Prerequisites for running the Amazon IoT Greengrass qualification suite - Amazon IoT Greengrass
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Amazon IoT Greengrass Version 1 no longer receives feature updates, and will receive only security patches and bug fixes until June 30, 2023. For more information, see the Amazon IoT Greengrass V1 maintenance policy. We strongly recommend that you migrate to Amazon IoT Greengrass Version 2, which adds significant new features and support for additional platforms.

Prerequisites for running the Amazon IoT Greengrass qualification suite

This section describes the prerequisites for using Amazon IoT Device Tester (IDT) for Amazon IoT Greengrass to run the Amazon IoT Greengrass qualification suite.

Download the latest version of Amazon IoT Device Tester for Amazon IoT Greengrass

Download the latest version of IDT and extract the software into a location on your file system where you have read and write permissions.

Note

IDT does not support being run by multiple users from a shared location, such as an NFS directory or a Windows network shared folder. We recommend that you extract the IDT package to a local drive and run the IDT binary on your local workstation.

Windows has a path length limitation of 260 characters. If you are using Windows, extract IDT to a root directory like C:\ or D:\ to keep your paths under the 260 character limit.

Create and configure an Amazon Web Services account

Before you can use IDT for Amazon IoT Greengrass, you must perform the following steps:

  1. Create an Amazon Web Services account. If you already have an Amazon Web Services account, skip to step 2.

  2. Configure permissions for IDT.

These account permissions allow IDT to access Amazon services and create Amazon resources, such as Amazon IoT things, Greengrass groups, and Lambda functions, on your behalf.

To create these resources, IDT for Amazon IoT Greengrass uses the Amazon credentials configured in the config.json file to make API calls on your behalf. These resources are provisioned at various times during a test.

Note

Although most tests qualify for Amazon Web Services Free Tier, you must provide a credit card when you sign up for an Amazon Web Services account. For more information, see Why do I need a payment method if my account is covered by the Free Tier?.

Step 1: Create an Amazon Web Services account

In this step, create and configure an Amazon Web Services account. If you already have an Amazon Web Services account, skip to Step 2: Configure permissions for IDT.

  1. Open the Amazon home page, and choose Create an Amazon Account.

    Note

    If you've signed in to Amazon recently, you might see Sign In to the Console instead.

  2. Follow the online instructions. Part of the sign-up procedure includes registering a credit card, receiving a text message or phone call, and entering a PIN.

    For more information, see How do I create and activate a new Amazon Web Services account?

Step 2: Configure permissions for IDT

In this step, configure the permissions that IDT for Amazon IoT Greengrass uses to run tests and collect IDT usage data. You can use the Amazon Web Services Management Console or Amazon Command Line Interface (Amazon CLI) to create an IAM policy and a test user for IDT, and then attach policies to the user. If you already created a test user for IDT, skip to Configure your device to run IDT tests or Optional: Configuring your Docker container for IDT for Amazon IoT Greengrass.

To configure permissions for IDT (console)

Follow these steps to use the console to configure permissions for IDT for Amazon IoT Greengrass.

  1. Sign in to the IAM console.

  2. Create a customer managed policy that grants permissions to create roles with specific permissions.

    1. In the navigation pane, choose Policies, and then choose Create policy.

    2. On the JSON tab, replace the placeholder content with the following policy.

      { "Version": "2012-10-17", "Statement": [ { "Sid": "ManageRolePoliciesForIDTGreengrass", "Effect": "Allow", "Action": [ "iam:DetachRolePolicy", "iam:AttachRolePolicy" ], "Resource": [ "arn:aws-cn:iam::*:role/idt-*", "arn:aws-cn:iam::*:role/GreengrassServiceRole" ], "Condition": { "ArnEquals": { "iam:PolicyARN": [ "arn:aws-cn:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy", "arn:aws-cn:iam::aws:policy/service-role/GreengrassOTAUpdateArtifactAccess", "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] } } }, { "Sid": "ManageRolesForIDTGreengrass", "Effect": "Allow", "Action": [ "iam:CreateRole", "iam:DeleteRole", "iam:PassRole", "iam:GetRole" ], "Resource": [ "arn:aws-cn:iam::*:role/idt-*", "arn:aws-cn:iam::*:role/GreengrassServiceRole" ] } ] }
      Important

      The following policy grants permission to create and manage roles required by IDT for Amazon IoT Greengrass. This includes permissions to attach the following Amazon managed policies:

    3. Choose Next: Tags.

    4. Choose Next: Review.

    5. For Name, enter IDTGreengrassIAMPermissions. Under Summary, review the permissions granted by your policy.

    6. Choose Create policy.

  3. Create an IAM user and attach the permissions required by IDT for Amazon IoT Greengrass.

    1. Create an IAM user. Follow steps 1 through 5 in Creating IAM users (console) in the IAM User Guide.

    2. Attach the permissions to your IAM user:

      1. On the Set permissions page, choose Attach existing policies directly.

      2. Search for the IDTGreengrassIAMPermissions policy that you created in the previous step. Select the check box.

      3. Search for the AWSIoTDeviceTesterForGreengrassFullAccess policy. Select the check box.

        Note

        The AWSIoTDeviceTesterForGreengrassFullAccess is an Amazon managed policy that defines the permissions IDT requires to create and access Amazon resources used for testing. For more information, see Amazon managed policy for Amazon IoT Device Tester.

    3. Choose Next: Tags.

    4. Choose Next: Review to view a summary of your choices.

    5. Choose Create user.

    6. To view the user's access keys (access key IDs and secret access keys), choose Show next to the password and access key. To save the access keys, choose Download.csv and save the file to a secure location. You use this information later to configure your Amazon credentials file.

  4. Next step: Configure your physical device.

 

To configure permissions for IDT (Amazon CLI)

Follow these steps to use the Amazon CLI to configure permissions for IDT for Amazon IoT Greengrass. If you already configured permissions in the console, skip to Configure your device to run IDT tests or Optional: Configuring your Docker container for IDT for Amazon IoT Greengrass.

  1. On your computer, install and configure the Amazon CLI if it's not already installed. Follow the steps in Installing the Amazon CLI in the Amazon Command Line Interface User Guide.

    Note

    The Amazon CLI is an open source tool that you can use to interact with Amazon services from your command-line shell.

  2. Create a customer managed policy that grants permissions to manage IDT and Amazon IoT Greengrass roles.

    Linux, macOS, or Unix
    aws iam create-policy --policy-name IDTGreengrassIAMPermissions --policy-document '{ "Version": "2012-10-17", "Statement": [ { "Sid": "ManageRolePoliciesForIDTGreengrass", "Effect": "Allow", "Action": [ "iam:DetachRolePolicy", "iam:AttachRolePolicy" ], "Resource": [ "arn:aws-cn:iam::*:role/idt-*", "arn:aws-cn:iam::*:role/GreengrassServiceRole" ], "Condition": { "ArnEquals": { "iam:PolicyARN": [ "arn:aws-cn:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy", "arn:aws-cn:iam::aws:policy/service-role/GreengrassOTAUpdateArtifactAccess", "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] } } }, { "Sid": "ManageRolesForIDTGreengrass", "Effect": "Allow", "Action": [ "iam:CreateRole", "iam:DeleteRole", "iam:PassRole", "iam:GetRole" ], "Resource": [ "arn:aws-cn:iam::*:role/idt-*", "arn:aws-cn:iam::*:role/GreengrassServiceRole" ] } ] }'
    Windows command prompt
    aws iam create-policy --policy-name IDTGreengrassIAMPermissions --policy-document '{\"Version\": \"2012-10-17\", \"Statement\": [{\"Sid\": \"ManageRolePoliciesForIDTGreengrass\",\"Effect\": \"Allow\",\"Action\": [\"iam:DetachRolePolicy\", \"iam:AttachRolePolicy\"], \"Resource\": [\"arn:aws-cn:iam::*:role/idt-*\",\"arn:aws-cn:iam::*:role/GreengrassServiceRole\"],\"Condition\": {\"ArnEquals\": {\"iam:PolicyARN\": [\"arn:aws-cn:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy\",\"arn:aws-cn:iam::aws:policy/service-role/GreengrassOTAUpdateArtifactAccess\",\"arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole\"]}}},{\"Sid\": \"ManageRolesForIDTGreengrass\",\"Effect\": \"Allow\",\"Action\": [\"iam:CreateRole\",\"iam:DeleteRole\", \"iam:PassRole\", \"iam:GetRole\"],\"Resource\": [\"arn:aws-cn:iam::*:role/idt-*\",\"arn:aws-cn:iam::*:role/GreengrassServiceRole\"]}]}'
    Note

    This step includes a Windows command prompt example because it uses a different JSON syntax than Linux, macOS, or Unix terminal commands.

  3. Create an IAM user and attach the permissions required by IDT for Amazon IoT Greengrass.

    1. Create an IAM user. In this example setup, the user is named IDTGreengrassUser.

      aws iam create-user --user-name IDTGreengrassUser
    2. Attach the IDTGreengrassIAMPermissions policy you created in step 2 to your IAM user. Replace <account-id> in the command with the ID of your Amazon Web Services account.

      aws iam attach-user-policy --user-name IDTGreengrassUser --policy-arn arn:aws-cn:iam::<account-id>:policy/IDTGreengrassIAMPermissions
    3. Attach the AWSIoTDeviceTesterForGreengrassFullAccess policy to your IAM user.

      aws iam attach-user-policy --user-name IDTGreengrassUser --policy-arn arn:aws-cn:iam::aws:policy/AWSIoTDeviceTesterForGreengrassFullAccess
      Note

      The AWSIoTDeviceTesterForGreengrassFullAccess is an Amazon managed policy that defines the permissions IDT requires to create and access Amazon resources used for testing. For more information, see Amazon managed policy for Amazon IoT Device Tester.

  4. Create a secret access key for the user.

    aws iam create-access-key --user-name IDTGreengrassUser

    Store the output in a secure location. You use this information later to configure your Amazon credentials file.

  5. Next step: Configure your physical device.

Amazon managed policy for Amazon IoT Device Tester

The AWSIoTDeviceTesterForGreengrassFullAccess managed policy allows IDT to run operations and collect usage metrics. This policy grants the following IDT permissions:

  • iot-device-tester:CheckVersion. Check whether a set of Amazon IoT Greengrass, test suite, and IDT versions are compatible.

  • iot-device-tester:DownloadTestSuite. Download test suites.

  • iot-device-tester:LatestIdt. Get information about the latest IDT version that is available for download.

  • iot-device-tester:SendMetrics. Publish usage data that IDT collects about your tests.

  • iot-device-tester:SupportedVersion. Get the list of Amazon IoT Greengrass and test suite versions that are supported by IDT. This information is displayed in the command-line window.