Configure source authentication
If your OPC UA servers require authentication credentials to connect, you can define a user name and password in a secret for each source in AWS Secrets Manager. Then, you add the secret to your Greengrass group and IoT SiteWise connector to make the secret available to your SiteWise Edge gateway. For more information, see Deploy secrets to the AWS IoT Greengrass core in the AWS IoT Greengrass Version 1 Developer Guide.
After a secret is available to your SiteWise Edge gateway, you can choose it when you configure a source. Then, the SiteWise Edge gateway uses the authentication credentials from the secret when it connects to the source. For more information, see OPC UA data sources.
Topics
Creating source authentication secrets
In this procedure, you create an authentication secret for your source in Secrets Manager.
In the secret, define username
and
password
key-value pairs that contain authentication details
for your source.
To create a source authentication secret
-
Navigate to the Secrets Manager console
. -
Choose Store a new secret.
-
Under Select secret type, choose Other type of secrets.
-
Enter
username
andpassword
key-value pairs for your OPC UA server's authentication values, and then choose Next. -
Enter a Secret name that begins with
greengrass-
, such asgreengrass-factory1-auth
.Important
You must use the
greengrass-
prefix for the default AWS IoT Greengrass service role to access your secrets. If you want to name your secrets without this prefix, you must grant AWS IoT Greengrass custom permissions to access your secrets. For more information, see Allow AWS IoT Greengrass to get secret values in the AWS IoT Greengrass Version 1 Developer Guide. -
Enter a Description and choose Next.
-
(Optional) On the Configure automatic rotation page, configure automatic rotation for your secrets. If you configure automatic rotation, you must redeploy your Greengrass group each time a secret rotates.
-
On the Configure automatic rotation page, choose Next.
-
Review your new secret and choose Store.
Add secrets to a Greengrass group
In this procedure, you add your source authentication secrets to your AWS IoT Greengrass group to make them available to your IoT SiteWise connector.
To add a secret to your Greengrass group
-
Navigate to the AWS IoT Greengrass console
. -
In the navigation pane, under Greengrass, choose Groups, and then choose your group.
-
In the navigation page, choose Resources.
-
On the Resources page, choose the Secret tab, and then choose Add a secret resource.
-
Choose Select and choose your secret from the list.
-
Choose Next.
-
In Secret resource name, enter a name for your secret resource and choose Save.
Add secrets to an IoT SiteWise connector
In this procedure, you add your source authentication secrets to your IoT SiteWise connector to make them available to AWS IoT SiteWise and your SiteWise Edge gateway.
To add a secret to your IoT SiteWise connector
-
Navigate to the AWS IoT Greengrass console
. -
In the navigation pane, under Greengrass, choose Groups, and then choose your group.
-
In the navigation page, choose Connectors.
-
Choose the ellipsis icon for the IoT SiteWise connector to open the options menu, and then choose Edit.
-
Under List of ARNs for OPC UA username/password secrets, choose Select, and then select each secret to add to this SiteWise Edge gateway. If you need to create secrets, see Creating source authentication secrets.
If your secret doesn't appear, choose Refresh. If your secret still doesn't appear, check that you added the secret to your Greengrass group.
-
Choose Save.
-
In the upper-right corner, in the Actions menu, choose Deploy.
-
Choose Automatic detection to start the deployment.
If the deployment fails, choose Deploy again. If the deployment continues to fail, see AWS IoT Greengrass deployment troubleshooting.
After your group deploys, you can configure a source that uses the new secret. For more information, see OPC UA data sources.