In this talk, delivered at the 2018 AWS New York Summit, Forrest shares real-world learning experiences building on AWS's edge IoT service, Greengrass.
Group CA (used by AWS Greengrass devices to validate the certificate presented by an AWS Greengrass core device during TLS mutual authentication.)
X.509 cert (per device)
Two roles: service role (lets Greengrass talk to Lambda and IoT – only need to set this up once per account) and custom group role (lets you talk to the cloud from your core device)
This amazing line of config singlehandedly creates an alias for the function, publishes a new version, points the alias to the version, and points all event sources to the alias, any time your function code changes.