FunctionConfigurationEnvironment - Amazon IoT Greengrass
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon IoT Greengrass Version 1 entered the extended life phase on June 30, 2023. For more information, see the Amazon IoT Greengrass V1 maintenance policy. After this date, Amazon IoT Greengrass V1 won't release updates that provide features, enhancements, bug fixes, or security patches. Devices that run on Amazon IoT Greengrass V1 won't be disrupted and will continue to operate and to connect to the cloud. We strongly recommend that you migrate to Amazon IoT Greengrass Version 2, which adds significant new features and support for additional platforms.


{ "Variables": { "additionalProperty0": "string", "additionalProperty1": "string", "additionalProperty2": "string" }, "ResourceAccessPolicies": [ { "ResourceId": "string", "Permission": "ro|rw" } ], "AccessSysfs": true, "Execution": { "IsolationMode": "GreengrassContainer|NoContainer", "RunAs": { "Uid": 1001, "Gid": 1002 } } }

The environment configuration of the function.

type: object


Environment variables for the Lambda function's configuration.

type: object

additionalProperties: An object with properties of type string that represent the environment variables.


A list of the resources, with their permissions, to which the Lambda function is granted access. A Lambda function can have at most 10 resources. ResourceAccessPolicies applies only when you run the Lambda function in a Greengrass container.

type: array

items: ResourceAccessPolicy


A policy used by the function to access a resource.

type: object

required: ["ResourceId"]


The ID of the resource. (This ID is assigned to the resource when you create the resource definiton.)

type: string


The type of permission a function has to access a resource.

type: string

enum: ["ro", "rw"]


If true, the Lambda function is allowed to access the host's /sys folder. Use this when the Lambda function needs to read device information from /sys. This setting applies only when you run the Lambda function in a Greengrass container.

type: boolean


Configuration information that specifies how a Lambda function runs.

type: object


Specifies whether the Lambda function runs in a Greengrass container (default) or without containerization. Unless your scenario requires that you run without containerization, we recommend that you run in a Greengrass container. Omit this value to run the Lambda function with the default containerization for the group.

type: string

enum: ["GreengrassContainer", "NoContainer"]


Specifies the user and group whose permissions are used when running the Lambda function. You can specify one or both values to override the default values. To minimize the risk of unintended changes or malicious attacks, we recommend that you avoid running as root unless absolutely necessary. To run as root, you must update config.json in greengrass-root/config to set allowFunctionsToRunAsRoot to yes.

type: object


The user ID whose permissions are used to run a Lambda function.

type: integer


The group ID whose permissions are used to run a Lambda function.

type: integer