Configuring source authentication - Amazon IoT SiteWise
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Configuring source authentication

If your OPC-UA servers require authentication credentials to connect, you can define a user name and password in a secret for each source in Amazon Secrets Manager. Then, you add the secret to your Greengrass group and IoT SiteWise connector to make the secret available to your gateway. For more information, see Deploy secrets to the Amazon IoT Greengrass core in the Amazon IoT Greengrass Version 1 Developer Guide.

After a secret is available to your gateway, you can choose it when you configure a source. Then, the gateway uses the authentication credentials from the secret when it connects to the source. For more information, see Configuring data sources.

Creating source authentication secrets

In this procedure, you create an authentication secret for your source in Secrets Manager. In the secret, define username and password key-value pairs that contain authentication details for your source.

To create a source authentication secret

  1. Navigate to the Secrets Manager console.

  2. Choose Store a new secret.

  3. Under Select secret type, choose Other type of secrets.

  4. Enter username and password key-value pairs for your OPC-UA server's authentication values, and then choose Next.

    
                            Amazon IoT Greengrass "Secret type" page screenshot.
  5. Enter a Secret name that begins with greengrass-, such as greengrass-factory1-auth.

    Important

    You must use the greengrass- prefix for the default Amazon IoT Greengrass service role to access your secrets. If you want to name your secrets without this prefix, you must grant Amazon IoT Greengrass custom permissions to access your secrets. For more information, see Allow Amazon IoT Greengrass to get secret values in the Amazon IoT Greengrass Version 1 Developer Guide.

    
                            Amazon IoT Greengrass "Select secret name and description" page screenshot.
  6. Enter a Description and choose Next.

  7. (Optional) On the Configure automatic rotation page, configure automatic rotation for your secrets. If you configure automatic rotation, you must redeploy your Greengrass group each time a secret rotates.

  8. On the Configure automatic rotation page, choose Next.

  9. Review your new secret and choose Store.

Adding secrets to a Greengrass group

In this procedure, you add your source authentication secrets to your Amazon IoT Greengrass group to make them available to your IoT SiteWise connector.

To add a secret to your Greengrass group

  1. Navigate to the Amazon IoT Greengrass console.

  2. In the navigation pane, under Greengrass, choose Groups, and then choose your group.

    
                            Amazon IoT Greengrass "Greengrass Groups" page screenshot.
  3. In the navigation page, choose Resources.

  4. On the Resources page, choose the Secret tab, and then choose Add a secret resource.

    
                            Amazon IoT Greengrass "Resources" page screenshot.
  5. Choose Select and choose your secret from the list.

  6. Choose Next.

  7. In Secret resource name, enter a name for your secret resource and choose Save.

    
                            Amazon IoT Greengrass "Name your secret resource" page screenshot.

Adding secrets to an IoT SiteWise connector

In this procedure, you add your source authentication secrets to your IoT SiteWise connector to make them available to Amazon IoT SiteWise and your gateway.

To add a secret to your IoT SiteWise connector

  1. Navigate to the Amazon IoT Greengrass console.

  2. In the navigation pane, under Greengrass, choose Groups, and then choose your group.

    
                            Amazon IoT Greengrass "Greengrass Groups" page screenshot.
  3. In the navigation page, choose Connectors.

  4. Choose the ellipsis icon for the IoT SiteWise connector to open the options menu, and then choose Edit.

    
                            Amazon IoT Greengrass "Connectors" page screenshot with "Edit" highlighted.
  5. Under List of ARNs for OPC-UA username/password secrets, choose Select, and then select each secret to add to this gateway. If you need to create secrets, see Creating source authentication secrets.

    
                            Amazon IoT Greengrass "Configure a connector" page screenshot.

    If your secret doesn't appear, choose Refresh. If your secret still doesn't appear, check that you added the secret to your Greengrass group.

  6. Choose Save.

  7. In the upper-right corner, in the Actions menu, choose Deploy.

  8. Choose Automatic detection to start the deployment.

    If the deployment fails, choose Deploy again. If the deployment continues to fail, see Amazon IoT Greengrass deployment troubleshooting.

    After your group deploys, you can configure a source that uses the new secret. For more information, see Configuring data sources.