AWS Security ChangesHomeSearch

AWS greengrass documentation change

Service: greengrass · 2026-05-07 · Documentation medium

File: greengrass/v2/developerguide/systems-manager-agent-component.md

Summary

Added offline installation instructions for core22 snap in restricted networks

Security assessment

Added security-relevant documentation for air-gapped environments but doesn't address a specific vulnerability

Diff

diff --git a/greengrass/v2/developerguide/systems-manager-agent-component.md b/greengrass/v2/developerguide/systems-manager-agent-component.md
index ef1ab4f0b..23e87ed6b 100644
--- a//greengrass/v2/developerguide/systems-manager-agent-component.md
+++ b//greengrass/v2/developerguide/systems-manager-agent-component.md
@@ -97,0 +98,16 @@ When you deploy this component, you must specify this role's name for the `SSMRe
+  * On Ubuntu devices using snap packaging, this component requires the `core22` base snap. If your device can reach `api.snapcraft.io`, `snap` downloads `core22` automatically. On restricted networks where the device cannot reach the snap store, manually install `core22` before you deploy this component:
+
+    1. Download the snap and its assertion from an internet-connected machine that has the same architecture as the target device:
+        
+                snap download core22
+
+    2. Transfer the `.snap` and `.assert` files to the target device.
+
+    3. Acknowledge the assertion on the target device:
+        
+                sudo snap ack core22.assert
+
+    4. Install the snap on the target device:
+        
+                sudo snap install core22.snap
+