AWS Security ChangesHomeSearch

AWS greengrass documentation change

Service: greengrass · 2025-11-07 · Documentation low

File: greengrass/v2/developerguide/run-greengrass-docker-manual-provisioning.md

Summary

Removed detailed steps for configuring the thing certificate and replaced with a reference to external documentation.

Security assessment

The change removes procedural steps for certificate configuration but does not indicate a security vulnerability. It redirects users to existing documentation rather than altering security practices.

Diff

diff --git a/greengrass/v2/developerguide/run-greengrass-docker-manual-provisioning.md b/greengrass/v2/developerguide/run-greengrass-docker-manual-provisioning.md
index 5af4109f3..fb9410009 100644
--- a//greengrass/v2/developerguide/run-greengrass-docker-manual-provisioning.md
+++ b//greengrass/v2/developerguide/run-greengrass-docker-manual-provisioning.md
@@ -5 +5 @@
-PrerequisitesRetrieve AWS IoT endpointsCreate an AWS IoT thingCreate the thing certificateConfigure the thing certificateCreate a token exchange roleDownload certificates to the deviceCreate a configuration fileCreate an environment fileRun the AWS IoT Greengrass Core softwareNext steps
+PrerequisitesRetrieve AWS IoT endpointsCreate an AWS IoT thingCreate the thing certificateCreate a token exchange roleDownload certificates to the deviceCreate a configuration fileCreate an environment fileRun the AWS IoT Greengrass Core softwareNext steps
@@ -21,2 +20,0 @@ This tutorial shows you how to install and run AWS IoT Greengrass Core software
-  * Configure the thing certificate
-
@@ -202,93 +200 @@ Save the certificate's Amazon Resource Name (ARN) to use to configure the certif
-## Configure the thing certificate
-
-Attach the thing certificate to the AWS IoT thing that you created earlier, and add an AWS IoT policy to the certificate to define the AWS IoT permissions for the core device.
-
-###### To configure the thing's certificate
-
-  1. Attach the certificate to the AWS IoT thing.
-
-     * Replace `MyGreengrassCore` with the name of your AWS IoT thing.
-
-     * Replace the certificate Amazon Resource Name (ARN) with the ARN of the certificate that you created in the previous step.
-    
-        aws iot attach-thing-principal --thing-name MyGreengrassCore --principal arn:aws:iot:us-west-2:123456789012:cert/aa0b7958770878eabe251d8a7ddd547f4889c524c9b574ab9fbf65f32248b1d4
-
-The command doesn't have any output if the request succeeds.
-
-  2. Create and attach an AWS IoT policy that defines the AWS IoT permissions for your Greengrass core device. The following policy allows access to all MQTT topics and Greengrass operations, so your device works with custom applications and future changes that require new Greengrass operations. You can restrict this policy down based on your use case. For more information, see [Minimal AWS IoT policy for AWS IoT Greengrass V2 core devices](./device-auth.html#greengrass-core-minimal-iot-policy).
-
-If you have set up a Greengrass core device before, you can attach its AWS IoT policy instead of creating a new one.
-
-Do the following:
-
-    1. Create a file that contains the AWS IoT policy document that Greengrass core devices require.
-
-For example, on a Linux-based system, you can run the following command to use GNU nano to create the file.
-        
-                nano greengrass-v2-iot-policy.json
-
-Copy the following JSON into the file.
-        
-                {
-          "Version": "2012-10-17",		 	 	 
-          "Statement": [
-            {
-              "Effect": "Allow",
-              "Action": [
-                "iot:Publish",
-                "iot:Subscribe",
-                "iot:Receive",
-                "iot:Connect",
-                "greengrass:*"
-              ],
-              "Resource": [
-                "*"
-              ]
-            }
-          ]
-        }
-
-    2. Create an AWS IoT policy from the policy document.
-
-       * Replace `GreengrassV2IoTThingPolicy` with the name of the policy to create.
-        
-                aws iot create-policy --policy-name GreengrassV2IoTThingPolicy --policy-document file://greengrass-v2-iot-policy.json
-
-The response looks similar to the following example, if the request succeeds.
-        
-                {
-          "policyName": "GreengrassV2IoTThingPolicy",
-          "policyArn": "arn:aws:iot:us-west-2:123456789012:policy/GreengrassV2IoTThingPolicy",
-          "policyDocument": "{
-            \\"Version\\": \\"2012-10-17		 	 	 \\",
-            \\"Statement\\": [
-              {
-                \\"Effect\\": \\"Allow\\",
-                \\"Action\\": [
-                  \\"iot:Publish\\",
-                  \\"iot:Subscribe\\",
-                  \\"iot:Receive\\",
-                  \\"iot:Connect\\",
-                  \\"greengrass:*\\"
-                ],
-                \\"Resource\\": [
-                  \\"*\\"
-                ]
-              }
-            ]
-          }",
-          "policyVersionId": "1"
-        }
-
-    3. Attach the AWS IoT policy to the AWS IoT thing's certificate.
-
-       * Replace `GreengrassV2IoTThingPolicy` with the name of the policy to attach.
-
-       * Replace the target ARN with the ARN of the certificate for your AWS IoT thing.
-        
-                aws iot attach-policy --policy-name GreengrassV2IoTThingPolicy --target arn:aws:iot:us-west-2:123456789012:cert/aa0b7958770878eabe251d8a7ddd547f4889c524c9b574ab9fbf65f32248b1d4
-
-The command doesn't have any output if the request succeeds.
-
-
-
+Next, configure the thing certificate. For more information, see [Configure the thing certificate](./manual-installation.html#configure-thing-certificate).