IoT thing shadow and Greengrass component


Is it possible to work with IoT thing shadow from Greengrass component without any extra configs and connections?
We can subscribe to IoT core topicts by using IPC client as described in
ipc_client = awsiot.greengrasscoreipc.connect() - makes all authentication stuff.
But interaction with shadows requires additional configuration: certificates, endpoint etc.-
After that IotShadowClient provides all needed methods to subscribe and publish to shadow topics.
Does IotShadowClient support work through IPC when it is used in component without establishing a dedicated connection to AWS IoT custom endpoint?
What is the best way in general to communicate GGv2 component and IoT shadow?

asked 2 years ago85 views
2 Answers

Hi lacteolus,

The device SDK provides clients and APIs for accessing the AWS IoT cloud data plane services. It also provides a client for talking with the Greengrass v2 IPC.

The IoTShadowClient in the device SDK is a client for talking directly with the AWS IoT Device Shadow Service in the cloud.
It maintains its own connection - hence the need for the device certificate information. This client does not work through the Greengrass IPC.

At this time, there is no equivalent to the local shadow service / sync that Greengrass v1 provides.

In order to talk to the cloud shadow service, you do not need to use the IoT shadow client. A V2 component can talk with IoT Shadow via the Greengrass managed MQTT connection.

The following access control policy allows your component to subscribe and publish to the shadow MQTT topics

      "accessControl": {
        "aws.greengrass.ipc.mqttproxy": {
          "shadow-mqtt-example": {
            "policyDescription": "Allows access to shadow.",
            "operations": [
            "resources": [

Your python component can follow the MQTT pub/sub example here:

You can subscribe to $aws/things/thingName/shadow/update/accepted to get any remote shadow updates
and publish state to $aws/things/thingName/shadow/update

In this case, thingName is the name of the thing you want to update.

You can use the environment variable $AWS_IOT_THING_NAME to use the thing name of the core device

See for more detail about using the shadow MQTT topics.

Edited by: rob-aws on Mar 8, 2021 11:05 AM

answered 2 years ago

Hi rob-aws,
Thanks for info. So it means that we need to implement something similar to IoTShadowClient but using IPC and subscriptions to all needed shadow topics (update, delta, get etc.).
I looked at example and it seemed to be convenient - it has special classes for different shadow requests and methods for publishing and subscribing to named and classis shadow topice etc.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions