- Newest
- Most votes
- Most comments
Yes, you can connect to Greengrass as a client device as long as it meets the criteria of:
- Having the Thing, X.509 certificate, and policy registered in AWS IoT
- Using cloud discovery to get the signing CA for the local server certificate, endpoint (name or IP address), and port number for the Core device
- Configuring Ignition's MQTT module with the returned details of cloud discovery and the client certificate/private key to complete the local mTLS operation.
One way to validate that everything is operational would be to use the AWS IoT Device SDK to verify the configuration of Greengrass Core and send messages to AWS IoT Core. Then you will know that's working correctly and can move on to the Ignition setup and testing.
With a lot of moving parts, if you have questions, please respond and I'll help clarify.
Hi Gavin,
Thank you, this clarifies it a bit for me.
Currently, I am having a hard time with policy configuration. I'm at a loss which policies I need to set up, and how.
I followed the “greengrass/v2/developerguide/client-devices-tutorial” guide, but I cannot enable the “greengrass:Discovery” permission via the IoT Core policies, as it isn't available as an option.
There is an option to manually insert it via the JSON, but then I don't know if it is properly enabled.
Is there a guide I can use to help with the policy setup and such?
An update on my question:
After much researching, I think I finally got it to work. Turns out, it wasn't really about the policies. While I cannot select them on the IoT Greengrass Policy Console screen, I could still put them inside the JSON, which works correctly.
After making sure every policy was correct, I tried to connect to my Greengrass Moquette Broker. This didn't work, I got an error which stated: “Unable to verify the first certificate”. After some digging, I found out that I didn't fulfil the second criteria. I overlooked getting the signed local server certificate from the Greengrass Core. I solved this by requesting the Certificate using the Discovery API with curl.
After this, it worked correctly, and I could connect Ignition Edge to my Greengrass Core.
Once again, thank you very much for your assistance, Gavin!
Hi :) I'm trying to do the same right now. But I can't deploy the Greengrass Group subscriptions to my core device. It is stuck in "In Progress" status. Did you have the same issue?
Relevant content
- Accepted Answerasked 8 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
Yes, it is possible to connect client devices without using the AWS SDK.
Can you list the steps you performed for the cloud discovery?