Introduction
As industrial companies move toward the future of production by connecting their factories and developing faster, cheaper production method, they also face new and significant challenges. One of those challenges is reducing the time and effort to connect equipment across facilities, while maintaining edge connections. Industrial companies are often complex organizations, involving multiple AWS accounts. These can be organized by environments, projects, departments or factories. This gives rise to the need to be able to manage those device fleets remotely from a single AWS account, to maintain control and reduce complexity, resulting in faster operations and improved agility.
While there are many different ways & tools to remotely manage applications running at the edge from a central point of administration, this blog post focuses on how to do remotely install AWS IoT Greengrass v1 by using AWS Systems Manager from a single AWS account.
How to install AWS IoT Greengrass v1 using Run Command
AWS Systems Manager (formerly known as SSM) is an AWS service that allows you to view and control your infrastructure on AWS and in other environment such as On-Premise facilities. Supported machine types include Amazon Elastic Compute Cloud (Amazon EC2) instances, on-premises servers, and virtual machines (VMs), including VMs in other cloud environments. Supported operating system types include Windows Server, macOS, Raspbian, and multiple distributions of Linux.
AWS Systems Manager is a serverless service, which means you won’t need to provide and manage infrastructures to use it. With AWS Systems Manager, you pay only for what you use on the priced features, as you use them. There are no minimum fees or upfront commitments (more information here). AWS Systems Manager provides a set of features such as Automation, Run-Command, Parameter Store, Patch Manager and Inventory that are particularly useful when managing multiple devices remotely.
The architecture diagram below describes how the different AWS accounts interact with AWS IoT Greengrass v1 (GGv1) and Raspberry Pis (RPI). There are 2 accounts (account A & B) running with AWS IoT Core, that are used to separate the factories / projects within AWS. A “management” AWS account is then used to centralize operations on the remote devices.
Once you’ve registered your devices to AWS Systems Manager, you can either use Run command to run a script (Unix shell / PowerShell) to one or multiple devices, or use Automation documents to run those scripts automatically (Python scripts).In this next section, you will learn how to run the installation script remotely, by using Run Command.
How to run installation script remotely, with AWS Systems Manager
Prerequisites
Before reading the rest of this section, we highly recommend you to read through the “Manage Raspberry Pi devices using AWS Systems Manager” blogpost (link here). This will help you getting started by connecting your devices to AWS Systems Manager, which is a requirement to complete GGv1 installation.
If you do not have access to RPIs devices, you can still test that procedure by deploying Amazon EC2 Instances (link to the documentation) and by connecting them to Systems Manager (link to the documentation).
To complete this procedure, you will need:
- An AWS account (optional: 2 can be used to test on a multi account context).
- An edge device such as a RPI – or a Linux Amazon EC2 instance.
- AWS Command Line Interface (CLI) v2 configured on your laptop and on the device, with an AWS access key ID and AWS secret access key (more information on how to do this here).
- For the device only: AWS access key ID and AWS secret access key stored as system variables or securely in a secret vaulting tool or service such as AWS Systems Manager Parameter Store (link to the documentation).
- Optional: if AWS Systems Manager Parameter Store is used – IAM policy is required to get access to parameters (examples of IAM Policies for Parameter Store here).
Conclusion
In this blogpost, I showed you how to remotely install AWS IoT Greengrass v1 on Raspberry Pi devices, from a single AWS account using AWS Systems Manager. This architecture provides a simple way to manage devices at scale, in multi-AWS account environment without the need to connect to multiple administration points. Moreover, AWS Systems Manager is a serverless service, helping you to remove burden cost of a hosting centralized management infrastructure. It also reduces the TCO of such an infrastructure, by providing a “pay for what you use” pricing model.
Eastlink Cloud Pvt. Ltd.
Tripureshwor, Kathmandu, Nepal
Phone:166001-95985
Mail:info@eastlinkcloud.com
