Tetra IoT Layer Post-Deployment Tasks

After the Tetra IoT Layer is deployed, do the following.

Configure a DNS Record to Point to the Load Balancer

  1. Create the following DNS record: iot.<TDP DOMAIN>
  2. Point the DNS record to the CNAME record of the IoT stack's load balancer.

Update IoT Amazon S3 Bucket Permissions

Configure the Tetra IoT Layer Amazon Elastic Compute Cloud (Amazon EC2) instance to write data to the TDP IoT bucket in Amazon Simple Storage Service (Amazon S3) by doing the following:

Get the iot-emq Amazon EC2 Instance's ARN

  1. Sign in to the AWS Management Console.
  2. Open the Amazon EC2 console. Then, choose Instances.
  3. Select the iot-emq instance.
  4. Select the Details tab. Then, select the IAM Role link.
  5. Copy the role's Amazon Resource Name (ARN).

Grant the iot-emq Instance the Permissions Required to Write Data to the IoT Bucket in Amazon S3

To grant the iot-emq instance the required permissions to write data to Amazon S3, do one of the following based on the Tetra Data Platform (TDP) version that you're using.

For TDP v3.6.x and Higher

In the TDP Data Layer's CloudFormation template, add the iot-emq instance's role ARN to the IoTInstanceRole parameter. For more information, see Modifying a stack template in the AWS Documentation.

For TDP v3.5.x and Earlier

  1. Open the Amazon S3 console.
  2. In the left navigation menu, choose Buckets.
  3. In the Buckets list, select the -iot bucket.
  4. Choose the Permissions tab.
  5. Under Bucket policy, choose Edit. The Edit bucket policy page appears.
  6. On the Edit bucket policy page, add the following policy statement to the bucket policy:

🚧

IMPORTANT

Make sure that you replace the "AWS": "{ROLE ARN FROM STEP 4}" value with the iot-emq instance's role ARN.

<pre>
<code>
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "iot",
            "Effect": "Allow",
            "Principal": {
                "AWS": "{ROLE ARN FROM STEP 4}"
            },
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::{BUCKET NAME}/*",
            "Condition": {
                "StringLike": {
                    "s3:x-amz-acl": "bucket-owner-full-control"
                }
            }
        }
    ]
}
</code>
</pre>
  1. Choose Save changes.

Change the Default Login (UI) Password

  1. In a web browser, open the Tetra IoT server UI by going to the following URL: https://iot.<TDP DOMAIN>
  2. Sign in with the following username: admin@tetrascience. (Request the password from your customer success manager.)
  3. Choose Users.
  4. Next to the admin username, choose Edit.
  5. Enter a new password. Then, choose Save.

📘

NOTE

You might need to enter a mobile number before saving the password.

Create a New IoT User for TDP API Access

Create a New IoT User

  1. In a web browser, open the Tetra IoT server UI by going to the following URL: https://iot.<TDP DOMAIN>
  2. Sign in with the following username: admin@tetrascience. (Request the password from your customer success manager.)
  3. Choose Users.
  4. Choose New User.
  5. Configure a new user by entering the following information:
  • For User Name, enter api.
  • For New Password, enter a new password
  • For Name, enter api.
  • For User Type, enter Administrator.
  • For Mobile Number, enter 1.
  1. Choose Save.

Add the New User's Information to AWS Systems Manager Parameter Store

Add the following parameters to AWS Systems Manager Parameter Store. For instructions, see Create a Systems Manager parameter (console) in the AWS Documentation.

Parameter nameTypeValue
/tetrascience/production/ECS/ts-service-anylink/ANYLINK_USERNAMESecure stringapi
/tetrascience/production/ECS/ts-service-anylink/ANYLINK_PASSWORDSecure stringEnter the API user's password that you created

Restart the Amazon ECS Service

  1. Open the Amazon Elastic Container Service (Amazon ECS) console.
  2. In the left navigation menu, choose Clusters.
  3. Choose the <Infrastructure Name>-production cluster.
  4. Choose the Services tab.
  5. Select the ts-service-anylink-tls service, and then choose Update service.
  6. Select the Force new deployment check box.
  7. Choose Update.