AWS Greengrass
API Reference

FunctionConfigurationEnvironment

{ "Variables": { "additionalProperty0": "string", "additionalProperty1": "string", "additionalProperty2": "string" }, "ResourceAccessPolicies": [ { "ResourceId": "string", "Permission": "ro|rw" } ], "AccessSysfs": true, "Execution": { "IsolationMode": "GreengrassContainer|NoContainer", "RunAs": { "Uid": 0, "Gid": 0 } } }

The environment configuration of the function.

type: object

Variables

Environment variables for the Lambda function's configuration.

type: object

additionalProperties: An object with properties of type string that represent the environment variables.

ResourceAccessPolicies

A list of the resources, with their permissions, to which the Lambda function will be granted access. A Lambda function can have at most 10 resources. ResourceAccessPolicies apply only when you run the Lambda function in a Greengrass container.

type: array

items: ResourceAccessPolicy

ResourceAccessPolicy

A policy used by the function to access a resource.

type: object

required: ["ResourceId"]

ResourceId

The ID of the resource. (This ID is assigned to the resource when you create the resource definiton.)

type: string

Permission

The type of permission a function has to access a resource.

type: string

enum: ["ro", "rw"]

AccessSysfs

If true, the Lambda function is allowed to access the host's /sys folder. Use this when the Lambda function needs to read device information from /sys. This setting applies only when you run the Lambda function in a Greengrass container.

type: boolean

Execution

Configuration information that specifies how the Lambda function runs.

type: object

IsolationMode

Specifies whether the Lambda function runs in a Greengrass container (default) or without containerization. Unless your scenario requires that you run without containerization, we recommend that you run in a Greengrass container. Omit this value to run the Lambda function with the default containerization for the group.

type: string

enum: ["GreengrassContainer", "NoContainer"]

RunAs

Specifies the user and/or group whose permissions are used when running the Lambda function. You can specify one or both values to override the default values (ggc_user/ggc_group). We recommend that you avoid running as root unless absolutely necessary to minimize the risk of unintended changes or malicious attacks. To run as root, you must set IsolationMode to NoContainer and you must update config.json in greengrass-root/config to set allowFunctionsToRunAsRoot to yes.

type: object

Uid

The User ID whose permissions are used to run a Lambda function.

type: integer

Gid

The Group ID whose permissions are used to run a Lambda function.

type: integer