Configure AWS IoT Core Integration

If you want EdgeIQ to manage IoT, Greengrass, and Lambda services, you'll need to create an assumed role in your AWS IAM. You can use this CloudFormation template to create the role, and then use the ARN and External ID of the new assumed role to create a new AWS Integration.

Sample Cloud Formation Template:

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Metadata": {
        "AWS::CloudFormation::Designer": {
            "ee09ff7b-5f50-40a7-b5cd-d41591410b63": {
                "size": {
                    "width": 60,
                    "height": 60
                },
                "position": {
                    "x": 403,
                    "y": 211
                },
                "z": 0,
                "embeds": []
            }
        }
    },
  "Parameters" : {
  "ExternalID" : {
    "Type" : "String",
    "Default" : "YourExternalID",
    "Description" : "External ID secret"
  }
},
    "Resources": {
        "iotRole": {
            "Type": "AWS::IAM::Role",
            "DeletionPolicy" : "Retain",
            "Properties": {
                "AssumeRolePolicyDocument": {
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "Service": "lambda.amazonaws.com"
                            },
                            "Action": "sts:AssumeRole"
                        },
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "Service": "greengrass.amazonaws.com"
                            },
                            "Action": "sts:AssumeRole"
                        },
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "AWS": "arn:aws:iam::921779095203:user/iot_platform_prod"
                            },
                            "Action": "sts:AssumeRole",
                            "Condition": {
                                "StringEquals": {
                                    "sts:ExternalId": { "Ref": "ExternalID"}
                                }
                            }
                        }
                    ],
                    "Version": "2012-10-17"
                },
                "ManagedPolicyArns": [
                    "arn:aws:iam::aws:policy/AWSLambdaFullAccess",
                    "arn:aws:iam::aws:policy/service-role/GreengrassOTAUpdateArtifactAccess",
                    "arn:aws:iam::aws:policy/CloudWatchFullAccess",
                    "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy",
                    "arn:aws:iam::aws:policy/AWSIoTFullAccess",
                    "arn:aws:iam::aws:policy/AWSGreengrassFullAccess"
                ]
            },
            "Metadata": {
                "AWS::CloudFormation::Designer": {
                    "id": "ee09ff7b-5f50-40a7-b5cd-d41591410b63"
                }
            }
        }
    }
}

To create the AWS IoT Integration for the attached devices, follow these steps:

From the left-side menu, select Orchestration > Integrations in the web app. Then click + Create Integration button.

Here you will need to enter the integration Name, choose an organization Account, and choose IOT - AWS as the Integration Type. Also, provide the AWS Region, External ID, and Role ARN. If you intend to use AWS Greengrass for this integration, toggle that button on and then provide the URL for the version of Greengrass that you intend to use.

To apply the integration to a device, navigate to the device page (DeviceOps > Devices > Your Device) and select Add Device Integration.

When you attach an AWS IoT Core integration to a device, EdgeIQ will create the “Thing” representing the device within IoT Core and configure the device certificates and policies within IoT Core. Additionally, the corresponding configuration and necessary certificates will be pushed down to the gateway device.


Did this page help you?