- Newest
- Most votes
- Most comments
There are mainly two approaches to provisioning:
- pre-provisioning
- on-demand aka just in time
Pre-provisioning
With pre-provisioning you create all the necessary resources at manufacturing time. For a device using Greengrass these include:
- Core thing certificates, thing and policy - you can also create a more generic policy for GG Core thing leveraging IoT Policy Variables, but you must use wildcard for the client id in the iot:Connect resource.
- Greengrass group
- Greengrass
config.json
Certificates and config.json
must be copied/burned onto the device.
You can use both bulk registration, or the single-thing-provisioning APIs.
You should probably avoid using CloudFormation to create Greengrass groups, since you will be limited by the number of CFN stacks in an account, and use the Greengrass APIs instead. You can use CFN to create other resources such as Lambda functions on which the Group depends.
With this option, the device, once unboxed and configured with the network access, is able to connect to AWS IoT.
Just-in time provisioning
In this scenario you would create the resources as the device connects for the first time to the network. If the device is already provisioned with a unique device certificate and the config.json
file for the group, you can use JITP in combination with the registry hooks to create the Greengrass Group via the API.
You can also use fleet provisioning by having a bootstrapping agent on the device that is responsible of obtaining the final device certificates and the config.json
file for the group. The creation of the Group can be initiated by the provisioning agent using a custom MQTT topic or an API.
Device claiming
You would also need to add some "claiming" process to associate the device with a particular user.
Relevant content
- asked 2 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago