question

deanotomlinson avatar image
deanotomlinson asked

Is comms between Echo device and Alexa Skil on Lambda encrypted

Hi I'm new to these exciting technologies, and looking to develop some Alexa Skills. I wanted to be clear if the comms between the Echo device and an Alexa Skill running as a AWS Lambda function, and accessed using the ARN address is encrypted by default? When defining an Alexa Skill there is an option for the end point using HTTPS instead of the ARN address. So this made me wonder if that meant the ARN endpoint would not be using HTTPS. But then in the high level benefits of using Lamba it says that you dont need an SSL certificate, which sounds like by default, ie using the ARN address, it is encrypted. Thanks in advance!
alexa skills kitdebugging
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

jjaquinta avatar image
jjaquinta answered
All the communications to Lambda Functions takes place within Amazon's secure network. They control both ends. So (a) it never makes it to the internet and (b) it all uses line encryption. At least that's my understanding.
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

deanotomlinson avatar image
deanotomlinson answered
Thanks for your response. So maybe its not the comms between the Alexa Skill and Lamda I need to worry about, but the comms between the Echo device and AWS that I want to assurance on. Does the Echo device not receive JSON messages such as the one below, over WIFI, which it then knows how to render as speech. I'm guessing it will be encrypted, but just want to double check, as its quite important. { "version": "1.0", "response": { "outputSpeech": { "type": "PlainText", "text": "Hello world" }, "reprompt": null, "shouldEndSession": true }, "sessionAttributes": null }
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

jjaquinta avatar image
jjaquinta answered
We do not know how Amazon's Alexa service communicates with the Echo device. It's proprietary. But, again, they control both end points. So it's likely to be robustly encrypted, since Amazon is a huge target for lawsuits. If you look into the Alexa Voice Service, which allows you to build your own endpoints for Alexa to communicate to, you will probably get a fair understanding of the level of encryption they use. I'd say whatever is used there is not far off from what is used with the Echo.
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

memo@amazon avatar image
memo@amazon answered
Hi, Alexa encrypts its communications with Lambda utilizing TLS. You should also take a look at the AWS security best practices: - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.