AWS greengrass documentation change
Summary
Added S3 upload optimization tip with SHA-256 checksums and required s3:GetObjectAttributes permission
Security assessment
Promotes checksum verification (security best practice) and documents required permission for integrity validation. No vulnerability addressed, but enhances security documentation.
Diff
diff --git a/greengrass/v2/developerguide/publish-components.md b/greengrass/v2/developerguide/publish-components.md index c55ca64eb..02b5d0c03 100644 --- a//greengrass/v2/developerguide/publish-components.md +++ b//greengrass/v2/developerguide/publish-components.md @@ -101,0 +102,9 @@ Run the following command to publish an artifact file to an S3 bucket. Replace a +###### Tip + +To speed up component creation for large artifacts, consider uploading your artifacts to S3 as a single-part upload with SHA-256 checksums enabled. Use the `--checksum-algorithm SHA256` option with the AWS CLI, and set `s3.multipart_threshold` higher than your file size to prevent multipart upload. For example, to upload a 2 GB artifact: + + aws configure set s3.multipart_threshold 5GB + aws s3 cp artifacts/com.example.HelloWorld/1.0.0/artifact.bin s3://amzn-s3-demo-bucket/artifacts/com.example.HelloWorld/1.0.0/artifact.bin --checksum-algorithm SHA256 + +If your S3 bucket uses a restrictive bucket policy, ensure that the policy allows the `s3:GetObjectAttributes` action so that AWS IoT Greengrass can retrieve the pre-computed checksum. +