Greengrass v2 fleet provisioning in docker


Following the Greengrass v2 IoT guide there are several options for provisioning: manual, automatic, fleet.
Those options are available for OS based environments.
Is it possible to run fleet provisioning from an greengrass core launched in docker?

asked a year ago72 views
3 Answers
Accepted Answer

Hi Koverski,

It is possible to use the fleet provisioning by claim with Greengrass v2 running in Docker.

You have to run through the fleet provisioning setup and make sure you have created the template and policy as described in the documentation.

Once you have that setup, you can run the docker setup with some small tweaks.

We need to mount the claim-certs and config into the docker container so Greengrass can access it. We will create a directory, /tmp/greengrass-setup and mount that into the container at /greengrass-setup.

Place the claim certificates and AmazonRootCA in a directory like /tmp/greengrass-setup/certs
Place the fleet provisioning plugin in /tmp/greengrass-setup/

Create an environment file /tmp/greengrass-setup/env with the following contents:


There are other env vars you can set - see

Create a config file /tmp/greengrass-setup/config.yaml as described in

This should look like

    version: "2.5.0"
      rootPath: /greengrass/v2
      awsRegion: "us-west-2"
      iotDataEndpoint: "<your endpoint>"
      iotCredentialEndpoint: "<your endpoint>"
      iotRoleAlias: "GreengrassCoreTokenExchangeRoleAlias"
      provisioningTemplate: "GreengrassFleetProvisioningTemplate"
      claimCertificatePath: "/greengrass-setup/certs/claim.pem.crt"
      claimCertificatePrivateKeyPath: "/greengrass-setup/certs/claim.private.pem.key"
      rootCaPath: "/greengrass-setup/certs/AmazonRootCA1.pem"
        ThingName: "<thing name>"
        ThingGroupName: "<group name>"

You will want to make sure the paths align with the directory we will mount into docker

Finally, run a container via:

docker run --rm --init -it \
  --name aws-iot-greengrass \
  -v /tmp/greengrass-setup:/greengrass-setup \
  --env-file=/tmp/greengrass-setup/env \
  -p 8883 amazon/aws-iot-greengrass:latest

We mount the directory into the container with the -v option and load the environment vairables with the --env-file option.

This will launch the container and start greengrass.

You can enter the container and inspect the logs

docker exec -it <container-id> cat /greengrass/v2/logs/greengrass.log

to see what is happening with Greengrass. Any errors occur where it cannot provision the IoT thing with the fleet provisioning plugin will show up in greengrass.log

Edited by: rob-aws on Nov 17, 2021 8:08 PM

answered a year ago

Hello Rob,

Thank you for a complex answer.

I've managed to configure everything and as i launch 'docker run' as suggested i get an error:

Error while trying to setup Greengrass Nucleus
java.lang.RuntimeException: The trusted plugin jar file does not exist or is not accessible

the file has been downloaded by me and put in a path /setup/FleetProvisioningByClaim.jar

In the .env file i've tried putting absolute path, like /User/username/greengrass_iot/setup/FleetProvisioningByClaim.jar, to be even more sure i've ran chmod 777 on the plugin jar file. All of this came to no effect unfortunately. If that helps i am running this from a MacOS

Could you please help?

Edited by: Koverski on Nov 26, 2021 4:12 AM

answered a year ago

The path must be accessible from inside the container. According to the previous post from Rob, you are not mounting anything in /setup, so /setup doesn't exist in the container hence you get this error.

So please ensure that on your real operating system, you put the trusted plugin in /tmp/greengrass-setup/fleetprovisioningbyclaim-latest.jar. Then ensure that you are mounting the directory to the proper location inside of the docker container using the option "-v /tmp/greengrass-setup:/greengrass-setup".

Any paths that you put in the env file need to be the paths inside of the container, not the path on your real file system.

If you are changing the command such that it is not what Rob suggested to you, then please provide the command which you are running as that will affect the answer.


answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions