Skip to main content


The AWS Greengrass with MQTT connector requires an existing Greengrass device core already installed and configured upfront. Please follow Greengrass installation instruction of this section AWS Greengrass.

Collecting Expected Informations

Parameters required
UI FieldDescription
CertificateThe client certificate of your Associated Client Device.
Private KeyThe client Private Key file of your Associated Client Device.
CA CertificateTrusted CA Certificate of your Core device.
Client IDThe client ID used to connect to your MQTT server.
ProtocolFixed to SSL.
Connection TimeoutFixed to 10000ms.
Action TimeoutFixed to 10000ms.

Certificate + Private key

You need collect Certificate + Private key of the "Associated client device" img

CA Certificate

The CA certificate of your Core Device (represented by a Thing) must be retreive using the Greengrass discovery API. The following example specifies a client device's certificates to authenticate a request to the Greengrass discovery API endpoint.

curl -i --cert 1a23bc4d56.cert.pem \
--key 1a23bc4d56.private.key \

If the request succeeds, this command outputs a response similar to the following example.

{ "GGGroups": [ { "GGGroupId": "greengrassV2-coreDevice-MyGreengrassCore", "Cores": [ { "thingArn": "arn:aws:iot:us-west-2:123456789012:thing/MyGreengrassCore", "Connectivity": [ { "Id": "AUTOIP_192.168.1.4_1", "HostAddress": "", "PortNumber": 8883, "Metadata": "" } ] } ], "CAs": [ "-----BEGIN CERTIFICATE-----\ncert-contents\n-----END CERTIFICATE-----\n" ] } ] }

The certificate returned in the response above is the CA of the Greengrass Core device.

Client ID

The clientID of your MQTT connection should be the Thing's name of your core device. img

Attention points

  • MQTT Credentials (username/password) should not be used. The authentication of the Thing will be done via Thing’s private key and certificate.
  • MQTT Client ID must be the Thing’s name that the connector represent.
  • The thing that represents the connector must also have permission to perform the greengrass:Discover action.
  • The default ConnectionTimeout and ActionTimeout settings of the MQTT Connector are too short for establishing a successful connection to AWS Greengrass Core device. They must be increased to 10 seconds.