Install the Amazon IoT Greengrass Secret Manager component on the device
The Amazon Kinesis Video Streams Edge Agent requires the Amazon IoT Greengrass Secret Manager component to be installed on the device first.
Install the Secret Manager component
-
Sign in to the Amazon Web Services Management Console and open the Amazon IoT Core console at https://console.amazonaws.cn/iot/
. Verify that the appropriate Region is selected. -
In the left navigation, choose Greengrass devices, Deployments.
Choose the deployment with the same target as the thing we created in Set up the Amazon IoT Greengrass V2 core device on the device.
-
In the Actions dropdown in the top right corner, choose Revise.
In the pop-up that appears, choose Revise deployment.
-
Complete the following sections:
-
Step 1: Specify target. Choose Next.
-
Step 2: Select components.
-
Verify that the aws.greengrass.Cli component is selected. Do not uninstall this component.
-
Toggle the Show only selected components switch and search for aws.greengrass.SecretManager.
-
Check the box next to aws.greengrass.SecretManager, then choose Next.
-
-
Step 3: Configure components. Configure the Amazon IoT Greengrass Secret Manager component to download the secrets from within the Amazon IoT Greengrass environment.
Select the aws.greengrass.SecretManager component, then choose Configure component.
In the screen that appears, update the Amazon Secrets Manager ARNs in the Configuration to merge box.
Note
Replace
arn:aws:secretsmanager:*:*:secret:*
with the ARNs of the secrets that you created in Create the Amazon Kinesis Video Streams and Amazon Secrets Manager resources for your IP camera RTSP URLs.{ "cloudSecrets": [ { "arn": "
arn:aws:secretsmanager:*:*:secret:*
" }, { "arn": "arn:aws:secretsmanager:*:*:secret:*
" } ] }Note
cloudSecrets
is a list of objects with the keyarn
. For more information, see the Secret manager configuration section in the Amazon IoT Greengrass Version 2 Developer Guide.When you're done, select Confirm, then choose Next.
-
Step 4: Configure advanced settings. Select Next.
-
Step 5: Review. Select Deploy.
-
-
Confirm that the Amazon Secrets Manager component and permissions were installed correctly.
On the Ubuntu Amazon EC2 instance, type
sudo /greengrass/v2/bin/greengrass-cli component details --name aws.greengrass.SecretManager
to verify that the component received the updated configuration. -
Inspect the Amazon IoT Greengrass core logs.
Type
sudo less /greengrass/v2/logs/greengrass.log
.Review for deployment errors.
If there was an error, revise the deployment to remove the
aws.greengrass.SecretManager
component.Type
sudo service greengrass restart
to restart the Amazon IoT Greengrass core service.If the deployment error was related to missing permissions, review the Add permissions to the token exchange service (TES) role section to make sure that the TES role has the proper permissions. Then, repeat this section.
Important
The Amazon IoT Greengrass Secret Manager component fetches and caches secrets only when the deployment is updated.
In order to update the secrets on the Amazon IoT Greengrass Secret Manager component, follow the preceding steps 1–6, with the following change.
Step 3: Configure components. Configure the Amazon IoT Greengrass Secret Manager component to download the secrets from within the Amazon IoT Greengrass environment.
Select the aws.greengrass.SecretManager component, then choose Configure component.
In the screen that appears, paste
[""]
in the Reset paths box, and update the Amazon Secrets Manager ARNs in the Configuration to merge box.For more information, see Reset updates.