We have a few AWS Greengrass components written in Python. These are currently being installed using the Install lifecycle in the component recipe. The components have a few external dependecies that are being installed using pip. Originally these dependencies were installed directly from pypi.org but we have moved these to be hosted in CodeArtifact instead (where we also have a few internal Python packages that we use). Since CodeArtifact requires an authorization token when configuring pip, we wrote a small Python script which obtains the token using the boto3 API which is then used to configure pip according to these instructions: https://docs.aws.amazon.com/codeartifact/latest/ug/python-configure-pip.html. The IoT policy used by the Greengrass device has the necessary privileges to download packages from CodeArtifact.
This seemed to work fine, but know we have discovered that sometimes (during e.g. a reboot of the Greengrass serviec), the token cannot be obtained in time for the installation lifecycle. The reason seems to be that the aws.greengrass.TokenExchangeService has not yet launched - we have specified this component as a dependency, but the dependencies appear to be only for the Run part of the lifecycle, not the Install phase. The only workaround we have found so far is to move the package installation commands to the Run lifecycle instead - then the aws.greengrass.TokenExchangeService is up and running. But this doesn't seem to be the "correct" way.
Is there another recommended way to use CodeArtifact with Greengrass to make this work in a better way? Or is it possible to specify the aws.greengrass.TokenExchangeService as an installation dependency somehow?
AWS UFFICIALEAggiornata 5 mesi fa
Ok, then it was like we suspected - thanks for the input.