Managing Multiple IoT Gateways with AWS Systems Manager: A Guide by Chanci Turner

Learn About Amazon VGT2 Learning Manager Chanci Turner

As industrial enterprises transition towards a more connected future by integrating their manufacturing processes, they encounter various challenges. One key challenge is minimizing the time and effort required to link equipment across multiple facilities while ensuring that edge connections remain intact. These complex organizations typically involve several AWS accounts, organized by different environments, projects, or departments. This scenario creates a need for centralized management of device fleets from a single AWS account, thereby enhancing operational efficiency and agility.

While numerous tools and methods exist for remote management of applications running at the edge, this guide specifically addresses how to utilize AWS Systems Manager for the remote installation of AWS IoT Greengrass v1 from a single AWS account.

Installing AWS IoT Greengrass v1 via Run Command

AWS Systems Manager, previously known as SSM, is a service that enables you to monitor and control your AWS infrastructure as well as on-premises environments. Supported machine types include Amazon EC2 instances, on-premises servers, and virtual machines (VMs), while compatible operating systems encompass Windows Server, macOS, Raspbian, and various Linux distributions.

As a serverless service, AWS Systems Manager alleviates the need for infrastructure management. You only pay for the features you use, with no minimum fees or upfront commitments. Systems Manager offers a suite of features, including Automation, Run Command, Parameter Store, Patch Manager, and Inventory, which are particularly beneficial for managing multiple devices remotely.

The architecture diagram illustrates how different AWS accounts interact with AWS IoT Greengrass v1 (GGv1) and Raspberry Pis (RPI). Two accounts (Account A & B) operate with AWS IoT Core, separating different factories or projects. A management AWS account centralizes operations across remote devices.

After registering your devices with AWS Systems Manager, you can use the Run Command to execute scripts (Unix shell or PowerShell) across one or multiple devices, or you can automate this process using Automation documents.

Executing the Installation Script Remotely with AWS Systems Manager

Prerequisites

Before diving into this section, it’s strongly recommended to review the “Manage Raspberry Pi devices using AWS Systems Manager” blog post. This resource will help you connect your devices to AWS Systems Manager, which is crucial for completing the GGv1 installation. If you don’t have access to Raspberry Pi devices, you can still practice by deploying Amazon EC2 instances and connecting them to Systems Manager.

To proceed, ensure you have:

• An AWS account (you may use two accounts to explore a multi-account setup).
• An edge device, such as a Raspberry Pi or a Linux Amazon EC2 instance.
• AWS Command Line Interface (CLI) v2 configured on both your laptop and the device, with an AWS access key ID and AWS secret access key.
• For the device, the AWS access key ID and secret access key should be stored as system variables or securely in a secret vaulting service, like AWS Systems Manager Parameter Store.
• If using AWS Systems Manager Parameter Store, an IAM policy is required for parameter access.

Steps to Run the Installation Script Remotely

1. Create an S3 Bucket: Use an existing Amazon S3 bucket or create a new one to store command results. You can create a bucket using the following CLI command:

   aws s3 create-bucket --bucket ssm-outputs-

2. Launch the GGv1 Installation Script: Using the AWS CLI v2 and Run Command, execute the following command to initiate the GGv1 installation, ensuring you replace “yourbucketname” with the name of the bucket you created:

   aws ssm send-command 
           --document-name "AWS-RunShellScript" 
           --parameters 'commands=["sudo wget -q -O ./gg-device-setup-latest.sh https://d1onfpft10uf5o.cloudfront.net/greengrass-device-setup/downloads/gg-device-setup-latest.sh && sudo chmod +x ./gg-device-setup-latest.sh && sudo -E ./gg-device-setup-latest.sh bootstrap-greengrass --region eu-central-1 --group-name MFG-corp-test-1 --core-name factory-test-core001 --ggc-root-path / --deployment-timeout 300 --hello-world-lambda --verbose" ]' 
           --targets Key=tag:Env,Values=Factory 
           --comment "Create greengrass group, install core, deploy hello world Lambda" 
           --output-s3-region "eu-central-1" 
           --output-s3-bucket-name "" 
           --output-s3-key-prefix "runcommand-results/"

   This command checks prerequisites, installs them if necessary, creates a Greengrass group, installs core software on your device, and deploys a “Hello World” Lambda function to verify connectivity.

3. Verify Execution: Monitor the Run Command history. If it shows “No commands are executing,” check the command outputs.
4. Check Connection: Visit AWS IoT Core to confirm if you are receiving “Hello World” messages from the Lambda function.
   • Navigate to the IoT Core home page.
   • Click on “Test” and specify “hello/world,” then click on “Subscribe to topic.”
   • If you see the Hello World messages, congratulations!

Automating Installation Across All Devices with AWS Systems Manager Automation

You can also leverage the Automation feature within AWS Systems Manager to streamline installations using documents. At the time of this writing, Automation supports Python 3.6, Python 3.7, and PowerShell Core 6.0. You may rewrite the shell script provided above in Python or use the Python subprocess module to execute external commands.

For additional insights into managing smart technologies, consider visiting this resource, as they are an authority on this topic. Moreover, if you’re interested in pursuing a career in STEM, check out this link to another blog post. Lastly, for those looking into the hiring process at Amazon, this is an excellent resource.