# ################################################## # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # Permission is hereby granted, free of charge, to any person obtaining a copy of # this software and associated documentation files (the "Software"), to deal in # the Software without restriction, including without limitation the rights to # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of # the Software, and to permit persons to whom the Software is furnished to do so. # ################################################## AWSTemplateFormatVersion: "2010-09-09" Description: "Greengrass Deepstream Integration Template" Transform: AWS::Serverless-2016-10-31 Description: Create Greengrass resources for a AWS Secure Transport tariler Parameters: CoreName: Description: Greengrass Core name to be created. A "Thing" with be created with _core appended to the name Type: String Default: DeepstreamGreengrassGroup S3BucketName: Description: S3 bucket name to put generated certificates Type: String MLResourceName: Description: ML resource zip file name Type: String Resources: GreengrassGroup: Type: AWS::Greengrass::Group DependsOn: - GreengrassResourceRole Properties: Name: !Ref CoreName RoleArn: !GetAtt GreengrassResourceRole.Arn InitialVersion: CoreDefinitionVersionArn: !Ref GreengrassCoreDefinitionVersion FunctionDefinitionVersionArn: !GetAtt FunctionDefinition.LatestVersionArn SubscriptionDefinitionVersionArn: !GetAtt SubscriptionDefinition.LatestVersionArn LoggerDefinitionVersionArn: !GetAtt LoggerDefinition.LatestVersionArn DeviceDefinitionVersionArn: !GetAtt DeviceDefinition.LatestVersionArn ResourceDefinitionVersionArn: !GetAtt ResourceDefinition.LatestVersionArn GreengrassCoreDefinition: Type: AWS::Greengrass::CoreDefinition Properties: # GG Core = CoreName + "_core" as the "thingName" Name: !Ref CoreName GreengrassCoreDefinitionVersion: Type: AWS::Greengrass::CoreDefinitionVersion Properties: CoreDefinitionId: !Ref GreengrassCoreDefinition Cores: - Id: !Ref CoreName ThingArn: !Join - ":" - - "arn:aws:iot" - !Ref AWS::Region - !Ref AWS::AccountId - !Join - "/" - - "thing" - !Ref CoreName CertificateArn: !Join - ":" - - "arn:aws:iot" - !Ref AWS::Region - !Ref AWS::AccountId - !Join - "/" - - "cert" - Fn::ImportValue: "GGCoreCertificateId" SyncShadow: "true" DeepstreamAppLambdaRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: "/" Policies: - PolicyName: AggregationLambdaLogging PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutDestination - logs:PutLogEvents Resource: !Join - '' - - 'arn:aws:logs:' - !Ref AWS::Region - ':' - !Ref AWS::AccountId - ':log-group:*' DeepstreamAppLambda: Type: 'AWS::Serverless::Function' # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction Properties: CodeUri: lambda_deepstream_app/ AutoPublishAlias: test Handler: run_deepstream.function_handler Runtime: python2.7 Description: Lambda that runs Deepstream App within as a subprocess MemorySize: 2048 Role: !GetAtt DeepstreamAppLambdaRole.Arn Timeout: 900 FunctionDefinition: Type: AWS::Greengrass::FunctionDefinition Properties: Name: FunctionDefinition InitialVersion: DefaultConfig: Execution: IsolationMode: GreengrassContainer Functions: - Id: !Join ["_", [!Ref CoreName, "DeepstreamAppLambda"] ] FunctionArn: !Join [":", [!GetAtt DeepstreamAppLambda.Arn, "test"] ] FunctionConfiguration: Pinned: 'true' Timeout: '300' MemorySize: '10000000' EncodingType: 'json' Environment: AccessSysfs: 'true' Execution: IsolationMode: GreengrassContainer RunAs: Uid: '0' Gid: '0' ResourceAccessPolicies: - ResourceId: MLModel Permission: rw - ResourceId: ResourceId2 Permission: rw - ResourceId: ResourceId3 Permission: rw - ResourceId: ResourceId4 Permission: rw - ResourceId: ResourceId5 Permission: rw - ResourceId: ResourceId6 Permission: rw - ResourceId: ResourceId7 Permission: rw - ResourceId: ResourceId8 Permission: rw - ResourceId: ResourceId9 Permission: rw - ResourceId: ResourceId10 Permission: rw - ResourceId: ResourceId11 Permission: rw - ResourceId: ResourceId12 Permission: rw - ResourceId: ResourceId13 Permission: rw DeviceDefinition: Type: AWS::Greengrass::DeviceDefinition Properties: InitialVersion: Devices: - CertificateArn: Fn::ImportValue: "DeepstreamAppThingCertificateArn" SyncShadow: "true" Id: !Join ["_", [!Ref CoreName, "DeepstreamApp"] ] ThingArn: Fn::ImportValue: "DeepstreamAppThingThingArn" Name: deepstream-app-device-definition ResourceDefinition: Type: 'AWS::Greengrass::ResourceDefinition' Properties: Name: deepstream-model-resource-definition InitialVersion: Resources: - Name: "resnet-10-model" Id: MLModel ResourceDataContainer: S3MachineLearningModelResourceData: DestinationPath: "/resnet_10_model/" S3Uri: !Sub 's3://${S3BucketName}/model/${MLResourceName}' - Id: ResourceId2 Name: nvhost-ctrl ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/nvhost-ctrl - Id: ResourceId3 Name: nvhost-gpu ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/nvhost-gpu - Id: ResourceId4 Name: nvhost-ctrl-gpu ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/nvhost-ctrl-gpu - Id: ResourceId5 Name: nvhost-dbg-gpu ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/nvhost-dbg-gpu - Id: ResourceId6 Name: nvhost-prof-gpu ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/nvhost-prof-gpu - Id: ResourceId7 Name: nvmap ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/nvmap - Id: ResourceId8 Name: nvhost-vic ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/nvhost-vic - Id: ResourceId9 Name: nvhost-as-gpu ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/nvhost-as-gpu - Id: ResourceId10 Name: mem ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/mem - Id: ResourceId11 Name: tegra_dc_ctrl ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/tegra_dc_ctrl - Id: ResourceId12 Name: nvhost-msenc ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/nvhost-msenc - Id: ResourceId13 Name: nvhost-nvdec ResourceDataContainer: LocalDeviceResourceData: SourcePath: /dev/nvhost-nvdec LoggerDefinition: Type: 'AWS::Greengrass::LoggerDefinition' Properties: Name: LoggerDefinition InitialVersion: Loggers: - Component: GreengrassSystem Id: !Join - "-" - - !Ref CoreName - "1" Level: DEBUG Space: 25600 Type: FileSystem - Component: GreengrassSystem Id: !Join - "-" - - !Ref CoreName - "2" Level: DEBUG Type: AWSCloudWatch - Component: Lambda Id: !Join - "-" - - !Ref CoreName - "3" Level: DEBUG Space: 25600 Type: FileSystem - Component: Lambda Id: !Join - "-" - - !Ref CoreName - "4" Level: DEBUG Type: AWSCloudWatch SubscriptionDefinition: Type: 'AWS::Greengrass::SubscriptionDefinition' Properties: Name: SubscriptionDefinition InitialVersion: Subscriptions: - Id: DeepstreamNotifyGreengrass Source: 'cloud' Subject: "#" Target: Fn::ImportValue: "DeepstreamAppThingThingArn" - Id: DeepstreamNotifyCloud Source: Fn::ImportValue: "DeepstreamAppThingThingArn" Subject: "#" Target: 'cloud' - Id: DeepstreamLambdaNotifyCloud Source: !Join [":", [!GetAtt DeepstreamAppLambda.Arn, "test"] ] Subject: "#" Target: 'cloud' GreengrassResourceRole: # Role for deployed Lambda functions to a Greengrass core to call other AWS services directly Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: greengrass.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: root PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: arn:aws:logs:*:*:* - Effect: Allow Action: - iot:* Resource: "*"