AWS IoT Greengrass required permissions overview.
Greengrass is an open source Internet of Things edge runtime and cloud service. It enables efficient management of a huge fleet of IoT devices (called Greengrass Core Devices) and remote deployment + execution of applications at the edge.
To provide those capabilities, Greengrass needs to be authorized to access multiple AWS Services. The attached diagram presents a minimal set of privileges required for the Greengrass Core Device to operate.
I am working on a blog post to dive deep into this topic - in the meantime, feel free to ask questions in the comments.