Questions tagged with AWS IoT Greengrass

I've been using local deployments (`bin/greengrass-cli deployment create`) during development of my Component. I'm at the point where I'm happy with it and want to do a clean deploy to verify I have all the right settings before I start a publish/deploy/test cycle. I tried deleting the package manually on the machine, but that doesn't fix things. The main reason I want to do this is, during development, I was editing the recipe in the LocalDebugConsole webpage and it seems that now any updates to my source package recipe don't make it to the _effective_ config (at least through local deployments). Without deleting my container volume and starting over, is there a way to delete/reset/clear/clean these local deployments or otherwise get my recipe to use the source recipe instead of the locally edited one?

Hello, we are running our device with an A/B OS partition so upgrades can be rolled back. we will also have a data partition for everything that will need to be persisted inbetween upgrades. Is it possible to install greengrass to a 'data' partition and then have the greengrass service installed on both A and B partitions so it can pickup the same certificates, deployments no matter which of the 2 OS partitions is active ? do you have any advice on how we can keep the greengrass provisioning alive between upgrades ? is there a way to have the 'variable' part of /greengrass/v2/ split from the services ?

I'm currently trying to create a component in a tenant account using the artifact packaged in a central account S3 bucket. The tenant account and central account are in the same AWS Organization. I've tried the following settings to enable the tenant accounts to access the S3 bucket: 1. On the central account S3 bucket (I wasn't sure what Principal Service/User was trying to test this access, so I just "shotgunned" it): ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "greengrass.amazonaws.com", "iot.amazonaws.com", "credentials.iot.amazonaws.com" ] }, "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "arn:aws:s3:::MY-CENTRAL-ACCOUNT-BUCKET/*" }, { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:GetObjectTorrent", "s3:GetObjectVersionAcl", "s3:GetObjectAcl" ], "Resource": "arn:aws:s3:::MY-CENTRAL-ACCOUNT-BUCKET/*", "Condition": { "StringEquals": { "aws:PrincipalOrgID": "o-abc123def456" } } }, ... ] } ``` 2. On the `GreengrassV2TokenExchangeRole` in the tenant account, I've added the `AmazonS3FullAccess` AWS Managed policy (just to see if I could eliminate this Role as the blocker) I've verified that, as a User in the tenant account, I have access to the object in S3 and can do `aws s3 cp` as a tenant User (so the bucket policy doesn't seem to be blocking things). Whenever I try creating the Component in the tenant account, I'm met with: ``` Invalid Input: Encountered following errors in Artifacts: {s3://MY-CENTRAL-ACCOUNT-BUCKET/com.example.my-component-name/1.0.0-dev.0/application.zip = Specified artifact resource cannot be accessed} ``` ... using either the AWS IoT Greengrass Console and the AWS CLI. What am I missing? Is there a different service-linked role, I should be allowing in the S3 Bucket Resource Policy? It just seems like an access-test during Component creation and not an actual attempt to access the resource. I'm fairly certain if I assumed the Greengrass-TES role, I'd be able to download the artifact too (although I haven't explicitly done that yet).

**Gentlefolks, why is the the token exchange service (TES) failing to fetch credentials?** I have greengrass installed on Ubuntu 20.x.x running on a virtual machine. At the end of the numbered items is an error log (truncated) obtained from `/greengrass/v2/logs/greengrass.log`. Thank you What I've done or what I think you should know: 1. There exist `GreenGrassServiceRole` which contains `AWSGreengrassResourceAccessRolePolicy`, and every other policy containing the word "greengrass" in its name. It also has a trust relationship as below. This was created when I installed Greengrass, but I added additional policies. ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "greengrass.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "<MY_ACCOUNT_NUMBER>" }, "ArnLike": { "aws:SourceArn": "<ARN_THAT_SHOWS_MY_REGION_AND_ACC_NUMBER>:*" } } }, { "Effect": "Allow", "Principal": { "Service": "credentials.iot.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } ``` 2. `aws.greengrass.Nucleus` component is deployed with the following configuration update. The alias also exists. ``` { "reset": [], "merge": { "ComponentConfiguration": { "DefaultConfiguration": { "iotRoleAlias": "GreengrassV2TokenExchangeRoleAlias", "awsRegion": "us-east-1", "iotCredEndpoint": "https://sts.us-east-1.amazonaws.com", "iotDataEndpoint": "<ENDPOINT_OBTAINED_FROM_IOT_CORE_SETTINGS>" } } } } ``` 3. `aws.greengrass.TokenExchangeService` is deployed. 4. There's a custom component that uses the Greengrass SDK to publish to IoT Core. It has the following configuration update. ``` { "reset": [], "merge": { "ComponentDependencies": { "aws.greengrass.TokenExchangeService": { "VersionRequirement": "^2.0.0", "DependencyType": "HARD" } } } } ``` 5. There is an IoT policy from a previous exercise which attached to the core device (Ubuntu on virtual machine) certificate. It allows **all** actions. There's also another `GreengrassTESCertificatePolicyGreengrassV2TokenExchangeRoleAlias` which is associated with the thing's certificate. The policy allows `iot:AssumeRoleWithCertificate` **ERROR LOG BELOW** ``` 2022-05-21T21:07:39.592Z [ERROR] (pool-2-thread-28) com.aws.greengrass.tes.CredentialRequestHandler: Error in retrieving AwsCredentials from TES. {iotCredentialsPath=/role-aliases/GreengrassV2TokenExchangeRoleAlias/credentials, credentialData=Failed to get connection} 2022-05-21T21:08:38.071Z [WARN] (pool-2-thread-28) com.aws.greengrass.tes.CredentialRequestHandler: Encountered error while fetching credentials. {iotCredentialsPath=/role-aliases/GreengrassV2TokenExchangeRoleAlias/credentials} com.aws.greengrass.deployment.exceptions.AWSIotException: Unable to get response at com.aws.greengrass.iot.IotCloudHelper.getHttpResponse(IotCloudHelper.java:95) at com.aws.greengrass.iot.IotCloudHelper.lambda$sendHttpRequest$1(IotCloudHelper.java:80) at com.aws.greengrass.util.BaseRetryableAccessor.retry(BaseRetryableAccessor.java:32) at com.aws.greengrass.iot.IotCloudHelper.sendHttpRequest(IotCloudHelper.java:81) at com.aws.greengrass.tes.CredentialRequestHandler.getCredentialsBypassCache(CredentialRequestHandler.java:207) at com.aws.greengrass.tes.CredentialRequestHandler.getCredentials(CredentialRequestHandler.java:328) at com.aws.greengrass.tes.CredentialRequestHandler.getAwsCredentials(CredentialRequestHandler.java:337) at com.aws.greengrass.tes.LazyCredentialProvider.resolveCredentials(LazyCredentialProvider.java:24) at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.resolveCredentials(AwsExecutionContextBuilder.java:165) at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:102) at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:69) at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:78) at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:175) at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:76) at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45) at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:56) at software.amazon.awssdk.services.s3.DefaultS3Client.getBucketLocation(DefaultS3Client.java:3382) at com.aws.greengrass.componentmanager.builtins.S3Downloader.lambda$getRegionClientForBucket$2(S3Downloader.java:134) at com.aws.greengrass.util.RetryUtils.runWithRetry(RetryUtils.java:50) at com.aws.greengrass.componentmanager.builtins.S3Downloader.getRegionClientForBucket(S3Downloader.java:133) at com.aws.greengrass.componentmanager.builtins.S3Downloader.getDownloadSize(S3Downloader.java:115) at com.aws.greengrass.componentmanager.ComponentManager.prepareArtifacts(ComponentManager.java:420) at com.aws.greengrass.componentmanager.ComponentManager.preparePackage(ComponentManager.java:377) at com.aws.greengrass.componentmanager.ComponentManager.lambda$preparePackages$1(ComponentManager.java:338) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829) Caused by: java.net.UnknownHostException: https at java.base/java.net.InetAddress$CachedAddresses.get(InetAddress.java:797) at java.base/java.net.InetAddress.getAllByName0(InetAddress.java:1509) at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1368) at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1302) at org.apache.http.impl.conn.SystemDefaultDnsResolver.resolve(SystemDefaultDnsResolver.java:45) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:112) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at jdk.internal.reflect.GeneratedMethodAccessor51.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at software.amazon.awssdk.http.apache.internal.conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerFactory.java:80) at com.sun.proxy.$Proxy15.connect(Unknown Source) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) at software.amazon.awssdk.http.apache.internal.impl.ApacheSdkHttpClient.execute(ApacheSdkHttpClient.java:72) at software.amazon.awssdk.http.apache.ApacheHttpClient.execute(ApacheHttpClient.java:253) at software.amazon.awssdk.http.apache.ApacheHttpClient.access$500(ApacheHttpClient.java:106) at software.amazon.awssdk.http.apache.ApacheHttpClient$1.call(ApacheHttpClient.java:232) at com.aws.greengrass.iot.IotCloudHelper.getHttpResponse(IotCloudHelper.java:88) ... 27 more 2022-05-21T21:08:38.073Z [ERROR] (pool-2-thread-28) com.aws.greengrass.tes.CredentialRequestHandler: Error in retrieving AwsCredentials from TES. {iotCredentialsPath=/role-aliases/GreengrassV2TokenExchangeRoleAlias/credentials, credentialData=Failed to get connection} ```

Dear AWS, We need to create greengrass deployments and are using following cli command https://awscli.amazonaws.com/v2/documentation/api/latest/reference/greengrassv2/create-deployment.html. It looks like this option is missing from the command, could you please add it if it's indeed missing or advise on how to add it? Thank you in advance. With best regards

We have multiple greengrass core devices that each have their own deploment. In each deployment, the 'aws.greengrass.telemetry.NucleusEmitter' is configured as follows: { "reset": [], "merge": { "pubSubPublish": "false", "mqttTopic": "<IOT-THING-NAME>", "telemetryPublishIntervalMs": <interval> } } . This allows us to distinguish between the different MQTT messages returned by the edge devices as they each arrive on a different topic. If we were to place all gg cores under the same deployment, is there a way of distinguishing between the messages that will be published on that topic ? Our requirement is to identify individual gg core devices that have memory/component issues, using the 'aws.greengrass.telemetry.NucleusEmitter' component, while having all devices under one deployment.

Environment : **GreenGrassV2**, Deployed on : **Raspberry Pi Version 3** , Operating system :** Raspbian GNU/Linux 10** We want to start and stop raspberry pi operating system's service from lambda function. Lambda function is deployed under green grass container. Service can be start and stop without sudo / root privileges. We have configured polkit service to start/stop service without sudo. To start and stop service we tried with "exec" , "spawn" and "spawnSync" but we are getting error as under ``` {"err":{"killed":false, "code":1,"signal":null,"cmd":"systemctl stop wpa_supplicant@wlan0.service"}} ``` We also tried to execute command using .sh file but that also giving above error. Purpose to start/stop service is, we want to change Raspberry pi AP mode to station mode and vise versa.

I have an OPC server that has nodes with arrays as values. For example I have a node called "Temperatures" which has values [33, 29, 30, 19] in the array. **Is it possible to set single items of this array as properties into SiteWise assets with aliases** like */Temperatures/1*, */Temperatures/2*, */Temperatures/3*, etc.?

I have a Greengrass Lambda component subscribed to the `aws.greengrass.SNS` output topic `sns/message/status` using the `aws.greengrass.LegacySubscriptionRouter` component with the following configuration: ``` { "subscriptions": { "GreengrassSnsOutput": { "id": "GreengrassSnsOutput", "source": "component:aws.greengrass.SNS", "subject": "sns/message/status", "target": f"component:MyComponentName", } } } ``` That works as expected, but if I update the Lambda corresponding to `MyComponentName`, I get the following error message in the main Greengrass log file: ``` com.aws.greengrass.lambdamanager.LambdaNotFoundException: Lambda arn:aws:lambda:region:account:function:my-function-name:# does not exist ``` The [developer guide](https://docs.aws.amazon.com/greengrass/v2/developerguide/legacy-subscription-router-component.html#legacy-subscription-router-component-configuration) suggests that v2.1.0... >Adds support to specify component names instead of ARNs for source and target. If you specify a component name for a subscription, you don't need to reconfigure the subscription each time the version of the Lambda function changes. I took that to mean nothing needs to happen with respect to the subscription after a new component version with the same name but a new Lambda ARN is deployed. Is that right or is there something else that needs to be done? I'm using the following component versions: ``` "aws.greengrass.LegacySubscriptionRouter": { "componentVersion": "2.1.4" }, "aws.greengrass.Nucleus": { "componentVersion": "2.5.5" }, "aws.greengrass.SNS": { "componentVersion": "2.1.0" }, ```

I'm trying to create a Greengrass Lambda function that publishes to an IPC topic using the the IoT SDK. My Lambda code includes: ``` from awsiot import greengrasscoreipc # type: ignore from awsiot.greengrasscoreipc.model import ( # type: ignore JsonMessage, PublishMessage, PublishToTopicRequest, ) ipc_client = greengrasscoreipc.connect() ``` This leads to the following import error: ``` FATAL: lambda_runtime.py:426,Failed to initialize Lambda runtime due to exception: No module named '_awscrt'. ``` I can see that the Lambda artifact includes both `awscrt` and `awsiot` in `/greengrass/v2/packages/artifacts-unarchived/componentName/version/lambda-artifact/`, so I'm not sure why the import is failing. I'm using a non-pinned Python 3.8 Lambda in NoContainer mode with LambdaManager v2.2.3, LambdaLauncher v2.0.10, and LambdaRuntimes v2.0.8 I have been able to use `awsiot` to publish to IPC topics in a non-Lambda component. That component runs a `pip install -r requirements.txt` command to install `awsiotsdk` to the site-packages for `ggc_user` during the install lifecycle, whereas the Lambda component is delivered to the device with its package dependencies included. Any ideas what I need to do differently? I haven't seen this problem yet with other Lambdas that have different dependencies.

Are there plans to support ECC keys in IoT Greengrass V2 - So that security devices like the ATECC608A/B etc can be used to secure keys for Greengrass communications between devices and AWS cloud ? I believe that Greengrass V1 did support this, but support seems to have disappeared it doesn't seem to possible with the current V2 version. Is support for these devices dropped or is there a plan or roadmap for support ? https://devices.amazonaws.com/detail/a3G0L00000AAOCcUAP/ATECC608a-CryptoAuthentication-Secure-Element

I would like to be able to perform local testing of my greengrass components before deployment. The issue is that my components normally use Greengrass IPC, meaning that I cannot perform local testing, as IPC messages cannot be sent/received as the local component test won't be happening in Greengrass. Is there a way to get around this ? Is there a method to mimic/test Greengrass IPC calls in a program, outside of a Greengrass deployment ?

At current, my Greengrass core device (v2.5.5), is on my rasp 3b+ running normally with manual deployment from local/cloud. However, the IDT (version 4.5.3 with suite=GGV2Q_2.3.1) execution passed for 3/6 test cases as below only: ========== Test Summary ========== * Execution Time: 1m51s * Tests Completed: 6 * Tests Passed: 3 * Tests Failed: 3 * Tests Skipped: 0 ---------------------------------- Test Groups: * pretestvalidation: PASSED * version: PASSED * coredependencies: PASSED * mqtt: FAILED * component: FAILED ---------------------------------- Failed Tests: * Group Name: mqtt Test Name: mqttpubsub; Reason: Failed at 'my device is running Greengrass * Group Name: component Test Name: cloudcomponent; Reason: Failed at 'my device is running Greengrass' Test Name: localcomponent; Reason: Failed at 'my device is running Greengrass' ---------------------------------- **Is there further detail/meaningful info from these error log/code?** **I have tried to look into the log folder but nothing else there.** **I have attached all failed logs as below:** # localcomponent: - time="22:48:06+07:00" level=info msg=22:48:06.237 [localdeployment] [INFO] com.aws.greengrass.testing.features.LoggerSteps - Attaching thread context to scenario: 'A component is deployed locally using CLI' - time="22:48:06+07:00" level=info msg=22:48:06.238 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 4: 'my device is registered as a Thing' - time="22:48:08+07:00" level=info msg=22:48:08.085 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotPolicy in IotLifecycle - time="22:48:09+07:00" level=info msg=22:48:09.615 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IamPolicy in IamLifecycle - time="22:48:10+07:00" level=info msg=22:48:10.194 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IamRole in IamLifecycle - time="22:48:10+07:00" level=info msg=22:48:10.639 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotRoleAlias in IotLifecycle - time="22:48:10+07:00" level=info msg=22:48:10.837 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotPolicy in IotLifecycle - time="22:48:11+07:00" level=info msg=22:48:11.040 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotThingGroup in IotLifecycle - time="22:48:12+07:00" level=info msg=22:48:12.066 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotCertificate in IotLifecycle - time="22:48:12+07:00" level=info msg=22:48:12.466 [localdeployment] [INFO] com.aws.greengrass.testing.resources.AbstractAWSResourceLifecycle - Created IotThing in IotLifecycle - time="22:48:14+07:00" level=info msg=22:48:14.966 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 5: 'my device is running Greengrass' - time="22:48:14+07:00" level=info msg=22:48:14.976 [localdeployment] [ERROR] greengrass/features/localdeployment.feature - Failed at step: 'my device is running Greengrass' - time="22:48:14+07:00" level=info msg=com.google.inject.ConfigurationException: Guice configuration errors: - time="22:48:14+07:00" level=info msg=1) [Guice/ErrorInUserCode]: Unable to method intercept: GreengrassSteps - time="22:48:14+07:00" level=info msg= while locating GreengrassSteps - time="22:48:14+07:00" level=info msg=22:48:14.990 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 9: 'I create a Greengrass deployment with components' - time="22:48:14+07:00" level=info msg=22:48:14.990 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 11: 'I deploy the Greengrass deployment configuration' - time="22:48:14+07:00" level=info msg=22:48:14.991 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 12: 'the Greengrass deployment is COMPLETED on the device after 180 seconds' - time="22:48:14+07:00" level=info msg=22:48:14.991 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 13: 'I verify greengrass-cli is available in greengrass root' - time="22:48:14+07:00" level=info msg=22:48:14.991 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 14: 'I create a local deployment with components' - time="22:48:14+07:00" level=info msg=22:48:14.991 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 16: 'the local Greengrass deployment is SUCCEEDED on the device after 120 seconds' - time="22:48:14+07:00" level=info msg=22:48:14.991 [localdeployment] [INFO] greengrass/features/localdeployment.feature - line 17: 'the aws.greengrass.LocalHelloWorld log on the device contains the line "Hello World!!" within 20 seconds' - time="22:48:16+07:00" level=info msg=22:48:16.569 [localdeployment] [INFO] com.aws.greengrass.testing.features.LoggerSteps - Clearing thread context on scenario: 'A component is deployed locally using CLI' - time="22:48:16+07:00" level=info msg=22:48:16.577 [localdeployment] [ERROR] com.aws.greengrass.testing.launcher.reporting.StepTrackingReporting - Failed: 'A component is deployed locally using CLI': Failed at 'my device is running Greengrass' - time="22:48:16+07:00" level=info msg=22:48:16.584 [] [] [INFO] com.aws.greengrass.testing.modules.AWSResourcesCleanupModule - Cleaned up com.aws.greengrass.testing.resources.iam.IamLifecycle$$EnhancerByGuice$$10441879@e128dc2 - time="22:48:23+07:00" level=error msg=Test exited unsuccessfully error=exit status # cloudcomponent: - 2022-May-04 15:37:28,499 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 9: 'I create a Greengrass deployment with components' - 2022-May-04 15:37:28,499 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 11: 'I deploy the Greengrass deployment configuration' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 12: 'the Greengrass deployment is COMPLETED on the device after 180 seconds' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 13: 'the com.aws.HelloWorld log on the device contains the line "Hello World!!" within 20 seconds' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 15: 'I create a Greengrass deployment with components' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 17: 'I deploy the Greengrass deployment configuration' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 18: 'the Greengrass deployment is COMPLETED on the device after 180 seconds' - 2022-May-04 15:37:28,500 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] greengrass/features/cloudComponent.feature - line 19: 'the com.aws.HelloWorld log on the device contains the line "Hello World Updated!!" within 20 seconds' - 2022-May-04 15:37:31,557 [cloudComponent] [idt-b47156801aee3f29c860] [INFO] com.aws.greengrass.testing.features.LoggerSteps - Clearing thread context on scenario: 'As a developer, I can create a component in Cloud and deploy it on my device' - 2022-May-04 15:37:31,558 [cloudComponent] [idt-b47156801aee3f29c860] [ERROR] com.aws.greengrass.testing.launcher.reporting.StepTrackingReporting - Failed: 'As a developer, I can create a component in Cloud and deploy it on my device': Failed at 'my device is running Greengrass' # mqttpubsub: - 2022-May-04 15:36:55,929 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] greengrass/features/mqtt.feature - line 9: 'I create a Greengrass deployment with components' - 2022-May-04 15:36:55,931 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] greengrass/features/mqtt.feature - line 12: 'I deploy the Greengrass deployment configuration' - 2022-May-04 15:36:55,931 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] greengrass/features/mqtt.feature - line 13: 'the Greengrass deployment is COMPLETED on the device after 180 seconds' - 2022-May-04 15:36:55,931 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] greengrass/features/mqtt.feature - line 14: 'the aws.greengrass.IotMqttSubscriber log on the device contains the line "Subscribed to IoT topic idt/Mqtt/Test with QOS=AT_LEAST_ONCE" within 20 seconds' - 2022-May-04 15:36:55,931 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] greengrass/features/mqtt.feature - line 15: 'the aws.greengrass.IotMqttPublisher log on the device contains the line "Published to IoT topic idt/Mqtt/Test with payload test message and qos AT_LEAST_ONCE" within 10 seconds' - 2022-May-04 15:36:58,922 [mqtt] [idt-614fb227a4f0913ba4be] [INFO] com.aws.greengrass.testing.features.LoggerSteps - Clearing thread context on scenario: 'Component publishes MQTT message to Iot core and retrieves it as well' - 2022-May-04 15:36:58,924 [mqtt] [idt-614fb227a4f0913ba4be] [ERROR] com.aws.greengrass.testing.launcher.reporting.StepTrackingReporting - Failed: 'Component publishes MQTT message to Iot core and retrieves it as well': Failed at 'my device is running Greengrass' - 2022-May-04 15:36:58,930 [] [] [INFO] com.aws.greengrass.testing.modules.AWSResourcesCleanupModule - Cleaned up com.aws.greengrass.testing.resources.s3.S3Lifecycle$$EnhancerByGuice$$11137706@7e3ca22c

I am setting own mqtt broker using aws workshop: https://catalog.us-east-1.prod.workshops.aws/workshops/5ecc2416-f956-4273-b729-d0d30556013f/en-US/chapter6-mqtt-broker/10-step1 In startup.sh script execution step getting errors: 1. not authorized to perform: iot:CreatePolicy 2. not authorized to perform: iot:CreateKeysAndCertificate User account having all below access permissions: IAMFullAccess AmazonS3FullAccess AWSIoTFullAccess AWSGreengrassFullAccess GreengrassV2TokenExchangeRoleAcess AdministratorAccess I am trying to resolve this couple of days, but not yet succeeded . It very urgent need resolve for current project

Hi All, my greengrass component needs to do additional health checks and decide to restart another component based on output. However, it does not do anything, even not an error message. What's going wrong here? I thought that gcc_user context is sufficient? When manually ran, it works. sudo /greengrass/v2/bin/greengrass-cli component restart -n com.MyComponent When ran from within an existing running GG component, no error, but also no effect?? <--- please advise /greengrass/v2/bin/greengrass-cli component restart -n com.MyComponent

We installed Greengrass v2 on several EC2s that simulate edge devices. We subscribed to telemetry data from them as explained in the docs: https://docs.aws.amazon.com/greengrass/v2/developerguide/telemetry.html. We defined a very general rule on eventBridge using the default event bus and the following event pattern : { "source": ["aws.greengrass"] } We forwarded the events to a CloudWatch log group. However, we received almost no data. We notice that every time we restart the ec2, the first MQTT message is always received, but then, after a while (2-4 days), we didn't receive the messages anymore (even if we didn't change anything in the ec2 or in the Greengrass components). In the docs, it says that the telemetry agent tries to send an MQTT message every day with QOS 0, so some misses could be expected. But since we are using EC2, we assume to have an internet connection almost all the time and we expect to receive more telemetry messages. Why is this not happening? We received the expected messages only for 2/4 days. For instance, for the core device GGv2-CoreDevice, we received telemetry data on 2022-04-21 and 2022-04-22 and we didn't receive any message on the following days. Should we expect worse performance when we will use on-premise edges? IoT Greengrass Core software version: 2.5.5

I already created post yesterday but I believe it is not visible hence asking again. We are on track to upgarde to GG V2 but before that we need to document the below cause. Your help will be highly appreciated. Have faced the following 3 issues in the past few weeks -->> My colleague stated that his deployment fails with error stating “Group definition is not valid”? I couldn't find anything in the GG troubleshooting document about the error. -->> I updated my group definition and added Lambdas to it but I don’t see that reflected on the device. Do the changes take place upon rebooting device ? is the deployment failed ? or the change made on cloud but never made to the device. -->> In the beginning I couldn't find error logs in my Green grass local machine, neither CloudWatch Thanks Community, looking forward to exploring GG. Joan.

Currently I am unable to publish data with custom own Mqtt broker to aws iot core. Whereas I am able to publish data to open MQTT server i.e broker.emqx.io. Is there any configuration need to be provide like, certification of AWS? Or access id and secrete key is enough?

When an IoT message is sent, via IPC channel (MQTT proxy), but greengrass is not connected to the internet, are the messages discarded? ``` accessControl: aws.greengrass.ipc.mqttproxy: com.savic.Telemetry:pub:0: policyDescription: Allows access to publish to telemetry topic operations: - aws.greengrass#PublishToIoTCore resources: - device/dev/telemetry/events - device/prod/telemetry/events ``` ``` try: op = ipc_client.new_publish_to_iot_core() op.activate(model.PublishToIoTCoreRequest( topic_name=TELEMETRY_TOPIC, qos=model.QOS.AT_LEAST_ONCE, payload=json.dumps(message).encode(), )) try: op.get_response().result(timeout=TIMEOUT) except: pass ``` Does GG keep them, then send them later, when there is connectivity, or is this something we have to handle in our component?

I am using IDT v4.5.3 with test suite GGV2Q_2.3.1 with Greengrass nucleus v2.5.5. When running the lambdadeployment test I am getting the following error, "Test failed with error: failed to validate lambda publish: timed out". Any suggestions for debugging this issue?

Have faced the following 3 issues in the past few weeks -->> My colleague stated that his deployment fails with error stating “Group definition is not valid”? I couldn't find anything in the GG troubleshooting document about the error. -->> I updated my group definition and added Lambdas to it but I don’t see that reflected on the device. Do the changes take place upon rebooting device ? is the deployment failed ? or the change made on cloud but never made to the device. -->> In the beginning I couldn't find error logs in my Green grass local machine, neither CloudWatch Thanks Community, looking forward to exploring GG. Joan.

I have a top-level component that I call `com.mycompany.Dependencies`. This component houses our in-house SDK built in Python. Our GG components that are built in Python, use that as a dependency, as defined below: ``` ComponentDependencies: com.mycompany.Dependencies: VersionRequirement: "1.0.25" DependencyType: HARD ``` We have about 3 components that are currently using the `com.mycompany.Dependencies` as a dependency. When we update the Dependencies lib (i.e. add new features to the core SDK lib, we naturally `build` and `publish`, which will create an incremental version. i.e. `1.0.26`. Is there a way that, when the new Dependencies version has been published, for all of the components to automatically download the new lib, such that we don't have to increment the `VersionRequirement` every time there is a new version? so, it would be something along the lines of (note `latest`): ``` ComponentDependencies: com.mycompany.Dependencies: VersionRequirement: "latest" DependencyType: HARD ``` I have tried with `latest` but I don't think it worked. This way, the GG runtime would pick up that there is a `latest` version of `Dependencies` and pull it onto the device, install it, and restart the components. Is this the right way to do it? What would you suggest if this is not possible, or an alternative way?

I am attempting to update a thing shadow when a deployment completes with the components & versions that are installed on the device. The way it's set up now is: 1. An IoT rule that subscribes to `SELECT * FROM '$aws/events/jobExecution/+/succeeded'` and sends the message to a Lambda 2. The Lambda takes the event, calls the `listInstalledComponents` api from the Greengrass sdk, then calls the `updateThingShadow` with the components. However when the Lambda runs, the installed components that get updated in the shadow are not updated with the latest components. It's almost like the Lambda is run before the component listing is updated. I can see that the component listing in the AWS console updated as soon as the deployment is finished. I'm wondering if there's a better topic to watch, or if there's some other way to do what I need. Any guidance would be appreciated.

I have a few greengrass (docker) components that listen to IPC local topics. I now want to test to see if they are actually responding to messages on the local topics so i've written a `greengrass_pub` application (similar to `mosquitto_pub`) so i can call: `greengrass_pub --topic "local/topic" --payload "{ \"do_some\" : \"stuff\" } " ` to check if the other components pick this up. I have also installed this greengrass_pub application in the docker image, so i should be able to start up another docker image. Can i startup a docker image to run under the greengrass credentials so I have access to IPC in an interactive way **AND** have a command prompt where I can try different calls ? How could I start this up ? ( like a docker interactive (-it) session ? ) note: this is only for development as a tool to check.(i have the greengrass cli installed)

everybody, my system uses **cgroup2**. Greengrass only use **CGroup**. What should I do to make Greengrass run on my system? In other words, Greengrass only supports CGroup, not cgroup2? **My raspberry4B version:** ``` pi@raspberrypi:/greengrass/ggc $ uname -a Linux raspberrypi 5.10.92-v8+ #1514 SMP PREEMPT Mon Jan 17 17:39:38 GMT 2022 aarch64 GNU/Linux ``` **My cgroup like this:** ``` pi@raspberrypi:/greengrass/ggc $ mount | grep cgroup cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot) ``` **greeengrass error starting:** ``` pi@raspberrypi:/greengrass/ggc/core $ sudo ./greengrassd start Waiting Stopped greengrass daemon, exiting with success Setting up greengrass daemon Validating hardlink/softlink protection Waiting for up to 1m10s for Daemon to start Greengrass daemon running with PID: 1191. Some system components failed to start. Check 'runtime.log' for errors ``` **check with tool[greengrass-dependency-checker-GGCv1.11.x]:** ``` Missing required dependencies: 1. It looks like the cgroups directory is not mounted on the device. Refer to the official Greengrass documentation to fix this. ```

Hello, I have developed a Greengrass Java component which I have deployed to a Greengrass Core device. This component is built with the AWS IoT Java SDK and it makes communication between the device shadow of the Greengrass Core device and the Greengrass Core device itself. All communication is via MQTT. This component also enables a mobile app sending `desired` state to the device shadow which is received in the Greengrass Core device. At the moment, I authenticate the component's use of the AWS IoT Java SDK by just using the access key and the secret key like this: ` this.awsClient = new AWSIotMqttClient(clientEndpoint, id, "access_key", "secret_key");` Now, I am aware this is not a best practise and I need to change that and here is my question. I did check the AWS documentation but it seems a bit overwhelming to me regarding authentication in my specific case so I wonder if you can help me out and direct me in what approach I should use here? Thank you in advance.

I'm trying to configure a Greengrass Lambda to accept a binary encoding with the goal of sending a compressed JSON payload. My Lambda configuration looks something like: ``` "componentLambdaParameters": { "inputPayloadEncodingType": "binary", "eventSources": [ { "topic": "my/topic", "type": "IOT_CORE" } ], "linuxProcessParams": { "isolationMode": "NoContainer" }, "pinned": false } ``` I'm using Python/Boto3 to send the messages, and the topic publish looks something like: ``` client = boto3.client("iot-data") payload = gzip.compress(json.dumps({"large": "message"}).encode()) client.publish(topic="my/topic", qos=1, retain=True, payload=payload) ``` I get the following error from the Greengrass Lambda: ``` lambda_runtime.py:183,Cannot parse given invoke payload as JSON: b'my contents' ``` I can send the same message without compressing it (e.g. `payload = json.dumps({"large": "message"}).encode()`), and the Lambda succeeds. That suggests to me that `"inputPayloadEncodingType": "binary"` setting only works if the payload is encoded JSON, but that seems to defeat the purpose of using the binary payload option to send something other than JSON. I'm using the Python 3.8 Lambda runtime with following component versions: ``` "aws.greengrass.LambdaLauncher": { "componentVersion": "2.0.10" }, "aws.greengrass.LambdaManager": { "componentVersion": "2.2.2" }, "aws.greengrass.LambdaRuntimes": { "componentVersion": "2.0.8" }, "aws.greengrass.Nucleus": { "componentVersion": "2.5.5", }, ``` Is there something I might be doing wrong here or any other guidance on accepting a compressed payload? Thanks!

I have a device "Device1" in group A, and there is a deployment in place for that group. Now, I would like to move Device1 to group B, for which there is a different deployment. I removed the device from group A, but the deployment is still running. How can I stop the deployment of group A for this specific device, and remove the components ?

Hello We are using Greengrass v2 with the Sagemaker component in order to do inference on the edge. The following error is seen intermettently while running our application. Could you please advise of anything we can do to avoid it? File "/usr/local/lib/python3.6/dist-packages/grpc/_channel.py", line 946, in __call__ return _end_unary_response_blocking(state, call, False, None) File "/usr/local/lib/python3.6/dist-packages/grpc/_channel.py", line 849, in _end_unary_response_blocking raise _InactiveRpcError(state) grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with: status = StatusCode.UNAVAILABLE details = "Socket closed" debug_error_string = "{"created":"@1650459124.460491853","description":"Error received from peer unix:/tmp/aws.greengrass.SageMakerEdgeManager.sock","file":"src/core/lib/surface/call.cc","file_line":906,"grpc_message":"Socket closed","grpc_status":14}"

Hello, When using Greengrass v2 with Sagemaker component the intermittent error below is seen when the device powers off and on. Could you please advise what could be the possible errors? eturn self.client.ListModels(agent_pb2.ListModelsRequest()) File "/usr/local/lib/python3.6/dist-packages/grpc/_channel.py", line 923, in call return _end_unary_response_blocking(state, call, False, None) File "/usr/local/lib/python3.6/dist-packages/grpc/_channel.py", line 826, in _end_unary_response_blocking raise _InactiveRpcError(state) grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with: status = StatusCode.UNAVAILABLE details = "failed to connect to all addresses" debug_error_string = "{"created":"@1650457997.824138381","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":4143,"referenced_errors":[{"created":"@1650457988.031111729","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":398,"grpc_status":14}]}"

I'm trying to reset my v1 AWS Deeplense using the instructions given in the AWS documentation. But, when I restart my device using BIOS setting I'm getting following error: "can't read CTR while initializing i8042" and then I'm routed to initramfs prompt. I tried multiple things to resolve this error: 1. I tried changing changing my pen drive 2. I tried executing steps via both Ubuntu and windows machines 3. I also tried formatting my USB stick in multiple ways 4. I tried exiting a couple of times on initramfs prompt But, none of these steps work. I don't understand why this is happening. Can you please help me reset my device to factory setting?

Hello, We are using GreenGrass v2 and would like to have logs pushed as frequently as possible. We understand the limitation for certain components (eg telemetry) but our application logs should be sent as near real time as we can. Currently, regardless of the configurations set our logs are only sent intermittently to CloudWatch. Logs are seen every few hours or even few days. Could anyone please help us understand whats happening? We are using the following configuration: ``` 'aws.greengrass.Nucleus': { componentVersion: '2.4.0', configurationUpdate: { merge: `{ "logging" : { "level" : "DEBUG", "format" : "JSON" } }`, }, }, 'aws.greengrass.LogManager': { componentVersion: '2.2.1', configurationUpdate: { merge: `{ "logsUploaderConfiguration": { "systemLogsConfiguration": { "uploadToCloudWatch": "true", "minimumLogLevel": "DEBUG", "diskSpaceLimit": "2", "diskSpaceLimitUnit": "KB", "deleteLogFileAfterCloudUpload": "true" }, "componentLogsConfigurationMap": { "com.component1": { "minimumLogLevel": "DEBUG", "diskSpaceLimit": "2", "logFileDirectoryPath": "/greengrass/v2/logs/", "logFileRegex": "com.component1\\\\w*.log", "diskSpaceLimitUnit": "KB", "deleteLogFileAfterCloudUpload": "true" }, "com.component2": { "minimumLogLevel": "DEBUG", "diskSpaceLimit": "2", "logFileDirectoryPath": "/greengrass/v2/logs/", "logFileRegex": "com.component2\\\\w*.log", "diskSpaceLimitUnit": "KB", "deleteLogFileAfterCloudUpload": "true" }, "aws.greengrass.SageMakerEdgeManager": { "minimumLogLevel": "DEBUG", "logFileDirectoryPath": "/greengrass/v2/logs/", "logFileRegex": "aws.greengrass.SageMakerEdgeManager\\\\w*.log", "diskSpaceLimit": "2", "diskSpaceLimitUnit": "KB", "deleteLogFileAfterCloudUpload": "true" }, "aws.greengrass.SecureTunneling": { "minimumLogLevel": "DEBUG", "logFileDirectoryPath": "/greengrass/v2/logs/", "logFileRegex": "aws.greengrass.SecureTunneling\\\\w*.log", "diskSpaceLimit": "2", "diskSpaceLimitUnit": "KB", "deleteLogFileAfterCloudUpload": "true" } } }, "periodicUploadIntervalSec": "10" }`, }, }, ```

I have multiple device to which my component is deployed to. I added a new device "my-device15", but the component was not properly started on it. I SSH'd into the device and fixed the problem. Can I retry the deployment only on this device without revising the deployment (since that would impact all the other device)?

I'd like to use a device's Thing name in the MQTT topic subscription for a Greengrass Lambda, e.g.: ``` { "topic": "hello/${AWS_IOT_THING_NAME}", "type": "IOT_CORE" } ``` This question was asked a year ago and the guidance was that this sort of configuration was not possible at that time, and instead one might setup the subscription manually within a pinned Lambda or custom component: https://repost.aws/questions/QU5dTq6p3mTsyT5dFPMtWvGA/v-2-use-thing-name-in-mqtt-topic-for-triggering-lambda Is that still the case today? Alternatively, would it be possible to use the configuration merge feature to modify the Lambda subscription to a device-specific topic after deployment or some other simple workaround? Apologies for the duplicate question if indeed the guidance is still the same as before!

Hi, For audit trail/security purposes we would like to store a log of AWS IoT Secure Tunnel instances, including dates, durations, etc. If possible, even the originating IP address. What would be the easiest way to log IoT Secure Tunnel instances in Cloudwatch ? I can see that tunnels are displayed in the IoT dash, but these disappear if the tunnel is deleted. Current setup: - Secure Tunnel Component deployed via Greengrass - Using the provided docker-run.sh / localproxy cli method to connect - If we wish to close tunnels before timeout we are using the "close/delete" tunnel method via the AWS dash

Hi, Please provide the tutorials in greengrass v2 document related to publishing the messages to IoT core from an imported lambda using greengrass v2.

I am trying to use lambdas on greengrass v2. I created and packaged the hello world lambda from the greengrass tutorial and deployed it to the core but it continues to error out. It doesnt seem to run to completion, or the lambda isnt getting called correctly and the core reports it as timed out. This is the stacktrace. How do I get this lambda to work in greeengrass v2? com.aws.greengrass.lambdamanager.StatusTimeoutException: Lambda status not received within timeout at com.aws.greengrass.lambdamanager.Lambda.lambda$createInstanceKeepAliveTask$5(Lambda.java:282) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833) aws.greengrass.LambdaManager 2.2.2 using Python Python 3.7 With the following hello world lambda ``` import json import awsiot.greengrasscoreipc import awsiot.greengrasscoreipc.client as client from awsiot.greengrasscoreipc.model import ( QOS, PublishToIoTCoreRequest ) TIMEOUT = 10 ipc_client = awsiot.greengrasscoreipc.connect() def greengrass_hello_world_run(): topic = "my/topic" message = "Hello, World" qos = QOS.AT_LEAST_ONCE request = PublishToIoTCoreRequest() request.topic_name = topic request.payload = bytes(message, "utf-8") request.qos = qos operation = ipc_client.new_publish_to_iot_core() operation.activate(request) future = operation.get_response() future.result(TIMEOUT) Timer(5, greengrass_hello_world_run).start() greengrass_hello_world_run() def lambda_handler(event, context): return ```

Hello All, First question: I'm trying to setup AWS IoT Greengrass V2 with a VPC Endpoint. I have setup the VPC Endpoint in a private subnet, however, when GG deployments occur i see errors in Greengrass logs as below, **greengras-ats**.ap-northeast-2.amazonaws.com:8443. Caused by: org.apache.http.conn.HttpHostConnectException: Connect to greengrass-ats.iot.ap-northeast-2.amazonaws.com:8443 The VPC Endpoint has the following DNS names, * greengrass.ap-northeast-2.amazonaws.com (**no ats**) * 3 DNS entries starting with vpce... Please can you provide or point me to a definitive guide on how VPC endpoints needs to setup for Greengrass V2 - https://docs.aws.amazon.com/greengrass/v2/developerguide/vpc-interface-endpoints.html , but this is not helping much. I also observed that the port 443 is able to be reached via the VPC Endpoint, but not 8443 for some reason. i have tried creating a Private Hosted zone on Route 53, it works, however the port 8443 problem still exists. Second question: is there a way to configure nucleus to port GreengrassDataPlanePort 443, when installing the GG V2, what are the steps? Thank you.

Hello, I recently onboarded one of 30 rpi's which acts like a streaming device using KVS ont aws iot Greengrass v2. I have tried with custom components and deploying them and all works fine but when i create a custom job like Amazon managed templates for rebooting the device, the greengrass is not recieving anything and the job stays in Queued State forever. I am trying to post a Snapshot type job. Any help is appreciated.

Hi, I am working on a greengrass V2 project that uses CDK to automate the deployment. Everything is working up to now. However, I would like to use the public shadow manager greengrass v2 component in the deployment. From the console, I can manually add the aws.greengrass.ShadowManager to the deployment. However, I would like to add this component programmatically using CDK. I copied the component recipe for the shadow manager and it shows that the URI is for example. I used this Uri in my CDK typescript template. ``` "Uri": "greengrass:n6*7r*yO*c9*QK*kN*77**G-G*H*bb*08*V*X50_k=/aws.greengrass.ShadowManager.jar" ``` but when I generate and deploy it using CDK I get an error: ``` Invalid Input: Encountered following errors in Artifacts: {greengrass:greengrass:n6*7r*yO*c9*QK*kN*77**G-G*H*bb*08*V*X50_k=/aws.greengrass.ShadowManager.jar = URI format does not meet the S3 URI requirements} ``` Do I need to copy the ShadowManager.jar to my S3 bucket and if so where can I download the ShadowManager.jar file from? I cant seem find any information on how I can deploy a public component such as the aws.greengrass.ShadowManager using CDK. I have been following this guide but this doesnt show how to deploy public components using CDK: https://github.com/aws-samples/aws-iot-greengrass-v2-using-aws-cdk Is there a good guide on deploying greengrass v2 public components using CDK? Could anyone be able to provide some guidance? Many thanks Oide

Is there a way to deploy a component with different configuration for each device group or tag ? We have different kind of device that should have slightly different component behavior. For instance, a device A may not want to use sensor X. Is there a way to have a deployment that deploys to all my devices, but has a configuration parameter specifically for device A ? I could implement htat using an API call ListTagsForResource but that would happen too late in my workflow. I could also have two different deployments with different config, but then I have no guarantee that all my device are running the same component version, plus the logic would now be replicated in two deployments. Edit: There seems to be a way to achieve it by setting "platformOverride" to the nucleus component, altough I am not sure how that would be done

Hello, there was a problem connecting the Greengrass Lambda function https://docs.aws.amazon.com/ko_kr/greengrass/v1/developerguide/configs-core.html This is the tutorial I was working on, but there was a problem when distributing the lambda function in the last stage. Deployment failed. And error message is Deployment 42c9ea0c-ac1d-44ce-bcbd-b7e7ca7d0163 of type NewDeployment for group 1e3d2692-8e85-499c-9f70-316a51233e3b failed error: The following cgroup subsystems are not mounted: devices, memory. How can i fix this?

We have a component that starts multiple container on our greengrass device using docker-compose. According to [the documentation](https://docs.aws.amazon.com/greengrass/v2/developerguide/run-docker-container.html), the correct way to provide the private docker images from ECR is to supply them as artefact: "URI": "docker:public.ecr.aws/cloudwatch-agent/cloudwatch-agent:latest" One important aspect of our project is that we can reuse layers of our images. We have limited bandwidth on our devices and images can be big (i.e. PyTorch). If we have modification to do to our images, usually only the last small layer will be updated over the limited bandwidth network. I am worried when we are using images as artifacts, the whole image is going to be re-downloaded. Is that the case ? I currently have a workaround of using the "install" lifecycle step to execute "docker-compose pull" and removing the artifacts, but that has the issue of being run on reboot, while I would rather only have it update the images when there is a new deployment.

Trying to use provision by claim and provisioning hook to admit the device. The provisioning hook output will return a formatted thingName rather than the name passed into the provisioning hook, >const requestedThingName = input.parameters.ThingName; > >.... > const output = { allowProvisioning: True, parameterOverrides: { ThingName: newThingName, }, this works, but on the device side, after iot mqtt session successfully established, in /greengrass/v2/config/effectiveConfig.yaml, the file looks like this: >system: > >certificateFilePath: "" > >privateKeyPath: "" > rootCaPath: "" > rootpath: "/greengrass/v2" > >thingName: "" > >services: > >aws.greengrass.FleetProvisioningByClaim: > >configuration: I would expect, updated thingName is there under thingName key. I can only see the newThingName in config.tlog: {"TS":1649181903995,"TP":["setenv","AWS_IOT_THING_NAME"],"W":"changed","V":"newThingName"} I think effectiveConfig.yaml should be updated.

Hi there, I am trying to write meta data to a file and upload it to s3 here is what i have. I am not sure what is the correct format for the user_metadata ``` class MediaMeta(BaseModel): data:str s3_export_task_definition = S3ExportTaskDefinition(input_url=self.src_file_path, bucket=self.bucket_name, key=self.key_to_file, user_metadata=meta_data.dict()) ``` thanks for your help

I try and connect from a client device over localMQTT to the broker on the greengrass core. However, when I connect, I get this error on the awsiotsdk side. I ran an almost identical script to this a couple months ago and I don't think it had the same problems. ``` Traceback (most recent call last): File "client_v2.py", line 76, in <module> connect_future.result() File "/Users/username/.pyenv/versions/3.8.11/lib/python3.8/concurrent/futures/_base.py", line 444, in result return self.__get_result() File "/Users/username/.pyenv/versions/3.8.11/lib/python3.8/concurrent/futures/_base.py", line 389, in __get_result raise self._exception awscrt.exceptions.AwsCrtError: AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE: TLS (SSL) negotiation failed ``` On the Core side, I have just the Moquette broker and the bridge and a component that subscribes to the messages coming off of LocalMqtt and through the bridge. This is the message in greengrass.log ``` 2022-04-05T07:00:56.397Z [ERROR] (nioEventLoopGroup-7-10) io.moquette.broker.NewNettyMQTTHandler: Unexpected exception while processing MQTT message. Closing Netty channel. CId=null. {} io.netty.handler.codec.DecoderException: javax.net.ssl.SSLProtocolException: Received close_notify during handshake at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:478) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.moquette.broker.metrics.BytesMetricsHandler.channelRead(BytesMetricsHandler.java:51) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:829) Caused by: javax.net.ssl.SSLProtocolException: Received close_notify during handshake at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:129) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:339) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:295) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:286) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:250) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:185) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681) at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433) at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1387) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1282) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1329) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447) ... 25 more 2022-04-05T07:00:56.399Z [INFO] (nioEventLoopGroup-7-10) io.moquette.broker.metrics.MQTTMessageLogger: Channel Inactive. {} ``` I'm using the mqtt_connection_builder.mtls_from_path function to create my connection setup between the client and the core, but obviously during the connect function itself it breaks because of the TLS handshake.

I am trying out GreenGrass v2 to see if it would fit our need to deploy our stack using docker-compose to our IoT devices. I have followed the steps [here](https://docs.aws.amazon.com/greengrass/v2/developerguide/run-docker-container.html) and setup a device with a deployment (i.e. 1.0.1). I am not exactly clear how components interact with docker-compose, it seems that even when I stop a container manually, it will reset on reboot. That is not a problem, but it also looks like when I publish a new deployment (i.e. 1.0.2), I still have containers from 1.0.1 still running, which ends up throwing errors because they are trying to access the same ressource. What is the correct approach to stop the docker-compose stack when I deploy a new update ?

Hi there, I have tried ``` RecipeFormatVersion: '2020-01-25' ComponentName: "{COMPONENT_NAME}" ComponentVersion: "{COMPONENT_VERSION}" ComponentDescription: '' ComponentPublisher: "{COMPONENT_AUTHOR}" ComponentConfiguration: DefaultConfiguration: secretArn: 'no_secret' Manifests: - Platform: os: linux Artifacts: - URI: s3://BUCKET_NAME/COMPONENT_NAME/COMPONENT_VERSION/secret_loader.zip Unarchive: ZIP Lifecycle: Setenv: SECRET_ARN={configuration:/secretArn} Install: python3 -m pip install --user -r {artifacts:decompressedPath}/secret_loader/requirements.txt Run: | export SECRET_ARN={configuration:/secretArn} python3 -u {artifacts:decompressedPath}/secret_loader/main.py ``` but still the component cant get the variable: `SECRET_ARN=os.getenv('SECRET_ARN')`

Hi. I have created a Greengrass fleet deployment workflow for my devices which works great - cloud resources are provisioned, claim certs are used to obtain device individual certs, and device gets connected. However in production environment the scenario will be different: 1. An IoT device is installed by an engineer in a newly built home, with no occupiers and no internet connection. 2. The Greengrass is ready to claim device certs and connect as soon as the device is powered up. 3. The device then is powered up by the installing engineer, meaning the Greengrass fleet provisioning plugin will try to do its job, but there is no internet connection, so it will fail. 4. The engineer will leave the device on, and it will be permanently on since now on. 5. The occupiers will move in some time later and install their broadband router, the Internet is now available. At this point, from my tests, I noticed the Greengrass/provisioning plugin won't detect Internet connection and won't try to register the device/obtain certs - meaning there is no retry functionality implemented. I understand that the device can be rebooted or Greengrass service restarted to initialize new registration attempt, however - if possible I'd like to avoid occupiers fiddling with the device, and prefer the device to the retry automatically. I also understand that I can write a software that will be automatically cyclically restarting the Greengrass service if the previous registration attempt failed (probably by checking if the thingCert.crt is present) but before I'll spend my time on coding, **the question is**: Is it possible to configure Greengrass to retry delayed provisioning using claim certificates if previous attempt has failed? Appreciate any help.

Hi there I have some problem with stream manager in ggv1, I can fix this after I reboot the device. However I dont think this is a good solution. Do you have any suggestion where I can look into ``` [2022-04-01T09:19:31.876+11:00][INFO]-imageCamera.py:108,>>> Get frame atm hour:9 - sleep_time:11 s [2022-04-01T09:19:31.876+11:00][INFO]-imageCamera.py:112,>>> Frame size from rtsp: (720, 1280, 3) [2022-04-01T09:19:31.889+11:00][INFO]-imageCamera.py:119,>>> Resized farme: (720, 1280, 3) [2022-04-01T09:19:32.002+11:00][INFO]-imageCamera.py:144, >>>>> realite-data-image Sleep time: 60 - payload size: 189004 [2022-04-01T09:19:32.002+11:00][INFO]-Response: 1065 [2022-04-01T09:19:39.336+11:00][INFO]-lambda_runtime.py:366,Caught signal 15. Stopping runtime. [2022-04-01T09:20:22.061+11:00][INFO]-imageCamera.py:173,>> Getting hub config ... [2022-04-01T09:20:22.064+11:00][INFO]-ipc_client.py:167,Posting work for function [:function:secret_loader] to http://localhost:8000/2016-11-01/functions/arn:aws:lambfunction:secret_loader [2022-04-01T09:20:22.078+11:00][INFO]-ipc_client.py:177,Work posted with invocation id [14ce6b2c-add7-4dc0-452d-be84d2700e4e] [2022-04-01T09:20:22.078+11:00][INFO]-ipc_client.py:290,Getting work result for invocation id [14ce6b2c-add7-4dc0-452d-be84d2700e4e] from http://localhost:8000/2016-11-01/functions/arn:aws:lambda:ap:function:secret_loader [2022-04-01T09:20:26.32+11:00][INFO]-ipc_client.py:298,Got result for invocation id [14ce6b2c-add7-4dc0-452d-be84d2700e4e] [2022-04-01T09:20:26.321+11:00][INFO]-imageCamera.py:175,>> Done ... [2022-04-01T09:20:26.321+11:00][INFO]-imageCamera.py:180,Setup tranfer stream [2022-04-01T09:20:26.628+11:00][INFO]-imageCamera.py:151, >>> Stream list: ['kstream1'] [2022-04-01T09:20:27.291+11:00][ERROR]-imageCamera.py:209, >>>>> Exception while running: Broken bit parity [2022-04-01T09:20:27.291+11:00][ERROR]-Traceback (most recent call last): [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/.imageCamera.14/imageCamera.py", line 182, in main [2022-04-01T09:20:27.291+11:00][ERROR]- stream_client=setup_data_stream(stream_name,kinesis_stream_name) [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/.function.imageCamera.14/imageCamera.py", line 154, in setup_data_stream [2022-04-01T09:20:27.291+11:00][ERROR]- client.delete_message_stream(stream_name=stream_name) [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/arn.aws.lambda.ap-southeast-Camera.14/greengrasssdk/stream_manager/streammanagerclient.py", line 448, in delete_message_stream [2022-04-01T09:20:27.291+11:00][ERROR]- return Util.sync(self._delete_message_stream(stream_name), loop=self.__loop) [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/.function.imageCamera.14/greengrasssdk/stream_manager/util.py", line 28, in sync [2022-04-01T09:20:27.291+11:00][ERROR]- return asyncio.run_coroutine_threadsafe(coro, loop=loop).result() [2022-04-01T09:20:27.291+11:00][ERROR]- File "/usr/lib/python3.7/concurrent/futures/_base.py", line 432, in result [2022-04-01T09:20:27.291+11:00][ERROR]- return self.__get_result() [2022-04-01T09:20:27.291+11:00][ERROR]- File "/usr/lib/python3.7/concurrent/futures/_base.py", line 384, in __get_result [2022-04-01T09:20:27.291+11:00][ERROR]- raise self._exception [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/arn.aws.lambda.ap-southeast-2era.14/greengrasssdk/stream_manager/streammanagerclient.py", line 352, in _delete_message_stream [2022-04-01T09:20:27.291+11:00][ERROR]- Util.raise_on_error_response(delete_stream_response) [2022-04-01T09:20:27.291+11:00][ERROR]- File "/greengrass/ggc/deployment/lambda/ar.imageCamera.14/greengrasssdk/stream_manager/util.py", line 148, in raise_on_error_response [2022-04-01T09:20:27.291+11:00][ERROR]- raise UnknownFailureException(response.error_message, response.status, response.request_id) [2022-04-01T09:20:27.291+11:00][INFO]-imageCamera.py:210,>>> restart module after 10s ```

Hi AWS community: I'm using AWS GreenGrass device shadow service to store some data, I'm interested in version history of device shadow so I could inspect data change over time, does device shadow service support such thing out of box? An alternative I'm exploring is finding out if device shadow supports any triggers so I can call lambda to record current device shadow document. (however I haven't found any documentations about this). Any advices are appreciated. Thank you

Hi there, I am just wondering is there a way that I can reuse my code between the component, kind of like lambda layer eg: ``` foo -- src ---- send_mqtt foo2 -- src ---- send_mqtt ``` So how can i use request the send_mqtt ? Thanks for your help

Hi there, I try to test my component locally, I have this AWS_ERROR_SUCCESS, what is this error btw ? ``` sudo /greengrass/v2/bin/greengrass-cli deployment create --recipeDir ~/Desktop/ms5/greengrass-build/recipes --artifactDir ~/Desktop/ms5/greengrass-build/artifacts --merge ms5=1.0.0 Mar 30, 2022 4:41:56 PM software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection$1 onConnectionSetup INFO: Socket connection /greengrass/v2/ipc.socket:8033 to server result [AWS_ERROR_SUCCESS] Mar 30, 2022 4:41:56 PM software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection$1 onProtocolMessage INFO: Connection established with event stream RPC server Local deployment submitted! Deployment Id: 7a45ceaf-8a5b-4c80-9c7e-cf74f4a35344 ``` ``` sudo /greengrass/v2/bin/greengrass-cli deployment status -i 7a45ceaf-8a5b-4c80-9c7e-cf74f4a35344 Mar 30, 2022 4:42:48 PM software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection$1 onConnectionSetup INFO: Socket connection /greengrass/v2/ipc.socket:8033 to server result [AWS_ERROR_SUCCESS] Mar 30, 2022 4:42:48 PM software.amazon.awssdk.eventstreamrpc.EventStreamRPCConnection$1 onProtocolMessage INFO: Connection established with event stream RPC server 7a45ceaf-8a5b-4c80-9c7e-cf74f4a35344: FAILED ```

I'm considering to monitor the connection status of all Greengrass core and client devices from the Fleet Hub. When interacting with local client devices, Fleet indexing never updates the connection state of the client device. I ran the sample Greengrass discovery application from the "Connect and test client devices" tutorial (https://docs.aws.amazon.com/greengrass/v2/developerguide/client-devices-tutorial.html). I was able to subscribe messages from client device by using MQTT test client, but connection status has been never updated. The connection state was updated when publishing directly to an IoT Core service endpoint from the client device. Can MQTT bridge component relay lifecycle events?

Here is my issue. I have fleet provisioning working good, and I have a deployment that goes to the devices in the group associated with the fleet provisioning. Everything is working fine. When I reset a device, it goes to the provisioning steps again, create a new key/certificate and reconnect to the things with the same name. Great, this way no shadow information is lost. The problem is, after provisioning again, the deployment is not pushed to the re-provisioned device, as if decision to deploy was made based on info on the cloud rather than the local device. How can I make sure that the deployment is pushed to a re-provisioned device? TIA

I'm following these Youtube tutorials: 1. https://www.youtube.com/watch?v=hAZ-nlAaSvw&ab_channel=Michael 2. https://www.youtube.com/watch?v=hAZ-nlAaSvw&ab_channel=Michael I was able to successfully deploy a component that printed "hello world!" based on the first YouTube tutorial. I had no problems reading from the s3 bucket. I'm now deploying a new component version in the second tutorial. I have the following recipe: ``` --- RecipeFormatVersion: '2020-01-25' ComponentName: com.example.HelloWorld ComponentVersion: '1.1.0' ComponentDescription: My first AWS IoT Greengrass component. ComponentPublisher: Me ComponentConfiguration: DefaultConfiguration: {} Manifests: - Platform: os: linux Lifecycle: Run: PYTHONPATH="{artifacts:decompressedPath)/helloWorld/dependencies" python3 -u {artifacts:decompressedPath}/helloWorld/hello_world.py Artifacts: - URI: s3://greengrass-tutorial/com.example.HelloWorld/1.1.0/helloWorld.zip Unarchive: ZIP ``` I have uploaded my helloWorld.zip to the greengrass-tutorial s3 bucket using the aws cli: ``` aws s3 cp ./helloWorld.zip s3://greengrass-tutorial/com.example.HelloWorld/1.1.0/helloWorld.zip ``` the helloWorld.zip contains hello_world.py and a dependencies folder. When I click "Create version" I get the following error message: Invalid Input: Encountered following errors in Artifacts: {s3://greengrass-tutorial/com.example.HelloWorld/1.1.0/helloWorld.zip = Specified artifact resource cannot be accessed} Would anyone be able to help me?

Hi there, How can i set up the EventBridge so that it can catch the ggv2 deployment status events and trigger a lambda.

Hi there I tried to deploy a component to a new provisioned device, however i encounter this error com.aws.greengrass.deployment.DeploymentConfigMerger: merge-config. merge-config-service BROKEN here is part of the logs ``` 2022-03-20T23:26:34.797Z [INFO] (pool-2-thread-6) com.aws.greengrass.componentmanager.ComponentManager: Found running component which meets the requirement and use it.. {ComponentIdentifier=rtt.ancillary-v1.0.1} 2022-03-20T23:26:34.798Z [INFO] (pool-2-thread-6) com.aws.greengrass.componentmanager.ComponentManager: Found the best local candidate that satisfies the requirement.. {LocalCandidateId=rtt.ancillary-v1.0.1} 2022-03-20T23:26:35.377Z [INFO] (pool-2-thread-6) com.aws.greengrass.componentmanager.ComponentManager: resolve-component-version-end. Resolved component version.. {ResolvedComponent=rtt.ancillary-v1.0.1} 2022-03-20T23:26:35.409Z [INFO] (pool-2-thread-6) com.aws.greengrass.componentmanager.DependencyResolver: resolve-group-dependencies-finish. Finish resolving group dependencies. {resolvedComponents={rtt.ancillary=ComponentMetadata(componentIdentifier=rtt.ancillary-v1.0.1, dependencies={})}, componentToVersionRequirements={rtt.ancillary={thing/test123==1.0.1}}} 2022-03-20T23:26:35.439Z [INFO] (pool-2-thread-6) com.aws.greengrass.componentmanager.ComponentManager: prepare-package-start. {packageIdentifier=rtt.ancillary-v1.0.1} 2022-03-20T23:26:35.502Z [INFO] (pool-2-thread-5) com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService: register-service-update-action. {action=0-071b-439e-9e57-303d24e2748f, serviceName=UpdateSystemPolicyService, currentState=RUNNING} 2022-03-20T23:26:35.508Z [INFO] (pool-2-thread-6) com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService: service-update-start. {serviceName=UpdateSystemPolicyService, currentState=RUNNING} 2022-03-20T23:26:35.513Z [INFO] (pool-2-thread-6) com.aws.greengrass.deployment.DeploymentConfigMerger: merge-config. Applying deployment changes, deployment cannot be cancelled now. {deployment=07e027a5-071b-439e-9e57-303d24e2748f} 2022-03-20T23:26:35.514Z [INFO] (pool-2-thread-6) com.aws.greengrass.deployment.DeploymentDirectoryManager: Persist configuration snapshot. {file=/greengrass/v2/deployments/07e027a5-071b-439e-9e57-303d24e2748f/rollback_snapshot.tlog} 2022-03-20T23:26:35.574Z [INFO] (main-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=main, currentState=FINISHED, newState=INSTALLED} 2022-03-20T23:26:35.587Z [INFO] (Serialized listener processor) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-config-change. Requesting restart for component. {configNode=services.main.lifecycle, serviceName=main, currentState=INSTALLED} 2022-03-20T23:26:35.804Z [ERROR] (pool-2-thread-14) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-errored. {reason=Script errored in install, serviceName=rtt.ancillary, currentState=NEW} 2022-03-20T23:26:35.806Z [INFO] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=rtt.ancillary, currentState=NEW, newState=ERRORED} 2022-03-20T23:26:35.807Z [INFO] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=rtt.ancillary, currentState=ERRORED, newState=NEW} 2022-03-20T23:26:35.905Z [ERROR] (pool-2-thread-14) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-errored. {reason=Script errored in install, serviceName=rtt.ancillary, currentState=NEW} 2022-03-20T23:26:35.905Z [INFO] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=rtt.ancillary, currentState=NEW, newState=ERRORED} 2022-03-20T23:26:35.906Z [INFO] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=rtt.ancillary, currentState=ERRORED, newState=NEW} 2022-03-20T23:26:35.996Z [ERROR] (pool-2-thread-14) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-errored. {reason=Script errored in install, serviceName=rtt.ancillary, currentState=NEW} 2022-03-20T23:26:35.997Z [INFO] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=rtt.ancillary, currentState=NEW, newState=BROKEN} 2022-03-20T23:26:35.997Z [ERROR] (rtt.ancillary-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-broken. service is broken. Deployment is needed. {serviceName=rtt.ancillary, currentState=BROKEN} 2022-03-20T23:26:36.701Z [WARN] (pool-2-thread-6) com.aws.greengrass.deployment.DeploymentConfigMerger: merge-config. merge-config-service BROKEN. {serviceName=rtt.ancillary} 2022-03-20T23:26:36.702Z [ERROR] (pool-2-thread-6) com.aws.greengrass.deployment.activator.DeploymentActivator: merge-config. Deployment failed. {deploymentId=07e027a5-439e-9e57-303d24e} com.aws.greengrass.deployment.exceptions.ServiceUpdateException: Service rtt.ancillary in broken state after deployment at com.aws.greengrass.deployment.DeploymentConfigMerger.waitForServicesToStart(DeploymentConfigMerger.java:194) at com.aws.greengrass.deployment.activator.DefaultActivator.activate(DefaultActivator.java:84) at com.aws.greengrass.deployment.DeploymentConfigMerger.updateActionForDeployment(DeploymentConfigMerger.java:150) at com.aws.greengrass.deployment.DeploymentConfigMerger.lambda$mergeInNewConfig$0(DeploymentConfigMerger.java:102) at com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService.runUpdateActions(UpdateSystemPolicyService.java:95) at com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService.lambda$startup$0(UpdateSystemPolicyService.java:165) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) 2022-03-20T23:26:36.708Z [INFO] (pool-2-thread-6) com.aws.greengrass.deployment.activator.DeploymentActivator: merge-config. Rolling back failed deployment. {deploymentId=07e027a5-071b-9e57-303d} 2022-03-20T23:26:36.769Z [INFO] (pool-2-thread-6) com.aws.greengrass.config.ConfigurationWriter: truncate-tlog. queued immediate truncation. {} 2022-03-20T23:26:36.882Z [INFO] (Serialized listener processor) com.aws.greengrass.config.ConfigurationWriter: truncate-tlog. completed successfully. {} 2022-03-20T23:26:36.889Z [INFO] (pool-2-thread-6) com.aws.greengrass.deployment.DeploymentConfigMerger: merge-config. Removing services. {service-to-remove=[rtt.ancillary]} 2022-03-20T23:26:36.889Z [INFO] (pool-2-thread-14) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-close. Service is now closing. {serviceName=rtt.ancillary, currentState=BROKEN} ``` here is my deployment config ``` { "targetArn": "arn:aws:iot::thing/test123", "revisionId": "2", "deploymentId": "07e027a5-9e57-303d2", "deploymentName": "update firmware", "deploymentStatus": "ACTIVE", "components": { "rtt.ancillary": { "componentVersion": "1.0.1", "configurationUpdate": { "merge": "{\"thing_name\":\"test_name\"}" } } }, "deploymentPolicies": { "failureHandlingPolicy": "ROLLBACK", "componentUpdatePolicy": { "timeoutInSeconds": 30, "action": "NOTIFY_COMPONENTS" }, "configurationValidationPolicy": { "timeoutInSeconds": 60 } }, "iotJobConfiguration": { "jobExecutionsRolloutConfig": { "exponentialRate": { "baseRatePerMinute": 5, "incrementFactor": 2.0, "rateIncreaseCriteria": { "numberOfNotifiedThings": 10, "numberOfSucceededThings": 5 } }, "maximumPerMinute": 50 }, "timeoutConfig": { "inProgressTimeoutInMinutes": 15 } }, "creationTimestamp": 1647818095.423, "isLatestForTarget": true, "tags": { "PRODUCT": "GGv2 Deployment" } } ```

Hi there I have a problem with the iot permision on my device which already have gg installed and running so when i run the gg installer I put GGTokenAccessRole for "iotRoleAlias" instead of the actual name ``` 2022-03-18T05:43:45.295Z [ERROR] (pool-2-thread-5) com.aws.greengrass.tes.CredentialRequestHandler: TES responded with status code: 403. Caching response. {"message":"Access Denied"}. {iotCredentialsPath=/role-aliases/GGTokenAccessRole/credentials} 2022-03-18T05:43:45.296Z [ERROR] (pool-2-thread-5) com.aws.greengrass.tes.CredentialRequestHandler: Error in retrieving AwsCredentials from TES. {iotCredentialsPath=/role-aliases/GGTokenAccessRole/credentials, credentialData=TES responded with status code: 403. Caching response. {"message":"Access Denied"}} 2022-03-18T05:44:27.897Z [ERROR] (pool-2-thread-5) com.aws.greengrass.tes.CredentialRequestHandler: Error in retrieving AwsCredentials from TES. {iotCredentialsPath=/role-aliases/GGTokenAccessRole/credentials, credentialData=TES responded with status code: 403. Caching response. {"message":"Access Denied"}} 2022-03-18T05:45:22.119Z [ERROR] (pool-2-thread-5) com.aws.greengrass.tes.CredentialRequestHandler: Error in retrieving AwsCredentials from TES. {iotCredentialsPath=/role-aliases/GGTokenAccessRole/credentials, credentialData=TES responded with status code: 403. Caching response. {"message":"Access Denied"}} ``` Also i did not create iot aliase so i wonder if that is a problem? can it use a IAMF role directly ? Thanks for your help

What is the recommended approach for querying data from both AWS IoT & Greengrass V2? I have been attempting to use the SDK to get the data required, but I am forced to use multiple API calls *per device* to get the required data, which results in Rate Exceeded errors. Is there a way to build a query either with Fleet Hub or Fleet Indexing to get the data below without multiple calls? thingName, thingId, shadow, thing connectivity, Greengrass core version, Greengrass status, Greengrass installed components

Problem passing arguments with non alpha chars, being 'ignored' When I configure a component with an argument, as below "ComponentConfiguration": { "DefaultConfiguration": { "Slot": "1-2-3-4" } }, At the end, when the pythonscript is being launched using that argument, say: "Run": "python {artifacts:decompressedPath}/program/myscript.py \"{configuration:/Slot}\"" At the Edge device it is being passed as myscript 1 <------------missing -2-3-4 It seems documentation is missing, I need more arguments being passed into 'Slot' but not filtered by some unknown mechanism. How to solve it? Spaces and comma's have been tried already. THANKS

I have a GreenGrass device that can be intermittently offline, and I would like to inform the server of important events that happen. Is there a message queuing system I can use within GreenGrass where I publish the event locally and whenever the Device is re-connected it will deliver this message. Can I use IoT-Core for this ? Will it allow me to publish multiple messages to a topic and will they all get cached until delivery, and they arrive in the same order that they were sent with ? Does it have a 'save to disk' option so it will retain the messages for delivery even in-between reboots ?

Hi there, I have setup everything according to this guide https://docs.aws.amazon.com/greengrass/v2/developerguide/fleet-provisioning.html but when it run ``` sudo -E java -Droot="/greengrass/v2" -Dlog.store=FILE \ -jar ./GreengrassInstaller/lib/Greengrass.jar \ --trusted-plugin ./GreengrassInstaller/aws.greengrass.FleetProvisioningByClaim.jar \ --init-config ./GreengrassInstaller/config.yaml \ --component-default-user ggc_user:ggc_group \ --setup-system-service true ``` iot returns CLIENT ERROR in $aws/events/presence/connected/4df1e0dd-c0ab-4fae-8642-f5c30 so i check the ip, which is the ip of my device ``` { "clientId": "4df1e0dd-c0ab-4fae-8642-f5c307", "timestamp": 1646954873555, "eventType": "connected", "sessionIdentifier": "da85a477-c309-4ed6-92e0-ccdf1fa", "principalIdentifier": "de56ae093b3d75481acf40b3d30e38053ad2e8219fa925e8b9ecc", "ipAddress": "", "versionNumber": 0 } { "clientId": "4df1e0dd-c0ab-4fae-8642-f5c307", "timestamp": 1646954873704, "eventType": "disconnected", "clientInitiatedDisconnect": false, "sessionIdentifier": "da85a477-c309-4ed6-92e0-ccdf1fa", "principalIdentifier": "de56ae093b3d75481acf40b3d30e38053ad2e8219fa925e8b9ecc", "disconnectReason": "CLIENT_ERROR", "versionNumber": 0 } ``` Thanks for your helps

I am trying to run the latest IDT on an Onyx ACCEL-JS500 (Jetson AGX Xavier, aarm64). It all runs fine except for the ML tests, which wait 5 minutes for Greengrass deployments and time out. The other test cases seem to have 2 minute deployment timeouts and succeed with no problem. I realized that the box was already running GG as a Core device, but that didn't seem to interfere with the other tests. Nevertheless, I ran `systemctl stop greengrass` and re-ran just the ML tests, which failed exactly as before. From what I can interpret in the [logs](https://gist.github.com/ceich/be258598949ae5025171033d08c05d00), the dependent component DLR did not start. Is this component known to work on aarm64?

Hi there, I am just confuse about the provisioning process on greengrass v2. I just wonder at which point the provisioning process is triggered - as in a Core devices is created in AWS IoT Core. so I follow the guide https://docs.aws.amazon.com/greengrass/v2/developerguide/fleet-provisioning.html for fleet provisioning, I got the gg software running on my rpi. seem like the gg software is installed correctly. ``` pi@raspberrypi:~ $ ls /greengrass/v2 alts bin cli_ipc_info deployments logs plugins work AmazonRootCA1.pem claim-certs config ipc.socket packages telemetry ``` ``` pi@raspberrypi:~ $ sudo systemctl status greengrass.service ● greengrass.service - Greengrass Core Loaded: loaded (/etc/systemd/system/greengrass.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2022-03-09 16:39:32 AEDT; 1min 10s ago Main PID: 3551 (sh) ``` Thanks for your time.

I am trying to create a provisioning template with a hook lambda for greengras v2. and it show this error here is the command i used: ``` aws iot create-provisioning-template \ --template-name GreengrassFleetProvisioningTemplate \ --description "A provisioning template for Greengrass core devices." \ --provisioning-role-arn "arn:aws:iam:::role/GreengrassFleetProvisioningRole" \ --template-body file://greengrass-fleet-provisioning-template.json \ --pre-provisioning-hook targetArn=arn:aws:lambda:::function:preprovisioning \ --enabled ``` and here is the error: ``` An error occurred (InvalidRequestException) when calling the CreateProvisioningTemplate operation: Access denied during validating provisioning hook, Hook: arn:aws:lambda:ap-southeast-2::function:preprovisioning ``` i tried to add "lambda:*" to GreengrassFleetProvisioningRole, and i am sure my aws account has all permissions required to do this. Where should i look into to fix this error Thanks for your time.

Hi, I've create and registered a CA certificate in IoT core. When I use this for greengrass fleet provisioning it fails with ``` java.lang.RuntimeException: software.amazon.awssdk.crt.mqtt.MqttException: TLS (SSL) negotiation failed ``` The documentation is not very clear about how to use it with Greengrass. But the existence of "Automatic certificate registration" when doing "Register CA certificate" suggests it should work and I'm missing something. Any advice much appreciated.

Hello! I created a Greengrass core device through the [online tutorials](https://docs.aws.amazon.com/greengrass/v2/developerguide/getting-started.html). On step **5b** I followed the **recommended option**, so I think it uses *sts:AssumeRole* for authentication. Everything is working fine and I tried to install and use the AWS StreamManager Component. I updated my deployment and Stream Manager was successfully installed on my core device. But when I created a stream and appended data to that stream, I got errors in `/greengrass/v2/logs/aws.greengrass.StreamManager.log` about Stream Manager not being able to connect to IoT Analytics. The full debug logs of Stream Manager can be found in [this gist](https://gist.github.com/hacor/364face5e03d1065ceccc04e88ed29cb) I found following issues in this logs: - Line #140: `2022-03-04T08:30:35.708Z [INFO] (Copier) aws.greengrass.StreamManager: stdout. 2022 Mar 04 08:30:35,707 [DEBUG] (pool-7-thread-1) com.amazonaws.auth.AWSCredentialsProviderChain: Unable to load credentials from WebIdentityTokenCredentialsProvider: To use assume role profiles the aws-java-sdk-sts module must be on the class path.. {scriptName=services.aws.greengrass.StreamManager.lifecycle.startup.script, serviceName=aws.greengrass.StreamManager, currentState=STARTING} ` - Line #167: `2022-03-04T08:30:36.085Z [INFO] (Copier) aws.greengrass.StreamManager: stdout. 2022 Mar 04 08:30:36,074 [ERROR] (pool-7-thread-1) com.amazonaws.iot.greengrass.streammanager.export.destination.IOTAnalyticsDestination: Encountered error while exporting data to AWS IoT Analytics. {scriptName=services.aws.greengrass.StreamManager.lifecycle.startup.script, serviceName=aws.greengrass.StreamManager, currentState=STARTING} ` When I created the file `/home/ggc_user/.aws/credentials` using basic credentials ```bash [default] aws_access_key_id = ****** aws_secret_access_key = ******* ``` Stream manager works perfectly. As I read in the logs, the Stream Manager package should have the `aws-java-sdk-sts` module as a dependency in order to work with this method. Because the Stream manager component is not open source, I'm unable to create a PR. So I hope this message will reach the Stream Manager developers. Here are the component versions used in my deployment: ```bash Component Name: aws.greengrass.StreamManager Version: 2.0.14 State: RUNNING Configuration: {"JVM_ARGS":"","LOG_LEVEL":"DEBUG","port":"8088","runWithDefault":{"posixUser":"ggc_user:ggc_group"},"STREAM_MANAGER_AUTHENTICATE_CLIENT":false,"STREAM_MANAGER_ENABLE_LOCK_ON_METADATA_STORE":"false","STREAM_MANAGER_EXPORTER_MAX_BANDWIDTH":"2147483647","STREAM_MANAGER_EXPORTER_S3_DESTINATION_MULTIPART_UPLOAD_MIN_PART_SIZE_BYTES":"5242880","STREAM_MANAGER_EXPORTER_THREAD_POOL_SIZE":"5","STREAM_MANAGER_SERVER_PORT":"8088","STREAM_MANAGER_STORE_ROOT_DIR":"."} Component Name: aws.greengrass.TokenExchangeService Version: 2.0.3 State: RUNNING Configuration: {"port":0.0} Component Name: aws.greengrass.Nucleus Version: 2.5.3 State: FINISHED Configuration: {"awsRegion":"eu-central-1","componentStoreMaxSizeBytes":"10000000000","deploymentPollingFrequencySeconds":"15","envStage":"prod","fleetStatus":{"periodicStatusPublishIntervalSeconds":86400.0},"greengrassDataPlanePort":"8443","httpClient":{},"iotCredEndpoint":"c18zy2f9lrcrq0.credentials.iot.eu-central-1.amazonaws.com","iotDataEndpoint":"a3sh1t0ug8wcry-ats.iot.eu-central-1.amazonaws.com","iotRoleAlias":"GreengrassV2TokenExchangeRoleAlias","jvmOptions":"-Dlog.store=FILE","logging":{},"mqtt":{"spooler":{}},"networkProxy":{"proxy":{}},"platformOverride":{},"runWithDefault":{"posixShell":"sh","posixUser":"ggc_user:ggc_group"},"telemetry":{}} ``` Best regards, Hacor

Hello, I understand that i can use (and am using) the base greengrass install to publish and subscribe to local mqtt topics. To publish and subscribe i need to use the aws-iot-sdk (c++) library. - is it possible to use a standard mqtt library to talk to this internal greengrass broker as well ? or do i need to use the aws-iot-sdk ? I would like to use 1 broker to let all my greengrass components and external tablets talk to each other, so i would like to use it as a 'message bus' I also found a **aws.greengrass.clientdevices.mqtt.Moquette** broker (which i assume is like mosquitto) that can be installed on a greengrass device. I assume i can talk to this broker with any mqtt client library (even the libmosquitto ?) - are these assumptions correct ? how would i make the choice of which broker to use ? the internal greengrass topics or the extra moquette broker ? what is the idea behind having 2 types of brokers ? kind regards, Tom

I have a python greengrass component that in itself is in a compressed artifact. I also have a non-compressed artifact in test/route.nmea that i want to access from within the python component. ``` "Artifacts": [ { "URI": "s3://jeteye/components/artifacts/au.com.company.gg_gps_publish/0.0.123/gg_gps_publish.zip", "Unarchive": "ZIP" }, { "URI": "s3://jeteye/components/artifacts/au.com.company.gg_gps_publish/0.0.123/test/route.nmea", "Unarchive": "NONE" } ``` i tried: `g_nmea_file = os.path.dirname(os.path.abspath(__file__)) + '/../test/route.nmea' ` but that ends up pointing to the decompressed artifact directory : `/greengrass/v2/packages/artifacts-unarchived/au.com.company.gg_gps_publish/0.0.123/gg_gps_publish/test/route.nmea` is there a greengrass call to get access the non-unarchived artifact directory like: `/greengrass/v2/packages/artifacts/au.com.company.gg_gps_publish/0.0.123/gg_gps_publish/` ? I have also tried to pass in the **{artifacts:path}** variable that is available in the receipe by adding it to a config: ``` "ComponentConfiguration": { "DefaultConfiguration": { "GGV2ComponentConfig": { "current_version" : "0.0.123", "gps_tick_topic" : "gps/tick", "timeout_sec" : 10, "test_nmea_file" : "{artifacts:path}/test/route.nmea" }, ``` and passing it into the python like: ``` "Lifecycle": { "Install": "pip3 install awsiotsdk pynmeagps", "Run": { "Script": "python3 -u {artifacts:decompressedPath}/gg_gps_publish/main.py '{configuration:/GGV2ComponentConfig}'", "RequiresPrivilege": "false" } }, ``` when i read the GGV2ComponentConfig.test_nmea_file configuration , the **{artifacts:path}** part is empty

In the case of an AWS Greengrass Core Device (V2) that has components which perform the following: - Downloading from AWS S3 - Subscribing to AWS IoT MQTT Topics + receiving messages - Posting to AWS IoT MQTT Topics - Uploading to S3 buckets - Downloading container images from ECR as part of a Greengrass component where each of these operations is carried out in a component, being permitted via the TokenExchangeRole, which AWS endpoints are being used? In the case of the S3 operations, this page (https://docs.aws.amazon.com/general/latest/gr/s3.html) lists a number of endpoints for our region, which ones of these would be used in the case of a greengrass component interacting with S3?

I setup an IoT greengrass core device with the aws.greengrass.LogManager plugin but its not pushing logs to cloudwatch. I created the GreengrassV2TokenExchangeRole + policy with cloudformation (since i want to manage the role and policy myself and deploy it to multiple accounts) and passed that to the greengrass installer as an argument. The policy is of the same type (customer managed) and has the same permission scope as when the installer creates it, Im not sure if this is actually causing issues for the component but I really dont know what else it could be. Questions: - Is it possible to manage the IAM policy and role in cloudformation and have AWS greengrass nucleus use it? - Should i even be doing it like this? - if no then Is there a different/better approach to achieve this? Side notes - There are no errors about the logmanager not being able to push logs to cloudwatch in the greengrass.log file. - The access adviser of the policy i see that it has never been accessed throughout the tracking period. - Having Greengrass create the roles and policies itself works.

Hi there, i just upgrade my Greengrass (GG) core software from 1.10 to 1.11.5. Cus i want to use S3ExportTaskDefinition. However there is some error with the create_message_stream() the attached is the log of my lambda (which i copy from: https://github.com/aws-greengrass/aws-greengrass-stream-manager-sdk-python) I manually trackback and found the error at line 336 `result = await self.__requests[data.request_id].get()` in the streammanagerclient.py::__send_and_receive() GGStreamManager.log ``` [2022-02-28T16:43:51.367+11:00][ERROR]-Feb 28, 2022 4:43:51 PM com.amazonaws.internal.DefaultServiceEndpointBuilder getServiceEndpoint [2022-02-28T16:43:51.367+11:00][ERROR]-INFO: {iotsitewise, ap-southeast-2} was not found in region metadata, trying to construct an endpoint using the standard pattern for this region: 'iotsitewise.ap-southeast-2.amazonaws.com'. [2022-02-28T16:43:51.646+11:00][INFO]- (main) com.amazonaws.iot.greengrass.streammanager.server.StreamServer: Starting streamServer on port: 8088 [2022-02-28T16:43:51.665+11:00][INFO]- (main) com.amazonaws.iot.greengrass.streammanager.export.decider.Decider: Starting decider [2022-02-28T16:43:52.186+11:00][INFO]- (pool-6-thread-1) com.amazonaws.iot.greengrass.streammanager.server.StreamServer: StreamServer ready to accept connections on port 8088 [2022-02-28T16:43:52.207+11:00][INFO]-Putting initialization result for function arn [arn:aws:lambda:::function:GGStreamManager:1] to http://localhost:8000/2016-11-01/functions/arn:aws:lambda:::function:GGStreamManager:1/initialized [2022-02-28T16:43:52.377+11:00][INFO]-Put initialization result for function arn [arn:aws:lambda:::function:GGStreamManager:1] [2022-02-28T16:43:53.407+11:00][ERROR]- (nioEventLoopGroup-3-1) com.amazonaws.iot.greengrass.streammanager.server.handlers.CreateMessageStreamRequestHandler: Encountered unknown exception while creating message stream SomeStatusStreamName [2022-02-28T16:43:53.407+11:00][ERROR]-org.mapdb.DBException$PointerChecksumBroken: Broken bit parity [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.DataIO.parity4Get(DataIO.java:476) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.StoreWAL.longStackLoadChunk(StoreWAL.kt:732) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.StoreWAL.longStackPut(StoreWAL.kt:712) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.StoreDirectAbstract.releaseData(StoreDirectAbstract.kt:367) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.StoreWAL.updateProtected(StoreWAL.kt:455) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.StoreWAL.update(StoreWAL.kt:426) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.IndexTreeListJava.treePut(IndexTreeListJava.java:341) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.IndexTreeLongLongMap.put(IndexTreeLongLongMap.kt:77) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.HTreeMap.putprotected(HTreeMap.kt:363) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at org.mapdb.HTreeMap.put(HTreeMap.kt:324) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at com.amazonaws.iot.greengrass.streammanager.dao.MapDbMetadataDao.put(MapDbMetadataDao.java:73) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at com.amazonaws.iot.greengrass.streammanager.store.log.LogStore.createMessageStream(LogStore.java:113) ~[AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at com.amazonaws.iot.greengrass.streammanager.server.handlers.CreateMessageStreamRequestHandler.handle(CreateMessageStreamRequestHandler.java:41) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at com.amazonaws.iot.greengrass.streammanager.server.handlers.MessageStreamHandler.channelRead(MessageStreamHandler.java:133) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:321) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:295) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:321) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:295) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.407+11:00][ERROR]- at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [AWSGreengrassStreamManager.jar:?] [2022-02-28T16:43:53.408+11:00][ERROR]- at java.lang.Thread.run(Thread.java:834) [?:?] ``` thanks for your help

Hello, we would like to ask how to configure LOG_LEVEL of messages produced by python components? We are using Nucleus(=2.5.3) with the following config: ``` "logging": { "format": "JSON" } ``` Please, consider the following Python script: ``` print(f'This is an INFO message.', file=sys.stdout) print(f'This is an WARN message.', file=sys.stderr) ``` This produces the following two messages in the log file: ``` {"thread":"Copier","level":"INFO","eventType":"stdout","message":"This is an INFO message.","contexts":{"scriptName":"TEST.lifecycle.Run.Script","serviceName":"TEST","currentState":"RUNNING"},"loggerName":"TEST","timestamp":1646058300228,"cause":null} {"thread":"Copier","level":"WARN","eventType":"stderr","message":"This is an WARN message.","contexts":{"scriptName":"TEST.lifecycle.Run.Script","serviceName":"TEST","currentState":"RUNNING"},"loggerName":"TEST","timestamp":1646058300228,"cause":null} ``` To our understanding, the field "level" in the JSON object is deduced from the file to which the log message is written: - stdout -> INFO - stderr -> WARN We would like to be able to use all of the four different levels described in the GreenGrass Nucleus [documentation](https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-nucleus-component.html#greengrass-nucleus-component-configuration-logging-format) (DEBUG, INFO, WARNING, ERROR). What do we need to to to be able to log a message using level 'DEBUG' or 'ERROR' (i.e. the field "level" in the produced message has a value of "DEBUG" or "ERROR")? Thank you kindly, Simon

I wonder if there is a simple way to get a component to update the Greengrass Core device network proxy? I tried updating effectiveConfig.yaml, but it seems it is overwritten upon reboot. I also tried hacking at Nucleus component recipes, but to no avail. I have a component that allows to remotely reconfigure a device network, but the use of proxy is tricky since Greengrass also needs to be reconfigured. Any help appreciated

Hi there, I have a problem when I am installing the AWS Greengrass package on a Windows 10 OS. I have followed all the steps provided by the AWS Greengrass set-up webpage, but unfortunatelly, it does not work. The set-up command I am writing: java "-Droot=C:\greengrass\v2" "-Dlog.store=FILE" -jar .\lib\Greengrass.jar --init-config .\config-CoreDevice01.yaml --component-default-user ggc_user --setup-system-service true The output from the program: Error while trying to setup Greengrass Nucleus java.lang.RuntimeException: Cannot create all required directories at com.aws.greengrass.lifecyclemanager.KernelCommandLine.initPaths(KernelCommandLine.java:191) at com.aws.greengrass.lifecyclemanager.KernelCommandLine.lambda$parseArgs$0(KernelCommandLine.java:147) at com.aws.greengrass.config.Topic.subscribe(Topic.java:50) at com.aws.greengrass.lifecyclemanager.KernelCommandLine.parseArgs(KernelCommandLine.java:147) at com.aws.greengrass.lifecyclemanager.Kernel.parseArgs(Kernel.java:591) at com.aws.greengrass.easysetup.GreengrassSetup.performSetup(GreengrassSetup.java:296) at com.aws.greengrass.easysetup.GreengrassSetup.main(GreengrassSetup.java:269) Caused by: java.nio.file.attribute.UserPrincipalNotFoundException at java.base/sun.nio.fs.WindowsUserPrincipals.lookup(WindowsUserPrincipals.java:147) at java.base/sun.nio.fs.WindowsFileSystem$LookupService$1.lookupPrincipalByGroupName(WindowsFileSystem.java:250) at com.aws.greengrass.util.platforms.windows.WindowsPlatform$WindowsFileSystemPermissionView.aclEntries(WindowsPlatform.java:413) at com.aws.greengrass.util.platforms.windows.WindowsPlatform$WindowsFileSystemPermissionView.<init>(WindowsPlatform.java:326) at com.aws.greengrass.util.platforms.windows.WindowsPlatform.getFileSystemPermissionView(WindowsPlatform.java:458) at com.aws.greengrass.util.platforms.Platform.setPermissions(Platform.java:167) at com.aws.greengrass.util.platforms.Platform.setPermissions(Platform.java:129) at com.aws.greengrass.util.Permissions.setRootPermission(Permissions.java:93) at com.aws.greengrass.util.NucleusPaths.setRootPath(NucleusPaths.java:99) at com.aws.greengrass.lifecyclemanager.KernelCommandLine.initPaths(KernelCommandLine.java:170) The yaml file: --- system: certificateFilePath: "C:\greengrass\v2\X.cert.pem" privateKeyPath: "C:\greengrass\v2\Y.private.key" rootCaPath: "C:\greengrass\v2\AmazonRootCA1.pem" rootpath: "C:\greengrass\v2" thingName: "co2sink-dev-CoreDevice01" services: aws.greengrass.Nucleus: componentType: "NUCLEUS" version: "2.5.2" configuration: awsRegion: "eu-west-1" iotRoleAlias: "co2sink-dev-TokenExchangeRoleAlias" iotDataEndpoint: "aa598pljtwur1-ats.iot.eu-west-1.amazonaws.com" iotCredEndpoint: "cszj6chx6z301.credentials.iot.eu-west-1.amazonaws.com" I hope you could help, looking forward to hearing from you. Kind regards. Daniel.

I'm getting an error: `Unable to execute HTTP request: Remote host terminated the handshake` This occurs during the call to `DeviceProvisioningHelper.createThing(DeviceProvisioningHelper.java:204)` -> `software.amazon.awssdk.services.iot.DefaultIotClient.getPolicy(DefaultIotClient.java:8787)` I am running a custom greengrass-entrypoint.sh to install version 2.5.3 on a docker container with Ubuntu 18.04 base image using automatic provisioning on an armv7 device that worked before with version 2.4.0. Separately, I have successfully installed a 2.5.3 using automatic provisioning by command line on an Ubuntu VM just fine. My network admin opened up port 8883 which allowed gg to install/run. What could be causing the above HTTP request error? Thanks Here is a partial log. I cannot post a question with the full log it must be too long for posting here: ``` root@80d214eacd4c:/greengrass/v2/logs# cat greengrass.log 2022-02-16T21:13:17.982Z [INFO] (main) com.aws.greengrass.util.platforms.Platform: Getting platform instance com.aws.greengrass.util.platforms.unix.linux.LinuxPlatform.. {} 2022-02-16T21:13:21.005Z [INFO] (main) com.aws.greengrass.util.platforms.Platform: Getting platform instance com.aws.greengrass.util.platforms.unix.linux.LinuxPlatform.. {} 2022-02-16T21:13:21.382Z [INFO] (main) com.aws.greengrass.lifecyclemanager.Kernel: No ongoing deployment detected. Proceed as default. {} 2022-02-16T21:13:22.864Z [INFO] (main) com.aws.greengrass.lifecyclemanager.Kernel: effective-config-dump-complete. {file=/greengrass/v2/config/effectiveConfig.yaml} 2022-02-16T21:13:23.713Z [INFO] (main) com.aws.greengrass.deployment.DeviceConfiguration: Successfully setup Nucleus launch parameters. {} 2022-02-16T21:13:26.917Z [INFO] (main) com.aws.greengrass.deployment.DeviceConfiguration: Nucleus lifecycle has been initialized successfully. {} 2022-02-16T21:13:27.917Z [INFO] (main) com.aws.greengrass.deployment.DeviceConfiguration: Copy Nucleus artifacts to component store. {destination=/greengrass/v2/packages/artifacts-unarchived/aws.greengrass.Nucleus/2.5.3/aws.greengrass.nucleus, source=/opt/greengrassv2} 2022-02-16T21:15:21.010Z [ERROR] (main) com.aws.greengrass.easysetup.GreengrassSetup: Error while trying to setup Greengrass Nucleus. {} software.amazon.awssdk.core.exception.SdkClientException: Unable to execute HTTP request: Remote host terminated the handshake at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:98) at software.amazon.awssdk.core.exception.SdkClientException.create(SdkClientException.java:43) at software.amazon.awssdk.core.internal.http.pipeline.stages.utils.RetryableStageHelper.setLastException(RetryableStageHelper.java:204) at software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:82) at software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:36) at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206) at software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:56) at software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:36) at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.executeWithTimer(ApiCallTimeoutTrackingStage.java:80) at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:60) at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:42) at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:48) at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:31) at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206) at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206) at software.amazon.awssdk.core.internal.http.pipeline.stages.ExecutionFailureExceptionReportingStage.execute(ExecutionFailureExceptionReportingStage.java:37) ... Caused by: java.io.EOFException: SSL peer shut down incorrectly at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:167) at sun.security.ssl.SSLTransport.decode(SSLTransport.java:109) at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392) ... 65 more ```

Hello, I'm quite new to AWS GreenGrass and I try to create a deployment which will work for more then just one device. I work with a raspberry pi 4 which runs Greengrass and connects to some energy meters and sensors through software things that run on the raspberry pi. I created a deployment using the following AWS provided components: - MQTT Broker - MQTT Bridge - Auth - Shadow manager Let's say the Greengrass core device is called __mainDevice01__ and it should subscribe through MQTT bridge to all subjects containing *__mainDevice01__/things/#*. End users can add things (energy meters, sensors,...) to _mainDevice01_ which will run as a piece of software on the device. From what I experience: - I must create a separate deployment for every mainDevice in my cluster. Correct? - Every new thing that is connected to a Greengrass core devices should trigger a lot of updates to the deployment. (Which shadows to collect, new MQTT bridge links,...) I want to create a single deployment for many _mainDevices_ which all subscribe to their respective sub-topic. I tried to use _{iot:thingName}_ as a variable within the merge configuration of the MQTT bridge but that doesn't seem to work. ```json { "reset": [], "merge": { "ThingData": { "topic": "{iot:thingName}/things/#", "source": "IotCore", "target": "LocalMqtt" } } } } ``` In the same way I would like to automatically configure the Shadow manager (if possible) to collect the shadows of a things belonging to a core device or specific group. I'm not sure if my design idea is correct this way? Any suggestions on how this should be done the correct way are more then welcome! Warm regards, Hacor

For an upcoming project we want to use greengrass v2 with a custom component(lambda) that requests data using an appsync api call. Using the TokenExchangeService component we are able to make requests to S3 and other service but we are unable to use the AwsAppsyncClient library to connect to Appsync. is there a way to have the appsync client use the token exchange service or to get the credentials by calling the service directly?

Hi, our company is working on creating an innovative security system to prevent theft of goods from parking trucks. Our goal is to equip every truck with radar sensors and a central control unit which handles the incoming data. We want to upload this data to a cloud so that we can use machine learning in order to analyse the risk of a theft at any given moment. Our concept is: 1. Send the data to the cloud 2. Store the data on the cloud 3. Analyse and use machine learning on the data We are looking to set our central unit (Currently a raspberry pi 4) as an AWS IoT device. The main questions are: What are the differences between IoT Core and Greengrass? What are the pros and cons of each of these services? Which one would fit most to our use-case? Please send us a detailed description and any kind of documentation you think would help us in achieving our goals.

Hi, When attempting to deploy the new aws.greengrass.SystemsManagerAgent (v1.0.0) Greengrass component, onto our IoT device (Nvidia Jetson Nano - running Ubuntu 18.04), it consistently fails to install, giving the error message 'Snap - Failed to install'. To test what was going on, I found the installation steps used in the component recipe and attempted to replicate these manually. In doing so, I discovered that the command 'ssm-setup-cli -install' used in the 'Install' lifecycle step doesn't work on it's own, with the CLI tool erroring with the message 'Region must be specified'. After changing the command to 'ssm-setup-cli -install -region eu-west-1' (i.e. adding the region in as an additional flag), the installation of the agent completed successfully. Therefore, I believe a simple fix for this issue is to provide a means of specifying the region as part of the aws.greengrass.SystemsManager component configuration (https://docs.aws.amazon.com/greengrass/v2/developerguide/systems-manager-agent-component.html#systems-manager-agent-component-configuration), but I can't help feeling that is this was a problem for everyone, then it would have been reported and fixed by now? Would appreciate any feedback on whether anyone's got this component installing correctly first time round? Many thanks.

I am attempting to install greengrass on an ubuntu VM. I get the *Successfully set up Nucleus as a system service* message, but it is not creating a greengrass core. And, my log says: `com.aws.greengrass.mqttclient.AwsIotMqttClient: Unable to connect to AWS IoT Core.` This issue looks similar to a [previous question](https://repost.aws/questions/QUYwvG_kXvR0CncHiPvYEs5Q/com-aws-greengrass-mqttclient-aws-iot-mqtt-client-unable-to-connect-to-aws-io-t-core) I have tried two things. First, I created a deployment with a merge config below for the nucleus before running greengrass install command. ``` { "greengrassDataPlanePort": 443, "mqtt": { "port": 443 } } ``` I have also tried stopping the greengrass service on my VM and then replacing all of the 8443's with 443's and also adding "port": 443 to the mqtt objects. This has not helped. I still get the **Unable to connect to AWS IoT Core**

During initial getting to know GreenGrass we setup quite a few Deployments that are now no longer used. Is there a way using the console in deleting the Deployment ? I've been able to "cancel" the deployment ( Deployment status: Cancelled) but it never goes away from the list .

Hi, In my current project I have the problem that no values ​​are written to the assets. The data stream is first shown as dissociated, but after linking to the asset no value is written. The namespace is Ns= 4 s = "" where Ns 4 is ="CODESYSSPV3/3S/IecVarAccess". The target device is a WAGO PLC. the data type is a boolean. The correct data stream is listed under Alias ​​in the asset. Now i have no idea, how to fix it thank you for your help

How can I get status of connection with the cloud in a custom Greengrass component?

I am unable to see anything that I may log out of a Greengrass v2 component. For example: ``` import logging ... ... logger = logging.getLogger() logger.setLevel(logging.INFO) ... ... logger.info("Hello world") ``` This will not be visible in my <COMPONENT>.log or greengrass.log files. I've tried different logging levels too.

Hello All, I tried to find how to start/stop a specific deployed package at the device side instead of using sudo service greengrass stop. Is this possible? Thanks!

My component: ``` --- RecipeFormatVersion: "2020-01-25" ComponentName: com.savic.Telemetry ComponentVersion: 1.0.12 ComponentDescription: Vehicle telemetry consisting of CAN and additional messages ComponentPublisher: ############## ComponentConfiguration: DefaultConfiguration: Environment: nonprod accessControl: aws.greengrass.ipc.mqttproxy: com.savic.Telemetry:pubsub:2: policyDescription: Allows access to publish to telemetry topic operations: - aws.greengrass#PublishToIoTCore resources: - savicmc/{configuration:/Environment}/telemetry/events Manifests: - Platform: os: linux Lifecycle: Setenv: SAVICMC_ENV: "{configuration:/Environment}" SAVIC_SENDLOG_PATH: "/var/log/sendLog.txt" SAVIC_SAMPLE_RATE: 10 SAVIC_TELEMETRY_TOPIC: "savicmc/{configuration:/Environment}/telemetry/events" Install: RequiresPrivilege: true script: python3 -m pip install --user awsiotsdk Run: RequiresPrivilege: true script: python3 -u {artifacts:path}/telemetry.py Artifacts: - Uri: s3://greengrass-components-#############-############/artifacts/com.savic.Telemetry/1.0.12/telemetry.py Permission: Execute: OWNER ``` (NOTE: I also tried a variation of the accessControl: ``` aws.greengrass.ipc.mqttproxy: com.savic.Telemetry:mqttproxy:2: ``` (note: pubsub vs. mqttproxy) However, in my greengrass.log, I am getting the following: ``` 2022-01-24T06:29:45.178Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.RpcServer: New connection code [AWS_ERROR_SUCCESS] for [Id 1141, Class ServerConnection, Refs 1](2022-01-24T06:29:45.178120Z) - <null>. {} 2022-01-24T06:29:45.181Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.ServiceOperationMappingContinuationHandler: aws.greengrass#GreengrassCoreIPC authenticated identity: com.savic.Telemetry. {} 2022-01-24T06:29:45.184Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.ServiceOperationMappingContinuationHandler: Connection accepted for com.savic.Telemetry. {} 2022-01-24T06:29:45.185Z [INFO] (Thread-8) software.amazon.awssdk.eventstreamrpc.ServiceOperationMappingContinuationHandler: Sending connect response for com.savic.Telemetry. {} 2022-01-24T06:29:45.191Z [INFO] (Thread-8) com.aws.greengrass.builtin.services.mqttproxy.MqttProxyIPCAgent: Not Authorized. {error=Principal com.savic.Telemetry is not authorized to perform aws.greengrass.ipc.mqttproxy:aws.greengrass#PublishToIoTCore on resource savicmc/nonprod/telemetry/events} ``` Any ideas why I am getting the Not Authorized?

I have a setup where I can get device to use fleet provisioning. The device register fine and can deploy an initial deployment including CLI, ShadowManager, TokenExchangeService, mqtt.Bridge. and Nucleus. I also have a Python component. When I deploy the component locally (CLI) it all works fine. I then uploaded a zip file of my component (only the needed Python files) to a S3 bucket. adapted the recipe and tried to deploy it in that initial deployment. In that instance I get the following errors ``` 2022-01-20T11:42:04.864Z [ERROR] (pool-2-thread-11) com.aws.greengrass.tes.CredentialRequestHandler: Error in retrieving AwsCredentials from TES. {iotCredentialsPath=/role-aliases/GGRATokenXchange/credentials, credentialData=TES responded with status code: 400. Caching response. {"message":"Unable to assume the role, or the role to assume does not exist"}} 2022-01-20T11:42:04.882Z [INFO] (pool-2-thread-11) com.aws.greengrass.componentmanager.builtins.S3Downloader: get-bucket-location. task failed and will be retried. {task-attempt=1, componentIdentifier=io.screencloud.SCRDMngt, artifactUri=s3://scrdm.artifacts/io.screencloud.SCRDMngt/1.0.0/scrdm.zip} ``` With the first message being repeated afterward (There was a stack trace not shown here). Now, GGRATokenXchange is a role alias for GGRTokenXchange with the following policies ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor2", "Effect": "Allow", "Action": [ "logs:DescribeLogStreams", "iot:Connect", "iot:DescribeCertificate", "logs:CreateLogGroup", "logs:PutLogEvents", "s3:ListMultipartUploadParts", "iot:Receive", "s3:PutObject", "logs:CreateLogStream", "iot:Subscribe", "s3:AbortMultipartUpload", "s3:GetBucketLocation", "iot:Publish" ], "Resource": "*" } ] } ``` and ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::scrdm.artifacts/*" } ] } ``` with scrdm.artifacts the name of the bucket where my component is stored. You'll notice the "s3:GetBucketLocation". effectiveConfig.yaml seem to have the proper thing name and paths Can someone please tell me what I am doing wrong? TIA François

I've been working with GGv2 and containerized Lambdas and have run into an issue where removing a Lambda via a deployment revision causes the `aws.greengrass.LambdaManager` component to be stuck in a fault state. To reproduce the issue, you can follow these steps: 1. Create two distinct, containerized Lambda components (e.g., lambda1 and lambda2) 2. Create a deployment containing both containerized Lambda components 3. Verify the deployment is successfully pushed down to the GGv2 core device 4. Revise the deployment to remove one of the containerized Lambda components (e.g., lambda2) and push it down to the GGv2 core device 5. While processing the revised deployment, the `aws.greengrass.LambdaManager` component will complain that the Lambda that was removed from the deployment (e.g., lambda2) 'does not exist' and throws a `LambdaNotFoundException`: ``` 2022-01-19T17:09:18.266Z [INFO] (aws.greengrass.LambdaManager-lifecycle) com.aws.greengrass.lambdamanager.LambdaManager: service-set-state. {serviceName=aws.greengrass.LambdaManager, currentState=ERRORED, newState=NEW} 2022-01-19T17:09:18.280Z [ERROR] (pool-2-thread-29) com.aws.greengrass.lambdamanager.LambdaManager: service-errored. {serviceName=aws.greengrass.LambdaManager, currentState=NEW} com.aws.greengrass.lambdamanager.LambdaNotFoundException: Lambda component:<LAMBDA_COMPONENT_NAME> does not exist at com.aws.greengrass.lambdamanager.system.v1subscription.RouteTable.lambda$normalizeToArn$2(RouteTable.java:139) at java.base/java.util.Optional.orElseThrow(Unknown Source) at com.aws.greengrass.lambdamanager.system.v1subscription.RouteTable.normalizeToArn(RouteTable.java:138) at com.aws.greengrass.lambdamanager.system.v1subscription.RouteTable.convertConfigToRoute(RouteTable.java:106) at com.aws.greengrass.lambdamanager.system.v1subscription.RouteTable.addRoute(RouteTable.java:98) at com.aws.greengrass.lambdamanager.system.v1subscription.RouteTable.loadRoutesFromConfig(RouteTable.java:59) at com.aws.greengrass.lambdamanager.system.RouterLambda.loadSubscription(RouterLambda.java:60) at com.aws.greengrass.lambdamanager.LambdaManager.reloadV1Subscription(LambdaManager.java:337) at com.aws.greengrass.lambdamanager.LambdaManager.lambda$install$1(LambdaManager.java:122) at com.aws.greengrass.config.Topics.subscribe(Topics.java:469) at com.aws.greengrass.lambdamanager.LambdaManager.install(LambdaManager.java:117) at com.aws.greengrass.lifecyclemanager.Lifecycle.lambda$handleCurrentStateNew$5(Lifecycle.java:441) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.base/java.util.concurrent.FutureTask.run(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source) 2022-01-19T17:09:18.287Z [INFO] (aws.greengrass.LambdaManager-lifecycle) com.aws.greengrass.lambdamanager.LambdaManager: service-set-state. {serviceName=aws.greengrass.LambdaManager, currentState=NEW, newState=BROKEN} 2022-01-19T17:09:18.312Z [INFO] (aws.greengrass.LambdaManager-lifecycle) com.aws.greengrass.status.FleetStatusService: fss-status-update-published. Status update published to FSS. {serviceName=FleetStatusService, currentState=RUNNING} 2022-01-19T17:09:18.318Z [ERROR] (aws.greengrass.LambdaManager-lifecycle) com.aws.greengrass.lambdamanager.LambdaManager: service-broken. service is broken. Deployment is needed. {serviceName=aws.greengrass.LambdaManager, currentState=BROKEN} 2022-01-19T17:09:19.201Z [WARN] (pool-2-thread-28) com.aws.greengrass.deployment.DeploymentConfigMerger: merge-config. merge-config-service BROKEN. {serviceName=aws.greengrass.LambdaManager} 2022-01-19T17:09:19.207Z [ERROR] (pool-2-thread-28) com.aws.greengrass.deployment.activator.DeploymentActivator: merge-config. Deployment failed. {deploymentId=8ce921fa-e850-40f7-96f7-dca557bcf130} com.aws.greengrass.deployment.exceptions.ServiceUpdateException: Service aws.greengrass.LambdaManager in broken state after deployment at com.aws.greengrass.deployment.DeploymentConfigMerger.waitForServicesToStart(DeploymentConfigMerger.java:194) at com.aws.greengrass.deployment.activator.DefaultActivator.activate(DefaultActivator.java:84) at com.aws.greengrass.deployment.DeploymentConfigMerger.updateActionForDeployment(DeploymentConfigMerger.java:150) at com.aws.greengrass.deployment.DeploymentConfigMerger.lambda$mergeInNewConfig$0(DeploymentConfigMerger.java:102) at com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService.runUpdateActions(UpdateSystemPolicyService.java:95) at com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService.lambda$startup$0(UpdateSystemPolicyService.java:165) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.base/java.util.concurrent.FutureTask.run(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source) ``` After this: * The deployment's status is set to 'Failed' * The GGv2 core device's status is set to 'Unhealthy' * The `aws.greengrass.LambdaManager` component's status is set to 'Broken' * Worst of all, the other Lambda which remains in the deployment (e.g., lambda1) is **NOT** started since the `aws.greengrass.LambdaManager` component is a in 'Broken' state Pushing down the deployment again (i.e., revising it without making any changes) does not fix the issue. Revising the deployment to contain both original Lambdas restores the GGv2 core back to a working state; however, this is definitely not preferred. Has anyone seen this issue? Or are there any workarounds/settings/configurations that I am missing here? Relevant component versions: * aws.greengrass.Nucleus: 2.5.3 * aws.greengrass.LambdaLauncher: 2.0.9 * aws.greengrass.TokenExchangeService: 2.0.3 * aws.greengrass.LambdaRuntimes: 2.0.8 * aws.greengrass.LambdaManager: 2.2.1 * aws.greengrass.LegacySubscriptionRouter: 2.1.4 Thanks!