Encryption at rest - Amazon IoT Greengrass
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Amazon IoT Greengrass Version 1 no longer receives feature updates, and will receive only security patches and bug fixes until June 30, 2023. For more information, see the Amazon IoT Greengrass V1 maintenance policy. We strongly recommend that you migrate to Amazon IoT Greengrass Version 2, which adds significant new features and support for additional platforms.

Encryption at rest

Amazon IoT Greengrass stores your data:

Data at rest in the Amazon Web Services Cloud

Amazon IoT Greengrass encrypts customer data stored in the Amazon Web Services Cloud. This data is protected using Amazon KMS keys that are managed by Amazon IoT Greengrass.

Data at rest on the Greengrass core

Amazon IoT Greengrass relies on Unix file permissions and full-disk encryption (if enabled) to protect data at rest on the core. It is your responsibility to secure the file system and device.

However, Amazon IoT Greengrass does encrypt local copies of your secrets retrieved from Amazon Secrets Manager. For more information, see Secrets encryption.