Configuring a Amazon IoT Greengrass V1 SiteWise Edge gateway - Amazon IoT SiteWise
Setting up the SiteWise Edge gateway environmentCreating an IAM policy and roleConfiguring an Amazon IoT Greengrass groupConfiguring the Amazon IoT SiteWise connectorAdding the SiteWise Edge gateway to Amazon IoT SiteWise
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Configuring a Amazon IoT Greengrass V1 SiteWise Edge gateway

A Amazon IoT SiteWise Edge gateway serves as the intermediary between your industrial equipment and Amazon IoT SiteWise. You can deploy the SiteWise Edge gateway software on any device that can run Amazon IoT Greengrass. For more information, see Choosing a Amazon IoT Greengrass V1 SiteWise Edge gateway device.

Note

We recommend that you complete the following steps with someone who has IT administrative access to your local and corporate networks. These steps might require someone with knowledge of your industrial equipment and the authority to configure firewall settings.

Setting up the SiteWise Edge gateway environment

In this procedure, you install Amazon IoT Greengrass and configure your SiteWise Edge gateway to use with Amazon IoT SiteWise.

Note

This section includes instructions to install packages using the apt command. This is applicable to systems running Ubuntu or similar. If you aren't using a similar system, consult the documentation for your distribution and use the recommended package installer.

To set up the SiteWise Edge gateway

  1. As appropriate, modify the BIOS settings of the SiteWise Edge gateway as follows.

    1. Ensure that the SiteWise Edge gateway automatically restarts after a potential power failure, if applicable.

    2. Ensure that the SiteWise Edge gateway won't hibernate or sleep, if applicable.

  2. Ensure that the SiteWise Edge gateway connects to the internet.

  3. (Optional) To use the SiteWise Edge gateway without the mouse, keyboard, and monitor, do the following steps to set up ssh on the SiteWise Edge gateway:

    1. If you haven't already installed the SSH package, run the following command.

      sudo apt install ssh

    2. Run the following command.

      service ssh status

    3. Search for Active: active (running) in the output to confirm that the SSH server is running,

    4. Press Q to exit.

    Run the following command to use SSH to connect to the SiteWise Edge gateway from another computer. Replace username with the user login and IP with the IP address of the SiteWise Edge gateway.

    ssh username@IP

    You can use the -p port-number argument to connect to a port other than the default port 22.

  4. Download and install Amazon IoT Greengrass Core software v1.10.2 or later, and create an Amazon IoT Greengrass group for your SiteWise Edge gateway. To do so, follow the instructions in Getting started with Amazon IoT Greengrass in the Amazon IoT Greengrass Developer Guide.

    We recommend that you run the Amazon IoT Greengrass device setup script to quickly get started. If you want to review Amazon IoT Greengrass requirements and processes more closely, you can walk through the steps in Module 1 and Module 2 to set up Amazon IoT Greengrass.

    Important

    Review the Amazon Regions where Amazon IoT SiteWise is supported. When you choose a Region for Amazon IoT Greengrass, make sure that the Region also supports Amazon IoT SiteWise. Otherwise, you can't connect your SiteWise Edge gateway to Amazon IoT SiteWise.

    Before you continue to the next step, you should have Amazon IoT Greengrass Core software installed on your SiteWise Edge gateway.

  5. Run the following commands to install Java 8.

    sudo apt update
      sudo apt install openjdk-8-jre

    The SiteWise Edge gateway software that you install later in this guide uses a Java 8 runtime.

  6. Run the following command to verify that Java installed successfully.

    java -version

  7. The Amazon IoT Greengrass Core software assumes a java8 directory. Run the following command to link your Java installation to that java8 directory.

    sudo ln -s /usr/bin/java /usr/bin/java8

  8. Run the following command to create a /var/sitewise data directory and give the ggc_user permissions for that directory. Amazon IoT SiteWise stores data in this directory. You created the ggc_user when you set up Amazon IoT Greengrass earlier in this procedure.

    sudo mkdir /var/sitewise 
      sudo chown ggc_user /var/sitewise
      sudo chmod 700 /var/sitewise

    The /var/sitewise is the default directory that Amazon IoT SiteWise uses. You can customize the directory path (for example, replace /var/sitewise with /var/custom/path/), but doing so requires extra steps after the SiteWise Edge gateway is created. For more information, see step 6 in Configuring the Amazon IoT SiteWise connector.

  9. If needed, ask your IT administrator to add the following endpoints and ports to your local network allow list:

    • Ports: 443, 8443, and 8883

      Important

      You can configure Amazon IoT Greengrass Core to use only port 443 for all network communications. For more information, see Connect on port 443 or through a network proxy in the Amazon IoT Greengrass Developer Guide.

    • The IP address of your SiteWise Edge gateway (port 443). To obtain the IP address, run the ip address or ifconfig command and note the inet value (for example, 203.0.113.0).

    • The Amazon IoT SiteWise data endpoint: data.iotsitewise.region.amazonaws.com (port 443).

    • The following Amazon endpoints that the SiteWise Edge gateway uses. You can find these in the /greengrass-root/config/config.json file. Replace greengrass-root with the root of your Amazon IoT Greengrass installation.

      • ggHost: greengrass-ats.iot.region.amazonaws.com (ports 443, 8443, and 8883).

      • iotHost: prefix-ats.iot.region.amazonaws.com (ports 443, 8443, and 8883).

      For more information, see Amazon IoT Greengrass endpoints and quotas.

  10. If the Amazon IoT Greengrass Core software isn't already running, run the following command to start the Amazon IoT Greengrass Core software. Replace greengrass-root with the root of your Amazon IoT Greengrass installation. The default greengrass-root is /greengrass.

    cd /greengrass-root/ggc/core
      sudo ./greengrassd start

    You should see this message: Greengrass successfully started with PID: some-PID-number

  11. Configure the Amazon IoT Greengrass Core software to automatically start when your SiteWise Edge gateway turns on. Consult the documentation for your SiteWise Edge gateway's operating system.

Creating an IAM policy and role

You must create an Amazon Identity and Access Management (IAM) policy and role to allow the SiteWise Edge gateway to access Amazon IoT SiteWise on your behalf.

To create an IAM policy and role

  1. Navigate to the IAM console.

  2. In the navigation pane, choose Policies, and then choose Create policy.

    IAM "Policies" page screenshot.

  3. On the JSON tab, delete the current contents of the policy field, and paste the following policy into the field.

    {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Effect": "Allow",
            "Action": "iotsitewise:BatchPutAssetPropertyValue",
            "Resource": "*"
          }
        ]
      }
    Note

    To improve security, you can specify an Amazon IoT SiteWise asset hierarchy path in the Condition property. The following example is a trust policy that specifies an asset hierarchy path.

    {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Effect": "Allow",
            "Action": "iotsitewise:BatchPutAssetPropertyValue",
            "Resource": "*",
            "Condition": {
              "StringLike": {
                "iotsitewise:assetHierarchyPath": [
                  "/root node asset ID",
                  "/root node asset ID/*"
                ]
              }
            }
          }
        ]
      }

  4. Choose Review policy.

  5. Enter a name and description for the policy, and then choose Create policy.

  6. In the navigation pane, choose Roles, and then choose Create role.

    IAM "Roles" page screenshot.

  7. Under Select type of trusted entity, choose Amazon service. Under Choose the service that will use the role, choose Greengrass as the service that will use the role, and then choose Next: Permissions.

    IAM "Select type of trusted entity" page screenshot.

  8. Search for the policy that you created, select the check box, and then choose Next: Tags.

    IAM "Attach permissions policies" page screenshot.

  9. (Optional) Add tags to your role, and then choose Next: Review.

  10. Enter a name and description for the role, and then choose Create role.

    IAM "Review" page screenshot.

  11. In the green banner, choose the link to your new role. You can also use the search field to find the role.

    IAM "The role SiteWiseDemo has been created" page screenshot.

  12. Choose the Trust relationships tab, and then choose Edit trust relationship.

    IAM "Summary" page screenshot of the "Trust relationships" tab.

  13. Replace the current contents of the policy field with the following, and then choose Update Trust Policy.

    {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Effect": "Allow",
            "Principal": {
              "Service": "greengrass.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
          }
        ]
      }

Configuring an Amazon IoT Greengrass group

To attach an IAM role to a group and enable stream manager

  1. Navigate to the Amazon IoT Greengrass console.

  2. In the left navigation pane, under Greengrass, choose Groups, and then choose the group that you created in Setting up the SiteWise Edge gateway environment.

    Amazon IoT Greengrass "Greengrass Groups" page screenshot.

  3. In the left navigation pane, choose Settings. In the Group Role section, choose Add Role.

    Amazon IoT Greengrass "Add Role" page screenshot.

  4. Choose the role that you created in Creating an IAM policy and role, and then choose Save.

    Amazon IoT Greengrass "Your Group's IAM Role" page screenshot.

  5. On the Settings page, in the Stream manager section, choose Edit.

    Stream manager is a feature of Amazon IoT Greengrass that enables your Amazon IoT Greengrass Core to stream data to the Amazon Cloud. SiteWise Edge gateways require that stream manager is enabled. For more information, see Manage data streams on the Amazon IoT Greengrass Core in the Amazon IoT Greengrass Version 1 Developer Guide.

    Amazon IoT Greengrass "Stream manager" section screenshot.

  6. Choose Enable, and then choose Save.

  7. In the upper-left corner, choose Services to prepare for the next procedure.

Configuring the Amazon IoT SiteWise connector

In this procedure, you configure the Amazon IoT SiteWise connector on your Greengrass group. Components are prebuilt modules that accelerate the development lifecycle for common edge scenarios. For more information, see Amazon IoT Greengrass connectors in the Amazon IoT Greengrass Version 1 Developer Guide.

To configure the Amazon IoT SiteWise connector

  1. Navigate to the Amazon IoT Greengrass console.

  2. In the left navigation pane, under Greengrass, choose Groups, and then choose the group that you created in Setting up the SiteWise Edge gateway environment.

    Amazon IoT Greengrass "Greengrass Groups" page screenshot.

  3. In the left navigation page, choose Connectors. On the Connectors page, choose Add a connector.

    Amazon IoT Greengrass "Connectors" page screenshot.

  4. Choose IoT SiteWise from the list and choose Next.

    Amazon IoT Greengrass "Select a connector" page screenshot.

  5. If your server requires authentication, you can create Amazon Secrets Manager secrets with the server's user name and password. Then, you can attach each secret to your Greengrass group and choose them under List of ARNs for username/password secrets. For more information about how to create and configure secrets, see Configuring source authentication. You can also add secrets to your connector later.

    Amazon IoT Greengrass "Configure a connector" page screenshot.

  6. If you set up your SiteWise Edge gateway with a different path than /var/sitewise, enter that path for Local storage path.

  7. (Optional) Enter a maximum disk buffer size for the connector. If the Amazon IoT Greengrass core loses connection to the Amazon Cloud, the connector caches data until it can successfully connect. If the cache size exceeds the maximum disk buffer size, the connector discards the oldest data from the queue.

  8. Choose Add.

  9. In the upper-right corner, in the Actions menu, choose Deploy.

  10. Choose Automatic detection to start the deployment.

    If the deployment fails, choose Deploy again. If the deployment continues to fail, see Amazon IoT Greengrass deployment troubleshooting.

Adding the SiteWise Edge gateway to Amazon IoT SiteWise

In this procedure, you add your SiteWise Edge gateway's Greengrass group to Amazon IoT SiteWise. After you register your SiteWise Edge gateway with Amazon IoT SiteWise, the service can deploy your data source configurations to your SiteWise Edge gateway.

To add the SiteWise Edge gateway to Amazon IoT SiteWise

  1. Navigate to the Amazon IoT SiteWise console.

  2. Choose Add gateway.

  3. On the Add SiteWise gateway page, do the following:

    1. Enter a Name for the SiteWise Edge gateway. Consider including the location of the SiteWise Edge gateway in the name so that you can easily identify it.

    2. For Greengrass group ID, choose the Greengrass group that you created earlier.

      Amazon IoT SiteWise "Add SiteWise Edge gateway" page screenshot.

    3. Choose Add gateway.

  4. If you add the data processing pack to your SiteWise Edge gateway, configure and deploy the Amazon IoT SiteWise Data Processor connector on your Amazon IoT Greengrass group. Follow the steps in Configuring the Amazon IoT SiteWise connector to configure the Amazon IoT SiteWise Data Processor connector:

    1. For Select a connector in the Amazon IoT Greengrass console, choose Amazon IoT SiteWise Data Processor.

    2. For Local storage path, enter the path to your SiteWise Edge gateway.

    3. Choose Add.

    4. In the upper-right corner, in the Actions menu, choose Deploy, and then choose Automatic detection to start the deployment.

After your SiteWise Edge gateway deploys, you can add a source for each piece of industrial equipment from which you want your SiteWise Edge gateway to ingest data. For more information, see Configuring data sources.

You can view Amazon CloudWatch metrics to verify that your SiteWise Edge gateway connects to Amazon IoT SiteWise. For more information, see Amazon IoT Greengrass Version 1 gateway metrics.