3. Set up your Greengrass core

An AWS Greengrass core is an AWS IoT device running specific software. This software enables the core to communicate with AWS IoT and AWS Greengrass cloud services.

Note See http://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html for a full description of the AWS Greengrass core software.

To set up your Greengrass core, follow these steps:

• 3.1. Create an AWS IoT thing for your core
• 3.2. Install certificates on your core
• 3.3. Configure your Greengrass core

3.1. Create an AWS IoT thing for your core

Using the AWS IoT console, create an AWS IoT thing, certificate, and policy for your AWS Greengrass core device:

1. Go to the AWS IoT console.
2. Create an AWS IoT Thing for your AWS Greengrass core and name it GGC_Thing.

For more information, see Register a Device in the Thing Registry .

3. Create an AWS IoT certificate and private key for your Greengrass core. For more information, see Create a Device Certificate.

4. Download the certificate and private key and save them in a safe place. You will copy them to your AWS Greengrass core device later.
5. Attach your device certificate to your AWS IoT thing, GGC_Thing. For more information, see Attach a Certificate to a Thing.
6. Make sure your certificate is activated.
7. Create and attach an AWS IoT policy to your device certificate.

An AWS IoT policy designates the AWS IoT resources your Greengrass core can access. To create and attach a policy, see Attach an AWS IoT Policy.

Use the Advanced mode to enter the following policy that allows the identity associated to perform all AWS IoT and AWS Greengrass operations:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:*",
        "greengrass:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

3.2. Install certificates on your core

AWS IoT requires your core device to use MQTT over TLS to establish a secure connection. To do so, the certificates must be installed on the core device:

1. Download the AWS IoT root CA certificate from Symantec/Verisign.
2. Place the AWS IoT root CA certificate into the /greengrass/certs directory of your device. You can use scp command.

~> scp root-ca.pem root@<ip>:/greengrass/configuration/certs/

• root-ca.pem is the AWS IoT root CA certificate.
• <ip> is your device's IP.
3. Place the core's certificate and private key associated with your device in the /greengrass/certs directory.

~> scp <id>.pem.crt root@<ip>:/greengrass/configuration/certs/
~> scp <id>-private.pem.key root@<ip>:/greengrass/configuration/certs/

• <id>.pem.crt is the certificate attached to your core. The AWS Greengrass core uses this certificate to authenticate with AWS IoT and AWS Greengrass.
• <id>-private.pem.key is the core's private key. The AWS Greengrass core uses this key to authenticate with AWS IoT and AWS Greengrass.
• <ip> is your device's IP.

3.3. Configure your Greengrass core

To configure your core to recognize the AWS IoT thing you created for it, update the /greengrass/config/config.json file:

/greengrass/config/config.json 

{
    "coreThing": {
        "caPath": "[ROOT_CA_PEM_HERE]",
        "certPath": "[CLOUD_PEM_CRT_HERE]",
        "keyPath": "[CLOUD_PEM_KEY_HERE]",
        "thingArn": "[THING_ARN_HERE]",
        "iotHost": "[HOST_PREFIX_HERE].iot.[AWS_REGION_HERE].amazonaws.com",
        "ggHost": "greengrass.iot.[AWS_REGION_HERE].amazonaws.com"
    },
    "runtime": {
        "cgroup": {
            "useSystemd": "no"
        }
    }
}

• caPath: The path to the AWS IoT root CA certificate relative to /greengrass/certs directory.
• certPath: The path to the core's certificate relative to /greengrass/certs directory.
• keyPath: The path to the core's private key relative to /greengrass/certs directory.
• thingArn: The ARN of the thing that represents the core. The ARN is a unique identifier assigned to your device in the cloud.

Follow these steps to find the thing ARN for your core:

1. In the navigation pane, select Registry and then Things.
2. Select your core thing, GGC_Thing to display its details page.
3. Copy the ARN of your core. It will be similar to: arn:aws:iot:us-west-2:ABCDEFG1234567:thing/GGC_Thing

• iotHost: Your AWS IoT endpoint.

In the navigation pane, select Settings. Copy your custom Endpoint.

It will be similar to: ABCDEFG1234567.iot.us-west-2.amazonaws.com

• ggHost: The AWS Greengrass endpoint, greengrass.iot.us-west-2.amazonaws.com.

Note Replace us-west-2 with the region you are using to access Greengrass.

Your config.json will look similar to the following:

/greengrass/config/config.json 

{
    "coreThing": {
        "caPath": "root-ca.pem",
        "certPath": "<id>.pem.crt",
        "keyPath": "<id>-private.pem.key",
        "thingArn": "arn:aws:iot:us-west-2:ABCDEFG1234567:thing/GGC_Thing",
        "iotHost": "ABCDEFG1234567.iot.us-west-2.amazonaws.com",
        "ggHost": "greengrass.iot.us-west-2.amazonaws.com"
    },
    "runtime": {
        "cgroup": {
            "useSystemd": "no"
        }
    }
}