4.4.1 Edit Greengrass Configuration to Use Port 443 (optional)

The default configuration for Greengrass uses ports 8883 and 8443. In some environments, these ports may be blocked by firewalls. Greengrass can be configured to use port 443 instead. This is the same port used by the “https” protocol.

iotMqttPort=443 may be needed. MQTT communicates only via https-port=443 which is typically open in firewalls, as needed for HTTPS. However, its default-port 8883 is typically closed and IT usually does not open it.

This step is performed on the target of the SAMA5D27-WLSOM1-EK board.

Edit the file /greengrass/config/config.json to have the iotMqttPort, iotHttpPort, and ggHttpPort parameters as shown below:

# vim /greengrass/config/config.json
{
  "coreThing" : {
    "caPath" : "root.ca.pem",
    "certPath" : "2222222222.cert.pem",
    "keyPath" : "2222222222.private.key",
    "thingArn" : "arn:aws:iot:<region>:<account>:thing/sama5_group_Core",
    "iotHost" : "<endpoint>”,
    "iotMqttPort" : 443,
    "iotHttpPort" : 443,
    "ggHost" : "greengrass-ats.iot.<region>.amazonaws.com",
    "ggHttpPort" : 443,
    "keepAlive" : 600
  },
  "runtime" : {
    "cgroup" : {
      "useSystemd" : "no"
    }
  },
  "managedRespawn" : false,
  "crypto" : {
    "principals" : {
      "SecretsManager" : {
        "privateKeyPath" : "file:///greengrass/certs/2222222222.private.key"
      },
      "IoTCertificate" : {
        "privateKeyPath" : "file:///greengrass/certs/2222222222.private.key",
        "certificatePath" : "file:///greengrass/certs/2222222222.cert.pem"
      }
    },
    "caPath" : "file:///greengrass/certs/root.ca.pem"
  }
}

AN3170

4.4.1 Edit Greengrass Configuration to Use Port 443 (optional)