Provision an Amazon IoT thing to use as a Greengrass core - Amazon IoT Greengrass
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon IoT Greengrass Version 1 entered the extended life phase on June 30, 2023. For more information, see the Amazon IoT Greengrass V1 maintenance policy. After this date, Amazon IoT Greengrass V1 won't release updates that provide features, enhancements, bug fixes, or security patches. Devices that run on Amazon IoT Greengrass V1 won't be disrupted and will continue to operate and to connect to the cloud. We strongly recommend that you migrate to Amazon IoT Greengrass Version 2, which adds significant new features and support for additional platforms.

Provision an Amazon IoT thing to use as a Greengrass core

Greengrass cores are devices that run the Amazon IoT Greengrass Core software to manage local IoT processes. To set up a Greengrass core, you create an Amazon IoT thing, which represents a device or logical entity that connects to Amazon IoT. When you register a device as an Amazon IoT thing, that device can use a digital certificate and keys that allow it to access Amazon IoT. You use an Amazon IoT policy to allow the device to communicate with the Amazon IoT and Amazon IoT Greengrass services.

In this section, you register your device as an Amazon IoT thing to use it as a Greengrass core.

To create an Amazon IoT thing
  1. Navigate to the Amazon IoT console.

  2. Under Manage, expand All devices, and then choose Things.

  3. On the Things page, choose Create things.

  4. On the Create things page, choose Create single thing, and then choose Next.

  5. On the Specify thing properties page, do the following:

    1. For Thing name, enter a name that represents your device, such as MyGreengrassV1Core.

    2. Choose Next.

  6. On the Configure device certificate page, choose Next.

  7. On the Attach policies to certificate page, do one of the following:

    • Select an existing policy that grants permissions that cores require, and then choose Create thing.

      A modal opens where you can download the certificates and keys that the device uses to connect to the Amazon Web Services Cloud.

    • Create an attach a new policy that grants core device permissions. Do the following:

      1. Choose Create policy.

        The Create policy page opens in a new tab.

      2. On the Create policy page, do the following:

        1. For Policy name, enter a name that describes the policy, such as GreengrassV1CorePolicy.

        2. On the Policy statements tab, under Policy document, choose JSON.

        3. Enter the following policy document. This policy allows the core to communicate with the Amazon IoT Core service, interact with device shadows, and communicate with the Amazon IoT Greengrass service. For information about how to restrict this policy's access based on your use case, see Minimal Amazon IoT policy for the Amazon IoT Greengrass core device.

          { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Subscribe", "iot:Connect", "iot:Receive" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iot:GetThingShadow", "iot:UpdateThingShadow", "iot:DeleteThingShadow" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "greengrass:*" ], "Resource": [ "*" ] } ] }
        4. Choose Create to create the policy.

      3. Return to the browser tab with the Attach policies to certificate page open. Do the following:

        1. In the Policies list, select the policy that you created, such as GreengrassV1CorePolicy.

          If you don't see the policy, choose the refresh button.

        2. Choose Create thing.

          A modal opens where you can download the certificates and keys that the core uses to connect to Amazon IoT.

  8. Return to the browser tab with the Attach policies to certificate page open. Do the following:

    1. In the Policies list, select the policy that you created, such as GreengrassV1CorePolicy.

      If you don't see the policy, choose the refresh button.

    2. Choose Create thing.

      A modal opens where you can download the certificates and keys that the core uses to connect to Amazon IoT.

  9. In the Download certificates and keys modal, download the device's certificates.

    Important

    Before you choose Done, download the security resources.

    Do the following:

    1. For Device certificate, choose Download to download the device certificate.

    2. For Public key file, choose Download to download the public key for the certificate.

    3. For Private key file, choose Download to download the private key file for the certificate.

    4. Review Server Authentication in the Amazon IoT Developer Guide and choose the appropriate root CA certificate. We recommend that you use Amazon Trust Services (ATS) endpoints and ATS root CA certificates. Under Root CA certificates, choose Download for a root CA certificate.

    5. Choose Done.

    Make a note of the certificate ID that's common in the file names for the device certificate and keys. You need it later.