Greengrass Automated Deployment

0

Hi everyone, I am trying to automate deploying Greengrass groups. I'm working on a consumer-based sensor system with a hub acting as the Greengrass core. The main question that I'm not sure about is how do I bulk manufacture these devices so that they can be set up by the end user and connected to IoT?

Nick_G
asked 4 years ago255 views
1 Answer
1
Accepted Answer

There are mainly two approaches to provisioning:

  1. pre-provisioning
  2. on-demand aka just in time

Pre-provisioning

With pre-provisioning you create all the necessary resources at manufacturing time. For a device using Greengrass these include:

  • Core thing certificates, thing and policy - you can also create a more generic policy for GG Core thing leveraging IoT Policy Variables, but you must use wildcard for the client id in the iot:Connect resource.
  • Greengrass group
  • Greengrass config.json

Certificates and config.json must be copied/burned onto the device.

You can use both bulk registration, or the single-thing-provisioning APIs.

You should probably avoid using CloudFormation to create Greengrass groups, since you will be limited by the number of CFN stacks in an account, and use the Greengrass APIs instead. You can use CFN to create other resources such as Lambda functions on which the Group depends.

With this option, the device, once unboxed and configured with the network access, is able to connect to AWS IoT.

Just-in time provisioning

In this scenario you would create the resources as the device connects for the first time to the network. If the device is already provisioned with a unique device certificate and the config.json file for the group, you can use JITP in combination with the registry hooks to create the Greengrass Group via the API.

You can also use fleet provisioning by having a bootstrapping agent on the device that is responsible of obtaining the final device certificates and the config.json file for the group. The creation of the Group can be initiated by the provisioning agent using a custom MQTT topic or an API.

Device claiming

You would also need to add some "claiming" process to associate the device with a particular user.

AWS
EXPERT
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions