You are viewing the documentation for AWS IoT Greengrass Version 1. AWS IoT Greengrass Version 2 is the latest major version of AWS IoT Greengrass. For more information about using AWS IoT Greengrass Version 2, see the AWS IoT Greengrass V2 Developer Guide.
Encryption in transit
AWS IoT Greengrass has three modes of communication where data is in transit:
-
Data in transit over the internet. Communication between a Greengrass core and AWS IoT Greengrass over the internet is encrypted.
-
Data in transit over the local network. Communication between a Greengrass core and connected devices over a local network is encrypted.
-
Data on the core device. Communication between components on the Greengrass core device is not encrypted.
Data in transit over the internet
AWS IoT Greengrass uses Transport Layer Security (TLS) to encrypt all communication over the internet. All data sent to the AWS Cloud is sent over a TLS connection using MQTT or HTTPS protocols, so it is secure by default. AWS IoT Greengrass uses the AWS IoT transport security model. For more information, see Transport security in the AWS IoT Core Developer Guide.
Data in transit over the local network
AWS IoT Greengrass uses TLS to encrypt all communication over the local network between the Greengrass core and connected Greengrass devices. For more information, see Supported Cipher Suites for Local Network Communication.
It is your responsibility to protect the local network and private keys.
- For Greengrass core devices, it's your responsibility to:
-
-
Keep the kernel updated with the latest security patches.
-
Keep system libraries updated with the latest security patches.
-
Protect private keys. For more information, see Key management for the Greengrass core device.
-
- For connected devices, it's your responsibility to:
-
-
Keep the TLS stack up to date.
-
Protect private keys.
-
Data on the core device
AWS IoT Greengrass doesn't encrypt data exchanged locally on the Greengrass core device because the data doesn't leave the device. This includes communication between user-defined Lambda functions, connectors, the AWS IoT Greengrass Core SDK, and system components, such as stream manager.