What is AWS IoT Greengrass?
AWS IoT Greengrass is software that lets you run local compute, messaging, data caching, sync, and ML inference capabilities on connected devices in a secure way. With AWS IoT Greengrass, connected devices can run AWS Lambda functions, execute predictions based on machine learning models, keep device data in sync, and communicate with other devices securely – even when not connected to the Internet.
AWS IoT Greengrass seamlessly extends AWS to devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. With AWS IoT Greengrass, you can use familiar languages and programming models to create your device software in the cloud, and then deploy it to your devices. AWS IoT Greengrass can be programmed to filter device data and only transmit necessary information back to the cloud.
How do I get started using AWS IoT Greengrass?
Which AWS regions is AWS IoT Greengrass service available in?
Please refer to the AWS Regions Table for the most up to date information regarding region availability of AWS IoT Greengrass.
What are the major components of AWS IoT Greengrass software? What does each component do?
AWS IoT Greengrass consists of three software distributions: AWS IoT Greengrass Core, AWS IoT Device SDK, and the AWS IoT Greengrass SDK. The chart below compares those three software distributions to one another.
AWS IoT Greengrass also works together with Amazon FreeRTOS. For more information about AWS IoT Greengrass and Amazon FreeRTOS, see the FAQ section called “Connecting AWS IoT Greengrass to Amazon FreeRTOS and other Devices.”
|Purpose||Where it Runs
|AWS IoT Greengrass Core||Provides local services (compute, messaging, state, security), and communicates locally with devices that run the AWS IoT Device SDK||64-bit CPU-based devices (x86 or Arm) that run a general-purpose OS such as Linux.
|AWS IoT Device SDK||Allows devices to interact locally with AWS IoT Greengrass Cores||Almost any device that supports C++ or Python 2.7. Also included in Amazon FreeRTOS|
|AWS IoT Greengrass SDK||Allows Lambda functions to interact with local services inside an AWS IoT Greengrass Core||Inside a Lambda function deployed to AWS IoT Greengrass Core|
What AWS Lambda development languages are supported by AWS IoT Greengrass?
AWS IoT Greengrass supports Lambda functions authored in the following languages:
- Python 3.7
- Node v8.10.0
- Java 8
- Any language that supports importing C libraries
Which Lambdas can be deployed to AWS IoT Greengrass?
Any Lambda that uses the Python 3.7, Node v8.10.0, or Java 8 Lambda Runtime can be deployed to AWS IoT Greengrass Core. Lambdas that get deployed to AWS IoT Greengrass must be packaged together with the AWS IoT Greengrass Core SDK. In addition, you can choose to also add the AWS SDK to your Lambda’s package in order to easily interact with AWS services such as Amazon DynamoDB.
Please note: Some cloud services that your Lambda relies upon (e.g. DynamoDB) will not be available to your Lambda functions when AWS IoT Greengrass Core is in offline mode, and API calls to those services will fail in offline mode. In addition, your Lambda functions need to use the appropriate namespace for each AWS IoT Greengrass Core SDK and AWS SDK, if you include both in the same package.
Can I run AWS IoT Greengrass in a Docker container? What about another container environment like LXD or Ubuntu snap packaging?
Yes, by configuring your AWS IoT Greengrass group to run with no containerization, you can run AWS IoT Greengrass in a Docker container. To get started, you can access an AWS IoT Greengrass Docker file here and you can find documentation about how you can pull the AWS IoT Greengrass Docker image from AWS ECR here. You can also deploy AWS IoT Greengrass as a snap, a containerized software package that can run on a variety of Linux distributions. To get started, you can access the AWS IoT Greengrass snap here and get started here.
Can I run AWS IoT Greengrass on Mac OS 10 or Windows 10?
Yes, by running AWS IoT Greengrass with no AWS IoT Greengrass container at the group level in a Docker container, you’ll be able to run AWS IoT Greengrass on Mac OS 10 or Windows 10. You can learn more about this capability in our documentation.
What is the AWS IoT Greengrass SLA?
The AWS IoT Greengrass SLA stipulates that you may be eligible for a credit towards a portion of your monthly service fees if AWS IoT Greengrass fails to achieve a Monthly Uptime Percentage of at least 99.9% for AWS IoT Greengrass.
For full details on all of the terms and conditions of the SLA, as well as details on how to submit a claim, please see the AWS IoT Greengrass SLA details page.
Local Resource Access
What is an AWS IoT Greengrass local resource?
“Local resource” refers to buses and peripherals that are physically present on the AWS IoT Greengrass host, or a file system volume on the AWS IoT Greengrass host OS. For example, to communicate with devices connected via Modbus / CANBUS, an AWS IoT Greengrass Lambda function would need to access the serial port on the device. A local resource is defined at AWS IoT Greengrass group scope, and all Lambdas in the AWS IoT Greengrass group can use the defined local resources.
When would I access a local resource?
AWS IoT Greengrass local resource allows your Lambda functions to securely interact with hardware such as sensors and actuators. For example, your Lambda function can read video streams from the camera on the device or send command and control to GPIO.
Is the local resource access feature free?
The feature is part of AWS IoT Greengrass and will be provided at no extra cost to AWS IoT Greengrass customers.
What is a hardware root of trust and why might I want one?
Hardware roots of trust provide tamper-protected trusted execution environments where a true random number generator can produce the private keys used for encryption functions. These hardware “secure elements” are resistant to malware tampering and are physically tied to a given IoT device, establishing a strong root of trust upon which software can be deployed safely.
How do I introduce hardware root of trust security to my AWS IoT Greengrass architecture?
First, you must run your AWS IoT Greengrass Core software on an edge device with a secure element. Following the hardware vendor’s directions, generate a private key on that secure element. Next, follow our documentation to update the config.json file settings to use the secure element private key.
Which partners can I buy hardware with a secure element from?
For a current list of integrated hardware, visit the AWS Partner Device Catalog.
How are secure elements qualified to work with the Hardware Security Integration feature?
Secure element vendors have configured their secure elements to use a set of PKCS#11 standard APIs to integrate with AWS IoT Greengrass. Vendors use a set of testing tools to qualify that their hardware is configured correctly.
What is AWS IoT Greengrass ML Inference?
AWS IoT Greengrass ML Inference is a feature of AWS IoT Greengrass for local machine learning (ML) inference that makes it faster and easier to deploy and run machine learning models on AWS IoT Greengrass devices. Developers can now add cloud-trained machine learning models as resources to a AWS IoT Greengrass group, deploy them to target devices and apply them to locally generated data for local inferencing. The feature includes integration with Amazon SageMaker to locate SageMaker trained models, a new AWS IoT Greengrass “machine learning” resource type for declaring and deploying cloud-trained models to AWS IoT Greengrass devices, and pre-built MXNet and TensorFlow for NVIDIA Jetson NX2, Intel Atom, and Raspberry Pi devices.
How can I use a ML model not trained in Amazon SageMaker?
You can bring your ML model trained elsewhere by placing it in .tar.gz and .zip format in Amazon S3. You will then let AWS IoT Greengrass know the S3 URI and AWS IoT Greengrass will deploy to target devices.
Which AWS regions is AWS IoT Greengrass ML Inference available in?
AWS IoT Greengrass ML Inference is currently available in the following AWS regions:
- US East (N. Virginia)
- US West (Oregon)
- Asia (Tokyo)
- Asia (Sydney)
- EU (Frankfurt)
- EU (Dublin)
You can use AWS IoT Greengrass ML Inference regardless of your geographic location, as long as you have access to one of the above AWS regions.
AWS IoT Greengrass Connectors
What are AWS IoT Greengrass Connectors?
AWS IoT Greengrass Connectors allow you to easily build complex workflows on AWS IoT Greengrass without having to worry about understanding device protocols, managing credentials, or interacting with external APIs. AWS IoT Greengrass Connectors allow you to interact with third-party applications, on-premises software, and AWS services without writing code. You can re-use common business logic from one AWS IoT Greengrass device to another through the ability to discover, import, configure, and deploy applications and services at the edge. You can also use AWS IoT Greengrass Secrets Manager to protect your keys and credentials in the cloud and at the edge. If an AWS IoT Greengrass Connector needs a secret to authenticate with an application or service, you can select and deploy a secret to the AWS IoT Greengrass Core as part of the AWS IoT Greengrass Connector configuration.
How can I add an AWS IoT Greengrass Connector to an AWS IoT Greengrass group?
AWS IoT Greengrass Connectors can be added via the “Connectors” section for each group in the AWS IoT Greengrass console. Once added, you configure the AWS IoT Greengrass Connector’s parameters and deploy the group to add them to your AWS IoT Greengrass Core device.
Who can use AWS IoT Greengrass Connectors?
Any AWS IoT Greengrass customer can use AWS IoT Greengrass Connectors in the AWS Management Console.
What AWS IoT Greengrass Connectors are available?
You can find available AWS IoT Greengrass Connectors in our documentation.
How can I use the OPC-UA Protocol with AWS IoT Greengrass?
AWS IoT Greengrass now supports OPC-UA, a popular information exchange standard for industrial communication. With OPC-UA support in AWS IoT Greengrass, you can now easily ingest and process messages from industrial equipment, and deliver them to another device or to the cloud based on business rules you define. Our implementation of OPC-UA is secure, with support for certificate-based authentication. It is based on a well-known open source implementation, and it is fully customizable to suit your particular use case.
Can I bring my own implementation of the OPC-UA protocol or implement a different protocol?
Yes, you can use this same architecture to bring your own implementation of OPC-UA, and you can also implement your own support for custom, legacy, and proprietary messaging protocols.
How can I use AWS IoT Greengrass to implement alternative protocols?
Since Lambda functions running on AWS IoT Greengrass Cores have access to network resources, you can use Lambda to implement support for any protocol that is implemented on top of TCP-IP. In addition, you can also take advantage of AWS IoT Greengrass Local Resource Access to implement support for protocols that need access to hardware adapter/drivers.
Over the Air (OTA) Updates
What are AWS IoT Greengrass Over the Air (OTA) Updates?
From time to time, AWS will publish updated versions of the AWS IoT Greengrass Core software to provide the following benefits:
- Introduce new or improved features
- Bug fixes
- Security improvements
With AWS IoT Greengrass Over the Air Updates (OTA), customers can get all these benefits without having to manually download and reinstall the AWS IoT Greengrass Core software.
Do I have to use AWS IoT Greengrass OTA Updates?
No. You can always choose to download and install updates manually or follow a different software deployment process.
How will I be notified that new versions of AWS IoT Greengrass Core are available?
When new versions of AWS IoT Greengrass Core become available, we will announce it on the AWS IoT Greengrass software developer forum. You can find a link to that forum here.
AWS IoT Device Tester for AWS IoT Greengrass
What is AWS IoT Device Tester for AWS IoT Greengrass?
AWS IoT Device Tester for AWS IoT Greengrass is a test automation tool that lets you self-test and qualify AWS IoT Greengrass on your Linux-based devices. AWS IoT Device Tester provides a collection of automated tests that enable you to verify whether devices can run AWS IoT Greengrass and be authenticated by and interoperate with AWS IoT services.
Where do I get AWS IoT Device Tester for AWS IoT Greengrass?
You can get AWS IoT Device Tester for AWS IoT Greengrass here.
What does AWS IoT Device Tester for AWS IoT Greengrass test?
AWS IoT Device Tester for AWS IoT Greengrass verifies that the combination of a device’s CPU architecture, Linux kernel configuration, and drivers work with AWS IoT Greengrass by testing the following:
- Required software packages have been installed (e.g. SQlite version 3 or greater)
- Linux kernel containing AWS IoT Greengrass required kernel configuration (e.g. kernel configured for cgroups)
- Over the air updates
- Device can connect with IoT services and is able to run AWS Lambda functions
- Local resource access functionality
- Device shadow functionality
How do I get technical support for AWS IoT Device Tester for AWS IoT Greengrass?
Use any of the following channels to get support:
How do I get my device listed in the AWS Partner Device Catalog?
The AWS Device Qualification Program defines the process to get your device listed in the catalog. A high level overview of the process is as follows:
- Pass the AWS IoT Device Tester for AWS IoT Greengrass test
- Log into the AWS Partner Network Portal
- Upload the AWS IoT Device Tester report. Once the report is verified by AWS, and other device related artifacts such as picture and data sheet have been submitted, the device is listed in the AWS Partner Device Catalog.
In which regions is AWS IoT Device Tester for AWS IoT Greengrass available?
AWS IoT Device Tester for AWS IoT Greengrass is available in all the regions where AWS IoT Greengrass is available.
How much does AWS IoT Device Tester for AWS IoT Greengrass cost?
AWS IoT Device Tester for AWS IoT Greengrass is free to use. However, you will be responsible for any costs associated with AWS usage as part of testing. A single run of AWS IoT Device Tester tests on a single AWS IoT Greengrass device will cost less than 20 cents.
What are AWS IoT Greengrass Core devices? What minimum hardware specifications are required?
The AWS IoT Greengrass Core software runs on a hub, gateway, or other device to automatically sync and interact with the cloud. AWS IoT Greengrass Core is designed to run on devices with a general-purpose processor that are powerful enough to run a general-purpose operating system, such as Linux. AWS IoT Greengrass requires at least 1GHz of compute (either Arm or x86), 128MB of RAM, plus additional resources to accommodate the desired OS, message throughput, and AWS Lambda execution depending on the use case. AWS IoT Greengrass Core can run on devices that range from a Raspberry Pi to a server-level appliance.
What CPU architectures and operating systems are compatible with AWS IoT Greengrass Core?
The below operating systems and CPU architectures are supported by AWS IoT Greengrass Core and tested for compatibility. Other Linux variants may also successfully run IoT Greengrass, but may not have been validated by the AWS IoT Greengrass team. You can validate other Linux variants for compatibility using the IoT Greengrass dependency checker on GitHub. Alternatively, you can run IoT Greengrass in “process mode” which lowers the compatibility threshold, but removes support for Linux containers.
- Architecture: Armv7l; OS: Linux; Distribution: OpenWrt
- Architecture: Armv7l; OS: Linux; Distribution: Raspian
- Architecture: x86_64; OS: Linux; Distribution: Amazon Linux
- Architecture: x86_64; OS: Linux; Distribution: Ubuntu 14.04 – 16.04
- Architecture: Armv8 (AArch64); OS: Linux; Distribution: Ubuntu 14.04 – 16.04
- Architecture: Armv8 (AArch64); OS: Linux; Distribution: OpenWrt
What devices are compatible with AWS IoT Greengrass Core, and how can I get started quickly?
Devices in the AWS Partner Device Catalog are compatible with AWS IoT Greengrass.
What are the detailed technical dependencies required to run AWS IoT Greengrass Core?
Connecting AWS IoT Greengrass to Amazon FreeRTOS and Other Devices
How can I connect devices locally to AWS IoT Greengrass Core?
You can connect devices locally to AWS IoT Greengrass Core using Amazon FreeRTOS or the AWS IoT Device SDK. AWS IoT Greengrass discovery is available on the AWS IoT Device SDK via C++ and Python 2.7. For more information, refer to the AWS IoT Greengrass user guide. You can use the AWS IoT Greengrass discovery library in your Amazon FreeRTOS source code to find and connect to an AWS IoT Greengrass Core device. For more information, refer to the Amazon FreeRTOS user guide.
What languages support AWS IoT Greengrass via the AWS IoT Device SDK?
AWS IoT Greengrass discovery is available on the AWS IoT Device SDK via C++ and Python 2.7. For more information, refer to the AWS IoT Greengrass developer guide.
What is Amazon FreeRTOS?
Amazon FreeRTOS (a:FreeRTOS) is an operating system that makes microcontroller-based edge devices easy to program, deploy, secure, and maintain. Amazon FreeRTOS is based on the FreeRTOS kernel, the popular open source operating system for microcontrollers, and includes software libraries that make it easy to securely connect devices locally, to the cloud, and update them remotely. The Amazon FreeRTOS console enables you to easily select and download the software components relevant to your use case. Amazon FreeRTOS helps keep microcontroller-based devices secure with support for data encryption and key management. Amazon FreeRTOS devices connect to AWS IoT Greengrass Core devices, making it easy to connect multiple Amazon FreeRTOS devices together in an AWS IoT Greengrass group. Click here to learn more about Amazon FreeRTOS.
Does Amazon FreeRTOS work with AWS IoT Greengrass?
Yes. Amazon FreeRTOS devices can connect directly to the cloud or connect to AWS IoT Greengrass. Amazon FreeRTOS does not require the use of AWS IoT Greengrass. Amazon FreeRTOS runs on IoT endpoints and is often responsible for the ‘sensing’ and ‘acting’ in an IoT topology.
What is the difference between AWS IoT Greengrass and Amazon FreeRTOS?
AWS IoT Greengrass is software that lets you run local compute, messaging, data caching, sync, and ML inference capabilities for connected devices in a secure way. With AWS IoT Greengrass, connected devices can run AWS Lambda functions, keep device data in sync, and communicate with other devices securely – even when not connected to the Internet. Using AWS Lambda, AWS IoT Greengrass ensures your IoT devices can respond quickly to local events, use Lambda functions running on AWS IoT Greengrass Core to interact with local resources, operate with intermittent connections, stay updated with over the air updates, and minimize the cost of transmitting IoT data to the cloud.
Amazon FreeRTOS is an operating system for microcontrollers that operates on the edge and does not generally support chipsets that could run AWS IoT Greengrass. These microcontroller devices are found on a variety of IoT endpoints such as fitness trackers, pacemakers, electricity meters, automotive transmissions, and sensor networks. Amazon FreeRTOS devices cannot run AWS IoT Greengrass Core but can trigger the execution of Lambda functions on an AWS IoT Greengrass Core device.
The hardware requirements and operating systems are different on both devices.
|Amazon FreeRTOS||AWS IoT Greengrass|
|Software||Operating system, runs on a microcontroller||Runtime for Linux devices and SDK for AWS IoT Greengrass aware devices|
|Hardware Requirements||>64KB RAM||>128MB of RAM|
|Category||Embedded systems, IoT endpoints||Edge devices, local gateways|
|Use Cases||Microcontroller-based devices||Industrial automation systems, wireless routers, smartphones|