AWS IoT Greengrass Introduces New Networking Configurations and Group Permission Settings
AWS IoT Greengrass v1.8.0 is now available. Now you can configure your IoT Greengrass device to send all messages over Port 443, change the user and group IDs associated with IoT Greengrass application Lambdas, and integrate with AWS IoT Lifecycle events.
The new networking configuration option builds on the ALPN/Proxy Support change that enabled customers to configure MQTT messages to travel over either the default Port 8883 or Port 443 using the Application Layer Protocol Network TLS extension. Customers can now also configure HTTPS traffic to use Port 443 as well instead of default Port 8443. This change makes it easier to run IoT Greengrass in environments where network security policies limit the ports devices can communicate over, as all IoT Greengrass traffic can be directed to move over Port 443.
IoT Greengrass has a new configuration that you can use to change the user identity associated an IoT Greengrass Group, changing both your Lambdas and the underlying IoT Greengrass software permission. This change enables you to determine whether you want to allow your IoT Greengrass Group to run with an identity that has more restrictive or broader permissions - for example, in certain cases the Group could be enabled to run as root.
This release updates IoT Greengrass so that it establishes connections with the IoT Core cloud endpoints with a predictable clientID. You can use these predictable connection IDs to integrate IoT Greengrass with AWS IoT Lifecycle events to create MQTT notifications associated with connect/disconnect and subscribe/unsubscribe events. You can also use certificate attributes in certificate policies that are set in IoT Core. For example, you can enable a device to publish to topics based on certificate attributes.
To learn more about new AWS IoT Greengrass features, visit our website. We'll also be covering these new features and distribution options in an upcoming webinar - register here. You can get started by accessing our most recent Docker Image from Dockerhub or AWS ECR, or by visiting the AWS IoT Greengrass console.