Configuring source authentication - AWS IoT SiteWise

Configuring source authentication

If your OPC-UA servers require authentication credentials to connect, you can define a user name and password in a secret for each source in AWS Secrets Manager. Then, you add the secret to your Greengrass group and IoT SiteWise connector to make the secret available to your gateway. For more information, see Deploy secrets to the AWS IoT Greengrass core in the AWS IoT Greengrass Version 1 Developer Guide.

After a secret is available to your gateway, you can choose it when you configure a source. Then, the gateway uses the authentication credentials from the secret when it connects to the source. For more information, see Configuring data sources.

Creating source authentication secrets

In this procedure, you create an authentication secret for your source in Secrets Manager. In the secret, define username and password key-value pairs that contain authentication details for your source.

To create a source authentication secret

  1. Navigate to the Secrets Manager console.

  2. Choose Store a new secret.

  3. Under Select secret type, choose Other type of secrets.

  4. Enter username and password key-value pairs for your OPC-UA server's authentication values, and then choose Next.

    
                            AWS IoT Greengrass "Secret type" page screenshot.
  5. Enter a Secret name that begins with greengrass-, such as greengrass-factory1-auth.

    Important

    You must use the greengrass- prefix for the default AWS IoT Greengrass service role to access your secrets. If you want to name your secrets without this prefix, you must grant AWS IoT Greengrass custom permissions to access your secrets. For more information, see Allow AWS IoT Greengrass to get secret values in the AWS IoT Greengrass Version 1 Developer Guide.

    
                            AWS IoT Greengrass "Select secret name and description" page screenshot.
  6. Enter a Description and choose Next.

  7. (Optional) On the Configure automatic rotation page, configure automatic rotation for your secrets. If you configure automatic rotation, you must redeploy your Greengrass group each time a secret rotates.

  8. On the Configure automatic rotation page, choose Next.

  9. Review your new secret and choose Store.

Adding secrets to a Greengrass group

In this procedure, you add your source authentication secrets to your AWS IoT Greengrass group to make them available to your IoT SiteWise connector.

To add a secret to your Greengrass group

  1. Navigate to the AWS IoT Greengrass console.

  2. In the navigation pane, under Greengrass, choose Groups, and then choose your group.

    
                            AWS IoT Greengrass "Greengrass Groups" page screenshot.
  3. In the navigation page, choose Resources.

  4. On the Resources page, choose the Secret tab, and then choose Add a secret resource.

    
                            AWS IoT Greengrass "Resources" page screenshot.
  5. Choose Select and choose your secret from the list.

  6. Choose Next.

  7. In Secret resource name, enter a name for your secret resource and choose Save.

    
                            AWS IoT Greengrass "Name your secret resource" page screenshot.

Adding secrets to an IoT SiteWise connector

In this procedure, you add your source authentication secrets to your IoT SiteWise connector to make them available to AWS IoT SiteWise and your gateway.

To add a secret to your IoT SiteWise connector

  1. Navigate to the AWS IoT Greengrass console.

  2. In the navigation pane, under Greengrass, choose Groups, and then choose your group.

    
                            AWS IoT Greengrass "Greengrass Groups" page screenshot.
  3. In the navigation page, choose Connectors.

  4. Choose the ellipsis icon for the IoT SiteWise connector to open the options menu, and then choose Edit.

    
                            AWS IoT Greengrass "Connectors" page screenshot with "Edit" highlighted.
  5. Under List of ARNs for OPC-UA username/password secrets, choose Select, and then select each secret to add to this gateway. If you need to create secrets, see Creating source authentication secrets.

    
                            AWS IoT Greengrass "Configure a connector" page screenshot.

    If your secret doesn't appear, choose Refresh. If your secret still doesn't appear, check that you added the secret to your Greengrass group.

  6. Choose Save.

  7. In the upper-right corner, in the Actions menu, choose Deploy.

  8. Choose Automatic detection to start the deployment.

    If the deployment fails, choose Deploy again. If the deployment continues to fail, see AWS IoT Greengrass deployment troubleshooting.

    After your group deploys, you can configure a source that uses the new secret. For more information, see Configuring data sources.