Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

End of support notice: On October 7th, 2026, Amazon will discontinue support for Amazon IoT Greengrass Version 1. After October 7th, 2026, you will no longer be able to access the Amazon IoT Greengrass V1 resources. For more information, please visit Migrate from Amazon IoT Greengrass Version 1.

Encryption in transit

Amazon IoT Greengrass has three modes of communication where data is in transit:

Data in transit over the internet

Amazon IoT Greengrass uses Transport Layer Security (TLS) to encrypt all communication over the internet. All data sent to the Amazon Web Services Cloud is sent over a TLS connection using MQTT or HTTPS protocols, so it is secure by default. Amazon IoT Greengrass uses the Amazon IoT transport security model. For more information, see Transport security in the Amazon IoT Core Developer Guide.

Data in transit over the local network

Amazon IoT Greengrass uses TLS to encrypt all communication over the local network between the Greengrass core and client devices. For more information, see Supported Cipher Suites for Local Network Communication.

It is your responsibility to protect the local network and private keys.

Data on the core device

Amazon IoT Greengrass doesn't encrypt data exchanged locally on the Greengrass core device because the data doesn't leave the device. This includes communication between user-defined Lambda functions, connectors, the Amazon IoT Greengrass Core SDK, and system components, such as stream manager.