AWS IoT Greengrass (V2) Core Device - Management



I have a couple of questions related to selecting the right tool for the job. There are three different technologies, which apparently all of them can handle device management:

  1. AWS Systems Manager Agent component - the standard edition is limited to 1,000 devices (per account and per region). My understanding is that it would allow me to use the regular system manager capabilities, e.g., patching, automation, session manager (remote shell access), etc.
  2. AWS IoT Device Management - there are some unique capabilities but similar to AWS Systems Manager it enables Device Jobs (that can be used to support software updates), Secure Tunneling (remote access), etc.
  3. AWS Greengrass V2 Deployments (Create deployments) - appear to allow updating Greengrass software via jobs.

I prefer to use just the tools I really need. Can you please advise what is the different between the three approach specifically for managing (patch/updates) Greengrass (V2) Core devices? is the 3rd option (AWS Greengrass V2 Deployments) sufficient for patch/updates in this particular use case?

Thank you

1 Answer
Accepted Answer

Hi yossico. Greengrass V2 deployments are purpose built for managing and updating your Greengrass v2 components, including the Nucleus itself. This is the best way to manage your components.

However, Greengrass deployments don't natively support updating or managing the underlying OS of your core device. This is where the Systems Manager Agent can be a powerful addition, allowing you to orchestrate OS patch management across your fleet. In particular the Node Management features such as Patch Manager, Run Command, Session Manager and Fleet Manager. This video may be of interest:

Deployments do indeed use AWS IoT Jobs, but deployments are a specialized kind of job. You can build a component that uses AWS IoT Jobs for other purposes. However, Greengrass V2 does not have any generalized support for jobs out of the box.

Secure Tunneling is a great tool for remote access, but what it gives you is quite similar to Systems Manager Session Manager, so you may not need or want both. You are only charged when you open a tunnel however, so you can install the Secure tunneling component and only use it if/when you need it.

profile pictureAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions