Remote bash script execution on Greengrass edge device

Question

Hello,

I am currently deploying to my edge devices using Green grass. Each edge device is configured to only allow communication with AWS servers and not the rest of the internet. I am currently going through the tedious process of creating a new version of a component in order to deploy. The component pulls and executes a bash script which - among other things - pulls and start a docker-compose environment. 
This seems like too many clicks, as I am not interested in keeping track of different versions of these component.

Does a framework exists in AWS, where I can:
1. Execute bash scripts on single or groups of edge devices 
2. Monitor the output of the bash script (optimally, the logs as well)

Thanks in advance,

Best regards
Lasse

Gavin_A · Accepted Answer

If you are looking for a lightweight way to execute containers locally and do not need or want the device management features of AWS IoT Greengrass, AWS Systems Manager may be a better fit. With this you can fully manage local devices remotely, including the run command capability.

If the intent is just around orchestrating containers, either ECS Anywhere or if in a Kubernetes environment, EKS Anywhere could be helpful.

If the intent is just around orchestrating containers, either [ECS Anywhere](https://aws.amazon.com/ecs/anywhere/) or if in a Kubernetes environment, [EKS Anywhere](https://aws.amazon.com/eks/eks-anywhere/) could be helpful.

Greg · Answer

Hi Lasse. I don't find it very clear what you're trying to do. I agree with what Gavin said, but it's also common for a component to run a Docker container or Docker compose application. In such cases, the typical design is that the Greengrass component recipe is the Bash script in effect, and the Docker application manager does the pull.

If you want to just trigger a 1:many action, then most likely you should publish to an MQTT topic that N devices are subscribed to, or use AWS IoT Jobs. You could develop a component that subscribes to the job queue and handles particular job documents. The job document might contain a pre-signed URL to a bash script on S3. With jobs, you can target a single device, or many.

If the bash script output is logged into component logs, you can use the Log manager component to land the logs in CloudWatch. More generally, if the token exchange role allows it, your component could upload your own log files to S3.

If you want to just trigger a 1:many action, then most likely you should publish to an MQTT topic that N devices are subscribed to, or use [AWS IoT Jobs](https://docs.aws.amazon.com/iot/latest/developerguide/iot-jobs.html). You could develop a component that subscribes to the job queue and handles particular [job documents](https://docs.aws.amazon.com/iot/latest/developerguide/key-concepts-jobs.html). The job document might contain a [pre-signed URL](https://docs.aws.amazon.com/iot/latest/developerguide/key-concepts-jobs.html#security-concepts-jobs) to a bash script on S3. With jobs, you can target a single device, or many.

If the bash script output is logged into component logs, you can use the [Log manager component](https://docs.aws.amazon.com/greengrass/v2/developerguide/log-manager-component.html) to land the logs in CloudWatch. More generally, if the token exchange role allows it, your component could upload your own log files to S3.

Remote bash script execution on Greengrass edge device

Add your answer

Relevant content