How can I deploy greengrass lambda and group with another user ID/group ID lambda runtime environment ?

[kimsehwan96]

Hello @timmattison . Thank you for your quick response.

I want to deploy some lambdas & group with no-container and root user (UID/GID = 0 and no-container option).

I know how to set containerization and uid, gid about each lambda's with function.defaults.conf

conf {
  aliasName = "ggc"
  encodingType = Json
  connectedShadows = []
  localDeviceResources = []
  localVolumeResources = []
  localS3Resources = []
  localSageMakerResources = []
  localSecretsManagerResources = []
  accessSysFs = false
  memorySizeInKb = 32768
  greengrassContainer = false
  uid = 0
  gid = 0
  environmentVariables = {
    # Envs which is not related to any stage 
    GROUP_ID = ${GROUP_ID}
    AWS_IOT_THING_NAME = ${AWS_IOT_THING_NAME}
    AWS_IOT_THING_ARN = ${AWS_IOT_THING_ARN}
    AWS_GREENGRASS_GROUP_NAME = ${AWS_GREENGRASS_GROUP_NAME}
  }
  #javaJsonHandler = "handleJsonRequest"
  #javaBinaryHandler = "handleBinaryRequest"
}

I think that greengrassContainer and uid, gid in function.defaults.conf can set each lambda's containerization and uid, gid but not greengrass group's lambda runtime environment.

Above picture is settings in greengrass group

Above picture is each lambda's setting in greengrass group.

I try to find that which attribute in function.defaults.conf or deployment.default.conf can set the greengrass group lambda runtime environment but I was not able to find.

There is any way to set greengrass group lambda runtime environment as specific UID/GID when it is deployed with GGP?

Thank you!

[timmattison]

deployment.default.conf's uid/gid should do it but I'll test it out right now.

[timmattison]

Oops, I meant function.default.conf. The top level uid and gid values are what you are looking for I believe.

I updated the bare function.default.conf to look like this:

conf {
  encodingType = Json
  connectedShadows = []
  localDeviceResources = []
  localVolumeResources = []
  localS3Resources = []
  localSageMakerResources = []
  localSecretsManagerResources = []
  accessSysFs = false
  memorySizeInKb = 32768
  greengrassContainer = true
  environmentVariables = {
    GROUP_ID = ${GROUP_ID}
    AWS_IOT_THING_NAME = ${AWS_IOT_THING_NAME}
    AWS_IOT_THING_ARN = ${AWS_IOT_THING_ARN}
    AWS_GREENGRASS_GROUP_NAME = ${AWS_GREENGRASS_GROUP_NAME}
  }
  uid = 1000
  gid = 1000
  javaJsonHandler = "handleJsonRequest"
  javaBinaryHandler = "handleBinaryRequest"
}

And the corresponding Hello World function looked like this in my process list:

ubuntu   13900  0.3  1.9 215036 18672 ?        Ssl  17:15   0:00 python3.7 -u /runtime/python/lambda_runtime.py --handler=HelloWorldPython3.function_handler

In this case user ubuntu is uid/gid 1000.

Going back to the default file makes this process run as ggc_user which is uid 111 on my system.

ggc_user 13938  0.8  1.9 215036 18640 ?        Ssl  17:18   0:00 python3.7 -u /runtime/python/lambda_runtime.py --handler=HelloWorldPython3.function_handler

[timmattison]

@kimsehwan96 is that what you're looking for?

[timmattison]

Closing for now but please re-open the ticket if this isn't what you needed. Thanks!