You are viewing the documentation for AWS IoT Greengrass Version 1. AWS IoT Greengrass Version 2 is the latest major version of AWS IoT Greengrass. For more information about using AWS IoT Greengrass Version 2, see the AWS IoT Greengrass V2 Developer Guide.
Create AWS IoT devices in an AWS IoT Greengrass group
In this step, you add two AWS IoT devices to your Greengrass group. This process includes registering the devices and configuring certificates and keys to allow them to connect to AWS IoT Greengrass.
In the AWS IoT console, in the navigation pane, choose Greengrass, Classic (V1), Groups.
Choose the target group.
-
On the group configuration page, choose Devices, and then choose Add Device.
-
On the Add a Device page, choose Create New Device.
-
On the Create a Registry entry for a device page, register this device as
HelloWorld_Publisher
, and then choose Next. -
On the Set up security page, for 1-Click, choose Use Defaults. This option generates a device certificate with an attached AWS IoT policy and public and private key.
-
Create a folder on your computer. Download the certificate and keys for your device into the folder.
Make a note of the common
hash
component in the file names for the HelloWorld_Publisher device certificate and keys (in this example,bcc5afd26d
). You need it later. Choose Finish. -
Decompress the
file. For example, run the following command:hash
-setup.tar.gztar -xzf
hash
-setup.tar.gz -
Choose Add Device and repeat steps 3 - 7 to add a new device to the group.
Name this device
HelloWorld_Subscriber
. Download the certificates and keys for the device to your computer. Save and decompress them in the same folder that you created for HelloWorld_Publisher.Again, make a note of the common
hash
component in the file names for the HelloWorld_Subscriber device.You should now have two devices in your AWS IoT Greengrass group:
-
Review Server Authentication in the AWS IoT Developer Guide and choose the appropriate root CA certificate. We recommend that you use Amazon Trust Services (ATS) endpoints and ATS root CA certificates. Your root CA certificate type must match your endpoint. Use an ATS root CA certificate with an ATS endpoint (preferred) or a VeriSign root CA certificate with a legacy endpoint. Only some AWS Regions support legacy endpoints. For more information, see Service endpoints must match the root CA certificate type.
Save the root CA certificate as
root-ca-cert.pem
in the same folder as the device certificates and keys for both devices. All these files should be in one folder on your computer (not on the Greengrass core device).-
For ATS endpoints (preferred), download the appropriate ATS root CA certificate, such as Amazon Root CA 1
. -
For legacy endpoints, download a VeriSign root CA certificate
. Although legacy endpoints are acceptable for the purposes of this tutorial, we recommend that you use an ATS endpoint and download an ATS root CA certificate.
Note If you're using a web browser on the Mac and you see
This certificate is already installed as a certificate authority
, open a Terminal window and download the certificate into the folder that contains the HelloWorld_Publisher and HelloWorld_Subscriber device certificates and keys. For example, if you're using an ATS endpoint, you can run the following command to download the Amazon Root CA 1 certificate.cd
path-to-folder-containing-device-certificates
curl -o ./root-ca-cert.pem https://www.amazontrust.com/repository/AmazonRootCA1.pemRun
cat root-ca-cert.pem
to ensure that the file is not empty. If the file is empty, check the URL and try thecurl
command again. -