Amazon IoT Greengrass Version 1 entered the extended life phase on June 30, 2023. For more information, see the Amazon IoT Greengrass V1 maintenance policy. After this date, Amazon IoT Greengrass V1 won't release updates that provide features, enhancements, bug fixes, or security patches. Devices that run on Amazon IoT Greengrass V1 won't be disrupted and will continue to operate and to connect to the cloud. We strongly recommend that you migrate to Amazon IoT Greengrass Version 2, which adds significant new features and support for additional platforms.
Encryption at rest
Amazon IoT Greengrass stores your data:
-
Data at rest in the Amazon Web Services Cloud. This data is encrypted.
-
Data at rest on the Greengrass core. This data is not encrypted (except local copies of your secrets).
Data at rest in the Amazon Web Services Cloud
Amazon IoT Greengrass encrypts customer data stored in the Amazon Web Services Cloud. This data is protected using Amazon KMS keys that are managed by Amazon IoT Greengrass.
Data at rest on the Greengrass core
Amazon IoT Greengrass relies on Unix file permissions and full-disk encryption (if enabled) to protect data at rest on the core. It is your responsibility to secure the file system and device.
However, Amazon IoT Greengrass does encrypt local copies of your secrets retrieved from Amazon Secrets Manager. For more information, see Secrets encryption.