Containerized AWS Lambda: python handler cannot access /home/app (but it CAN access /tmp)

Question

I'm deploying Docker container to AWS Lambda, following https://aws.amazon.com/blogs/aws/new-for-aws-lambda-container-image-support/

I'm encountering a some kind of file permissions glitch.

If the Docker image is deployed on AWS, my python handler cannot access /home/app (but it CAN access /tmp).

On my local machine both paths work fine.

Dockerfile

ENTRYPOINT [ "/entry.sh" ]
CMD [ "app.handler" ]

entry.sh

#!/bin/sh
echo foo > /home/app/f
exec python -m awslambdaric $1

app.py

def handler(event, context):
    with open('/home/app/f', 'r') as file:
        data = file.read()
    return { "response" : data }

Deployed to AWS Lambda, it returns:

{
  "errorMessage": "[Errno 2] No such file or directory: '/home/app/f'",
  "errorType": "FileNotFoundError",
  "stackTrace": [
    "  File \"/home/app/app.py\", line 25, in handler\n    with open('/home/app/f', 'r') as file:\n"
  ]
}

Changing /home/app to /tmp fixes it.

Is there any way to lift this restriction?

RUN mkdir -p /home/app
RUN chmod a+rwx /home/app

^ chmod doesn't fix it.

PS I wonder if I should file this as a bug. What's the right way to report this upstream to the Amazon engineer is responsible for containerised lambdas?

Answer 1

Traditionally Lambda has always only had the /tmp directory (512mb) for rw operations. When you run the code on your localhost you have permissions to use the /home/app directory.