Configuring source authentication
If your OPC-UA servers require authentication credentials to connect, you can define a user name and password in a secret for each source in Amazon Secrets Manager. Then, you add the secret to your Greengrass group and IoT SiteWise connector to make the secret available to your SiteWise Edge gateway. For more information, see Deploy secrets to the Amazon IoT Greengrass core in the Amazon IoT Greengrass Version 1 Developer Guide.
After a secret is available to your SiteWise Edge gateway, you can choose it when you configure a source. Then, the SiteWise Edge gateway uses the authentication credentials from the secret when it connects to the source. For more information, see Configuring data sources.
Topics
Creating source authentication secrets
In this procedure, you create an authentication secret for your source in Secrets Manager.
In the secret, define username
and
password
key-value pairs that contain authentication details
for your source.
To create a source authentication secret
-
Navigate to the Secrets Manager console
. -
Choose Store a new secret.
-
Under Select secret type, choose Other type of secrets.
-
Enter
username
andpassword
key-value pairs for your OPC-UA server's authentication values, and then choose Next. -
Enter a Secret name that begins with
greengrass-
, such asgreengrass-factory1-auth
.Important
You must use the
greengrass-
prefix for the default Amazon IoT Greengrass service role to access your secrets. If you want to name your secrets without this prefix, you must grant Amazon IoT Greengrass custom permissions to access your secrets. For more information, see Allow Amazon IoT Greengrass to get secret values in the Amazon IoT Greengrass Version 1 Developer Guide. -
Enter a Description and choose Next.
-
(Optional) On the Configure automatic rotation page, configure automatic rotation for your secrets. If you configure automatic rotation, you must redeploy your Greengrass group each time a secret rotates.
-
On the Configure automatic rotation page, choose Next.
-
Review your new secret and choose Store.
Adding secrets to a Greengrass group
In this procedure, you add your source authentication secrets to your Amazon IoT Greengrass group to make them available to your IoT SiteWise connector.
To add a secret to your Greengrass group
-
Navigate to the Amazon IoT Greengrass console
. -
In the navigation pane, under Greengrass, choose Groups, and then choose your group.
-
In the navigation page, choose Resources.
-
On the Resources page, choose the Secret tab, and then choose Add a secret resource.
-
Choose Select and choose your secret from the list.
-
Choose Next.
-
In Secret resource name, enter a name for your secret resource and choose Save.
Adding secrets to an IoT SiteWise connector
In this procedure, you add your source authentication secrets to your IoT SiteWise connector to make them available to Amazon IoT SiteWise and your SiteWise Edge gateway.
To add a secret to your IoT SiteWise connector
-
Navigate to the Amazon IoT Greengrass console
. -
In the navigation pane, under Greengrass, choose Groups, and then choose your group.
-
In the navigation page, choose Connectors.
-
Choose the ellipsis icon for the IoT SiteWise connector to open the options menu, and then choose Edit.
-
Under List of ARNs for OPC-UA username/password secrets, choose Select, and then select each secret to add to this SiteWise Edge gateway. If you need to create secrets, see Creating source authentication secrets.
If your secret doesn't appear, choose Refresh. If your secret still doesn't appear, check that you added the secret to your Greengrass group.
-
Choose Save.
-
In the upper-right corner, in the Actions menu, choose Deploy.
-
Choose Automatic detection to start the deployment.
If the deployment fails, choose Deploy again. If the deployment continues to fail, see Amazon IoT Greengrass deployment troubleshooting.
After your group deploys, you can configure a source that uses the new secret. For more information, see Configuring data sources.