Hi savcuoglu, thanks for using Greengrass.
Like you have guessed, in order to use the IPC SDK in the lambda you do need the IPC authorization policy. Since your component is an imported Lambda function its recipe is autogenerated, so you cannot change the recipe. But the authorization policy is just component configuration and it does not necessarily need to be defined as part of the
DefaultConfiguration section of the recipe, that section is only for setting default values of components, you can set component configuration values at the time of deployment even when the default configuration is not defined in recipe. So in your case, instead of trying to change the recipe, you can set your Lambda component's configuration when you make a deployment. You can merge config like below when you configure your component for the deployment -
"policyDescription": "Allows access to publish to hello/world.",
Here's the documentation for how to set component configuration while making deployments - https://docs.aws.amazon.com/greengrass/v2/developerguide/update-component-configurations.html#merge-configuration-update
Sorry to hear about your experience with lack of information, I understand this method of component configuration setting for IPC authorization policy is not clearly mentioned in the documentation here https://docs.aws.amazon.com/greengrass/v2/developerguide/interprocess-communication.html#ipc-authorization-policies. I will take this feedback to the team so we can improve this documentation accordingly.
Thanks for your answer. I did exactly as you said and I am able to run my Lambda on Core Device.
One thing is still bothering me tough. Since I need to configure "accessControl" during deployment I guess I don't have to fill "Event sources" section of Component Creation form. Then the question is what is this "Event sources" section for? How does it effect my component?
The event source configuration is optional, and is used if you want to control the lambda function component's execution from outside or from some other lambda function component/ generic component. The two options for event source i.e. IOT_CORE and PUB_SUB, let you trigger your lambda function component by publishing a message to an MQTT topic in IoT Core (Cloud) or by publishing PubSub messages locally(on device from some other component), see details about it here - https://docs.aws.amazon.com/greengrass/v2/developerguide/run-lambda-functions.html#run-lambda-function-cli
If you are not looking to trigger your lambda function component like this, then you don't need the event source configuration
Edited by: shagupts-aws on Jan 6, 2021 3:21 PM
Thanks for the answer.
Thanks @shagupta-aws for the instructions how to merge the necessary accessControl document at deployment. This forum discussion was the only place I could find describing how to do it.
I think AWS Greengrass V2 documentation should include a much clearer description of how you are intended to configure legacy Greengrass V1 Lambda functions for use with Greengrass V2. Now it's complete guesswork and piecing together information from different places. The "Run Lambda functions" section in the documentation only has vague console/CLI examples (no AWS SDK example) which don't mention MQTT/IPC permissions at all.
Greengrass V2 Lambda documentation should clearly explain (1) you cannot configure the Lambda permissions in the recipe, (2) you need to merge the permissions when creating a deployment (with an example), (3) there are separate permissions for MQTT proxy and IPC.
In V2, lambdas and native V2 components work in the same way, so the documentation for IPC (https://docs.aws.amazon.com/greengrass/v2/developerguide/interprocess-communication.html) applies in the exact same way to both lambdas and components.
I'll talk with our docs team to see about improvements.
Ingesting data using IoT core rulesasked a year ago
Invoking a lambda function from core deviceasked 2 years ago
Unable to publish MQTT message to AWS iot Core with lambda function. Where lambda is connected to VPC. Using VPC enpoint we need to connect to IOT core and publish messageAccepted Answerasked 3 months ago
Publishing messages to IoT core using an imported lambda in greengrassv2asked 6 months ago
IOT core pricingAccepted Answerasked 4 months ago
When should I use IoT Core?asked 7 months ago
smart home iot thing trouble publishing from lambda to iot thingasked 3 years ago
IoT Core message frequencyAccepted Answerasked a month ago
Publish to iot core from an imported lambda using greengrassv2asked 2 years ago
Trigger cloud lambda with MQTT messageasked 2 years ago