AWS IoT GreenGrass v2 does not allow to run any Docker application container if GreenGrass itself is running inside a Docker container. E.g. if you want to run AWS IoT SiteWise Edge inside GGv2 container, AWS IoT SiteWise Edge requires docker container to run its components. This container image is built on the official AWS IoT GreenGrass version 2 docker image to run your containerized applications in it. Therefore, after you follow steps below, you can also leverage from the official AWS IoT GreenGrass v2 guideline to use additional AWS IoT GreenGrass related operations. Before using in production please read the following blog.
You can use this solution as standalone or you can integrate it to a container orchestration tool like Amazon ECS Anywhere. For using it with container orchestration tool, you can find an example of target deployment architecture for Amazon ECS Anywhere below:
docker-compose -f docker/docker-compose.yml build
For standalone usage, you can use AWS credential. But, if you have an environment that has an IAM role, it is important to use corresponding IAM roles with required permission for security best practices.
path_to_dir/greengrass-v2-credentials/credentials
Example "credentials" file:
[default]
aws_access_key_id = <YourAWSAccessKey>
aws_secret_access_key = <YourSecretKey>
You can provide your environment file like below.
Create "env.cfg" file and copy your config accordingly.
nano env.cfg
GGC_ROOT_PATH=/greengrass/v2
AWS_REGION=eu-west-1
PROVISION=true
THING_NAME=MyGreengrassCore
THING_GROUP_NAME=MyGreengrassCoreGroup
TES_ROLE_NAME=GreengrassV2TokenExchangeRole
TES_ROLE_ALIAS_NAME=GreengrassCoreTokenExchangeRoleAlias
COMPONENT_DEFAULT_USER=ggc_user:ggc_group
- WARNING: For running this image, you need to provide a "privileged" flag, therefore it is important to know whether your security threat model allows this action in your environment.
docker run --privileged --rm --init -it --name aws-iot-gg -v path_to_cred/greengrass-v2-credentials:/root/.aws:ro --env-file env.cfg -p 8883 x86_64/aws-iot-greengrass:2.5.3
docker exec -it CONTAINER_ID /bin/sh
Docker is already installed in the container image. After you log in, you can use docker commands to manage application containers
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.