FunctionConfigurationEnvironment - AWS IoT Greengrass

AWS IoT Greengrass Version 1 entered the extended life phase on June 30, 2023. For more information, see the AWS IoT Greengrass V1 maintenance policy. After this date, AWS IoT Greengrass V1 won't release updates that provide features, enhancements, bug fixes, or security patches. Devices that run on AWS IoT Greengrass V1 won't be disrupted and will continue to operate and to connect to the cloud. We strongly recommend that you migrate to AWS IoT Greengrass Version 2, which adds significant new features and support for additional platforms.

FunctionConfigurationEnvironment

{ "Variables": { "additionalProperty0": "string", "additionalProperty1": "string", "additionalProperty2": "string" }, "ResourceAccessPolicies": [ { "ResourceId": "string", "Permission": "ro|rw" } ], "AccessSysfs": true, "Execution": { "IsolationMode": "GreengrassContainer|NoContainer", "RunAs": { "Uid": 1001, "Gid": 1002 } } }

The environment configuration of the function.

type: object

Variables

Environment variables for the Lambda function's configuration.

type: object

additionalProperties: An object with properties of type string that represent the environment variables.

ResourceAccessPolicies

A list of the resources, with their permissions, to which the Lambda function is granted access. A Lambda function can have at most 10 resources. ResourceAccessPolicies applies only when you run the Lambda function in a Greengrass container.

type: array

items: ResourceAccessPolicy

ResourceAccessPolicy

A policy used by the function to access a resource.

type: object

required: ["ResourceId"]

ResourceId

The ID of the resource. (This ID is assigned to the resource when you create the resource definiton.)

type: string

Permission

The type of permission a function has to access a resource.

type: string

enum: ["ro", "rw"]

AccessSysfs

If true, the Lambda function is allowed to access the host's /sys folder. Use this when the Lambda function needs to read device information from /sys. This setting applies only when you run the Lambda function in a Greengrass container.

type: boolean

Execution

Configuration information that specifies how a Lambda function runs.

type: object

IsolationMode

Specifies whether the Lambda function runs in a Greengrass container (default) or without containerization. Unless your scenario requires that you run without containerization, we recommend that you run in a Greengrass container. Omit this value to run the Lambda function with the default containerization for the group.

type: string

enum: ["GreengrassContainer", "NoContainer"]

RunAs

Specifies the user and group whose permissions are used when running the Lambda function. You can specify one or both values to override the default values. To minimize the risk of unintended changes or malicious attacks, we recommend that you avoid running as root unless absolutely necessary. To run as root, you must update config.json in greengrass-root/config to set allowFunctionsToRunAsRoot to yes.

type: object

Uid

The user ID whose permissions are used to run a Lambda function.

type: integer

Gid

The group ID whose permissions are used to run a Lambda function.

type: integer