Code360 powered by Coding Ninjas X Code360 powered by Coding Ninjas X
Table of contents
Monitoring Tools
Monitoring with Amazon IoT Greengrass logs
Accessing CloudWatch logs
Using the console
Using the CLI
Accessing file system logs
Logging limitations
Logging Amazon IoT Greengrass API calls with Amazon CloudTrail
Frequently Asked Questions
What are the three main components of a Greengrass system?
What is a Greengrass component?
How does Amazon use IoT?
What is AWS Greengrass used for?
What must an AWS IoT Greengrass group definition include?
Last Updated: Mar 27, 2024

Logging and monitoring in Amazon IoT Greengrass

Author yuvatimankar
0 upvote
Master Python: Predicting weather forecasts
Ashwin Goyal
Product Manager @


Monitoring is an essential part of maintaining the reliability, availability, and performance of Amazon IoT Greengrass along with your Amazon solutions. We should collect monitoring data from all parts of your Amazon solution so that you can more smoothly debug a multi-point failure if it occurs. 



Before we start monitoring Amazon IoT Greengrass, we should create a monitoring plan that contains answers to the questions such as 

1. What are the monitoring goals?

2. Which resources are to be monitored?

3. How often to monitor these resources? 

4. Which monitoring tools to use? 

Monitoring Tools

Amazon administers tools that you can use to monitor Amazon IoT Greengrass. We can build some of these tools to do the monitoring for us. Some of the tools need manual intervention. Also, a few of the tools can be used over the existing services, whereas we need to pay for a few services by paying additional costs.



Automated monitoring tools to monitor Amazon IoT Greengrass and report issues are:

  • Amazon CloudWatch Logs: It Monitors, stores, and accesses your log files from Amazon CloudTrail or other sources. Cloudwatch gives you the service that one can use to visualize and aggregate logs also with the use of Amazon CloudWatch Logs you can respond to the service metrics. The Major Components of cloudwatch are alarms and events, Alarms can be used to create the alert and events can be used to automate the response of metrics value.
  • AWS Certificate Manager: It is a tool you can use to manage and apply transport layer security (TLS) and secure sockets layer (SSL) endorsements. These certificates are utilized to demonstrate your administrations or gadgets' realness and empower you to get network associations.
  • Amazon CloudTrail Log Monitoring: It shares log files between accounts, and monitors CloudTrail log files in real-time by sending them to Cloudwatch logs, it writes log processing applications in java and validates that the log files have not changed after delivery by CloudTrail.
  • Amazon EC2 Dashboard: EC2 Dashboard is a checking device for the Amazon EC2 virtual machine administration. You can utilize this dashboard to screen and keep up with your EC2 occurrences and framework. The dashboard allows you to see instance states and services health, manage alarms and status reports, view booked occasions, and evaluate the volume and example measurements. 
  • Amazon EventBridge: Part of the AWS Serverless biological system, Amazon EventBridge is a serverless occasion transport that was based on top of the current AWS CloudWatch Events API. It uses EventBridge event rules to get notifications about state changes for your Greengrass group deployment logged with CloudTrail.
  • Greengrass system health telemetry: In this subscription is needed to receive telemetry data sent from the Greengrass core.
  • Local health check: It uses the health APIs to get a snapshot of the state of local Amazon IoT Greengrass processes on the core device.

Also see, Amazon Hirepro

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job

Monitoring with Amazon IoT Greengrass logs

When you create a new project, AWS DeepLens automatically configures AWS IoT Greengrass Logs. AWS IoT Greengrass Logs writes logs to Amazon CloudWatch Logs and to the local file system of your device. When a project is running, AWS DeepLens sends diagnostic messages to CloudWatch Logs as AWS IoT Greengrass log streams and to your AWS DeepLens device as local file system logs. The messages sent to CloudWatch Logs and your local file system logs are identical, except that the crash.log file is available only in file system logs. AWS IoT Greengrass Logs for AWS DeepLens are also stored in the local file system on your AWS DeepLens device. The local file system logs include the crash log, which is not available in CloudWatch Logs.

Accessing CloudWatch logs

If you customize CloudWatch logging, you can view the logs on the Logs page of the Amazon CloudWatch console. Los group use the following naming conventions:



Each log group has log streams that use the naming convention:



The following reflection applies when you use CloudWatch Logs:

  • Transaction, memory, and other limitations are applied.
  • To CloudWatch logs are sent with a finite number of retries if in case there is no internet connection. The event is dropped as the retries are exhausted.
  • Greengrass group role must permit Amazon IoT Greengrass to write to CloudWatch Logs. 
"Version": "2012-10-17",
    "Statement": [
            "Effect": "Allow",
            "Action": [
            "Resource": [


The group role is an IAM role that you create and attach to your Greengrass group. You can use the console to manage the group role.

Using the console

  • In the console, go to the navigation panel and choose Greengrass, classic (V1), Groups.
  • Choose the target group
  • Go to Settings. Under the Group role, we can view, attach or remove the group role.

Using the CLI

  1. Use the get-associated-role command to find the group role.
  2. Use the associate-role-to-group command to attach the group role.
  3. Use the disassociate-role-from-group command to remove the group role.

Accessing file system logs

If you build file system logging, the log files are stored under greengrass-root/ggc/var/log

on the core device. The high-level directory structure is as follows:

  - crash.log
    - system
        - log files for each Greengrass system component
    - user
        - region
            - account-id
                - log files generated by each user-defined Lambda function
            - aws
                - log files generated by each connector


The following considerations apply when you use file system logs:

  • Reading IoT Greengrass logs on the file system needs root permissions
  • Amazon IoT Greengrass supports rotation based on size and automatic cleanup when the amount of log data is close to the configured limit.
  • The crash.log file is on;y available in file system logs.

Logging limitations

  • Transaction per second: As logging to CloudWatch is enabled, the logging component batches log events locally before sending them to CloudWatch, so that you can log at a rate higher than five requests per second per log stream.
  • Memory: The internal processing pipeline eventually fills up, if Amazon IoT Greengrass is configured to send logs to CloudWatch and a lambda function logs more than 5 MB/second for a prolonged period of time. The worst-case theoretically is 6 MB per Lambda function.
  • Clock skew: The logging component signs requests to CloudWatch using the normal signature Version for the signing process, when logging to cloudWatch is enabled. If the system time on the core device of Amazon IoT Greengrass is out of sync by more than 15 minutes, then the requests are rejected.
  • Disk usage: We use the following formula for calculating the total maximum amount of disk usage for logging.
greengrass-system-component-space * 8    // 7 if automatic IP detection is disabled
  + 128KB                                // the internal log for the local logging component
  + lambda-space * lambda-count          // different versions of a Lambda function are treated as one


Greengrass-system-component-space is the maximum amount of local storage for the Amazon IoT Greengrass system component logs.
Lambda-space is the maximum amount of local storage for lambda function logs 
Lambda count is the number of deployed Lambda functions.

  • Log loss
    You have no way to retrieve the logs currently in the memory If your Amazon IoT Greengrass core device is configured to log only to CloudWatch and there’s no internet connection. A few seconds with logs are not written to Cloudwatch when lambda functions are terminated.
  • CloudTrail logs
    CloudTrail log is a service that provides a record of actions taken by a user, role, or an Amazon service in Amazon IoT Greengrass.Amazon IoT Greengrass runs with Amazon CloudTrail.

Logging Amazon IoT Greengrass API calls with Amazon CloudTrail

Amazon IoT Greengrass is unified with Amazon CloudTrail. Amazon Cloudtrail is a service that provides a record of actions taken by a role, user, or an Amazon service in Amazon IoT Greengrass.CloudTail apprehends all API calls for Amazon IoT Greengrass as events. You can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Amazon IoT Greengrass if you create a trail.

Check out this article - Components Of IOT

Frequently Asked Questions

What are the three main components of a Greengrass system?

Components include features such as AWS IoT Greengrass V1 connectors and local development tools such as the AWS IoT Greengrass CLI.

What is a Greengrass component?

It is a software module that you deploy to Greengrass core devices. These components can illustrate applications, libraries, or runtime installers.

How does Amazon use IoT?

It is a managed cloud service that lets connected devices securely and easily interact with cloud applications.

What is AWS Greengrass used for?

AWS Greengrass is used to build, deploy, and manage device software. It is an IoT open source edge runtime and cloud service.

What must an AWS IoT Greengrass group definition include?

An AWS IoT Greengrass group must contain one core. Device connected to a Greengrass core. 


In this article, we have extensively discussed Monitoring, monitoring tools, and then monitoring with Amazon IoT Greengrass, Logging and its limitations, and then Logging using Amazon IoT Greengrass. 

After reading about Amazon IoT Greengrass, are you not feeling excited to read/explore more articles on the topic of AWS? Don’t worry; Coding Ninjas has covered you. To learn, see Introduction to AWSAWS Elemental MediaPackage, and AWS Features.

Refer to our guided path on Coding Ninjas Studio to upskill yourself in Data structure and algorithmsCompetitive Programming, JavascriptSystem Design, and many more if you want to test your competency in coding, you may check out the mock test series and participate in the contests hosted on Coding Ninjas Studio But if you have just started your learning process and are looking for questions asked by tech giants like Amazon, Microsoft, Uber, etc. you must look at the problemsinterview experiences, and interview bundle for placement preparations.

Nevertheless, you may consider our paid courses to give your career an edge over others.

Do upvote our blogs if you find them helpful and engaging!

Happy learning!

Previous article
AWS IoT Device Defender Detect
Next article
Amazon Forecast part 2
Live masterclass