- Newest
- Most votes
- Most comments
You can have multiple deployments targeting the same device. In your case, you could have a deployment targeting the whole fleet for all the common components and common configurations.
For components, like Secrets Manager, that require a different configuration per device, you can create a separate deployment that only contains SecretsManager, targeting every single device. Each deployment can then contain a different configuration for the secret arn parameter.
Another option is to set the device specific configuration inside the thing shadow, but I would not recommend passing confidential information to the device though the shadow, as it will be accessible in clear. You could write your own component that access SecretsManager directly using the Token Exchange Service credentials in Greengrass, and thus only pass the arn of the secret. In this case, do not forget to set the appropriate policies on the Greengrass Role, so that a Greengrass device is not able to access the secret of another device.
Relevant content
- Accepted Answerasked 2 years ago
- asked 2 years ago
- asked 3 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago