AWS greeengrass as service on a system is still getting created even after the pre-provisioning hook is returning a response as allowprovison: false.

0

I have been setting up the Greengrass with aws fleet provisioning as a service on the system and i have a lambda functions as a pre-provisioning hook which gets triggered before the resource provision if it returns true. And in lambda i have written the code like if there is already an existing resource with same name then return false.

Everything is working as expected but though it returns false i am seeing the service getting created,But i was expecting some thing liek resouce with the same name already exists,Any ways to do this?

3 Answers
0

Hi. The install process and fleet provisioning process are independent actions. When you pass the --setup-system-service true flag to the installer, Greengrass will be installed as a system service before fleet provisioning is performed. Fleet provisioning will take place when the device subsequently can contact the cloud. This is often a long time after Greengrass is installed; for example, Greengrass might be installed in the factory (with the fleet provisioning plugin included), but there may be no cloud connectivity until the device is unboxed in the field.

profile pictureAWS
EXPERT
Greg_B
answered 2 months ago
  • so even with the below command also it works the same way @Greh_B ? sudo -E java -Droot="/greengrass/v2" -Dlog.store=FILE -jar ./GreengrassInstaller/lib/Greengrass.jar --trusted-plugin ./GreengrassInstaller/aws.greengrass.FleetProvisioningByClaim.jar --init-config ./GreengrassInstaller/config.yaml --component-default-user ggc_user:ggc_group --setup-system-service true

  • Hi Ram. Yes, that's the command I'm talking about. It will install Greengrass as a system service, with the fleet provisioning plugin included. But the fleet provisioning process may not occur until a later time, depending on cloud connectivity.

0

To address the issue where AWS Greengrass is still being created despite the pre-provisioning hook returning allowProvisioning: false, first verify that your Lambda function correctly returns the appropriate response when a resource with the same name already exists. Ensure the response structure is {"allowProvisioning": false}. Check that your Lambda function has the necessary permissions to perform resource checks and return accurate results.

Next, confirm that the fleet provisioning template correctly references your pre-provisioning hook Lambda function. Examine CloudWatch logs for your Lambda and AWS IoT Fleet Provisioning to identify any errors or unexpected behavior. Independently test your Lambda function with various payloads to ensure it returns the correct response in different scenarios. Ensure that the fleet provisioning configuration in the AWS IoT console uses the correct pre-provisioning hook.

profile picture
EXPERT
answered 2 months ago
  • yes the lambda function is returning {"allowProvisioning": false}. Also when i check the greengrass logs i am getting Access Denied(As mentioned in the doc of aws) when it returned false which indicates that the fleet provisioning is not successful.

-1

Hi

This is expected, Greengrass will force a new provisioning workflow if you have provided --provision true as an installer argument.

You can look into checking if current thing is actually a core device before submitting the installation command to your device. Please refer to https://docs.aws.amazon.com/cli/latest/reference/greengrassv2/list-core-devices.html

Thanks, Siddhant

AWS
sidsriv
answered 2 months ago
  • Not Sure if you have understood my question Siddanth.

    My question is , Any way to stop creating the greengrass as a service when the hook returns false. And it should create service only when returned true.

    But existing case is irrespective of the true or false it is creating service, Which is not expected in my case.

    What is mean by "creating a service " is it is creating system service on a system, but not any core device or thing if returned false which is fine. But it is should stop creating the service on the system is what my expectation is.

    And any ways to make this possible?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions