Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Token exchange service

The token exchange service component (aws.greengrass.TokenExchangeService) provides Amazon credentials that you can use to interact with Amazon services in your custom components.

The token exchange service runs an Amazon Elastic Container Service (Amazon ECS) container instance as a local server. This local server connects to the Amazon IoT credentials provider using the Amazon IoT role alias that you configure in the Greengrass core nucleus component. The component provides two environment variables, AWS_CONTAINER_CREDENTIALS_FULL_URI and AWS_CONTAINER_AUTHORIZATION_TOKEN. AWS_CONTAINER_CREDENTIALS_FULL_URI defines the URI to this local server. When a component creates an Amazon SDK client, the client recognizes this URI environment variable and uses the token in the AWS_CONTAINER_AUTHORIZATION_TOKEN to connect to the token exchange service and retrieve Amazon credentials. This allows Greengrass core devices to call Amazon service operations. For more information about how to use this component in custom components, see Interact with Amazon services.

Versions

This component has the following versions:

Type

This component is a generic component (aws.greengrass.generic). The Greengrass nucleus runs the component's lifecycle scripts.

For more information, see Component types.

Operating system

Dependencies

This component doesn't have any dependencies.

Configuration

This component doesn't have any configuration parameters.

Local log file

This component uses the same log file as the Greengrass nucleus component.

Linux

/greengrass/v2/logs/greengrass.log

Windows

C:\greengrass\v2\logs\greengrass.log

Changelog

The following table describes the changes in each version of the component.