentication and authorization Yes Yes

Deploy and access secure, encrypted secrets from AWS

Secrets Manager Yes Yes

Use a hardware security module (HSM) to securely store the device's private key and certiﬁcate

Yes No

Audit core devices with AWS IoT

Device Defender Yes Yes

Use AWS credentials to interact

with AWS services Yes Yes

Installation

Install AWS IoT Greengrass with

automatic provisioning Yes Yes

(22)

manual provisioning Yes Yes

AWS IoT ﬂeet provisioning Yes Yes

custom provisioning plugins Yes Yes

Run AWS IoT Greengrass in a Docker container using a

prebuilt Docker image Yes No

Remote maintenance and updates

Perform secure, over-the-air

(OTA) software updates Yes Yes

Manage core devices with AWS

Systems Manager Yes No

Connect to core devices with

AWS IoT secure tunneling Yes No

Machine learning

Perform machine learning inference using Amazon

SageMaker Edge Manager Yes Yes

Perform machine learning inference using Amazon Lookout

for Vision Yes No

Perform machine learning

inference using DLR Yes Yes

Perform machine learning

inference using TensorFlow Yes Yes

Component features

Deploy and invoke Lambda

functions Yes No

Run Docker containers in

components Yes Yes

(23)

Process and export high-volume data streams using stream

manager Yes Yes

Manage component lifecycles

with lifecycle scripts Yes Yes

Interact with device shadows Yes Yes

Upload logs to Amazon

CloudWatch Logs Yes Yes

Upload data to Amazon CloudWatch metrics using the

CloudWatch metrics component Yes Yes

Publish messages to Amazon Simple Notiﬁcation Service using

the Amazon SNS component Yes No

Publish data to Amazon Kinesis Data Firehose delivery streams

using stream manager Yes Yes

Publish data to Amazon Kinesis Data Firehose delivery streams using the Kinesis Data Firehose component

Yes No

Gather and act on real-time

system telemetry metrics Yes Yes

Conﬁgure system resource limits

for component processes Yes No

Pause and resume component

processes Yes No

Integrate with AWS IoT SiteWise using the AWS IoT SiteWise

components Yes No

Publish video streams to Amazon Kinesis Video Streams using the edge connector for Kinesis Video Streams component

Yes No

Component development

Develop components locally on

core devices Yes Yes

(24)

Move from Version 1

Interact with a core device using

the AWS IoT Greengrass CLI Yes Yes

Interact with a core device using

the local debug console Yes Yes

Use the AWS IoT Device SDK for

Python in custom components Yes Yes

C++ in custom components Yes Yes

Java in custom components Yes Yes

Device certiﬁcation

Use AWS IoT Device Tester for AWS IoT Greengrass V2 to

validate IoT devices Yes Yes

Move from AWS IoT Greengrass Version 1

AWS IoT Greengrass Version 2 is a new major version release of the AWS IoT Greengrass Core software, APIs, and console. You can't use the AWS IoT Greengrass Core software v1.x with the V2 APIs. Likewise, you can't use the AWS IoT Greengrass Core software v2.0 with the V1 APIs. However, by using some modiﬁcations, you can run your V1 applications on AWS IoT Greengrass V2.

Topics

• Diﬀerences between V1 and V2 (p. 8)

• Run AWS IoT Greengrass V1 applications on AWS IoT Greengrass V2 (p. 10)

Diﬀerences between V1 and V2

AWS IoT Greengrass V2 introduces new fundamental concepts for devices, ﬂeets, and deployable software. This section describes the V1 concepts that are diﬀerent in V2.

• AWS IoT Greengrass groups and deployments

In AWS IoT Greengrass V1, a group deﬁnes a core device, the settings and software for that core device, and the list of AWS IoT things that connect to that core device.

In AWS IoT Greengrass V2, you use deployments to define the software components and configurations that run on core devices. Each deployment targets a single core device or an AWS IoT thing group that can contain multiple core devices. Deployments to thing groups are continuous, so when you add a core device to a thing group, it receives the software configuration for that fleet. For more information, see Deploy AWS IoT Greengrass components to devices (p. 519).

You can also create local deployments to develop and test custom software components. For more information, see Create AWS IoT Greengrass components (p. 469).

(25)

Diﬀerences between V1 and V2

• AWS IoT Greengrass Core software and connectors

In AWS IoT Greengrass V1, the AWS IoT Greengrass Core software is a single package that contains the software and all of its features. AWS IoT Greengrass connectors are modules that you deploy to AWS IoT Greengrass V1 core devices.

In AWS IoT Greengrass V2, the AWS IoT Greengrass Core software is modular, so that you can choose what to install to control the memory footprint. The Greengrass nucleus component (p. 189) is the minimum required installation of the AWS IoT Greengrass Core software that handles deployments, orchestration, and lifecycle management of other components. Features such as stream manager, secret manager, and log manager are components that you deploy only when you need those features.

AWS IoT Greengrass V2 also provides some AWS IoT Greengrass V1 connectors as components. For more information, see AWS-provided components (p. 183).

• AWS Lambda functions

In AWS IoT Greengrass V1, Lambda functions define the software that runs on core devices. In each Greengrass group, you define subscriptions and local resources that the function uses. You also define the container parameters for functions that the AWS IoT Greengrass Core software runs in a containerized Lambda runtime environment.

In AWS IoT Greengrass V2, components are the software that run on core devices. Components can consist of any software applications, and each component has a recipe that defines the component's metadata, parameters, dependencies, and scripts to run at each step in the component lifecycle. The recipe also defines the component's artifacts, which are binary files such as scripts, compiled code, and static resources. When you deploy a component to a core device, the core device downloads the component recipe and artifacts to run the component. For more information, see Develop AWS IoT Greengrass components (p. 467).

You can import Lambda functions as components that run in a Lambda runtime environment in AWS IoT Greengrass V2. When you import the Lambda function, you specify the subscriptions, local resources, and container parameters for the function. For more information, see Run AWS IoT Greengrass V1 applications on AWS IoT Greengrass V2 (p. 10)..

• Subscriptions

In AWS IoT Greengrass V1, subscriptions specify where Lambda functions receive event messages to consume as function payloads. Functions subscribe to local publish/subscribe messages and AWS IoT Core MQTT messages.

In AWS IoT Greengrass V2, components manage their own subscriptions to local publish/subscribe and AWS IoT Core MQTT messages. In the component recipe, you deﬁne authorization policies to specify which topics the component can use to communicate. In component code, you can use interprocess communication (IPC) for local publish/subscribe messaging and AWS IoT Core MQTT messaging. For more information, see Use the AWS IoT Device SDK to communicate with the Greengrass nucleus, other components, and AWS IoT Core (p. 577).

• Local resources

In AWS IoT Greengrass V1, Lambda functions run in containers that you conﬁgure to access volumes and devices on the core device's ﬁle system.

In AWS IoT Greengrass V2, components run outside containers, so you don't need to specify which local resources the component can access. You can develop components that work directly with local resources on core devices. You can also develop components that run Docker containers. For more information, see Run a Docker container (p. 485).

NoteWhen you import a containerized Lambda function as a component, you specify the local resources that the function uses.

• Greengrass devices (connected devices)

(26)

Run V1 applications on V2

In AWS IoT Greengrass V1, Greengrass devices are AWS IoT things that you add to a Greengrass group to connect to the core device in that group and communicate over MQTT. You must deploy that group each time that you add or remove a connected device. You use subscriptions to relay messages between connected devices, AWS IoT Core, and applications on the core device.

In AWS IoT Greengrass V2, connected devices are called Greengrass client devices, and you associate client devices to core devices to connect them and communicate over MQTT. You can deﬁne authorization policies that apply to groups of client devices, so you don't need to create a deployment to add or remove a client device. To relay messages between client devices, AWS IoT Core, and Greengrass components, you can conﬁgure an optional MQTT bridge component. For more information, see Interact with local IoT devices (p. 671).

In both AWS IoT Greengrass V1 and AWS IoT Greengrass V2, devices can run FreeRTOS or use the AWS IoT Device SDK or Greengrass discovery API (p. 705) to get information about core devices to which they can connect.

• Local shadow service

In AWS IoT Greengrass V1, the local shadow service is enabled by default, and supports only unnamed classic shadows. You use the Greengrass Core SDK in your Lambda functions to interact with shadows on your devices.

In AWS IoT Greengrass V2, you enable the local shadow service by deploying the shadow manager component. You can then use the AWS IoT Device SDK V2 in Lambda functions, or in custom components, to interact with shadows on your devices.

In both AWS IoT Greengrass V1 and AWS IoT Greengrass V2, you can sync local shadow states with cloud shadows in AWS IoT Core. For more information, see Interact with device shadows (p. 719).

Run AWS IoT Greengrass V1 applications on AWS IoT Greengrass V2

You can run most AWS IoT Greengrass V1 applications on AWS IoT Greengrass V2. You can use AWS- provided components that oﬀer the same functionality as AWS IoT Greengrass connectors, and you can import Lambda functions as components that run on AWS IoT Greengrass V2.

Topics

• Can I run my Greengrass v1.x applications on Greengrass v2.0? (p. 10)

• Run V1 Lambda functions (p. 11)

• Run AWS IoT Greengrass connectors (p. 12)

• Run machine learning inference (p. 12)

• Connect V1 Greengrass devices (p. 12)

Can I run my Greengrass v1.x applications on Greengrass v2.0?

AWS IoT Greengrass provides features that you can use to run your AWS IoT Greengrass Core software v1.x applications on the AWS IoT Greengrass Core software v2.0. However, if your v1.x applications use any of the following listed features, you won't be able to run them on the v2.0 software yet.

• Stream manager telemetry metrics

• The C and C++ Lambda function runtimes.

(27)

Run V1 applications on V2

You can develop custom components (p. 467) to build any feature or runtime to run on Greengrass core devices.

Run V1 Lambda functions

You can import Lambda functions as AWS IoT Greengrass V2 components. If your components use features such as stream manager or local secrets, you must deﬁne dependencies on the AWS-provided components that package these features' functionality. When you deploy a component, the deployment includes the component dependencies that you specify. You conﬁgure these dependent features when you deploy your Lambda function component.

If your Lambda function uses features such as stream manager or local secrets, you must define dependencies on the AWS-provided components that package these features. When you deploy the Lambda function component, the deployment also includes the component for each feature that you define as a dependency. In the deployment, you can configure parameters such as which secrets to deploy to the core device. Not all V1 features require a component dependency for your Lambda function on V2. The following list describes how to use V1 features on V2 in your Lambda function component.

• Stream manager

If your Lambda function uses stream manager, specify aws.greengrass.StreamManager as a component dependency when you import the function. When you deploy the stream manager component, specify the stream manager parameters to set for the target core devices. For more information, see Stream manager (p. 420).

• Local secrets

If your Lambda function uses local secrets, specify aws.greengrass.SecretManager as a component dependency when you import the function. When you deploy the secret manager component, specify the secret resources to deploy to the target core devices. The core device's role alias must point to an IAM role that allows the core device to retrieve the secret resources to deploy.

For more information, see Secret manager (p. 393).

• Subscriptions

If your Lambda function publishes messages to the local publish/subscribe broker or to AWS IoT Core, specify aws.greengrass.LegacySubscriptionRouter as a component dependency when you import the function. When you deploy the legacy subscription router component, specify the subscriptions that the Lambda function uses. For more information, see Legacy subscription router (p. 270).

Note

This component is required only if your Lambda function uses the publish() function in the AWS IoT Greengrass Core SDK. If you update your Lambda function code to use the interprocess communication (IPC)s interface in the V2 AWS IoT Device SDK, you don't need to deploy the legacy subscription router component. For more information, see the following interprocess communication (p. 577) services:

• Publish/subscribe local messages (p. 593)

• Publish/subscribe AWS IoT Core MQTT messages (p. 618)

• Local volumes and devices

If your containerized Lambda function accesses local volumes or devices, specify those volumes and devices when you import the Lambda function. This feature doesn't require a component dependency.

• Local shadows

(28)

What's new in Version 2

If your Lambda function interacts with local shadows, you must update the Lambda function code to use the AWS IoT Device SDK V2. You must also specify aws.greengrass.ShadowManager as a component dependency when you import the function.

• Access other AWS services

If your Lambda function uses AWS credentials to make requests to other AWS services, specify aws.greengrass.TokenExchangeService as a component dependency when you import the function. The core device's role alias must point to an IAM role that allows the core device to perform the AWS operations that the Lambda function uses. For more information, see Token exchange service (p. 430) and Authorize core devices to interact with AWS services (p. 843).

For more information, see Run AWS Lambda functions (p. 555).

Run AWS IoT Greengrass connectors

You can deploy AWS-provided components that oﬀer the same functionality of AWS IoT Greengrass connectors. When you create the deployment, you can conﬁgure the connectors' parameters. For more information, see the following AWS IoT Greengrass V2 components that provide Greengrass connectors:

• CloudWatch metrics component (p. 210)

• AWS IoT Device Defender component (p. 240)

• Kinesis Data Firehose component (p. 253)

• Modbus-RTU protocol adapter component (p. 359)

• Amazon SNS component (p. 411)

AWS IoT Greengrass V2 doesn't provide a component to replace the Docker application deployment connector, but you can create components that run Docker containers from images. For more information, see Run a Docker container (p. 485).

Run machine learning inference

AWS IoT Greengrass V2 provides sample Amazon SageMaker Neo DLR machine learning components and models. You can use these features for image classiﬁcation and object detection. To use other machine learning frameworks, such as MXNet and TensorFlow, you can develop your own custom components that use these frameworks.

Connect V1 Greengrass devices

In AWS IoT Greengrass V2, Greengrass devices (or connected devices) are called client devices. AWS IoT Greengrass V2 support for client devices is backward-compatible with AWS IoT Greengrass V1, so you can connect V1 core devices to V2 core devices without changing their application code. To enable client devices to connect a V2 core device, deploy Greengrass components that enable client device support, and associate the client devices to the core device. To relay messages between client devices, the AWS IoT Core cloud service, and Greengrass components (including Lambda functions), deploy and conﬁgure the MQTT bridge component (p. 375). You can deploy the IP detector component (p. 249) to automatically detect connectivity information, or you can manually manage endpoints. For more information, see Interact with local IoT devices (p. 671).

What's new in AWS IoT Greengrass Version 2

AWS IoT Greengrass Version 2 is a new major version release of AWS IoT Greengrass that introduces the following features:

(29)

AWS IoT Greengrass Core v2.5.3 software update

• Open source edge runtime—The edge runtime is now open source and distributed under the Apache 2.0 license and available on GitHub. You can now view the AWS IoT Greengrass edge runtime code, which allows you to troubleshoot interactions with your application and helps you build more reliable and performant applications running on AWS IoT Greengrass. You can also customize and extend the AWS IoT Greengrass edge runtime to meet your speciﬁc hardware and software needs. For more information, see Open source AWS IoT Greengrass Core software (p. 983).

• Improved modularity—You can add or remove pre-built software components based on your use cases, and your device CPU and memory resources. For example, you can choose to include only pre- built AWS IoT Greengrass components, such as stream manager, when you need to process data streams with your application. Or, you can include only machine learning components when you want to perform machine learning inference locally on your devices. For more information, see Develop AWS IoT Greengrass components (p. 467) and AWS-provided components (p. 183).

• New local development tools—AWS IoT Greengrass includes a new command line interface (CLI) that enables you to locally develop and debug applications on your device. In addition, the new local debug console helps you visually debug applications on your device. With these new capabilities, you can develop and debug code on a test device before using the cloud to deploy to your production devices.

For more information, see Greengrass CLI (p. 234) and Local debug console (p. 275).

• Improved ﬂeet deployment features—AWS IoT Greengrass is now integrated with AWS IoT thing groups. This enables you to organize your devices in groups and manage application deployments across your devices with features that control rollout rates, timeouts, and rollbacks. For more information, see Deploy AWS IoT Greengrass components to devices (p. 519).

AWS IoT Greengrass release notes provide details about AWS IoT Greengrass releases—new features, updates and improvements, and general ﬁxes. AWS IoT Greengrass has the following types of releases:

• New feature releases for AWS IoT Greengrass

• AWS IoT Greengrass Core software updates

This section contains all of the AWS IoT Greengrass V2 release notes, latest first, and includes major feature changes and significant bug fixes. For information about additional minor fixes, see the aws- greengrass organization on GitHub.

Release notes

• Release: AWS IoT Greengrass Core v2.5.3 software update on January 6, 2022 (p. 13)

• Release: AWS IoT Greengrass Core v2.5.2 software update on December 3, 2021 (p. 14)

• Release: AWS IoT Greengrass Core v2.5.1 software update on November 23, 2021 (p. 15)

• Release: AWS IoT Greengrass Core v2.5.0 software update on November 12, 2021 (p. 16)

• Release: AWS IoT Greengrass Core v2.4.0 software update on August 3, 2021 (p. 19)

• Release: AWS IoT Greengrass Core v2.3.0 software update on June 29, 2021 (p. 21)

• Release: AWS IoT Greengrass Core v2.2.0 software update on June 18, 2021 (p. 22)

• Release: AWS IoT Greengrass Core v2.1.0 software update on April 26, 2021 (p. 24)

• Release: AWS IoT Greengrass Core v2.0.5 software update on March 09, 2021 (p. 29)

• Release: AWS IoT Greengrass Core v2.0.4 software update on February 04, 2021 (p. 30)

Release: AWS IoT Greengrass Core v2.5.3 software update on January 6, 2022

This release provides version 2.5.3 of the Greengrass nucleus component and the new PKCS#11 provider component.

(30)

Release date: January 6, 2022 Release highlights

• Hardware security integration—You can now conﬁgure the AWS IoT Greengrass Core software to use a private key and certiﬁcate that you securely store in a hardware security module (HSM). For more information, see Hardware security integration (p. 815).

Release details

• Public component updates (p. 14)

Public component updates

The following table lists AWS-provided components that include new and updated features.

Important

When you deploy a component, AWS IoT Greengrass installs the latest supported versions of all component dependencies for that component. Because of this, new patch versions of AWS- provided public components might be automatically deployed to your core devices if you add new devices to a thing group, or you update the deployment that targets those devices. Some automatic updates, such as a nucleus update, can cause your devices to restart unexpectedly.

To prevent unintended updates for a component that is running on your device, we recommend that you directly include your preferred version of that component when you create a

deployment (p. 522). For more information about update behavior for AWS IoT Greengrass Core software, see Update the AWS IoT Greengrass Core software (OTA) (p. 178).

Component Details Greengrass

nucleus Version 2.5.3 of the Greengrass nucleus (p. 189) is available.

New features

• Adds support for hardware security integration. You can use a hardware security module (HSM) to securely store the device's private key and certiﬁcate. For more information, see Hardware security integration (p. 815).

Bug ﬁxes and improvements

• Fixes an issue with runtime exceptions while the nucleus establishes MQTT connections with AWS IoT Core.

PKCS#11 provider Version 2.0.0 of the PKCS#11 provider component (p. 390) is available.

New features

• Adds support for hardware security integration. You can use a hardware security module (HSM) to securely store the device's private key and certiﬁcate. For more information, see Hardware security integration (p. 815).

Release: AWS IoT Greengrass Core v2.5.2 software update on December 3, 2021

This release provides version 2.5.2 of the Greengrass nucleus component.

Release date: December 3, 2021

(31)

Release details

Public component updates

Important

• Fixes an issue where after the Greengrass nucleus updates, the Windows service fails to start again after you stop it or reboot the device.

AWS IoT Device

Defender Version 3.0.1 of the AWS IoT Device Defender (p. 240) component is available.

This version of the AWS IoT Device Defender component expects different configuration parameters than version 2.x. If you use a non-default configuration for version 2.x, and you want to upgrade from v2.x to v3.x, you must update the component's configuration. For more information, see AWS IoT Device Defender component configuration (p. 244).

New features

• Adds support for core devices that run Windows.

• Changes the component type from Lambda component to generic component. This component now no longer depends on the legacy subscription router component to create subscriptions.

• Adds the new UseInstaller conﬁguration parameter that lets you optionally disable the installation script that installs component dependencies.

Release: AWS IoT Greengrass Core v2.5.1 software update on November 23, 2021

This release provides version 2.5.1 of the Greengrass nucleus component.

Release date: November 23, 2021 Release details

(32)

Public component updates

Important

• Adds support for 32-bit versions of the Java Runtime Environment (JRE) on Windows.

• Changes thing group removal behavior for core devices whose AWS IoT policy doesn't grant the

greengrass:ListThingGroupsForCoreDevice permission. With this version, the deployment continues, logs a warning, and doesn't remove components when you remove the core device from a thing group.

For more information, see Deploy AWS IoT Greengrass components to devices (p. 519).

• Fixes an issue with system environment variables that the Greengrass nucleus makes available to Greengrass component processes. You can now restart a component for it to use the latest system environment variables.

Release: AWS IoT Greengrass Core v2.5.0 software update on November 12, 2021

This release provides version 2.5.0 of the Greengrass nucleus component, new AWS-provided components, and updates to AWS-provided components.

Release date: November 12, 2021 Release highlights

• Windows device support—You can now run the AWS IoT Greengrass Core software on devices running Windows operating systems. For more information, see Supported platforms and requirements (p. 64) and Greengrass feature compatibility by operating system (p. 5).

• New thing group removal behavior—You can now remove a core device from a thing group to remove that thing group's components in the next deployment to that device.

Important

As a result of this change, a core device's AWS IoT policy must have the

greengrass:ListThingGroupsForCoreDevice permission. If you used the AWS IoT Greengrass Core software installer to provision resources (p. 71), the default AWS IoT policy allows greengrass:*, which includes this permission. For more information, see Device authentication and authorization for AWS IoT Greengrass (p. 823).

AWS IoT Greengrass

AWS IoT Greengrass

Developer Guide, Version 2

AWS IoT Greengrass: Developer Guide, Version 2

Table of Contents

What is AWS IoT Greengrass?

For ﬁrst-time users of AWS IoT Greengrass

For existing users of AWS IoT Greengrass

How AWS IoT Greengrass works

Key concepts for AWS IoT Greengrass

Features of AWS IoT Greengrass

AWS IoT Greengrass Core software

Greengrass feature compatibility by operating system

Move from AWS IoT Greengrass Version 1

Diﬀerences between V1 and V2

Run AWS IoT Greengrass V1 applications on AWS IoT Greengrass V2

Can I run my Greengrass v1.x applications on Greengrass v2.0?

Run V1 Lambda functions

Run AWS IoT Greengrass connectors

Run machine learning inference

Connect V1 Greengrass devices

What's new in AWS IoT Greengrass Version 2

Release: AWS IoT Greengrass Core v2.5.3 software update on January 6, 2022

Public component updates

Release: AWS IoT Greengrass Core v2.5.2 software update on December 3, 2021

Public component updates

Release: AWS IoT Greengrass Core v2.5.1 software update on November 23, 2021

Public component updates

Release: AWS IoT Greengrass Core v2.5.0 software update on November 12, 2021