Install the Amazon IoT Greengrass Core software (console) - Amazon IoT Greengrass
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Install the Amazon IoT Greengrass Core software (console)

  1. Sign in to the Amazon IoT Greengrass console.

  2. Under Get started with Greengrass, choose Set up one core device.

  3. Under Step 1: Register a Greengrass core device, for Core device name, enter the name of the Amazon IoT thing for your Greengrass core device. If the thing doesn't exist, the installer creates it.

  4. Under Step 2: Add to a thing group to apply a continuous deployment, for Thing group, choose the Amazon IoT thing group to which you want to add your core device.

    • If you select Enter a new group name, then in Thing group name, enter the name of the new group to create. The installer creates the new group for you.

    • If you select Select an existing group, then in Thing group name, choose the existing group that you want to use.

    • If you select No group, then the installer doesn't add the core device to a thing group.

  5. Under Step 3: Install the Greengrass Core software, complete the following steps.

    1. Choose your core device's operating system: Linux or Windows.

    2. Provide your Amazon credentials to the device so that the installer can provision the Amazon IoT and IAM resources for your core device. To increase security, we recommend that you get temporary credentials for an IAM role that allows only the minimum permissions necessary to provision. For more information, see Minimal IAM policy for installer to provision resources.

      Note

      The installer doesn't save or store your credentials.

      On your device, do one of the following to retrieve credentials and make them available to the Amazon IoT Greengrass Core software installer:

      • (Recommended) Use temporay credentials from Amazon IAM Identity Center

        1. Provide the access key ID, secret access key, and session token from the IAM Identity Center. For more information, see Manual credential refresh in Getting and refreshing temporary credentials in the IAM Identity Center user guide.

        2. Run the following commands to provide the credentials to the Amazon IoT Greengrass Core software.

          Linux or Unix
          export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY export AWS_SESSION_TOKEN=AQoDYXdzEJr1K...o5OytwEXAMPLE=
          Windows Command Prompt (CMD)
          set AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE set AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY set AWS_SESSION_TOKEN=AQoDYXdzEJr1K...o5OytwEXAMPLE=
          PowerShell
          $env:AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE" $env:AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" $env:AWS_SESSION_TOKEN="AQoDYXdzEJr1K...o5OytwEXAMPLE="
      • Use temporary security credentials from an IAM role:

        1. Provide the access key ID, secret access key, and session token from an IAM role that you assume. For more information about how to retrieve these credentials, see Requesting temporary security credentials in the IAM User Guide.

        2. Run the following commands to provide the credentials to the Amazon IoT Greengrass Core software.

          Linux or Unix
          export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY export AWS_SESSION_TOKEN=AQoDYXdzEJr1K...o5OytwEXAMPLE=
          Windows Command Prompt (CMD)
          set AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE set AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY set AWS_SESSION_TOKEN=AQoDYXdzEJr1K...o5OytwEXAMPLE=
          PowerShell
          $env:AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE" $env:AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" $env:AWS_SESSION_TOKEN="AQoDYXdzEJr1K...o5OytwEXAMPLE="
      • Use long-term credentials from an IAM user:

        1. Provide the access key ID and secret access key for your IAM user. You can create an IAM user for provisioning that you later delete. For the IAM policy to give the user, see Minimal IAM policy for installer to provision resources. For more information about how to retrieve long-term credentials, see Managing access keys for IAM users in the IAM User Guide.

        2. Run the following commands to provide the credentials to the Amazon IoT Greengrass Core software.

          Linux or Unix
          export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
          Windows Command Prompt (CMD)
          set AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE set AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
          PowerShell
          $env:AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE" $env:AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
        3. (Optional) If you created an IAM user to provision your Greengrass device, delete the user.

        4. (Optional) If you used the access key ID and secret access key from an existing IAM user, update the keys for the user so that they are no longer valid. For more information, see Updating access keys in the Amazon Identity and Access Management user guide.

    3. Under Run the installer, complete the following steps.

      1. Under Download the installer, choose Copy and run the copied command on your core device. This command downloads the latest version of the Amazon IoT Greengrass Core software and unzips it on your device.

      2. Under Run the installer, choose Copy, and run the copied command on your core device. This command uses the Amazon IoT thing and thing group names that you specified earlier to run the Amazon IoT Greengrass Core software installer and set up Amazon resources for your core device.

        This command also does the following:

        • Set up the Amazon IoT Greengrass Core software as a system service that runs at boot. On Linux devices, this requires the Systemd init system.

          Important

          On Windows core devices, you must set up the Amazon IoT Greengrass Core software as a system service.

        • Deploy the Amazon IoT Greengrass CLI component, which is a command-line tool that enables you to develop custom Greengrass components on the core device.

        • Specify to use the ggc_user system user to run software components on the core device. On Linux devices, this command also specifies to use the ggc_group system group, and the installer creates the system user and group for you.

        When you run this command, you should see the following messages to indicate that the installer succeeded.

        Successfully configured Nucleus with provisioned resource details! Configured Nucleus to deploy aws.greengrass.Cli component Successfully set up Nucleus as a system service
        Note

        If you have a Linux device and it doesn't have systemd, the installer won't set up the software as a system service, and you won't see the success message for setting up the nucleus as a system service.