AWS IoT Greengrass v2 Overview

• AWS IoT Greengrass is an Open-source IoT Edge Runtime and Cloud Service used to build, deploy and manage IoT applications on edge devices.
• AWS IoT Greengrass enables devices to act locally on the data, run predictions based on machine learning models, and collect, analyze, filter and aggregate data, closer to where that data is generated, react autonomously to local events, communicate securely with other devices on the local network and with AWS IoT Core.
• AWS IoT Greengrass provides pre-built software components to connect edge devices to AWS or third-party services.
• AWS IoT Greengrass can package and run your software using Lambda functions, Docker containers, as a native OS Processes, or custom runtimes of your choice.

Key terminologies in AWS IoT Greengrass V2:

Greengrass Core Device:

• A device that runs the AWS IoT Greengrass Core software.
• A Greengrass Core device is an AWS IoT thing.
• You can add multiple Core devices to AWS IoT thing groups to create groups of Greengrass Core devices.
• You can configure the core device to relay MQTT messages between client devices, the AWS IoT Core cloud service, and Greengrass components.

Greengrass Core device Discovery:

• Cloud Discovery:
  • To connect to a core device, client devices can use cloud discovery.
  • Client devices connect to the AWS IoT Greengrass cloud service to retrieve information about core devices to which they can connect. The information includes the IP addresses and th Port number of the Greengrass Core devices.
  • Using this information, client devices can connect to a core device to process their messages and sync their data with the AWS IoT Core cloud service.
• Local Discovery:

Greengrass Client Devices:

• A device that connects to and communicates with a Greengrass core device over MQTT.
• A Greengrass client device is an AWS IoT thing.
• The core device can process, filter, and aggregate data from client devices that connect to it.
• Client devices can run FreeRTOS or use the AWS IoT Device SDK or Greengrass discovery API to get information about core devices to which they can connect.

Greengrass Components

• A Greengrass component is a software module that is deployed to and runs on a Greengrass Core device.
• AWS IoT Greengrass provides pre-built public components that provide features and functionality that you can use in your applications.
• You can also develop your own custom components.

• AWS IoT Greengrass Core software runs components as the system user and group, such as ggc_user and ggc_group, that you configure on the core device. This means that components have the permissions of that system user. In order to use, $HOME kind of functionality, you hav eto create ggc_user with a home directory.

  Recipe:

  • A JSON or YAML file that describes the software module by defining component details, configuration and parameters.
    • Component’s configuration parameters
    • Component dependencies
    • Lifecycle
      • The component lifecycle defines: the commands that install, run, and shut down the component.
    • Platform compatibility.

  Artifact:

  • The source code, binaries, or scripts that define the software that will run on your device.
    • Create artifacts from scratch, using a Lambda function, a Docker container, or a custom runtime.
    • There can be any number of artifacts.
    • You can develop and test components on your Greengrass core device without interaction with the AWS Cloud.
      • May be useful for offline update mechanisms.
      • Though it is meant for debugging and testing purpose.

  Dependency:

  • The relationship between components enables you to enforce automatic updates or restarts of dependent components.
  • For example, you can have a secure message processing component dependent on an encryption component. This ensures that any updates to the encryption component automatically update and restart the message processing component.

  Component Lifecycle:

  • The component lifecycle defines the stages that the AWS IoT Greengrass Core software uses to install and run components.
  • Each stage defines a script and other information that specifies how the component behaves.
  • Lifecycle stages:
    • NEW, INSTALLED, STARTING, RUNNING, FINISHED, STOPPING, ERRORED, BROKEN

  Component Types:

  • Nucleus:
    • Greengrass nucleus is the component that provides the minimum functionality of the AWS IoT Greengrass Core software.
  • Plugin:
    • Greengrass nucleus runs a plugin component in the same Java Virtual Machine (JVM) as the nucleus.
    • The nucleus restarts when you change the version of a plugin component on a core device.
    • To install and run plugin components, you must configure the Greengrass nucleus to run as a system service.
    • Plugin components use the same log file as the Greengrass nucleus.
    • Several components that are provided by AWS are plugin components.
  • Generic:
    • Greengrass nucleus runs a generic component’s lifecycle scripts, if the component defines a lifecycle.
    • This type is the default type for custom components.
  • Lambda:
    • Greengrass nucleus runs a Lambda function component using the Lambda launcher component.

Greengrass Device Management:

Greengrass Core Setup

• Supported Platform:
  • Linux: Armv7l, Armv8 (AArch64), x86_64
  • Windows: x86_64
    • Versions: Windows 10, Windows Server 2019
    • Windows does not have support for many components, features at this stage, not even Lambda functions.
    • Greengrass feature compatibility by operating system
  • Embedded Linux:
    • BitBake recipe for AWS IoT Greengrass V2 in the meta-aws project
    • BitBake recipe for AWS IoT Greengrass V2 installs, configures, and automatically runs the AWS IoT Greengrass Core software on your device.
• Device Requirements:
  • Minimum 256 MB disk space allocated to the AWS IoT Greengrass Core
  • Minimum 96 MB RAM allocated to the AWS IoT Greengrass Core
  • Java Runtime Environment (JRE) version 8 or greater.
  • AWS IoT Greengrass Core software (typically root), must have permission to run sudo with any user and any group.
  • /tmp directory must be mounted with exec permissions.
  • To configure system resource limits for component processes, your device must run Linux kernel version 2.6.24 or later.
  • Lambda function requirements

Greengrass Installation

• Required AWS IoT and IAM resources to connect to the AWS Cloud and operate:
  • An AWS IoT thing
    • Useful for Device authentication and authorization for AWS IoT Greengrass
  • (Optional) An AWS IoT thing group
    • Useful for Deploy AWS IoT Greengrass components to devices
  • An IAM role
    • Used to Authorize core devices to interact with AWS services
  • An AWS IoT role alias
    • Greengrass core devices use the role alias to identify the IAM role to use. The role alias enables you to change the IAM role but keep the device configuration the same.
    • Reference: Authorizing direct calls to AWS services
• Options for installations:
  • Install with automatic provisioning
    • The installer creates the required AWS IoT and IAM resources.
    • This option requires you to provide AWS credentials to the installer to create resources in your AWS account.
    • You can’t use this option to install behind a firewall or network proxy.
  • Install with manual provisioning
    • Used to install behind a firewall or network proxy.
    • Configure your device to connect on port 443 or through a network proxy.
    • Installer does not need AWS credentials.
    • Configure the AWS IoT Greengrass Core software to use a private key and certificate that you store in a hardware security module (HSM), Trusted Platform Module (TPM), or another cryptographic element.
  • Install with fleet provisioning
    • Create the required AWS resources from an AWS IoT fleet provisioning template.
    • Choose this option to create similar devices in a fleet, if you manufacture devices that your customers later activate.
    • Devices use claim certificates to authenticate and provision AWS resources, including an X.509 client certificate that the device uses to connect to the AWS Cloud.
    • Embed claim certificates into device’s hardware.
    • Can use the same claim certificate and key to provision multiple devices.
  • Install with custom provisioning
    • Choose this option if you create your own X.509 client certificates or if you want more control over the provisioning process.
  • Installer arguments

  Run AWS IoT Greengrass Core software in a Docker container

  • AWS IoT Greengrass also provides containerized environments that run the AWS IoT Greengrass Core software.
  • You can provision the required AWS Cloud Resources in advance, or let the AWS IoT Greengrass installer do it for you as in quick install process. Greengrass container image supports both ways.
    • To use automatic provisioning, you must set the Docker environment variable PROVISION=true and mount a credential file to provide your AWS credentials to the container.
    • To use manual provisioning, you must set the Docker environment variable PROVISION=false. Manual provisioning is the default option.
  • Minimum Requirements:
    • A Linux-based operating system with an internet connection.
    • Docker Engine version 18.09 or later.
    • (Optional) Docker Compose version 1.22 or later.
      • Docker Compose is required only if you want to use the Docker Compose CLI to run your Docker images.
    • Lambda function requirements:
      • To run Lambda function components inside of the Docker container.
  • Run AWS Greengrass components in process mode
    • AWS IoT Greengrass doesn’t support running Lambda functions or AWS-provided components in an isolated runtime environment inside the AWS IoT Greengrass Docker container. You must run these components in process mode without any isolation.
    • Configure a Lambda function component, set the isolation mode to No container.
    • Update the configuration for each AWS Component to set the containerMode parameter to No container.
    • Following components are vaialble to be used with containerized Greengrass:
      • CloudWatch metrics
      • Device Defender
      • Kinesis Data Firehose
      • Modbus-RTU protocol adapter
      • Amazon SNS
  • AWS IoT Greengrass Dockerfile
    • Build the AWS IoT Greengrass container image from a Dockerfile
  • Pre-built AWS IoT Greengrass

  Run the AWS IoT Greengrass Core software as a system service or without a service

  Configure the AWS IoT Greengrass Core software

  Update the AWS IoT Greengrass Core software (OTA)

  • Points to consider before update:
    • The Greengrass nucleus shuts down.
    • All components running on the core device also shut down. If those components write to local resources, they might leave those resources in an incorrect state unless shut down properly. Components can use interprocess communication to tell the nucleus component to defer the update until they clean up the resources that they use.
    • While the nucleus component is shut down, the core device loses its connections with the AWS Cloud and local devices.
    • Long-lived Lambda functions that run as components lose their dynamic state information and drop all pending work.
    • Greengrass nucleus update behavior
    • To perform an OTA update, create a deployment that includes the nucleus component and the version to install.

  Uninstall the AWS IoT Greengrass Core software

References