By using AWS re:Post, you agree to the Terms of Use
/Is it possible to have Ignition Edge (via MQTT Transmission Plug-in) as a Greengrass V2 client device?/

Is it possible to have Ignition Edge (via MQTT Transmission Plug-in) as a Greengrass V2 client device?


Hello, I am trying to connect Ignition Edge to my Greengrass V2 Core device (running in a VM) via MQTT. I did the steps explained on the Cloud discovery configuration, but I just cannot seem to get it to work properly.

Is it possible to connect client devices to Greengrass Core without the use of the AWS SDK?

  • Yes, it is possible to connect client devices without using the AWS SDK.

    Can you list the steps you performed for the cloud discovery?

2 Answers
Accepted Answer

Yes, you can connect to Greengrass as a client device as long as it meets the criteria of:

  1. Having the Thing, X.509 certificate, and policy registered in AWS IoT
  2. Using cloud discovery to get the signing CA for the local server certificate, endpoint (name or IP address), and port number for the Core device
  3. Configuring Ignition's MQTT module with the returned details of cloud discovery and the client certificate/private key to complete the local mTLS operation.

One way to validate that everything is operational would be to use the AWS IoT Device SDK to verify the configuration of Greengrass Core and send messages to AWS IoT Core. Then you will know that's working correctly and can move on to the Ignition setup and testing.

With a lot of moving parts, if you have questions, please respond and I'll help clarify.

answered a month ago
  • Hi Gavin,

    Thank you, this clarifies it a bit for me.

    Currently, I am having a hard time with policy configuration. I'm at a loss which policies I need to set up, and how.

    I followed the “greengrass/v2/developerguide/client-devices-tutorial” guide, but I cannot enable the “greengrass:Discovery” permission via the IoT Core policies, as it isn't available as an option.

    There is an option to manually insert it via the JSON, but then I don't know if it is properly enabled.

    Is there a guide I can use to help with the policy setup and such?


An update on my question:

After much researching, I think I finally got it to work. Turns out, it wasn't really about the policies. While I cannot select them on the IoT Greengrass Policy Console screen, I could still put them inside the JSON, which works correctly.

After making sure every policy was correct, I tried to connect to my Greengrass Moquette Broker. This didn't work, I got an error which stated: “Unable to verify the first certificate”. After some digging, I found out that I didn't fulfil the second criteria. I overlooked getting the signed local server certificate from the Greengrass Core. I solved this by requesting the Certificate using the Discovery API with curl.

After this, it worked correctly, and I could connect Ignition Edge to my Greengrass Core.

Once again, thank you very much for your assistance, Gavin!

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions