Skip to main content
Getting started with AWS Greengrass and Raspberry Pi

Getting started with AWS Greengrass and Raspberry Pi

·4 mins· loading ·
AWS IoT Greengrass
Pubudu Jayawardana
Author
Pubudu Jayawardana
Cloud Engineer, AWS Community Builder

This post walks through the steps required to set up AWS Greengrass on your Raspbarry pi.

Install OS for Raspberry Pi on SD card
#

  1. Goto https://www.raspberrypi.org/downloads, download and install the Raspberry Pi Imager software to your local machine which will guide the installation.

  2. Once installed, open the Raspberry Pi Imager software and select the relevant OS (Raspberry Pi OS 32bit is recommended), SD Card and it will create the OS image in the SD card provided.

Once the OS is installed, you can insert the SD card to Pi and connect external keyboard and screen to it and configure wifi and ssh. Login username is pi and default password is raspberry. If you don’t have external keyboard, screen and you only want to connect to Pi via ssh, enable wifi and ssh as below.

Enable wifi
#

Create a file at boot directory with the name: wpa_supplicant.conf with below content. Replace country code (ex: NL, UK), wifi SSID and password with your own values.

country=[COUNTRY_CODE]
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
    ssid="[WIFI SSID]"
    psk="[WIFI_PASSWORD]"
    key_mgmt=WPA-PSK
}

Enable SSH
#

To enable ssh access, create a empty file at boot directory with the name of ssh.

Once this is done, you can safely remove the SD card, insert it into Raspberry Pi and start it.

Once started, you need to know the ip of the device in order to ssh into it. For this, you may use one of IP scanner softwares where you can scan all the devices of the network. Else, you can log into your wifi (router) management ui and get the ip of the Raspberry Pi.

Once you know the ip, ssh into the Pi as ssh pi@[IP_Address] with the default password raspberry.

Install AWS Greengrass
#

Prepare the system
#

Before installing AWS IoT Greengrass Core software, there are few configurations need to be done.

  1. Add new user and group. Run below command to create user and group.

     sudo adduser --system ggc_user
     sudo addgroup --system ggc_group
    
  2. Enable hardlink and symlink protection To enable hard and symlik protection, add below 2 line to end of the /etc/sysctl.d/98-rpi.conf file.

     fs.protected_hardlinks = 1
     fs.protected_symlinks = 1
    

    Once done, reboot the Pi.

  3. Enable and mount memory cgroups Open /boot/cmdline.txt file with sudo permission and append below text to the end of the line and save the file.

      cgroup_enable=memory cgroup_memory=1
    

    Once done, reboot the Pi again.

  4. Dependency check To check if all the dependencies required to run AWS Greengrass core, we can download and run the Greengrass dependency checker as below:

wget https://github.com/aws-samples/aws-greengrass-samples/raw/master/greengrass-dependency-checker-GGCv1.11.x.zip

unzip greengrass-dependency-checker-GGCv1.11.x.zip
cd greengrass-dependency-checker-GGCv1.11.x/ 
sudo modprobe configs
sudo ./check_ggc_dependencies

This will indicate whether all the system requirements are met.

Configurations on AWS console
#

  1. Log into AWS console and goto IoT Greengrass. (Please note, Greengrass is not available in all the regions.)

  2. Click on Create a Group > Default Group Creation and create a group providing a group name. (ex: MyRaspberryGroup)

  3. In the next step, Core name is auto filled based on your group name. Keep it as it is and move to next step.

  4. In the Review Group creation step, click on Create Group and Core. This will generate certificate and keys required for the device.

  5. Next screen, download the provided xxx-setup.tar.gz file which contains the keys and certificates generated.

Setting up the Pi
#

  1. Move the xxx-setup.tar.gz file downloaded into Pi by scp.

  2. Log into Pi

  3. Download the Greengrass Core software usign:wget https://d1onfpft10uf5o.cloudfront.net/greengrass-core/downloads/1.11.0/greengrass-linux-armv7l-1.11.0.tar.gz

  4. Extract downloaded tar.gz files by: sudo tar -xzvf greengrass-linux-armv7l-1.11.0.tar.gz -C /. This will create a new greengrass directory in the root directory.

  5. Extract the xxx-setup-tar.gz files into the same greengrass directory: sudo tar -xvf xxx-setup.tar.gz -C /greengrass

  6. Go to /greengrass/config and download the root certificate as: sudo wget -O root.ca.pem https://www.amazontrust.com/repository/AmazonRootCA1.pem

  7. Next, go to /greengrass/ggc/core/ and run sudo ./greengrassd start. This will start the Greengrass daemon and output the process id.

Greengrass auto start on boot
#

In order to start Greengrass daemon when Pi reboot/start, follow the below steps.

  1. Create a file using sudo at /etc/systemd/system/greengrass.service with below content:

    [Unit]
    Description=Greengrass Daemon
    
    [Service]
    Type=forking
    PIDFile=/var/run/greengrassd.pid
    Restart=on-failure
    ExecStart=/greengrass/ggc/core/greengrassd start
    ExecReload=/greengrass/ggc/core/greengrassd restart
    ExecStop=/greengrass/ggc/core/greengrassd stop
    
    [Install]
    WantedBy=multi-user.target
    
  2. Change the permission of the file to allow root to execute it.

    sudo chmod u+rwx /etc/systemd/system/greengrass.service
    
  3. Enable and start the greengrass.service:

    sudo systemctl enable greengrass
    sudo systemctl start greengrass
    
  4. Check if greengrass service is working fine (even after reboot) with ps aux | grep greengrass

Now, your raspberry pi is ready to use as an IOT device managed by AWS IOT.

Related

How I created a door bell with AWS Serverless
·6 mins· loading
AWS Serverless Lambda Step Functions S3
Explains the steps of me creating a doorbell using Raspberry Pi and AWS Serverless services.
IAM Tag Based Permissions
·4 mins· loading
AWS IAM Security Tags
AWS IAM policies provides great amount of facilities in order to set up granular level of permissions. Tag based permissions are one of the cool features supported by IAM.
Whitelisting Lambda IP for Downstream Services
·2 mins· loading
AWS Lambda Security Serverless
This blog post discuss how we can allow access from Lambda from an external system by whitelisting IP.