Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

AWS::Greengrass::FunctionDefinition Execution

Focus mode

On this page

AWS::Greengrass::FunctionDefinition Execution - AWS CloudFormation
Filter View

Configuration settings for the Lambda execution environment on the AWS IoT Greengrass core.

In an AWS CloudFormation template, Execution is a property of the DefaultConfig property type for a function definition version and the Environment property type for a function.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "IsolationMode" : String, "RunAs" : RunAs }

YAML

IsolationMode: String RunAs: RunAs

Properties

IsolationMode

The containerization that the Lambda function runs in. Valid values are GreengrassContainer or NoContainer. Typically, this is GreengrassContainer. For more information, see Containerization in the AWS IoT Greengrass Version 1 Developer Guide .

  • When set on the DefaultConfig property of a function definition version, this setting is used as the default containerization for all Lambda functions in the function definition version.

  • When set on the Environment property of a function, this setting applies to the individual function and overrides the default. Omit this value to run the function with the default containerization.

Note

We recommend that you run in a Greengrass container unless your business case requires that you run without containerization.

Required: No

Type: String

Update requires: Replacement

RunAs

The user and group permissions used to run the Lambda function. Typically, this is the ggc_user and ggc_group. For more information, see Run as in the AWS IoT Greengrass Version 1 Developer Guide .

  • When set on the DefaultConfig property of a function definition version, this setting is used as the default access identity for all Lambda functions in the function definition version.

  • When set on the Environment property of a function, this setting applies to the individual function and overrides the default. You can override the user, group, or both. Omit this value to run the function with the default permissions.

Important

Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see Running a Lambda Function as Root.

Required: No

Type: RunAs

Update requires: Replacement

See also

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.