- 新しい順
- 投票が多い順
- コメントが多い順
Hi,
AWS IoT Greengrass V2 makes connections to the control plane and the data plane. You can create VPC endpoints for control plane operations. Theses are the greengrass.region.amazonaws.com endpoints. The "ats" endpoints are for the data plane.
The documentation you are referring to mentions only endpoints for the control plane and states also that you currently cannot configure Greengrass core devices to completely operate within a VPC.
As you are using a private subnet the public ats endpoints are not reachable. You need to configure your subnet in way to allow Greengrass to access the public ats endpoints.
KR, Philipp
Hi,
you can find data plane and control plane operations in the AWS IoT Greengrass V2 endpoints and quotas documentation. Although not every single API is listed control plane operations are for manage components, devices, and deployments.
When you connect your device running Greengrass to a VPC for example with Direct Connect or a VPN you can reach the public endpoints from your VPC.
Device -> VPC -> Public AWS endpoints.
From the Amazon VPC FAQs:
" Q. Does traffic go over the internet when two instances communicate using public IP addresses, or when instances communicate with a public AWS service endpoint?
No. When using public IP addresses, all communication between instances and services hosted in AWS use AWS's private network. Packets that originate from the AWS network with a destination on the AWS network stay on the AWS global network, except traffic to or from AWS China Regions. "
BTW: If you are ingesting data into AWS IoT SiteWise with the SiteWise data collection pack, data is ingested directly into SiteWise and not via the Greengrass data plane.
KR,
Philipp
Thank you Phillip, appreciate your response, will try the setup you mentioned.
Second question: is there a way to configure nucleus to port GreengrassDataPlanePort 443, when installing the GG V2, what are the steps?
Review the "Install the AWS IoT Greengrass Core software with private key and certificate files" section.
- config.yaml
---
system:
certificateFilePath: "/greengrass/v2/device.pem.crt"
privateKeyPath: "/greengrass/v2/private.pem.key"
rootCaPath: "/greengrass/v2/AmazonRootCA1.pem"
rootpath: "/greengrass/v2"
thingName: "MyGreengrassCore"
services:
aws.greengrass.Nucleus:
componentType: "NUCLEUS"
version: "2.5.5"
configuration:
awsRegion: "us-west-2"
iotRoleAlias: "GreengrassCoreTokenExchangeRoleAlias"
iotCredEndpoint: "device-credentials-prefix.credentials.iot.us-west-2.amazonaws.com"
iotDataEndpoint: "device-data-prefix-ats.iot.us-west-2.amazonaws.com"
mqtt:
port: 443
greengrassDataPlanePort: 443
networkProxy:
noProxyAddresses: "http://192.168.0.1,www.example.com"
proxy:
url: "https://my-proxy-server:1100"
username: "Mary_Major"
password: "pass@word1357"
Run the installer, and specify --init-config to provide the configuration file.
sudo -E java -Droot="/greengrass/v2" -Dlog.store=FILE \
-jar ./GreengrassInstaller/lib/Greengrass.jar \
--init-config ./GreengrassInstaller/config.yaml \
--component-default-user ggc_user:ggc_group \
--setup-system-service true
関連するコンテンツ
- 質問済み 6年前
- AWS公式更新しました 1年前
- AWS公式更新しました 1年前
Thanks Phillip.
AWS IoT SiteWise endpoint - https://docs.aws.amazon.com/iot-sitewise/latest/userguide/vpc-interface-endpoints.html - as mentioned in this document, are the Greengrass Control plane and Data plane operations listed somewhere so that we can get a good hold of the respective API operations to analyze what is allowed and what is not through the VPC Endpoint ? Please can you share a link to the docs listing it.
If data plane operations are not allowed for Greengrass via VPC endpoint how are customers ingesting data from their assets, when they are not allowed to go over the public internet? As mentioned by you, for reaching the ats endpoints for data ingestion, the data would have to traverse the public internet ? Please correct me if i'm wrong.
SN