aws-iot-greengrass

This is an operational deployment guide that prescribes insecure configurations: running containers as root, using --privileged, and mounting host AWS credentials into the container. While not explicitly malicious, these instructions create a high-risk environment for supply-chain or runtime compromise: a malicious or compromised Greengrass artifact, pip package, or component could obtain host-level access and full AWS account access. Recommended remediations: validate and verify downloaded artifacts (signatures/checksums), avoid --privileged where possible, run processes as non-root (use capabilities only as required), use short-lived IAM credentials or instance roles scoped to minimal permissions (do not mount host root credentials), pin package versions and install from trusted internal registries, and enable monitoring/alerting for unexpected network or AWS API usage.