Changes required to use the Greengrass sample within aws-iot-device-sdk-python

instructions.md

Modify your Thing's policy to allow it to connect to the Greengrass Discovery service:

• Secure -> Policies
• Select your Thing's Policy
• Edit your Thing's Policy document, and Save as a new version. See my example policy, specifically the addition of the greengrass:Discover statement at the bottom of the policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Receive"
      ],
      "Resource": [
        "arn:aws:iot:us-east-1:yourawsaccountid:topic/sdk/test/java",
        "arn:aws:iot:us-east-1:yourawsaccountid:topic/sdk/test/Python",
        "arn:aws:iot:us-east-1:yourawsaccountid:topic/topic_1",
        "arn:aws:iot:us-east-1:yourawsaccountid:topic/topic_2"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Subscribe"
      ],
      "Resource": [
        "arn:aws:iot:us-east-1:yourawsaccountid:topicfilter/sdk/test/java",
        "arn:aws:iot:us-east-1:yourawsaccountid:topicfilter/sdk/test/Python",
        "arn:aws:iot:us-east-1:yourawsaccountid:topicfilter/topic_1",
        "arn:aws:iot:us-east-1:yourawsaccountid:topicfilter/topic_2"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Connect"
      ],
      "Resource": [
        "arn:aws:iot:us-east-1:yourawsaccountid:client/sdk-java",
        "arn:aws:iot:us-east-1:yourawsaccountid:client/basicPubSub",
        "arn:aws:iot:us-east-1:yourawsaccountid:client/sdk-nodejs-*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "greengrass:Discover",
      "Resource": [
        "arn:aws:iot:us-east-1:yourawsaccountid:thing/*"
      ]
    }
  ]
}

Use My fork of the aws-iot-device-sdk-python repo, which contains fixes:

From your device (in your case, this was your Macbook):

cd aws-iot-device-sdk-python/
git remote rename origin upstream
git remote add origin https://github.com/dave-malone/aws-iot-device-sdk-python
git fetch origin
git pull origin master

Change your connected_device_package's start.sh script:

Using the added flag from my fork above, you can now craft a start command that will allow your device to correctly connect to your Greengrass device.

You will want to make sure you replace the arguments below using your own values - i.e. your Greengrass core name for the -g argument, your thing's name for the -n argument, your own iot endpoint for the -e argument, and the correct certificates for the -c and -k arguments.

printf "\nRunning greengrass discovery sample application...\n"
python aws-iot-device-sdk-python/samples/greengrass/basicDiscovery.py \
  -e youriotendpoint-ats.iot.us-east-1.amazonaws.com \
  -g rpi_zerow_group_core \
  -n rpi_zerow \
  -m publish \
  -r root-CA.crt \
  -c rpi_zerow.cert.pem \
  -k rpi_zerow.private.key

Add your Thing to your Greengrass Group, and add a Subscription to allow your Thing's messages to be propagated to the cloud

• In the AWS IoT Console, navigate to Greengrass -> Groups, then select your Greengrass Group
• Under Devices, click Add Device, and add your Device to the Group
• Under Subscriptions, click Add Subscription
  • Under Select a Source, choose your Thing under the Devices tab
  • Under Select a target, choose IoT Cloud under the Services tab
  • Click Next
  • Enter sdk/test/Python in the Topic Filter field, then click Next, and then click Finish

You should now see your messages in the IoT Core Test console. To confirm:

• In the AWS IoT Console, navigate to Test
• In the Subscription topic field, enter sdk/test/Python, and click the blue Subscribe to topic button
• You should see your messages coming through the test console