Function - AWS IoT Greengrass

AWS IoT Greengrass Version 1 entered the extended life phase on June 30, 2023. For more information, see the AWS IoT Greengrass V1 maintenance policy. After this date, AWS IoT Greengrass V1 won't release updates that provide features, enhancements, bug fixes, or security patches. Devices that run on AWS IoT Greengrass V1 won't be disrupted and will continue to operate and to connect to the cloud. We strongly recommend that you migrate to AWS IoT Greengrass Version 2, which adds significant new features and support for additional platforms.

Function

{ "Id": "string", "FunctionArn": "string", "FunctionConfiguration": { "Pinned": true, "Executable": "string", "ExecArgs": "string", "MemorySize": 0, "Timeout": 0, "EncodingType": "binary|json", "Environment": { "Variables": { "additionalProperty0": "string", "additionalProperty1": "string", "additionalProperty2": "string" }, "ResourceAccessPolicies": [ { "ResourceId": "string", "Permission": "ro|rw" } ], "AccessSysfs": true, "Execution": { "IsolationMode": "GreengrassContainer|NoContainer", "RunAs": { "Uid": 1001, "Gid": 1002 } } }, "FunctionRuntimeOverride": "string" } }

Information about a Lambda function.

type: object

required: ["Id"]

Id

A descriptive or arbitrary ID for the function. This value must be unique within the function definition version. Maximum length is 128 characters with the pattern [a‑zA‑Z0‑9:_‑]+.

type: string

FunctionArn

The ARN of the alias (recommended) or version of the target Lambda function.

type: string

FunctionConfiguration

The configuration of the Lambda function.

type: object

Pinned

True if the function is pinned. Pinned means the function is long-lived and starts when the core starts.

type: boolean

Executable

The name of the function executable.

type: string

ExecArgs

The execution arguments.

type: string

MemorySize

The memory size, in KB, required by the function. This setting does not apply and should be cleared when you run the Lambda function without containerization.

type: integer

Timeout

The allowed function execution time, after which Lambda should terminate the function. This timeout still applies to pinned Lambda functions for each request.

type: integer

EncodingType

The expected encoding type of the input payload for the function. The default is json.

type: string

enum: ["binary", "json"]

Environment

The environment configuration of the function.

type: object

Variables

Environment variables for the Lambda function's configuration.

type: object

additionalProperties: An object with properties of type string that represent the environment variables.

ResourceAccessPolicies

A list of the resources, with their permissions, to which the Lambda function is granted access. A Lambda function can have at most 10 resources. ResourceAccessPolicies applies only when you run the Lambda function in a Greengrass container.

type: array

items: ResourceAccessPolicy

ResourceAccessPolicy

A policy used by the function to access a resource.

type: object

required: ["ResourceId"]

ResourceId

The ID of the resource. (This ID is assigned to the resource when you create the resource definiton.)

type: string

Permission

The type of permission a function has to access a resource.

type: string

enum: ["ro", "rw"]

AccessSysfs

If true, the Lambda function is allowed to access the host's /sys folder. Use this when the Lambda function needs to read device information from /sys. This setting applies only when you run the Lambda function in a Greengrass container.

type: boolean

Execution

Configuration information that specifies how a Lambda function runs.

type: object

IsolationMode

Specifies whether the Lambda function runs in a Greengrass container (default) or without containerization. Unless your scenario requires that you run without containerization, we recommend that you run in a Greengrass container. Omit this value to run the Lambda function with the default containerization for the group.

type: string

enum: ["GreengrassContainer", "NoContainer"]

RunAs

Specifies the user and group whose permissions are used when running the Lambda function. You can specify one or both values to override the default values. To minimize the risk of unintended changes or malicious attacks, we recommend that you avoid running as root unless absolutely necessary. To run as root, you must update config.json in greengrass-root/config to set allowFunctionsToRunAsRoot to yes.

type: object

Uid

The user ID whose permissions are used to run a Lambda function.

type: integer

Gid

The group ID whose permissions are used to run a Lambda function.

type: integer

FunctionRuntimeOverride

The Lambda runtime supported by Greengrass which is to be used instead of the one specified in the Lambda function.

type: string