AWS::Greengrass::Group - AWS CloudFormation

AWS::Greengrass::Group

AWS IoT Greengrass seamlessly extends AWS to edge devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. With AWS IoT Greengrass, connected devices can run AWS Lambda functions, execute predictions based on machine learning models, keep device data in sync, and communicate with other devices securely – even when not connected to the internet. For more information, see the AWS IoT Greengrass Version 1 Developer Guide .

Note

For AWS Region support, see AWS CloudFormation Support for AWS IoT Greengrass in the AWS IoT Greengrass Version 1 Developer Guide .

The AWS::Greengrass::Group resource represents a group in AWS IoT Greengrass. In the AWS IoT Greengrass API, groups are used to organize your group versions.

Groups can reference multiple group versions. All group versions must be associated with a group. A group version references a device definition version, subscription definition version, and other version types that contain the components you want to deploy to a Greengrass core device.

To deploy a group version, the group version must reference a core definition version that contains one core. Other version types are optionally included, depending on your business need.

Note

When you create a group, you can optionally include an initial group version. To associate a group version later, create a AWS::Greengrass::GroupVersion resource and specify the ID of this group.

To change group components (such as devices, subscriptions, or functions), you must create new versions. This is because versions are immutable. For example, to add a function, you create a function definition version that contains the new function (and all other functions that you want to deploy). Then you create a group version that references the new function definition version (and all other version types that you want to deploy).

Deploying a Group Version

After you create the group version in your AWS CloudFormation template, you can deploy it using the aws greengrass create-deployment command in the AWS CLI or from the Greengrass node in the AWS IoT console. To deploy a group version, you must have a Greengrass service role associated with your AWS account. For more information, see AWS CloudFormation Support for AWS IoT Greengrass in the AWS IoT Greengrass Version 1 Developer Guide .

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Greengrass::Group", "Properties" : { "InitialVersion" : GroupVersion, "Name" : String, "RoleArn" : String, "Tags" : [ Tag, ... ] } }

YAML

Type: AWS::Greengrass::Group Properties: InitialVersion: GroupVersion Name: String RoleArn: String Tags: - Tag

Properties

InitialVersion

The group version to include when the group is created. A group version references the Amazon Resource Name (ARN) of a core definition version, device definition version, subscription definition version, and other version types. The group version must reference a core definition version that contains one core. Other version types are optionally included, depending on your business need.

Note

To associate a group version after the group is created, create an AWS::Greengrass::GroupVersion resource and specify the ID of this group.

Required: No

Type: GroupVersion

Update requires: Replacement

Name

The name of the group.

Required: Yes

Type: String

Update requires: No interruption

RoleArn

The Amazon Resource Name (ARN) of the IAM role attached to the group. This role contains the permissions that Lambda functions and connectors use to interact with other AWS services.

Required: No

Type: String

Update requires: No interruption

Tags

Application-specific metadata to attach to the group. You can use tags in IAM policies to control access to AWS IoT Greengrass resources. You can also use tags to categorize your resources. For more information, see Tagging Your AWS IoT Greengrass Resources in the AWS IoT Greengrass Version 1 Developer Guide .

This Json property type is processed as a map of key-value pairs. It uses the following format, which is different from most Tags implementations in AWS CloudFormation templates.

"Tags": { "KeyName0": "value", "KeyName1": "value", "KeyName2": "value" }

Required: No

Type: Array of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the group, such as 1234a5b6-78cd-901e-2fgh-3i45j6k178l9.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The ARN of the Group, such as arn:aws:greengrass:us-east-1:123456789012:/greengrass/definition/groups/1234a5b6-78cd-901e-2fgh-3i45j6k178l9.

Id

The ID of the Group, such as 1234a5b6-78cd-901e-2fgh-3i45j6k178l9.

LatestVersionArn

The ARN of the last GroupVersion that was added to the Group, such as arn:aws:greengrass:us-east-1:123456789012:/greengrass/definition/groups/1234a5b6-78cd-901e-2fgh-3i45j6k178l9/versions/9876ac30-4bdb-4f9d-95af-b5fdb66be1a2.

Name

The name of the Group, such as MyGroup.

RoleArn

The ARN of the IAM role that's attached to the Group, such as arn:aws:iam::123456789012:role/role-name.

RoleAttachedAt

The time (in milliseconds since the epoch) when the group role was attached to the Group.

Examples

Create a Group

The following template defines a core, device, function, logger, subscription, and two resources, and then references them from the group version.

The template includes parameters that let you specify the certificate ARNs for the core and device and the ARN of the source Lambda function (which is an AWS Lambda resource). It uses the Ref and GetAtt intrinsic functions to reference IDs, ARNs, and other attributes that are required to create Greengrass resources.

Note

After you create the group version in your AWS CloudFormation template, you can deploy it using the aws greengrass create-deployment command in the AWS CLI or from the group configuration page in the AWS IoT console. To deploy a group version, you must have a Greengrass service role associated with your AWS account. For more information, see AWS CloudFormation Support for AWS IoT Greengrass in the AWS IoT Greengrass Version 1 Developer Guide .

JSON

{ "Description": "AWS IoT Greengrass example template that creates a group version with a core, device, function, logger, subscription, and resources.", "Parameters": { "CoreCertificateArn": { "Type": "String" }, "DeviceCertificateArn": { "Type": "String" }, "LambdaVersionArn": { "Type": "String" } }, "Resources": { "TestCore1": { "Type": "AWS::IoT::Thing", "Properties": { "ThingName": "TestCore1" } }, "TestCoreDefinition": { "Type": "AWS::Greengrass::CoreDefinition", "Properties": { "Name": "DemoTestCoreDefinition" } }, "TestCoreDefinitionVersion": { "Type": "AWS::Greengrass::CoreDefinitionVersion", "Properties": { "CoreDefinitionId": { "Ref": "TestCoreDefinition" }, "Cores": [ { "Id": "TestCore1", "CertificateArn": { "Ref": "CoreCertificateArn" }, "SyncShadow": "false", "ThingArn": { "Fn::Join": [ ":", [ "arn:aws:iot", { "Ref": "AWS::Region" }, { "Ref": "AWS::AccountId" }, "thing/TestCore1" ] ] } } ] } }, "TestDevice1": { "Type": "AWS::IoT::Thing", "Properties": { "ThingName": "TestDevice1" } }, "TestDeviceDefinition": { "Type": "AWS::Greengrass::DeviceDefinition", "Properties": { "Name": "DemoTestDeviceDefinition" } }, "TestDeviceDefinitionVersion": { "Type": "AWS::Greengrass::DeviceDefinitionVersion", "Properties": { "DeviceDefinitionId": { "Fn::GetAtt": [ "TestDeviceDefinition", "Id" ] }, "Devices": [ { "Id": "TestDevice1", "CertificateArn": { "Ref": "DeviceCertificateArn" }, "SyncShadow": "true", "ThingArn": { "Fn::Join": [ ":", [ "arn:aws:iot", { "Ref": "AWS::Region" }, { "Ref": "AWS::AccountId" }, "thing/TestDevice1" ] ] } } ] } }, "TestFunctionDefinition": { "Type": "AWS::Greengrass::FunctionDefinition", "Properties": { "Name": "DemoTestFunctionDefinition" } }, "TestFunctionDefinitionVersion": { "Type": "AWS::Greengrass::FunctionDefinitionVersion", "Properties": { "FunctionDefinitionId": { "Fn::GetAtt": [ "TestFunctionDefinition", "Id" ] }, "DefaultConfig": { "Execution": { "IsolationMode": "GreengrassContainer" } }, "Functions": [ { "Id": "TestLambda1", "FunctionArn": { "Ref": "LambdaVersionArn" }, "FunctionConfiguration": { "Pinned": "true", "Executable": "run.exe", "ExecArgs": "argument1", "MemorySize": "512", "Timeout": "2000", "EncodingType": "binary", "Environment": { "Variables": { "variable1": "value1" }, "ResourceAccessPolicies": [ { "ResourceId": "ResourceId1", "Permission": "ro" }, { "ResourceId": "ResourceId2", "Permission": "rw" } ], "AccessSysfs": "false", "Execution": { "IsolationMode": "GreengrassContainer", "RunAs": { "Uid": "1", "Gid": "10" } } } } } ] } }, "TestLoggerDefinition": { "Type": "AWS::Greengrass::LoggerDefinition", "Properties": { "Name": "DemoTestLoggerDefinition" } }, "TestLoggerDefinitionVersion": { "Type": "AWS::Greengrass::LoggerDefinitionVersion", "Properties": { "LoggerDefinitionId": { "Ref": "TestLoggerDefinition" }, "Loggers": [ { "Id": "TestLogger1", "Type": "AWSCloudWatch", "Component": "GreengrassSystem", "Level": "INFO" } ] } }, "TestResourceDefinition": { "Type": "AWS::Greengrass::ResourceDefinition", "Properties": { "Name": "DemoTestResourceDefinition" } }, "TestResourceDefinitionVersion": { "Type": "AWS::Greengrass::ResourceDefinitionVersion", "Properties": { "ResourceDefinitionId": { "Ref": "TestResourceDefinition" }, "Resources": [ { "Id": "ResourceId1", "Name": "LocalDeviceResource", "ResourceDataContainer": { "LocalDeviceResourceData": { "SourcePath": "/dev/TestSourcePath1", "GroupOwnerSetting": { "AutoAddGroupOwner": "false", "GroupOwner": "TestOwner" } } } }, { "Id": "ResourceId2", "Name": "LocalVolumeResourceData", "ResourceDataContainer": { "LocalVolumeResourceData": { "SourcePath": "/dev/TestSourcePath2", "DestinationPath": "/volumes/TestDestinationPath2", "GroupOwnerSetting": { "AutoAddGroupOwner": "false", "GroupOwner": "TestOwner" } } } } ] } }, "TestSubscriptionDefinition": { "Type": "AWS::Greengrass::SubscriptionDefinition", "Properties": { "Name": "DemoTestSubscriptionDefinition" } }, "TestSubscriptionDefinitionVersion": { "Type": "AWS::Greengrass::SubscriptionDefinitionVersion", "Properties": { "SubscriptionDefinitionId": { "Ref": "TestSubscriptionDefinition" }, "Subscriptions": [ { "Id": "TestSubscription1", "Source": { "Fn::Join": [ ":", [ "arn:aws:iot", { "Ref": "AWS::Region" }, { "Ref": "AWS::AccountId" }, "thing/TestDevice1" ] ] }, "Subject": "TestSubjectUpdated", "Target": { "Ref": "LambdaVersionArn" } } ] } }, "TestGroup": { "Type": "AWS::Greengrass::Group", "Properties": { "Name": "DemoTestGroupNewName", "RoleArn": { "Fn::Join": [ ":", [ "arn:aws:iam:", { "Ref": "AWS::AccountId" }, "role/TestUser" ] ] }, "InitialVersion": { "CoreDefinitionVersionArn": { "Ref": "TestCoreDefinitionVersion" }, "DeviceDefinitionVersionArn": { "Ref": "TestDeviceDefinitionVersion" }, "FunctionDefinitionVersionArn": { "Ref": "TestFunctionDefinitionVersion" }, "SubscriptionDefinitionVersionArn": { "Ref": "TestSubscriptionDefinitionVersion" }, "LoggerDefinitionVersionArn": { "Ref": "TestLoggerDefinitionVersion" }, "ResourceDefinitionVersionArn": { "Ref": "TestResourceDefinitionVersion" } }, "Tags": { "KeyName0": "value", "KeyName1": "value", "KeyName2": "value" } } } } }

YAML

Description: >- AWS IoT Greengrass example template that creates a group version with a core, device, function, logger, subscription, and resources. Parameters: CoreCertificateArn: Type: String DeviceCertificateArn: Type: String LambdaVersionArn: Type: String Resources: TestCore1: Type: 'AWS::IoT::Thing' Properties: ThingName: TestCore1 TestCoreDefinition: Type: 'AWS::Greengrass::CoreDefinition' Properties: Name: DemoTestCoreDefinition TestCoreDefinitionVersion: Type: 'AWS::Greengrass::CoreDefinitionVersion' Properties: CoreDefinitionId: !Ref TestCoreDefinition Cores: - Id: TestCore1 CertificateArn: !Ref CoreCertificateArn SyncShadow: 'false' ThingArn: !Join - ':' - - 'arn:aws:iot' - !Ref 'AWS::Region' - !Ref 'AWS::AccountId' - thing/TestCore1 TestDevice1: Type: 'AWS::IoT::Thing' Properties: ThingName: TestDevice1 TestDeviceDefinition: Type: 'AWS::Greengrass::DeviceDefinition' Properties: Name: DemoTestDeviceDefinition TestDeviceDefinitionVersion: Type: 'AWS::Greengrass::DeviceDefinitionVersion' Properties: DeviceDefinitionId: !GetAtt - TestDeviceDefinition - Id Devices: - Id: TestDevice1 CertificateArn: !Ref DeviceCertificateArn SyncShadow: 'true' ThingArn: !Join - ':' - - 'arn:aws:iot' - !Ref 'AWS::Region' - !Ref 'AWS::AccountId' - thing/TestDevice1 TestFunctionDefinition: Type: 'AWS::Greengrass::FunctionDefinition' Properties: Name: DemoTestFunctionDefinition TestFunctionDefinitionVersion: Type: 'AWS::Greengrass::FunctionDefinitionVersion' Properties: FunctionDefinitionId: !GetAtt - TestFunctionDefinition - Id DefaultConfig: Execution: IsolationMode: GreengrassContainer Functions: - Id: TestLambda1 FunctionArn: !Ref LambdaVersionArn FunctionConfiguration: Pinned: 'true' Executable: run.exe ExecArgs: argument1 MemorySize: '512' Timeout: '2000' EncodingType: binary Environment: Variables: variable1: value1 ResourceAccessPolicies: - ResourceId: ResourceId1 Permission: ro - ResourceId: ResourceId2 Permission: rw AccessSysfs: 'false' Execution: IsolationMode: GreengrassContainer RunAs: Uid: '1' Gid: '10' TestLoggerDefinition: Type: 'AWS::Greengrass::LoggerDefinition' Properties: Name: DemoTestLoggerDefinition TestLoggerDefinitionVersion: Type: 'AWS::Greengrass::LoggerDefinitionVersion' Properties: LoggerDefinitionId: !Ref TestLoggerDefinition Loggers: - Id: TestLogger1 Type: AWSCloudWatch Component: GreengrassSystem Level: INFO TestResourceDefinition: Type: 'AWS::Greengrass::ResourceDefinition' Properties: Name: DemoTestResourceDefinition TestResourceDefinitionVersion: Type: 'AWS::Greengrass::ResourceDefinitionVersion' Properties: ResourceDefinitionId: !Ref TestResourceDefinition Resources: - Id: ResourceId1 Name: LocalDeviceResource ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/TestSourcePath1 GroupOwnerSetting: AutoAddGroupOwner: 'false' GroupOwner: TestOwner - Id: ResourceId2 Name: LocalVolumeResourceData ResourceDataContainer: LocalVolumeResourceData: SourcePath: /dev/TestSourcePath2 DestinationPath: /volumes/TestDestinationPath2 GroupOwnerSetting: AutoAddGroupOwner: 'false' GroupOwner: TestOwner TestSubscriptionDefinition: Type: 'AWS::Greengrass::SubscriptionDefinition' Properties: Name: DemoTestSubscriptionDefinition TestSubscriptionDefinitionVersion: Type: 'AWS::Greengrass::SubscriptionDefinitionVersion' Properties: SubscriptionDefinitionId: !Ref TestSubscriptionDefinition Subscriptions: - Id: TestSubscription1 Source: !Join - ':' - - 'arn:aws:iot' - !Ref 'AWS::Region' - !Ref 'AWS::AccountId' - thing/TestDevice1 Subject: TestSubjectUpdated Target: !Ref LambdaVersionArn TestGroup: Type: 'AWS::Greengrass::Group' Properties: Name: DemoTestGroupNewName RoleArn: !Join - ':' - - 'arn:aws:iam:' - !Ref 'AWS::AccountId' - role/TestUser InitialVersion: CoreDefinitionVersionArn: !Ref TestCoreDefinitionVersion DeviceDefinitionVersionArn: !Ref TestDeviceDefinitionVersion FunctionDefinitionVersionArn: !Ref TestFunctionDefinitionVersion SubscriptionDefinitionVersionArn: !Ref TestSubscriptionDefinitionVersion LoggerDefinitionVersionArn: !Ref TestLoggerDefinitionVersion ResourceDefinitionVersionArn: !Ref TestResourceDefinitionVersion Tags: KeyName0: value KeyName1: value KeyName2: value

See also