Encryption at rest - Amazon IoT Greengrass
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon IoT Greengrass Version 1 entered the extended life phase on June 30, 2023. For more information, see the Amazon IoT Greengrass V1 maintenance policy. After this date, Amazon IoT Greengrass V1 won't release updates that provide features, enhancements, bug fixes, or security patches. Devices that run on Amazon IoT Greengrass V1 won't be disrupted and will continue to operate and to connect to the cloud. We strongly recommend that you migrate to Amazon IoT Greengrass Version 2, which adds significant new features and support for additional platforms.

Encryption at rest

Amazon IoT Greengrass stores your data:

Data at rest in the Amazon Web Services Cloud

Amazon IoT Greengrass encrypts customer data stored in the Amazon Web Services Cloud. This data is protected using Amazon KMS keys that are managed by Amazon IoT Greengrass.

Data at rest on the Greengrass core

Amazon IoT Greengrass relies on Unix file permissions and full-disk encryption (if enabled) to protect data at rest on the core. It is your responsibility to secure the file system and device.

However, Amazon IoT Greengrass does encrypt local copies of your secrets retrieved from Amazon Secrets Manager. For more information, see Secrets encryption.