Setting up AWS IoT Greengrass core devices
Complete the tasks in this section to install, configure, and run the AWS IoT Greengrass Core software.
This section describes advanced installation and configuration of the AWS IoT Greengrass Core software. If you're a first-time user of AWS IoT Greengrass V2, we recommend that you first complete the getting started tutorial to set up a core device and explore the features of AWS IoT Greengrass.
Supported platforms and requirements
Before you begin, make sure you meet the following requirements to install and run the AWS IoT Greengrass Core software.
You can search for devices that are qualified for AWS IoT Greengrass V2 in the AWS Partner Device
Catalog
Supported platforms
AWS IoT Greengrass officially supports devices running the following platforms. Devices with platforms not included in this list might work, but AWS IoT Greengrass tests on only these specified platforms.
Linux platforms can also run AWS IoT Greengrass V2 in a Docker container. For more information, see Run AWS IoT Greengrass Core software in a Docker container.
To build a custom Linux-based operating system, you can use the BitBake recipe for AWS IoT Greengrass V2
in the meta-aws
projectmeta-aws
project provides
recipes that you can use to build AWS edge software capabilities in embedded Linux
Device requirements
Devices must meet the following requirements to install and run the AWS IoT Greengrass Core software v2.x.
You can use AWS IoT Device Tester for AWS IoT Greengrass to verify that your device can run the AWS IoT Greengrass Core software and communicate with the AWS Cloud. For more information, see Using AWS IoT Device Tester for AWS IoT Greengrass V2.
Lambda function requirements
Your device must meet the following requirements to run Lambda functions:
-
A Linux-based operating system.
-
Your device must have the
mkfifo
shell command. -
Your device must run the programming language libraries that a Lambda function requires. You must install the required libraries on the device and add them to the
PATH
environment variable.-
Python
version 3.9 for functions that use the Python 3.9 runtime. -
Python
version 3.8 for functions that use the Python 3.8 runtime. -
Python
version 3.7 for functions that use the Python 3.7 runtime. -
Python
version 2.7 for functions that use the Python 2.7 runtime. -
Node.js
version 14.x for functions that use the Node.js 14.x runtime. -
Node.js
version 12.x for functions that use the Node.js 12.x runtime. -
Node.js
version 10.x for functions that use the Node.js 10.x runtime. -
Java
version 11 or later for functions that use the Java 11 runtime. -
Java
version 8 or later for functions that use the Java 8 runtime.
For more information about AWS IoT Greengrass support for Lambda runtimes, see Run AWS Lambda functions.
-
-
To run containerized Lambda functions, your device must meet the following requirements:
-
Linux kernel version 4.4 or later.
-
The kernel must support cgroups
v1, and you must enable and mount the following cgroups: -
The memory cgroup for AWS IoT Greengrass to set the memory limit for containerized Lambda functions.
-
The devices cgroup for containerized Lambda functions to access system devices or volumes.
The AWS IoT Greengrass Core software doesn't support cgroups v2.
To meet this requirement, boot the device with the following Linux kernel parameters.
cgroup_enable=memory cgroup_memory=1 systemd.unified_cgroup_hierarchy=0
Tip On a Raspberry Pi, edit the
/boot/cmdline.txt
file to set the device's kernel parameters. -
-
You must enable the following Linux kernel configurations on the device:
-
Namespace:
-
CONFIG_IPC_NS
-
CONFIG_UTS_NS
-
CONFIG_USER_NS
-
CONFIG_PID_NS
-
-
Cgroups:
-
CONFIG_CGROUP_DEVICE
-
CONFIG_CGROUPS
-
CONFIG_MEMCG
-
-
Others:
-
CONFIG_POSIX_MQUEUE
-
CONFIG_OVERLAY_FS
-
CONFIG_HAVE_ARCH_SECCOMP_FILTER
-
CONFIG_SECCOMP_FILTER
-
CONFIG_KEYS
-
CONFIG_SECCOMP
-
CONFIG_SHMEM
-
-
-
Feature considerations for Windows devices
Some AWS IoT Greengrass features aren't currently supported on Windows devices. Review the following considerations to confirm if a Windows device satisfies your feature requirements. For more information, see Greengrass feature compatibility by operating system.
-
You can't run Lambda functions.
-
You can't configure system resource limits to customize the maximum amount of CPU and RAM usage that each component's processes can use on a core device.
-
You can't pause and resume component processes using the PauseComponent and ResumeComponent interprocess communication operations.
-
The following AWS-provided components are not currently supported:
-
Kinesis Data Firehose
-
Lambda launcher
-
Lambda manager
-
Lambda runtimes
-
Legacy subscription router
-
Modbus-RTU protocol adapter
-
Secure tunneling
-
Amazon SNS
-
AWS IoT SiteWise OPC-UA collector
-
AWS IoT SiteWise publisher
-
AWS IoT SiteWise processor
-
Set up an AWS account
If you do not have an AWS account, complete the following steps to create one.
To sign up for an AWS account
Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.
To create an administrator user for yourself and add the user to an administrators group (console)
-
Sign in to the IAM console
as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password. Note We strongly recommend that you adhere to the best practice of using the
Administrator
IAM user that follows and securely lock away the root user credentials. Sign in as the root user only to perform a few account and service management tasks. -
In the navigation pane, choose Users and then choose Add users.
-
For User name, enter
Administrator
. -
Select the check box next to AWS Management Console access. Then select Custom password, and then enter your new password in the text box.
-
(Optional) By default, AWS requires the new user to create a new password when first signing in. You can clear the check box next to User must create a new password at next sign-in to allow the new user to reset their password after they sign in.
-
Choose Next: Permissions.
-
Under Set permissions, choose Add user to group.
-
Choose Create group.
-
In the Create group dialog box, for Group name enter
Administrators
. -
Choose Filter policies, and then select AWS managed - job function to filter the table contents.
-
In the policy list, select the check box for AdministratorAccess. Then choose Create group.
Note You must activate IAM user and role access to Billing before you can use the
AdministratorAccess
permissions to access the AWS Billing and Cost Management console. To do this, follow the instructions in step 1 of the tutorial about delegating access to the billing console. -
Back in the list of groups, select the check box for your new group. Choose Refresh if necessary to see the group in the list.
-
Choose Next: Tags.
-
(Optional) Add metadata to the user by attaching tags as key-value pairs. For more information about using tags in IAM, see Tagging IAM entities in the IAM User Guide.
-
Choose Next: Review to see the list of group memberships to be added to the new user. When you are ready to proceed, choose Create user.
You can use this same process to create more groups and users and to give your users access to your AWS account resources. To learn about using policies that restrict user permissions to specific AWS resources, see Access management and Example policies.