Complete prerequisites to deploy the Edge Manager agent

SageMaker Edge Manager uses AWS IoT Greengrass V2 to simplify the deployment of the Edge Manager agent, your machine learning models, and your inference application to your devices with the use of components. To make it easier to maintain your AWS IAM roles, Edge Manager allows you to reuse your existing AWS IoT role alias. If you do not have one yet, Edge Manager generates a role alias as part of the Edge Manager packaging job. You no longer need to associate a role alias generated from the SageMaker Edge Manager packaging job with your AWS IoT role.

Before you start, you must complete the following prerequisites:

Install the AWS IoT Greengrass Core software. For detailed information, see Install the AWS IoT Greengrass Core software.
Set up AWS IoT Greengrass V2. For more information, see Install AWS IoT Greengrass Core software with manual resource provisioning.
Note
- Make sure the AWS IoT thing name is all lowercase and does not contain characters except (optionally) dashes (‐).
- The IAM Role must start with SageMaker*
Attach the following permission and inline policy to the IAM role created during AWS IoT Greengrass V2 setup.
- Navigate to the IAM console https://console.aws.amazon.com/iam/.
- Search for the role you created by typing in rhe role name in the Search field.
- Choose your role.
- Next, choose Attach policies.
- Search for AmazonSageMakerEdgeDeviceFleetPolicy.
- Select AmazonSageMakerFullAccess (This is an optional step that makes it easier for you to reuse this IAM role in model compilation and packaging).
- Add required permissions to a role's permissions policy, don't attach inline policies to IAM users.
```
{
    "Version":"2012-10-17",
    "Statement":[
      {
        "Sid":"GreengrassComponentAccess",
        "Effect":"Allow",
        "Action":[
            "greengrass:CreateComponentVersion",
            "greengrass:DescribeComponent"
        ],
        "Resource":"*"
       }
    ]
}
```
- Choose Attach policy.
- Choose Trust relationship.
- Choose Edit trust relationship.
- Replace the content with the following.
```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "credentials.iot.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "sagemaker.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
```
Create an Edge Manager device fleet. For information on how to create a fleet, see Setup for Devices and Fleets in SageMaker Edge Manager.
Register your device with the same name as your AWS IoT thing name created during the AWS IoT Greengrass V2 setup.
Create at least one custom private AWS IoT Greengrass component. This component is the application that runs inference on the device. For more information, see Create a Hello World custom component

Note

The SageMaker Edge Manager and AWS IoT Greengrass integration only works for AWS IoT Greengrass v2.
Both your AWS IoT thing name and Edge Manager device name must be the same.
SageMaker Edge Manager does not load local AWS IoT certificates and call the AWS IoT credential provider endpoint directly. Instead, SageMaker Edge Manager uses the AWS IoT Greengrass v2 TokenExchangeService and it fetches a temporary credential from a TES endpoint.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Model Package and Edge Manager Agent Deployment with AWS IoT Greengrass

Create the AWS IoT Greengrass V2 Components