IoT Overview - Part 2 AWS IoT Greengrass March 2021 

Intros AWS 2 Austin Loveless - Founder Full Stack/DevOps Engineer - Stuzo AWS Community Hero Kevin Tinn – Co-organizer Cloud Application Architect, Practice Lead – World Wide Technology AWS Community Builder 

Agenda AWS 3 • Greengrass Overview • Device and service setup • Greengrass (gg) core setup • gg lambda deployment • MQTT message queueing • On-demand vs long-lived lambdas • gg subscriptions • Devices • Device Shadows • Demo 

AWS IoT Greengrass – Service Overview AWS 4 • Provides extension of AWS Services to on-premises devices • Lambda • Machine learning • Message queueing • Secrets management • Data Streaming • Optimized IoT (Internet of Things) use cases • Provisioning and deployment capabilities • Over the air updates • Offline operating capabilities • Built-in security 

Setting up Greengrass – Device Operating System Setup AWS 5 • Can run on a variety of ARM and x86 devices, for this meeting I am using a Raspberry Pi for my Greengrass node and interacting with it from my laptop across the local area network • Getting started with the Raspberry Pi • Format the SD card (I used SD Card Formatter app) • Flash the SD card w/ Raspberry Pi image (belenaEtcher w/ 2020- 02-13-raspian-buster.zip image) • Insert the SD card into your Pi, boot the device, and go through config (Will need keyboard, mouse, and display connected) 

Setting up Greengrass - Device Setup AWS 6 • Get on network/enable SSH • With keyboard, mouse, and display connected: • Configure WiFi • Run sudo raspi-config • Change hostname (optional) – I used gg • Network options > hostname • Enable SSH • Interfacing options > SSH • Get IP: hostname –I • Reboot: sudo reboot 

Setting up Greengrass - Software Setup AWS 7 • Add default user and group: • sudo adduser --system ggc_user • sudo addgroup --system ggc_group • Harden the devices w/ symlink protection • cd /etc/sysctl.d • Add the following to 98-rpi.conf file: • fs.protected_hardlinks = 1 • fs.protected_symlinks = 1 • sudo reboot • Allow gg to set Lambda memory limits: • cd /boot/ 

Setting up Greengrass - Software Setup, cont. AWS 8 • Allow gg to set Lambda memory limits: • cd /boot/ • Edit cmdline.txt: • cgroup_enable=memory cgroup_memory=1 • sudo reboot • Install python 3.7 for today’s examples, Java 8 runtime if you want to use stream manager in gg 

Setting up Greengrass - Software Setup, cont. AWS 9 • Check for required dependencies: • cd /home/pi/Downloads • mkdir greengrass-dependency-checker-GGCv1.11.x • cd greengrass-dependency-checker-GGCv1.11.x • wget https://github.com/aws-samples/aws- greengrass-samples/raw/master/greengrass- dependency-checker-GGCv1.11.x.zip • unzip greengrass-dependency-checker-GGCv1.11.x.zip • cd greengrass-dependency-checker-GGCv1.11.x • sudo modprobe configs • sudo ./check_ggc_dependencies | more 

Setting up Greengrass – Service config AWS 10 • In AWS portal: • Create your gg group: • Navigate to IoT Core > Greengrass > Classic (v1) > Groups • During this process, create your gg core device • Grab the certs! 

Setting up Greengrass – Core Config AWS 11 • Download the gg runtime and copy it & certs to your gg device using secure copy (Or Putty): • cd • scp greengrass- pi@:/home/pi • scp -setup.tar.gz pi@:/home/pi • Unzip the runtime and copy your certs into the cert directory: • sudo tar -xzvf greengrass-OS-architecture-1.11.0.tar.gz -C / • sudo tar -xzvf hash-setup.tar.gz -C /greengrass • Download AMZN root cert into certs directory: • cd /greengrass/certs/ • sudo wget -O root.ca.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem 

What’s up with all the certs? AWS 12 Security is built-in, remember? 

Starting Greengrass AWS 13 • cd /greengrass/ggc/core/ • sudo ./greengrassd start • ps aux | grep PID-number 

An interesting title AWS 14 

Deploying Lambdas to gg AWS 15 • gg allows us to use the familiar Lambda programming model to deploy software to our gg device, let’s take a look at a simple use case • Grab the python gg SDK from https://docs.aws.amazon.com/greengrass/v1/developerguide/lambd a-functions.html#lambda-sdks-core • Navigate to the HelloWorld directory and copy the SDK: 

Package the Lambda and Deploy AWS 16 • zip -r hello_world_python_lambda.zip greengrasssdk greengrassHelloWorld.py • In the AWS portal create a lambda, configure it, and create an Alias • To the portal! • Create the lambda • Add it to the group • Deploy it over the air to the gg Pi • Set up a subscription from Lambda to IoT Cloud and deploy 

View the messages using the Test Console AWS 17 

MQTT Overview AWS 18 • MQTT (Message Queuing Telemetry Transport): TCP-based messaging standard intended for the IoT • Pub/Sub architecture (Publisher/Subscriber; i.e. many-to-many) • Lightweight/efficient • Bi-directional • Secure • Reliable on unreliable networks 

gg On-demand vs Long-lived Lambdas AWS 19 • Greengrass offers the ability to run a lambda on demand (As you would think of Lambdas on AWS) • gg also the ability to run Lambdas in perpetuity, this allows to keep state (Counters, etc.) • There is another example of a hello world counter Lambda in the examples, let’s take a quick look at it for the purpose of discussion. Please go through the deployment process on this one one your own as an exercise to get familiar with Greengrass • To the portal… 

Subscriptions AWS 20 • Subscriptions are used to route messages between various components of a gg group • IoT Cloud (AWS) • Devices (More on this later) • Connectors • Device Shadows (More on this later as well) • To the console… 

Devices AWS 21 • Registered devices can interact with the gg node, each other, and AWS in a secure manager; i.e. the things in the IoT • Registered devices can interact with the gg node, each other, and AWS in a secure manager; i.e. the things in the IoT • They don’t need to know the specifics of each other, as they can use gg as the intermediary (e.g. IP Addresses) 

Devices, continued AWS 22 • Let’s look at some devices created during the IoT tutorial • https://docs.aws.amazon.com/greengrass/v1/developerguide/modul e4.html • For the purpose of time, let’s just talk from the tutorial, and code • We will get into a more in-depth device use case with Device Shadows • Notice in the code discovery of the Greengrass Core node from AWS, allowing the devices to not need to know a specific IP for the core 

Devices Shadows AWS 23 • Shadows allow a device’s state to be available to other devices • Devices can update another device’s shadow in order to change the state of the device • Interaction with shadows is done via specific topics: https://docs.aws.amazon.com/iot/latest/developerguide/reserved- topics.html#reserved-topics-shadow • Mid-2020 AWS supports unnamed (classic) and named shadows • This allows a device to have multiple states, if needed • Our example will use a classic shadow to demonstrate a device changing the state of another device via device shadow 

Devices Shadows - Use Case AWS 24 • Two simulated devices: a traffic light, and a traffic light controller • The controller interacts with topics to modify the device shadow of The light so that simulated traffic light changes state (Red/yellow/green) 

Devices Shadows - Use Case AWS 25 • Let’s take a look at the devices in the portal • I’m running this code that simulates the devices on my laptop, but there this could easily be done on a Pi • Let’s take a look at the code, and the demo 

Greengrass – Advanced Topics AWS 26 • Local secrets management • Group management • ML and inference at the edge • Security intrusion detection • Pricing: https://aws.amazon.com/greengrass/pricing/ • Stream management 

Thanks For questions and feedback, please connect on LinkedIn and send a message LinkedIn / Kevin Tinn LinkedIn / Austin Loveless