Setting up AWS IoT Greengrass core devices - AWS IoT Greengrass
Supported platformsDevice requirementsLambda function requirementsSet up an AWS account

Setting up AWS IoT Greengrass core devices

Complete the tasks in this section to install, configure, and run the AWS IoT Greengrass Core software.

Note

This section describes advanced installation and configuration of the AWS IoT Greengrass Core software. These steps do not apply to nucleus lite.If you're a first-time user of AWS IoT Greengrass V2, we recommend that you first complete the getting started tutorial to set up a core device and explore the features of AWS IoT Greengrass.

Topics

Supported platforms

Device requirements

Lambda function requirements

Important

Greengrass Lambda functions are currently not supported by Greengrass nucleus lite.

Your device must meet the following requirements to run Lambda functions:

  • A Linux-based operating system.

  • Your device must have the mkfifo shell command.

  • Your device must run the programming language libraries that a Lambda function requires. You must install the required libraries on the device and add them to the PATH environment variable. Greengrass supports all Lambda supported versions of Python, Node.js, and Java runtimes. Greengrass doesn't apply any additional restrictions on deprecated Lambda runtime versions. For more information about AWS IoT Greengrass support for Lambda runtimes, see Run AWS Lambda functions.

  • To run containerized Lambda functions, your device must meet the following requirements:

    • Linux kernel version 4.4 or later.

    • The kernel must support cgroups v1, and you must enable and mount the following cgroups:

      • The memory cgroup for AWS IoT Greengrass to set the memory limit for containerized Lambda functions.

      • The devices cgroup for containerized Lambda functions to access system devices or volumes.

      The AWS IoT Greengrass Core software doesn't support cgroups v2.

      To meet this requirement, boot the device with the following Linux kernel parameters.

      cgroup_enable=memory cgroup_memory=1 systemd.unified_cgroup_hierarchy=0
      Tip

      On a Raspberry Pi, edit the /boot/cmdline.txt file to set the device's kernel parameters.

    • You must enable the following Linux kernel configurations on the device:

      • Namespace:

        • CONFIG_IPC_NS

        • CONFIG_UTS_NS

        • CONFIG_USER_NS

        • CONFIG_PID_NS

      • Cgroups:

        • CONFIG_CGROUP_DEVICE

        • CONFIG_CGROUPS

        • CONFIG_MEMCG

      • Others:

        • CONFIG_POSIX_MQUEUE

        • CONFIG_OVERLAY_FS

        • CONFIG_HAVE_ARCH_SECCOMP_FILTER

        • CONFIG_SECCOMP_FILTER

        • CONFIG_KEYS

        • CONFIG_SECCOMP

        • CONFIG_SHMEM

      Tip

      Check the documentation for your Linux distribution to learn how to verify and set Linux kernel parameters. You can also use AWS IoT Device Tester for AWS IoT Greengrass to verify that your device meets these requirements. For more information, see Using AWS IoT Device Tester for AWS IoT Greengrass V2.

Set up an AWS account

If you do not have an AWS account, complete the following steps to create one.

To sign up for an AWS account

  1. Open https://portal.aws.amazon.com/billing/signup.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call or text message and entering a verification code on the phone keypad.

    When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform tasks that require root user access.

To create an administrator user, choose one of the following options.

Choose one way to manage your administrator To By You can also
In IAM Identity Center

(Recommended)

 Use short-term credentials to access AWS.

This aligns with the security best practices. For information about best practices, see Security best practices in IAM in the IAM User Guide.

 Following the instructions in Getting started in the AWS IAM Identity Center User Guide. Configure programmatic access by Configuring the AWS CLI to use AWS IAM Identity Center in the AWS Command Line Interface User Guide.
In IAM

(Not recommended)

 Use long-term credentials to access AWS. Following the instructions in Create an IAM user for emergency access in the IAM User Guide. Configure programmatic access by Manage access keys for IAM users in the IAM User Guide.