- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
You can have multiple deployments targeting the same device. In your case, you could have a deployment targeting the whole fleet for all the common components and common configurations.
For components, like Secrets Manager, that require a different configuration per device, you can create a separate deployment that only contains SecretsManager, targeting every single device. Each deployment can then contain a different configuration for the secret arn parameter.
Another option is to set the device specific configuration inside the thing shadow, but I would not recommend passing confidential information to the device though the shadow, as it will be accessible in clear. You could write your own component that access SecretsManager directly using the Token Exchange Service credentials in Greengrass, and thus only pass the arn of the secret. In this case, do not forget to set the appropriate policies on the Greengrass Role, so that a Greengrass device is not able to access the secret of another device.
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata un anno fa