This repo is to create a embedded-linux image, which is part of https://github.com/aws4embeddedlinux/demo-iot-automotive-cloud
An AWS Cloud Developer Toolkit Library for building Yocto projects in AWS.
to create yocto demo build pipelines and cloud resources.
change into cdk dir - all following steps from the README are performed there.
cd cdk
npm install .
npm update
npm run build
aws cloudformation create-stack --stack-name GGFleetProvisoning --template-body file://fleet_provisioining_infra/gg-bootstrap.yaml --capabilities CAPABILITY_NAMED_IAM
Wait few minutes for resources being created. You can check status from CloudFormation console or with command:
aws cloudformation describe-stacks --stack-name GGFleetProvisoning
Note
The used library is tested against Node Versions 16, 18, and 20. If these versions are not available for your system, we recommend using NVM to install a compatible version
# only required once
cdk bootstrap
cdk deploy --all --require-approval never
The newly created pipeline ubuntu_22_04BuildImagePipeline
from the CodePipeline console will start automatically.
After that completes, the EmbeddedLinux pipeline in the CodePipeline console page is ready to run. But first create the claim certificates that should be bultin to the device.
mkdir claim-certs
export CERTIFICATE_ARN=$(aws iot create-keys-and-certificate \
--certificate-pem-outfile "claim-certs/claim.cert.pem" \
--public-key-outfile "claim-certs/claim.pubkey.pem" \
--private-key-outfile "claim-certs/claim.pkey.pem" \
--set-as-active \
--query certificateArn)
curl -o "claim-certs/claim.root.pem" https://www.amazontrust.com/repository/AmazonRootCA1.pem
As we created IoT policy named GGProvisioningClaimPolicy with CloudFormation we can just use the name to attach the policy:
aws iot attach-policy --policy-name GGProvisioningClaimPolicy --target ${CERTIFICATE_ARN//\"}
Once our devices get provisioned they will become part of this Thing Group allowing us later to target Thing Group Fleet Deployments.
aws iot create-thing-group --thing-group-name EmbeddedLinuxFleet
aws secretsmanager create-secret --name EC2AMIBigaPipeline_claim.cert.pem --secret-binary fileb://claim-certs/claim.cert.pem
aws secretsmanager create-secret --name EC2AMIBigaPipeline_claim.pkey.pem --secret-binary fileb://claim-certs/claim.pkey.pem
aws secretsmanager create-secret --name EC2AMIBigaPipeline_claim.root.pem --secret-binary fileb://claim-certs/claim.root.pem
aws secretsmanager create-secret --name NxpGoldboxBigaPipeline_claim.cert.pem --secret-binary fileb://claim-certs/claim.cert.pem
aws secretsmanager create-secret --name NxpGoldboxBigaPipeline_claim.pkey.pem --secret-binary fileb://claim-certs/claim.pkey.pem
aws secretsmanager create-secret --name NxpGoldboxBigaPipeline_claim.root.pem --secret-binary fileb://claim-certs/claim.root.pem
The other necessary params are part of the aws-biga-image.bb recipe
echo -e GGV2_REGION=\"$(aws configure get region)\" >> repo_seed/site.conf
echo -e GGV2_DATA_EP=\"$(aws --output text iot describe-endpoint \
--endpoint-type iot:Data-ATS \
--query 'endpointAddress')\" >> repo_seed/site.conf
echo -e GGV2_CRED_EP=\"$(aws --output text iot describe-endpoint \
--endpoint-type iot:CredentialProvider \
--query 'endpointAddress')\" >> repo_seed/site.conf
echo -e GGV2_TES_RALIAS=\"$(aws cloudformation describe-stacks --stack-name GGFleetProvisoning \
--query 'Stacks[0].Outputs[?OutputKey==`GGTokenExchangeRoleAlias`].OutputValue' --output text)\" >> repo_seed/site.conf
aws codecommit put-file \
--repository-name ec2-ami-biga-layer-repo \
--branch-name main \
--file-content file://repo_seed/site.conf \
--file-path /site.conf \
--parent-commit-id $(aws codecommit get-branch --repository-name ec2-ami-biga-layer-repo --branch-name main --query 'branch.commitId' --output text) \
--commit-message "commit site.conf" \
--cli-binary-format raw-in-base64-out
aws codecommit put-file \
--repository-name nxp-goldbox-biga-layer-repo \
--branch-name main \
--file-content file://repo_seed/site.conf \
--file-path /site.conf \
--parent-commit-id $(aws codecommit get-branch --repository-name nxp-goldbox-biga-layer-repo --branch-name main --query 'branch.commitId' --output text) \
--commit-message "commit site.conf" \
--cli-binary-format raw-in-base64-out
aws codecommit put-file \
--repository-name ec2-ami-biga-layer-repo \
--branch-name main \
--file-content file://../manifest.xml \
--file-path /manifest.xml \
--parent-commit-id $(aws codecommit get-branch --repository-name ec2-ami-biga-layer-repo --branch-name main --query 'branch.commitId' --output text) \
--commit-message "commit manifest.xml" \
--cli-binary-format raw-in-base64-out
aws codecommit put-file \
--repository-name nxp-goldbox-biga-layer-repo \
--branch-name main \
--file-content file://../manifest.xml \
--file-path /manifest.xml \
--parent-commit-id $(aws codecommit get-branch --repository-name nxp-goldbox-biga-layer-repo --branch-name main --query 'branch.commitId' --output text) \
--commit-message "commit manifest.xml" \
--cli-binary-format raw-in-base64-out
aws codecommit put-file \
--repository-name ec2-ami-biga-layer-repo \
--branch-name main \
--file-content file://repo_seed/ami/build.buildspec.yml \
--file-path /build.buildspec.yml \
--parent-commit-id $(aws codecommit get-branch --repository-name ec2-ami-biga-layer-repo --branch-name main --query 'branch.commitId' --output text) \
--commit-message "commit repo_seed" \
--cli-binary-format raw-in-base64-out
aws codecommit put-file \
--repository-name nxp-goldbox-biga-layer-repo \
--branch-name main \
--file-content file://repo_seed/device/build.buildspec.yml \
--file-path /build.buildspec.yml \
--parent-commit-id $(aws codecommit get-branch --repository-name nxp-goldbox-biga-layer-repo --branch-name main --query 'branch.commitId' --output text) \
--commit-message "commit repo_seed" \
--cli-binary-format raw-in-base64-out
In case of flashing the NXP GoldBox, once the pipeline is completed, we can simply go to the Artifacts S3 bucket and download the sdcard
image. Once the download is complete, insert the SDCard into the computer and unmount any partitions in case they have been automounted.
To identify the device name of the SD card you can do:
# Linux
lsblk
# Mac
diskutil list
And to unmount:
# Linux
sudo umount /dev/sdX1
# Mac
diskutil unmount /dev/diskXs1
Make sure to replace the X
with the right block device.
Now we can flash the device:
Please note that it is important to specify the right block device here, otherwise this can erase all of your data, so be careful.
sudo dd if=./aws-biga-image-s32g274ardb2.sdcard of=/dev/diskX bs=1m && sync
Once completed, insert back the SD card into the GoldBox and reboot or power cycle the device. This will boot the device and we should be able to ssh
into it if the host is in the same network:
After the successful build, we can go ahead and bootstrap a device.
Those steps are just necessary for debugging, or manually starting an EC2.
In a scenario where we use an EC2 instance, we should be able to find the latest AMI that was created by the pipeline by doing:
export AWS_REGION=$(aws configure get region)
aws ec2 describe-images \
--region $AWS_REGION \
--owners self \
--query 'Images | sort_by(@, &CreationDate) | [-1]' \
--output json
This command sorts AMI images and provides us with the latest entry. From here, we should grab the latest ImageId
. Please note that the description should look something like this:
"Description": "DISTRO=poky;DISTRO_CODENAME=quillback;DISTRO_NAME=Automotive Grade Linux;DISTRO_VERSION=16.91.0...
Second, we will need a key pair:
aws ec2 create-key-pair --key-name biga --query 'KeyMaterial' --output text > biga.pem
chmod 400 biga.pem
Third, we need a security group (to allow ssh access later on)
aws ec2 create-security-group --group-name bigaSG --description "a default sg for biga"
aws ec2 authorize-security-group-ingress --group-id <security_group_id> --protocol tcp --port 22 --cidr 0.0.0.0/0
If you already created it, you can find the security_group_id this way:
aws ec2 describe-security-groups --filters Name=group-name,Values=*biga* --query "SecurityGroups[*].{Name:GroupName,ID:GroupId}"
And finally, we can launch the Graviton instance:
aws ec2 run-instances --image-id <ImageId> --instance-type t4g.micro --key-name biga --security-group-ids <security_group_id> --count 1
This will output the InstanceId
, which we can use to get the public IP:
aws ec2 describe-instances --instance-ids <InstanceId> --query 'Reservations[0].Instances[0].PublicIpAddress' --output text
Which we will need to ssh
to the target:
ssh -i biga.pem user@<public IP>
Now we can start deploying the Greengrass components to the target.
cdk destroy --all
npm run build
compile typescript to jsnpm run watch
watch for changes and compilenpm run test
perform the jest unit testscdk deploy
deploy this stack to your default AWS account/regioncdk diff
compare deployed stack with current statecdk synth
emits the synthesized CloudFormation template
Project Specific:
npm run format
runs prettier and eslint on the repositorynpm run zip-data
bundles the files for creating build host containersnpm run check
checks for lint and format issuesnpm run docs
to generate documentation
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.