Install AWS IoT Greengrass Core software with automatic resource provisioning - AWS IoT Greengrass

Install AWS IoT Greengrass Core software with automatic resource provisioning

The AWS IoT Greengrass Core software includes an installer that sets up your device as a Greengrass core device. To set up a device quickly, the installer can provision the AWS IoT thing, AWS IoT thing group, IAM role, and AWS IoT role alias that the core device requires to operate. The installer can also deploy the local development tools to the core device, so you can use the device to develop and test custom software components. The installer requires AWS credentials to provision these resources and create the deployment.

If you can't provide AWS credentials to the device, you can provision the AWS resources that the core device requires to operate. You can also deploy the development tools to a core device to use as a development device. This enables you to provide fewer permissions to the device when you run the installer. For more information, see Install AWS IoT Greengrass Core software with manual resource provisioning.

Important

Before you download the AWS IoT Greengrass Core software, check that your core device meets the requirements to install and run the AWS IoT Greengrass Core software v2.0.

Provide AWS credentials to the device

Provide your AWS credentials to your device so that the installer can provision the required AWS resources. For more information about the required permissions, see Minimal IAM policy for installer to provision resources.

Note

The installer doesn't save or store your credentials.

To provide AWS credentials to the device

  • On your device, provide AWS credentials by doing one of the following:

    • Use long-term credentials from an IAM user:

      1. Provide the access key ID and secret access key for your IAM user. For more information about how to retrieve long-term credentials, see Managing access keys for IAM users in the IAM User Guide.

      2. Run the following commands to provide the credentials to the AWS IoT Greengrass Core software.

        export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
    • (Recommended) Use temporary security credentials from an IAM role:

      1. Provide the access key ID, secret access key, and session token from an IAM role that you assume. For more information about how to retrieve these credentials, see Using temporary security credentials with the AWS CLI in the IAM User Guide.

      2. Run the following commands to provide the credentials to the AWS IoT Greengrass Core software.

        export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY export AWS_SESSION_TOKEN=AQoDYXdzEJr1K...o5OytwEXAMPLE=

Download the AWS IoT Greengrass Core software

You can download the latest version of the AWS IoT Greengrass Core software from the following location:

Note

You can download a specific version of the AWS IoT Greengrass Core software from the following location. Replace version with the version to download.

https://d2s8p88vqu9w66.cloudfront.net/releases/greengrass-version.zip

To download the AWS IoT Greengrass Core software (Linux)

  1. On your device, download the AWS IoT Greengrass Core software to a file named greengrass-nucleus-latest.zip.

    curl -s https://d2s8p88vqu9w66.cloudfront.net/releases/greengrass-nucleus-latest.zip > greengrass-nucleus-latest.zip

    By downloading this software, you agree to the Greengrass Core Software License Agreement.

  2. Unzip the AWS IoT Greengrass Core software to a folder on your device. Replace GreengrassInstaller with the folder that you want to use.

    unzip greengrass-nucleus-latest.zip -d GreengrassInstaller && rm greengrass-nucleus-latest.zip
    Important

    If you install a version of the Greengrass nucleus earlier than v2.4.0, don't remove this folder after you install the AWS IoT Greengrass Core software. The AWS IoT Greengrass Core software uses the files in this folder to run.

    If you downloaded the latest version of the software, you install v2.4.0 or later, and you can remove this folder after you install the AWS IoT Greengrass Core software.

  3. (Optional) Run the following command to see the version of the AWS IoT Greengrass Core software.

    java -jar ./GreengrassInstaller/lib/Greengrass.jar --version

Install the AWS IoT Greengrass Core software

Run the installer with arguments that specify to do the following:

  • Create the AWS resources that the core device requires to operate.

  • Use the ggc_user system user and ggc_group system group to run software components on the core device. The installer creates this default user and group if they don't exist.

  • Install the software as a system service that runs on boot, if your device has the systemd init system.

To set up a development device with local development tools, specify the --deploy-dev-tools true argument. The local development tools can take up to a minute to deploy after the installation completes.

For more information about the arguments that you can specify, see Installer arguments.

Note

If you are running AWS IoT Greengrass on a device with limited memory, you can control the amount of memory that AWS IoT Greengrass Core software uses. To control memory allocation, you can set JVM heap size options in the jvmOptions configuration parameter in your nucleus component. For more information, see Control memory allocation with JVM options.

To install the AWS IoT Greengrass Core software (Linux)

  1. Run the AWS IoT Greengrass Core installer. Replace argument values in your command as follows.

    1. /greengrass/v2: The path to the root folder to use to install the AWS IoT Greengrass Core software.

    2. GreengrassInstaller. The path to the folder where you unpacked the AWS IoT Greengrass Core software installer.

    3. region. The AWS Region in which to find or create resources.

    4. MyGreengrassCore. The name of the AWS IoT thing for your Greengrass core device. If the thing doesn't exist, the installer creates it. The installer downloads the certificates to authenticate as the AWS IoT thing. For more information, see Device authentication and authorization for AWS IoT Greengrass.

      Note

      The thing name can't contain colon (:) characters.

    5. MyGreengrassCoreGroup. The name of AWS IoT thing group for your Greengrass core device. If the thing group doesn't exist, the installer creates it and adds the thing to it. If the thing group exists and has an active deployment, the core device downloads and runs the software that the deployment specifies.

      Note

      The thing group name can't contain colon (:) characters.

    6. GreengrassV2IoTThingPolicy. The name of the AWS IoT policy that allows the Greengrass core devices to communicate with AWS IoT and AWS IoT Greengrass. If the AWS IoT policy doesn't exist, the installer creates a permissive AWS IoT policy with this name. You can restrict this policy's permissions for you use case. For more information, see Minimal AWS IoT policy for AWS IoT Greengrass V2 core devices.

    7. GreengrassV2TokenExchangeRole. The name of the IAM role that allows the Greengrass core device to get temporary AWS credentials. If the role doesn't exist, the installer creates it and creates and attaches a policy named GreengrassV2TokenExchangeRoleAccess. For more information, see Authorize core devices to interact with AWS services.

    8. GreengrassCoreTokenExchangeRoleAlias. The alias to the IAM role that allows the Greengrass core device to get temporary credentials later. If the role alias doesn't exist, the installer creates it and points it to the IAM role that you specify. For more information, see Authorize core devices to interact with AWS services.

    sudo -E java -Droot="/greengrass/v2" -Dlog.store=FILE \ -jar ./GreengrassInstaller/lib/Greengrass.jar \ --aws-region region \ --thing-name MyGreengrassCore \ --thing-group-name MyGreengrassCoreGroup \ --thing-policy-name GreengrassV2IoTThingPolicy \ --tes-role-name GreengrassV2TokenExchangeRole \ --tes-role-alias-name GreengrassCoreTokenExchangeRoleAlias \ --component-default-user ggc_user:ggc_group \ --provision true \ --setup-system-service true

    The installer prints the following messages if it succeeds:

    • If you specify --provision, the installer prints Successfully configured Nucleus with provisioned resource details if it configured the resources successfully.

    • If you specify --deploy-dev-tools, the installer prints Configured Nucleus to deploy aws.greengrass.Cli component if it created the deployment successfully.

    • If you specify --setup-system-service true, the installer prints Successfully set up Nucleus as a system service if it set up and ran the software as a service.

    • If you don't specify --setup-system-service true, the installer prints Launched Nucleus successfully if it succeeded and ran the software.

  2. Skip this step if you installed Greengrass nucleus v2.0.4 or later. If you downloaded the latest version of the software, you installed v2.0.4 or later.

    Run the following command to set the required file permissions for your AWS IoT Greengrass Core software root folder. Replace /greengrass/v2 with the root folder that you specified in your installation command, and replace /greengrass with the parent folder for your root folder.

    sudo chmod 755 /greengrass/v2 && sudo chmod 755 /greengrass

If you installed the AWS IoT Greengrass Core software as a system service, the installer runs the software for you. Otherwise, you must run the software manually. For more information, see Run the AWS IoT Greengrass Core software.

Note

By default, the IAM role that the installer creates doesn't allow access to component artifacts in S3 buckets. To deploy custom components that define artifacts in Amazon S3, you must add permissions to the role to allow your core device to retrieve component artifacts. For more information, see Allow access to S3 buckets for component artifacts.

If you don't yet have an S3 bucket for component artifacts, you can add these permissions later after you create a bucket.

For more information about how to configure and use the software and AWS IoT Greengrass, see the following: