AWS Security ChangesHomeSearch

AWS greengrass documentation change

Service: greengrass · 2026-05-19 · Documentation medium

File: greengrass/v2/developerguide/publish-components.md

Summary

Added S3 upload optimization tip with SHA-256 checksums and required s3:GetObjectAttributes permission

Security assessment

Promotes checksum verification (security best practice) and documents required permission for integrity validation. No vulnerability addressed, but enhances security documentation.

Diff

diff --git a/greengrass/v2/developerguide/publish-components.md b/greengrass/v2/developerguide/publish-components.md
index c55ca64eb..02b5d0c03 100644
--- a//greengrass/v2/developerguide/publish-components.md
+++ b//greengrass/v2/developerguide/publish-components.md
@@ -101,0 +102,9 @@ Run the following command to publish an artifact file to an S3 bucket. Replace a
+###### Tip
+
+To speed up component creation for large artifacts, consider uploading your artifacts to S3 as a single-part upload with SHA-256 checksums enabled. Use the `--checksum-algorithm SHA256` option with the AWS CLI, and set `s3.multipart_threshold` higher than your file size to prevent multipart upload. For example, to upload a 2 GB artifact:
+        
+                aws configure set s3.multipart_threshold 5GB
+        aws s3 cp artifacts/com.example.HelloWorld/1.0.0/artifact.bin s3://amzn-s3-demo-bucket/artifacts/com.example.HelloWorld/1.0.0/artifact.bin --checksum-algorithm SHA256
+
+If your S3 bucket uses a restrictive bucket policy, ensure that the policy allows the `s3:GetObjectAttributes` action so that AWS IoT Greengrass can retrieve the pre-computed checksum.
+