Key management for the Greengrass core device - Amazon IoT Greengrass
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Key management for the Greengrass core device

It's the responsibility of the customer to guarantee secure storage of cryptographic (public and private) keys on the Greengrass core device. Amazon IoT Greengrass uses public and private keys for the following scenario:

  • The IoT client key is used with the IoT certificate to authenticate the Transport Layer Security (TLS) handshake when a Greengrass core connects to Amazon IoT Core. For more information, see Device authentication and authorization for Amazon IoT Greengrass.


    The key and certificate are also referred to as the core private key and the core device certificate.

A Greengrass core device supports private key storage using file system permissions or a hardware security module. If you use file system-based private keys, you are responsible for their secure storage on the core device.