End of support notice: On October 7th, 2026, AWS will discontinue support for AWS IoT Greengrass Version 1. After October 7th, 2026, you will no longer be able to access the AWS IoT Greengrass V1 resources. For more information, please visit [Migrate from AWS IoT Greengrass Version 1](https://docs.aws.amazon.com/greengrass/v2/developerguide/migrate-from-v1.html).
# CloudFormation support for AWS IoT Greengrass
CloudFormation is a service that can help you create, manage, and replicate your AWS resources. You can use CloudFormation templates to define AWS IoT Greengrass groups and the client devices, subscriptions, and other components that you want to deploy. For an example, see [Example template](#cloudformation-support-example).
The resources and infrastructure that you generate from a template is called a *stack*. You can define all of your resources in one template or refer to resources from other stacks. For more information about CloudFormation templates and features, see [What is CloudFormation?](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) in the *AWS CloudFormation User Guide*.
## Creating resources
CloudFormation templates are JSON or YAML documents that describe the properties and relationships of AWS resources. The following AWS IoT Greengrass resources are supported:
+ Groups
+ Cores
+ Client devices (devices)
+ Lambda functions
+ Connectors
+ Resources (local, machine learning, and secret)
+ Subscriptions
+ Loggers (logging configurations)
In CloudFormation templates, the structure and syntax of Greengrass resources are based on the AWS IoT Greengrass API. For example, the [example template](#cloudformation-support-example) associates a top-level `DeviceDefinition` with a `DeviceDefinitionVersion` that contains an individual client device. For more information, see [Overview of the AWS IoT Greengrass group object model](deployments.md#api-overview).
The [AWS IoT Greengrass resource types reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Greengrass.html) in the *AWS CloudFormation User Guide* describes the Greengrass resources that you can manage with CloudFormation. When you use CloudFormation templates to create Greengrass resources, we recommend that you manage them only from CloudFormation. For example, you should update your template if you want to add, change, or remove a device (instead of using the AWS IoT Greengrass API or AWS IoT console). This allows you to use rollback and other CloudFormation change management features. For more information about using CloudFormation to create and manage your resources and stacks, see [Working with stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html) in the *AWS CloudFormation User Guide*.
For a walkthrough that shows how to create and deploy AWS IoT Greengrass resources in an CloudFormation template, see [Automating AWS IoT Greengrass setup with CloudFormation](https://aws.amazon.com/blogs/iot/automating-aws-iot-greengrass-setup-with-aws-cloudformation/) on The Internet of Things on AWS Official Blog.
## Deploying resources
After you create an CloudFormation stack that contains your group version, you can use the AWS CLI or AWS IoT console to deploy it.
**Note**
To deploy a group, you must have a Greengrass service role associated with your AWS account. The service role allows AWS IoT Greengrass to access your resources in AWS Lambda and other AWS services. This role should exist if you already deployed a Greengrass group in the current AWS Region. For more information, see [Greengrass service role](service-role.md).
**To deploy the group (AWS CLI)**
+ Run the [https://docs.aws.amazon.com/greengrass/v1/apireference/createdeployment-post.html](https://docs.aws.amazon.com/greengrass/v1/apireference/createdeployment-post.html) command.
```
aws greengrass create-deployment --group-id GroupId --group-version-id GroupVersionId --deployment-type NewDeployment
```
**Note**
The `CommandToDeployGroup` statement in the [example template](#cloudformation-support-example) shows how to output the command with your group and group version IDs when you create a stack.
**To deploy the group (console)**
1. In the AWS IoT console navigation pane, under **Manage**, expand **Greengrass devices**, and then choose **Groups (V1)**.
1. Choose your group.
1. On the group configuration page, choose **Deploy**.
## Example template
The following example template creates a Greengrass group that contains a core, client device, function, logger, subscription, and two resources. To do this, the template follows the object model of the AWS IoT Greengrass API. For example, the client devices that you want to add to the group are contained in a `DeviceDefinitionVersion` resource, which is associated with a `DeviceDefinition` resource. To add the devices to the group, the group version references the ARN of the `DeviceDefinitionVersion`.
The template includes parameters that let you specify the certificate ARNs for the core and device and the version ARN of the source Lambda function (which is an AWS Lambda resource). It uses the `Ref` and `GetAtt` intrinsic functions to reference IDs, ARNs, and other attributes that are required to create Greengrass resources.
The template also defines two AWS IoT devices (things), which represent the core and client device that are added to the Greengrass group.
After you create the stack with your Greengrass resources, you can use the AWS CLI or the AWS IoT console to [deploy the group](#cloudformation-support-deploy).
**Note**
The `CommandToDeployGroup` statement in the example shows how to output a complete **create-deployment** CLI command that you can use to deploy your group.
------
#### [ JSON ]
```
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS IoT Greengrass example template that creates a group version with a core, device, function, logger, subscription, and resources.",
"Parameters": {
"CoreCertificateArn": {
"Type": "String"
},
"DeviceCertificateArn": {
"Type": "String"
},
"LambdaVersionArn": {
"Type": "String"
}
},
"Resources": {
"TestCore1": {
"Type": "AWS::IoT::Thing",
"Properties": {
"ThingName": "TestCore1"
}
},
"TestCoreDefinition": {
"Type": "AWS::Greengrass::CoreDefinition",
"Properties": {
"Name": "DemoTestCoreDefinition"
}
},
"TestCoreDefinitionVersion": {
"Type": "AWS::Greengrass::CoreDefinitionVersion",
"Properties": {
"CoreDefinitionId": {
"Ref": "TestCoreDefinition"
},
"Cores": [
{
"Id": "TestCore1",
"CertificateArn": {
"Ref": "CoreCertificateArn"
},
"SyncShadow": "false",
"ThingArn": {
"Fn::Join": [
":",
[
"arn:aws:iot",
{
"Ref": "AWS::Region"
},
{
"Ref": "AWS::AccountId"
},
"thing/TestCore1"
]
]
}
}
]
}
},
"TestClientDevice1": {
"Type": "AWS::IoT::Thing",
"Properties": {
"ThingName": "TestClientDevice1"
}
},
"TestDeviceDefinition": {
"Type": "AWS::Greengrass::DeviceDefinition",
"Properties": {
"Name": "DemoTestDeviceDefinition"
}
},
"TestDeviceDefinitionVersion": {
"Type": "AWS::Greengrass::DeviceDefinitionVersion",
"Properties": {
"DeviceDefinitionId": {
"Fn::GetAtt": [
"TestDeviceDefinition",
"Id"
]
},
"Devices": [
{
"Id": "TestClientDevice1",
"CertificateArn": {
"Ref": "DeviceCertificateArn"
},
"SyncShadow": "true",
"ThingArn": {
"Fn::Join": [
":",
[
"arn:aws:iot",
{
"Ref": "AWS::Region"
},
{
"Ref": "AWS::AccountId"
},
"thing/TestClientDevice1"
]
]
}
}
]
}
},
"TestFunctionDefinition": {
"Type": "AWS::Greengrass::FunctionDefinition",
"Properties": {
"Name": "DemoTestFunctionDefinition"
}
},
"TestFunctionDefinitionVersion": {
"Type": "AWS::Greengrass::FunctionDefinitionVersion",
"Properties": {
"FunctionDefinitionId": {
"Fn::GetAtt": [
"TestFunctionDefinition",
"Id"
]
},
"DefaultConfig": {
"Execution": {
"IsolationMode": "GreengrassContainer"
}
},
"Functions": [
{
"Id": "TestLambda1",
"FunctionArn": {
"Ref": "LambdaVersionArn"
},
"FunctionConfiguration": {
"Pinned": "true",
"Executable": "run.exe",
"ExecArgs": "argument1",
"MemorySize": "512",
"Timeout": "2000",
"EncodingType": "binary",
"Environment": {
"Variables": {
"variable1": "value1"
},
"ResourceAccessPolicies": [
{
"ResourceId": "ResourceId1",
"Permission": "ro"
},
{
"ResourceId": "ResourceId2",
"Permission": "rw"
}
],
"AccessSysfs": "false",
"Execution": {
"IsolationMode": "GreengrassContainer",
"RunAs": {
"Uid": "1",
"Gid": "10"
}
}
}
}
}
]
}
},
"TestLoggerDefinition": {
"Type": "AWS::Greengrass::LoggerDefinition",
"Properties": {
"Name": "DemoTestLoggerDefinition"
}
},
"TestLoggerDefinitionVersion": {
"Type": "AWS::Greengrass::LoggerDefinitionVersion",
"Properties": {
"LoggerDefinitionId": {
"Ref": "TestLoggerDefinition"
},
"Loggers": [
{
"Id": "TestLogger1",
"Type": "AWSCloudWatch",
"Component": "GreengrassSystem",
"Level": "INFO"
}
]
}
},
"TestResourceDefinition": {
"Type": "AWS::Greengrass::ResourceDefinition",
"Properties": {
"Name": "DemoTestResourceDefinition"
}
},
"TestResourceDefinitionVersion": {
"Type": "AWS::Greengrass::ResourceDefinitionVersion",
"Properties": {
"ResourceDefinitionId": {
"Ref": "TestResourceDefinition"
},
"Resources": [
{
"Id": "ResourceId1",
"Name": "LocalDeviceResource",
"ResourceDataContainer": {
"LocalDeviceResourceData": {
"SourcePath": "/dev/TestSourcePath1",
"GroupOwnerSetting": {
"AutoAddGroupOwner": "false",
"GroupOwner": "TestOwner"
}
}
}
},
{
"Id": "ResourceId2",
"Name": "LocalVolumeResourceData",
"ResourceDataContainer": {
"LocalVolumeResourceData": {
"SourcePath": "/dev/TestSourcePath2",
"DestinationPath": "/volumes/TestDestinationPath2",
"GroupOwnerSetting": {
"AutoAddGroupOwner": "false",
"GroupOwner": "TestOwner"
}
}
}
}
]
}
},
"TestSubscriptionDefinition": {
"Type": "AWS::Greengrass::SubscriptionDefinition",
"Properties": {
"Name": "DemoTestSubscriptionDefinition"
}
},
"TestSubscriptionDefinitionVersion": {
"Type": "AWS::Greengrass::SubscriptionDefinitionVersion",
"Properties": {
"SubscriptionDefinitionId": {
"Ref": "TestSubscriptionDefinition"
},
"Subscriptions": [
{
"Id": "TestSubscription1",
"Source": {
"Fn::Join": [
":",
[
"arn:aws:iot",
{
"Ref": "AWS::Region"
},
{
"Ref": "AWS::AccountId"
},
"thing/TestClientDevice1"
]
]
},
"Subject": "TestSubjectUpdated",
"Target": {
"Ref": "LambdaVersionArn"
}
}
]
}
},
"TestGroup": {
"Type": "AWS::Greengrass::Group",
"Properties": {
"Name": "DemoTestGroupNewName",
"RoleArn": {
"Fn::Join": [
":",
[
"arn:aws:iam:",
{
"Ref": "AWS::AccountId"
},
"role/TestUser"
]
]
},
"InitialVersion": {
"CoreDefinitionVersionArn": {
"Ref": "TestCoreDefinitionVersion"
},
"DeviceDefinitionVersionArn": {
"Ref": "TestDeviceDefinitionVersion"
},
"FunctionDefinitionVersionArn": {
"Ref": "TestFunctionDefinitionVersion"
},
"SubscriptionDefinitionVersionArn": {
"Ref": "TestSubscriptionDefinitionVersion"
},
"LoggerDefinitionVersionArn": {
"Ref": "TestLoggerDefinitionVersion"
},
"ResourceDefinitionVersionArn": {
"Ref": "TestResourceDefinitionVersion"
}
},
"Tags": {
"KeyName0": "value",
"KeyName1": "value",
"KeyName2": "value"
}
}
}
},
"Outputs": {
"CommandToDeployGroup": {
"Value": {
"Fn::Join": [
" ",
[
"groupVersion=$(cut -d'/' -f6 <<<",
{
"Fn::GetAtt": [
"TestGroup",
"LatestVersionArn"
]
},
");",
"aws --region",
{
"Ref": "AWS::Region"
},
"greengrass create-deployment --group-id",
{
"Ref": "TestGroup"
},
"--deployment-type NewDeployment --group-version-id",
"$groupVersion"
]
]
}
}
}
}
```
------
#### [ YAML ]
```
AWSTemplateFormatVersion: 2010-09-09
Description: >-
AWS IoT Greengrass example template that creates a group version with a core,
device, function, logger, subscription, and resources.
Parameters:
CoreCertificateArn:
Type: String
DeviceCertificateArn:
Type: String
LambdaVersionArn:
Type: String
Resources:
TestCore1:
Type: 'AWS::IoT::Thing'
Properties:
ThingName: TestCore1
TestCoreDefinition:
Type: 'AWS::Greengrass::CoreDefinition'
Properties:
Name: DemoTestCoreDefinition
TestCoreDefinitionVersion:
Type: 'AWS::Greengrass::CoreDefinitionVersion'
Properties:
CoreDefinitionId: !Ref TestCoreDefinition
Cores:
- Id: TestCore1
CertificateArn: !Ref CoreCertificateArn
SyncShadow: 'false'
ThingArn: !Join
- ':'
- - 'arn:aws:iot'
- !Ref 'AWS::Region'
- !Ref 'AWS::AccountId'
- thing/TestCore1
TestClientDevice1:
Type: 'AWS::IoT::Thing'
Properties:
ThingName: TestClientDevice1
TestDeviceDefinition:
Type: 'AWS::Greengrass::DeviceDefinition'
Properties:
Name: DemoTestDeviceDefinition
TestDeviceDefinitionVersion:
Type: 'AWS::Greengrass::DeviceDefinitionVersion'
Properties:
DeviceDefinitionId: !GetAtt
- TestDeviceDefinition
- Id
Devices:
- Id: TestClientDevice1
CertificateArn: !Ref DeviceCertificateArn
SyncShadow: 'true'
ThingArn: !Join
- ':'
- - 'arn:aws:iot'
- !Ref 'AWS::Region'
- !Ref 'AWS::AccountId'
- thing/TestClientDevice1
TestFunctionDefinition:
Type: 'AWS::Greengrass::FunctionDefinition'
Properties:
Name: DemoTestFunctionDefinition
TestFunctionDefinitionVersion:
Type: 'AWS::Greengrass::FunctionDefinitionVersion'
Properties:
FunctionDefinitionId: !GetAtt
- TestFunctionDefinition
- Id
DefaultConfig:
Execution:
IsolationMode: GreengrassContainer
Functions:
- Id: TestLambda1
FunctionArn: !Ref LambdaVersionArn
FunctionConfiguration:
Pinned: 'true'
Executable: run.exe
ExecArgs: argument1
MemorySize: '512'
Timeout: '2000'
EncodingType: binary
Environment:
Variables:
variable1: value1
ResourceAccessPolicies:
- ResourceId: ResourceId1
Permission: ro
- ResourceId: ResourceId2
Permission: rw
AccessSysfs: 'false'
Execution:
IsolationMode: GreengrassContainer
RunAs:
Uid: '1'
Gid: '10'
TestLoggerDefinition:
Type: 'AWS::Greengrass::LoggerDefinition'
Properties:
Name: DemoTestLoggerDefinition
TestLoggerDefinitionVersion:
Type: 'AWS::Greengrass::LoggerDefinitionVersion'
Properties:
LoggerDefinitionId: !Ref TestLoggerDefinition
Loggers:
- Id: TestLogger1
Type: AWSCloudWatch
Component: GreengrassSystem
Level: INFO
TestResourceDefinition:
Type: 'AWS::Greengrass::ResourceDefinition'
Properties:
Name: DemoTestResourceDefinition
TestResourceDefinitionVersion:
Type: 'AWS::Greengrass::ResourceDefinitionVersion'
Properties:
ResourceDefinitionId: !Ref TestResourceDefinition
Resources:
- Id: ResourceId1
Name: LocalDeviceResource
ResourceDataContainer:
LocalDeviceResourceData:
SourcePath: /dev/TestSourcePath1
GroupOwnerSetting:
AutoAddGroupOwner: 'false'
GroupOwner: TestOwner
- Id: ResourceId2
Name: LocalVolumeResourceData
ResourceDataContainer:
LocalVolumeResourceData:
SourcePath: /dev/TestSourcePath2
DestinationPath: /volumes/TestDestinationPath2
GroupOwnerSetting:
AutoAddGroupOwner: 'false'
GroupOwner: TestOwner
TestSubscriptionDefinition:
Type: 'AWS::Greengrass::SubscriptionDefinition'
Properties:
Name: DemoTestSubscriptionDefinition
TestSubscriptionDefinitionVersion:
Type: 'AWS::Greengrass::SubscriptionDefinitionVersion'
Properties:
SubscriptionDefinitionId: !Ref TestSubscriptionDefinition
Subscriptions:
- Id: TestSubscription1
Source: !Join
- ':'
- - 'arn:aws:iot'
- !Ref 'AWS::Region'
- !Ref 'AWS::AccountId'
- thing/TestClientDevice1
Subject: TestSubjectUpdated
Target: !Ref LambdaVersionArn
TestGroup:
Type: 'AWS::Greengrass::Group'
Properties:
Name: DemoTestGroupNewName
RoleArn: !Join
- ':'
- - 'arn:aws:iam:'
- !Ref 'AWS::AccountId'
- role/TestUser
InitialVersion:
CoreDefinitionVersionArn: !Ref TestCoreDefinitionVersion
DeviceDefinitionVersionArn: !Ref TestDeviceDefinitionVersion
FunctionDefinitionVersionArn: !Ref TestFunctionDefinitionVersion
SubscriptionDefinitionVersionArn: !Ref TestSubscriptionDefinitionVersion
LoggerDefinitionVersionArn: !Ref TestLoggerDefinitionVersion
ResourceDefinitionVersionArn: !Ref TestResourceDefinitionVersion
Tags:
KeyName0: value
KeyName1: value
KeyName2: value
Outputs:
CommandToDeployGroup:
Value: !Join
- ' '
- - groupVersion=$(cut -d'/' -f6 <<<
- !GetAtt
- TestGroup
- LatestVersionArn
- );
- aws --region
- !Ref 'AWS::Region'
- greengrass create-deployment --group-id
- !Ref TestGroup
- '--deployment-type NewDeployment --group-version-id'
- $groupVersion
```
------
## Supported AWS Regions
Currently, you can create and manage AWS IoT Greengrass resources only in the following [AWS Regions](https://docs.aws.amazon.com/general/latest/gr/greengrass.html):
+ US East (Ohio)
+ US East (N. Virginia)
+ US West (Oregon)
+ Asia Pacific (Mumbai)
+ Asia Pacific (Seoul)
+ Asia Pacific (Singapore)
+ Asia Pacific (Sydney)
+ Asia Pacific (Tokyo)
+ China (Beijing)
+ Europe (Frankfurt)
+ Europe (Ireland)
+ Europe (London)
+ AWS GovCloud (US-West)