Docs Home
AWS v7.3.1 published on Wednesday, Aug 6, 2025 by Pulumi
aws.lambda.Function
Explore with Pulumi AI
Manages an AWS Lambda Function. Use this resource to create serverless functions that run code in response to events without provisioning or managing servers.
For information about Lambda and how to use it, see What is AWS Lambda?. For a detailed example of setting up Lambda and API Gateway, see Serverless Applications with AWS Lambda and API Gateway.
Note: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete. Pulumi AWS Provider version 2.31.0 and later automatically handles this increased timeout, however prior versions require setting the customizable deletion timeouts of those Pulumi resources to 45 minutes (
delete = "45m"). AWS and HashiCorp are working together to reduce the amount of time required for resource deletion and updates can be tracked in this GitHub issue.
Note: If you get a
KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was deniederror when invoking anaws.lambda.Functionwith environment variables, the IAM role associated with the function may have been deleted and recreated after the function was created. You can fix the problem two ways: 1) updating the function’s role to another role and then updating it back again to the recreated role. (When you create a function, Lambda grants permissions on the KMS key to the function’s IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function’s role or recreating the function causes Lambda to update the grant.)
Tip: To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the
aws.lambda.Permissionresource. See Lambda Permission Model for more details. On the other hand, theroleargument of this resource is the function’s execution role for identity and access to AWS services and resources.
Example Usage
Container Image Function
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lambda.Function("example", {
name: "example_container_function",
role: exampleAwsIamRole.arn,
packageType: "Image",
imageUri: `${exampleAwsEcrRepository.repositoryUrl}:latest`,
imageConfig: {
entryPoints: ["/lambda-entrypoint.sh"],
commands: ["app.handler"],
},
memorySize: 512,
timeout: 30,
architectures: ["arm64"],
});
import pulumi
import pulumi_aws as aws
example = aws.lambda_.Function("example",
name="example_container_function",
role=example_aws_iam_role["arn"],
package_type="Image",
image_uri=f"{example_aws_ecr_repository['repositoryUrl']}:latest",
image_config={
"entry_points": ["/lambda-entrypoint.sh"],
"commands": ["app.handler"],
},
memory_size=512,
timeout=30,
architectures=["arm64"])
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
Name: pulumi.String("example_container_function"),
Role: pulumi.Any(exampleAwsIamRole.Arn),
PackageType: pulumi.String("Image"),
ImageUri: pulumi.Sprintf("%v:latest", exampleAwsEcrRepository.RepositoryUrl),
ImageConfig: &lambda.FunctionImageConfigArgs{
EntryPoints: pulumi.StringArray{
pulumi.String("/lambda-entrypoint.sh"),
},
Commands: pulumi.StringArray{
pulumi.String("app.handler"),
},
},
MemorySize: pulumi.Int(512),
Timeout: pulumi.Int(30),
Architectures: pulumi.StringArray{
pulumi.String("arm64"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Lambda.Function("example", new()
{
Name = "example_container_function",
Role = exampleAwsIamRole.Arn,
PackageType = "Image",
ImageUri = $"{exampleAwsEcrRepository.RepositoryUrl}:latest",
ImageConfig = new Aws.Lambda.Inputs.FunctionImageConfigArgs
{
EntryPoints = new[]
{
"/lambda-entrypoint.sh",
},
Commands = new[]
{
"app.handler",
},
},
MemorySize = 512,
Timeout = 30,
Architectures = new[]
{
"arm64",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionImageConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Function("example", FunctionArgs.builder()
.name("example_container_function")
.role(exampleAwsIamRole.arn())
.packageType("Image")
.imageUri(String.format("%s:latest", exampleAwsEcrRepository.repositoryUrl()))
.imageConfig(FunctionImageConfigArgs.builder()
.entryPoints("/lambda-entrypoint.sh")
.commands("app.handler")
.build())
.memorySize(512)
.timeout(30)
.architectures("arm64")
.build());
}
}
resources:
example:
type: aws:lambda:Function
properties:
name: example_container_function
role: ${exampleAwsIamRole.arn}
packageType: Image
imageUri: ${exampleAwsEcrRepository.repositoryUrl}:latest
imageConfig:
entryPoints:
- /lambda-entrypoint.sh
commands:
- app.handler
memorySize: 512
timeout: 30
architectures: # Graviton support for better price/performance
- arm64
Function with Lambda Layers
Note: The
aws.lambda.LayerVersionattribute values forarnandlayer_arnwere swapped in version 2.0.0 of the Pulumi AWS Provider. For version 2.x, usearnreferences.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Common dependencies layer
const example = new aws.lambda.LayerVersion("example", {
code: new pulumi.asset.FileArchive("layer.zip"),
layerName: "example_dependencies_layer",
description: "Common dependencies for Lambda functions",
compatibleRuntimes: [
"nodejs20.x",
"python3.12",
],
compatibleArchitectures: [
"x86_64",
"arm64",
],
});
// Function using the layer
const exampleFunction = new aws.lambda.Function("example", {
code: new pulumi.asset.FileArchive("function.zip"),
name: "example_layered_function",
role: exampleAwsIamRole.arn,
handler: "index.handler",
runtime: aws.lambda.Runtime.NodeJS20dX,
layers: [example.arn],
tracingConfig: {
mode: "Active",
},
});
import pulumi
import pulumi_aws as aws
# Common dependencies layer
example = aws.lambda_.LayerVersion("example",
code=pulumi.FileArchive("layer.zip"),
layer_name="example_dependencies_layer",
description="Common dependencies for Lambda functions",
compatible_runtimes=[
"nodejs20.x",
"python3.12",
],
compatible_architectures=[
"x86_64",
"arm64",
])
# Function using the layer
example_function = aws.lambda_.Function("example",
code=pulumi.FileArchive("function.zip"),
name="example_layered_function",
role=example_aws_iam_role["arn"],
handler="index.handler",
runtime=aws.lambda_.Runtime.NODE_JS20D_X,
layers=[example.arn],
tracing_config={
"mode": "Active",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Common dependencies layer
example, err := lambda.NewLayerVersion(ctx, "example", &lambda.LayerVersionArgs{
Code: pulumi.NewFileArchive("layer.zip"),
LayerName: pulumi.String("example_dependencies_layer"),
Description: pulumi.String("Common dependencies for Lambda functions"),
CompatibleRuntimes: pulumi.StringArray{
pulumi.String("nodejs20.x"),
pulumi.String("python3.12"),
},
CompatibleArchitectures: pulumi.StringArray{
pulumi.String("x86_64"),
pulumi.String("arm64"),
},
})
if err != nil {
return err
}
// Function using the layer
_, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
Code: pulumi.NewFileArchive("function.zip"),
Name: pulumi.String("example_layered_function"),
Role: pulumi.Any(exampleAwsIamRole.Arn),
Handler: pulumi.String("index.handler"),
Runtime: pulumi.String(lambda.RuntimeNodeJS20dX),
Layers: pulumi.StringArray{
example.Arn,
},
TracingConfig: &lambda.FunctionTracingConfigArgs{
Mode: pulumi.String("Active"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// Common dependencies layer
var example = new Aws.Lambda.LayerVersion("example", new()
{
Code = new FileArchive("layer.zip"),
LayerName = "example_dependencies_layer",
Description = "Common dependencies for Lambda functions",
CompatibleRuntimes = new[]
{
"nodejs20.x",
"python3.12",
},
CompatibleArchitectures = new[]
{
"x86_64",
"arm64",
},
});
// Function using the layer
var exampleFunction = new Aws.Lambda.Function("example", new()
{
Code = new FileArchive("function.zip"),
Name = "example_layered_function",
Role = exampleAwsIamRole.Arn,
Handler = "index.handler",
Runtime = Aws.Lambda.Runtime.NodeJS20dX,
Layers = new[]
{
example.Arn,
},
TracingConfig = new Aws.Lambda.Inputs.FunctionTracingConfigArgs
{
Mode = "Active",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.LayerVersion;
import com.pulumi.aws.lambda.LayerVersionArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionTracingConfigArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Common dependencies layer
var example = new LayerVersion("example", LayerVersionArgs.builder()
.code(new FileArchive("layer.zip"))
.layerName("example_dependencies_layer")
.description("Common dependencies for Lambda functions")
.compatibleRuntimes(
"nodejs20.x",
"python3.12")
.compatibleArchitectures(
"x86_64",
"arm64")
.build());
// Function using the layer
var exampleFunction = new Function("exampleFunction", FunctionArgs.builder()
.code(new FileArchive("function.zip"))
.name("example_layered_function")
.role(exampleAwsIamRole.arn())
.handler("index.handler")
.runtime("nodejs20.x")
.layers(example.arn())
.tracingConfig(FunctionTracingConfigArgs.builder()
.mode("Active")
.build())
.build());
}
}
resources:
# Common dependencies layer
example:
type: aws:lambda:LayerVersion
properties:
code:
fn::FileArchive: layer.zip
layerName: example_dependencies_layer
description: Common dependencies for Lambda functions
compatibleRuntimes:
- nodejs20.x
- python3.12
compatibleArchitectures:
- x86_64
- arm64
# Function using the layer
exampleFunction:
type: aws:lambda:Function
name: example
properties:
code:
fn::FileArchive: function.zip
name: example_layered_function
role: ${exampleAwsIamRole.arn}
handler: index.handler
runtime: nodejs20.x
layers:
- ${example.arn}
tracingConfig:
mode: Active
VPC Function with Enhanced Networking
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lambda.Function("example", {
code: new pulumi.asset.FileArchive("function.zip"),
name: "example_vpc_function",
role: exampleAwsIamRole.arn,
handler: "app.handler",
runtime: aws.lambda.Runtime.Python3d12,
memorySize: 1024,
timeout: 30,
vpcConfig: {
subnetIds: [
examplePrivate1.id,
examplePrivate2.id,
],
securityGroupIds: [exampleLambda.id],
ipv6AllowedForDualStack: true,
},
ephemeralStorage: {
size: 5120,
},
snapStart: {
applyOn: "PublishedVersions",
},
});
import pulumi
import pulumi_aws as aws
example = aws.lambda_.Function("example",
code=pulumi.FileArchive("function.zip"),
name="example_vpc_function",
role=example_aws_iam_role["arn"],
handler="app.handler",
runtime=aws.lambda_.Runtime.PYTHON3D12,
memory_size=1024,
timeout=30,
vpc_config={
"subnet_ids": [
example_private1["id"],
example_private2["id"],
],
"security_group_ids": [example_lambda["id"]],
"ipv6_allowed_for_dual_stack": True,
},
ephemeral_storage={
"size": 5120,
},
snap_start={
"apply_on": "PublishedVersions",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
Code: pulumi.NewFileArchive("function.zip"),
Name: pulumi.String("example_vpc_function"),
Role: pulumi.Any(exampleAwsIamRole.Arn),
Handler: pulumi.String("app.handler"),
Runtime: pulumi.String(lambda.RuntimePython3d12),
MemorySize: pulumi.Int(1024),
Timeout: pulumi.Int(30),
VpcConfig: &lambda.FunctionVpcConfigArgs{
SubnetIds: pulumi.StringArray{
examplePrivate1.Id,
examplePrivate2.Id,
},
SecurityGroupIds: pulumi.StringArray{
exampleLambda.Id,
},
Ipv6AllowedForDualStack: pulumi.Bool(true),
},
EphemeralStorage: &lambda.FunctionEphemeralStorageArgs{
Size: pulumi.Int(5120),
},
SnapStart: &lambda.FunctionSnapStartArgs{
ApplyOn: pulumi.String("PublishedVersions"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Lambda.Function("example", new()
{
Code = new FileArchive("function.zip"),
Name = "example_vpc_function",
Role = exampleAwsIamRole.Arn,
Handler = "app.handler",
Runtime = Aws.Lambda.Runtime.Python3d12,
MemorySize = 1024,
Timeout = 30,
VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs
{
SubnetIds = new[]
{
examplePrivate1.Id,
examplePrivate2.Id,
},
SecurityGroupIds = new[]
{
exampleLambda.Id,
},
Ipv6AllowedForDualStack = true,
},
EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs
{
Size = 5120,
},
SnapStart = new Aws.Lambda.Inputs.FunctionSnapStartArgs
{
ApplyOn = "PublishedVersions",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs;
import com.pulumi.aws.lambda.inputs.FunctionEphemeralStorageArgs;
import com.pulumi.aws.lambda.inputs.FunctionSnapStartArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Function("example", FunctionArgs.builder()
.code(new FileArchive("function.zip"))
.name("example_vpc_function")
.role(exampleAwsIamRole.arn())
.handler("app.handler")
.runtime("python3.12")
.memorySize(1024)
.timeout(30)
.vpcConfig(FunctionVpcConfigArgs.builder()
.subnetIds(
examplePrivate1.id(),
examplePrivate2.id())
.securityGroupIds(exampleLambda.id())
.ipv6AllowedForDualStack(true)
.build())
.ephemeralStorage(FunctionEphemeralStorageArgs.builder()
.size(5120)
.build())
.snapStart(FunctionSnapStartArgs.builder()
.applyOn("PublishedVersions")
.build())
.build());
}
}
resources:
example:
type: aws:lambda:Function
properties:
code:
fn::FileArchive: function.zip
name: example_vpc_function
role: ${exampleAwsIamRole.arn}
handler: app.handler
runtime: python3.12
memorySize: 1024
timeout: 30
vpcConfig:
subnetIds:
- ${examplePrivate1.id}
- ${examplePrivate2.id}
securityGroupIds:
- ${exampleLambda.id}
ipv6AllowedForDualStack: true
ephemeralStorage:
size: 5120
snapStart:
applyOn: PublishedVersions
Function with EFS Integration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// EFS file system for Lambda
const example = new aws.efs.FileSystem("example", {
encrypted: true,
tags: {
Name: "lambda-efs",
},
});
const config = new pulumi.Config();
// List of subnet IDs for EFS mount targets
const subnetIds = config.getObject<Array<string>>("subnetIds") || [
"subnet-12345678",
"subnet-87654321",
];
// Mount target in each subnet
const exampleMountTarget: aws.efs.MountTarget[] = [];
for (const range = {value: 0}; range.value < subnetIds.length; range.value++) {
exampleMountTarget.push(new aws.efs.MountTarget(`example-${range.value}`, {
fileSystemId: example.id,
subnetId: subnetIds[range.value],
securityGroups: [efs.id],
}));
}
// Access point for Lambda
const exampleAccessPoint = new aws.efs.AccessPoint("example", {
fileSystemId: example.id,
rootDirectory: {
path: "/lambda",
creationInfo: {
ownerGid: 1000,
ownerUid: 1000,
permissions: "755",
},
},
posixUser: {
gid: 1000,
uid: 1000,
},
});
// Lambda function with EFS
const exampleFunction = new aws.lambda.Function("example", {
code: new pulumi.asset.FileArchive("function.zip"),
name: "example_efs_function",
role: exampleAwsIamRole.arn,
handler: "index.handler",
runtime: aws.lambda.Runtime.NodeJS20dX,
vpcConfig: {
subnetIds: subnetIds,
securityGroupIds: [lambda.id],
},
fileSystemConfig: {
arn: exampleAccessPoint.arn,
localMountPath: "/mnt/data",
},
}, {
dependsOn: [exampleMountTarget],
});
import pulumi
import pulumi_aws as aws
# EFS file system for Lambda
example = aws.efs.FileSystem("example",
encrypted=True,
tags={
"Name": "lambda-efs",
})
config = pulumi.Config()
# List of subnet IDs for EFS mount targets
subnet_ids = config.get_object("subnetIds")
if subnet_ids is None:
subnet_ids = [
"subnet-12345678",
"subnet-87654321",
]
# Mount target in each subnet
example_mount_target = []
for range in [{"value": i} for i in range(0, len(subnet_ids))]:
example_mount_target.append(aws.efs.MountTarget(f"example-{range['value']}",
file_system_id=example.id,
subnet_id=subnet_ids[range["value"]],
security_groups=[efs["id"]]))
# Access point for Lambda
example_access_point = aws.efs.AccessPoint("example",
file_system_id=example.id,
root_directory={
"path": "/lambda",
"creation_info": {
"owner_gid": 1000,
"owner_uid": 1000,
"permissions": "755",
},
},
posix_user={
"gid": 1000,
"uid": 1000,
})
# Lambda function with EFS
example_function = aws.lambda_.Function("example",
code=pulumi.FileArchive("function.zip"),
name="example_efs_function",
role=example_aws_iam_role["arn"],
handler="index.handler",
runtime=aws.lambda_.Runtime.NODE_JS20D_X,
vpc_config={
"subnet_ids": subnet_ids,
"security_group_ids": [lambda_["id"]],
},
file_system_config={
"arn": example_access_point.arn,
"local_mount_path": "/mnt/data",
},
opts = pulumi.ResourceOptions(depends_on=[example_mount_target]))
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/efs"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// EFS file system for Lambda
example, err := efs.NewFileSystem(ctx, "example", &efs.FileSystemArgs{
Encrypted: pulumi.Bool(true),
Tags: pulumi.StringMap{
"Name": pulumi.String("lambda-efs"),
},
})
if err != nil {
return err
}
cfg := config.New(ctx, "")
// List of subnet IDs for EFS mount targets
subnetIds := []string{
"subnet-12345678",
"subnet-87654321",
}
if param := cfg.GetObject("subnetIds"); param != nil {
subnetIds = param
}
// Mount target in each subnet
var exampleMountTarget []*efs.MountTarget
for index := 0; index < len(subnetIds); index++ {
key0 := index
val0 := index
__res, err := efs.NewMountTarget(ctx, fmt.Sprintf("example-%v", key0), &efs.MountTargetArgs{
FileSystemId: example.ID(),
SubnetId: pulumi.String(subnetIds[val0]),
SecurityGroups: pulumi.StringArray{
efs.Id,
},
})
if err != nil {
return err
}
exampleMountTarget = append(exampleMountTarget, __res)
}
// Access point for Lambda
exampleAccessPoint, err := efs.NewAccessPoint(ctx, "example", &efs.AccessPointArgs{
FileSystemId: example.ID(),
RootDirectory: &efs.AccessPointRootDirectoryArgs{
Path: pulumi.String("/lambda"),
CreationInfo: &efs.AccessPointRootDirectoryCreationInfoArgs{
OwnerGid: pulumi.Int(1000),
OwnerUid: pulumi.Int(1000),
Permissions: pulumi.String("755"),
},
},
PosixUser: &efs.AccessPointPosixUserArgs{
Gid: pulumi.Int(1000),
Uid: pulumi.Int(1000),
},
})
if err != nil {
return err
}
// Lambda function with EFS
_, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
Code: pulumi.NewFileArchive("function.zip"),
Name: pulumi.String("example_efs_function"),
Role: pulumi.Any(exampleAwsIamRole.Arn),
Handler: pulumi.String("index.handler"),
Runtime: pulumi.String(lambda.RuntimeNodeJS20dX),
VpcConfig: &lambda.FunctionVpcConfigArgs{
SubnetIds: subnetIds,
SecurityGroupIds: pulumi.StringArray{
lambda.Id,
},
},
FileSystemConfig: &lambda.FunctionFileSystemConfigArgs{
Arn: exampleAccessPoint.Arn,
LocalMountPath: pulumi.String("/mnt/data"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleMountTarget,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// EFS file system for Lambda
var example = new Aws.Efs.FileSystem("example", new()
{
Encrypted = true,
Tags =
{
{ "Name", "lambda-efs" },
},
});
var config = new Config();
// List of subnet IDs for EFS mount targets
var subnetIds = config.GetObject<string[]>("subnetIds") ?? new[]
{
"subnet-12345678",
"subnet-87654321",
};
// Mount target in each subnet
var exampleMountTarget = new List<Aws.Efs.MountTarget>();
for (var rangeIndex = 0; rangeIndex < subnetIds.Length; rangeIndex++)
{
var range = new { Value = rangeIndex };
exampleMountTarget.Add(new Aws.Efs.MountTarget($"example-{range.Value}", new()
{
FileSystemId = example.Id,
SubnetId = subnetIds[range.Value],
SecurityGroups = new[]
{
efs.Id,
},
}));
}
// Access point for Lambda
var exampleAccessPoint = new Aws.Efs.AccessPoint("example", new()
{
FileSystemId = example.Id,
RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs
{
Path = "/lambda",
CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs
{
OwnerGid = 1000,
OwnerUid = 1000,
Permissions = "755",
},
},
PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs
{
Gid = 1000,
Uid = 1000,
},
});
// Lambda function with EFS
var exampleFunction = new Aws.Lambda.Function("example", new()
{
Code = new FileArchive("function.zip"),
Name = "example_efs_function",
Role = exampleAwsIamRole.Arn,
Handler = "index.handler",
Runtime = Aws.Lambda.Runtime.NodeJS20dX,
VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs
{
SubnetIds = subnetIds,
SecurityGroupIds = new[]
{
lambda.Id,
},
},
FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs
{
Arn = exampleAccessPoint.Arn,
LocalMountPath = "/mnt/data",
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleMountTarget,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.efs.FileSystem;
import com.pulumi.aws.efs.FileSystemArgs;
import com.pulumi.aws.efs.MountTarget;
import com.pulumi.aws.efs.MountTargetArgs;
import com.pulumi.aws.efs.AccessPoint;
import com.pulumi.aws.efs.AccessPointArgs;
import com.pulumi.aws.efs.inputs.AccessPointRootDirectoryArgs;
import com.pulumi.aws.efs.inputs.AccessPointRootDirectoryCreationInfoArgs;
import com.pulumi.aws.efs.inputs.AccessPointPosixUserArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs;
import com.pulumi.aws.lambda.inputs.FunctionFileSystemConfigArgs;
import com.pulumi.asset.FileArchive;
import com.pulumi.codegen.internal.KeyedValue;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
// EFS file system for Lambda
var example = new FileSystem("example", FileSystemArgs.builder()
.encrypted(true)
.tags(Map.of("Name", "lambda-efs"))
.build());
final var subnetIds = config.get("subnetIds").orElse(
"subnet-12345678",
"subnet-87654321");
// Mount target in each subnet
for (var i = 0; i < subnetIds.length(); i++) {
new MountTarget("exampleMountTarget-" + i, MountTargetArgs.builder()
.fileSystemId(example.id())
.subnetId(subnetIds[range.value()])
.securityGroups(efs.id())
.build());
}
// Access point for Lambda
var exampleAccessPoint = new AccessPoint("exampleAccessPoint", AccessPointArgs.builder()
.fileSystemId(example.id())
.rootDirectory(AccessPointRootDirectoryArgs.builder()
.path("/lambda")
.creationInfo(AccessPointRootDirectoryCreationInfoArgs.builder()
.ownerGid(1000)
.ownerUid(1000)
.permissions("755")
.build())
.build())
.posixUser(AccessPointPosixUserArgs.builder()
.gid(1000)
.uid(1000)
.build())
.build());
// Lambda function with EFS
var exampleFunction = new Function("exampleFunction", FunctionArgs.builder()
.code(new FileArchive("function.zip"))
.name("example_efs_function")
.role(exampleAwsIamRole.arn())
.handler("index.handler")
.runtime("nodejs20.x")
.vpcConfig(FunctionVpcConfigArgs.builder()
.subnetIds(subnetIds)
.securityGroupIds(lambda.id())
.build())
.fileSystemConfig(FunctionFileSystemConfigArgs.builder()
.arn(exampleAccessPoint.arn())
.localMountPath("/mnt/data")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleMountTarget)
.build());
}
}
Example coming soon!
Function with Advanced Logging
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.cloudwatch.LogGroup("example", {
name: "/aws/lambda/example_function",
retentionInDays: 14,
tags: {
Environment: "production",
Application: "example",
},
});
const exampleFunction = new aws.lambda.Function("example", {
code: new pulumi.asset.FileArchive("function.zip"),
name: "example_function",
role: exampleAwsIamRole.arn,
handler: "index.handler",
runtime: aws.lambda.Runtime.NodeJS20dX,
loggingConfig: {
logFormat: "JSON",
applicationLogLevel: "INFO",
systemLogLevel: "WARN",
},
}, {
dependsOn: [example],
});
import pulumi
import pulumi_aws as aws
example = aws.cloudwatch.LogGroup("example",
name="/aws/lambda/example_function",
retention_in_days=14,
tags={
"Environment": "production",
"Application": "example",
})
example_function = aws.lambda_.Function("example",
code=pulumi.FileArchive("function.zip"),
name="example_function",
role=example_aws_iam_role["arn"],
handler="index.handler",
runtime=aws.lambda_.Runtime.NODE_JS20D_X,
logging_config={
"log_format": "JSON",
"application_log_level": "INFO",
"system_log_level": "WARN",
},
opts = pulumi.ResourceOptions(depends_on=[example]))
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{
Name: pulumi.String("/aws/lambda/example_function"),
RetentionInDays: pulumi.Int(14),
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
"Application": pulumi.String("example"),
},
})
if err != nil {
return err
}
_, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
Code: pulumi.NewFileArchive("function.zip"),
Name: pulumi.String("example_function"),
Role: pulumi.Any(exampleAwsIamRole.Arn),
Handler: pulumi.String("index.handler"),
Runtime: pulumi.String(lambda.RuntimeNodeJS20dX),
LoggingConfig: &lambda.FunctionLoggingConfigArgs{
LogFormat: pulumi.String("JSON"),
ApplicationLogLevel: pulumi.String("INFO"),
SystemLogLevel: pulumi.String("WARN"),
},
}, pulumi.DependsOn([]pulumi.Resource{
example,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.CloudWatch.LogGroup("example", new()
{
Name = "/aws/lambda/example_function",
RetentionInDays = 14,
Tags =
{
{ "Environment", "production" },
{ "Application", "example" },
},
});
var exampleFunction = new Aws.Lambda.Function("example", new()
{
Code = new FileArchive("function.zip"),
Name = "example_function",
Role = exampleAwsIamRole.Arn,
Handler = "index.handler",
Runtime = Aws.Lambda.Runtime.NodeJS20dX,
LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs
{
LogFormat = "JSON",
ApplicationLogLevel = "INFO",
SystemLogLevel = "WARN",
},
}, new CustomResourceOptions
{
DependsOn =
{
example,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs;
import com.pulumi.asset.FileArchive;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new LogGroup("example", LogGroupArgs.builder()
.name("/aws/lambda/example_function")
.retentionInDays(14)
.tags(Map.ofEntries(
Map.entry("Environment", "production"),
Map.entry("Application", "example")
))
.build());
var exampleFunction = new Function("exampleFunction", FunctionArgs.builder()
.code(new FileArchive("function.zip"))
.name("example_function")
.role(exampleAwsIamRole.arn())
.handler("index.handler")
.runtime("nodejs20.x")
.loggingConfig(FunctionLoggingConfigArgs.builder()
.logFormat("JSON")
.applicationLogLevel("INFO")
.systemLogLevel("WARN")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(example)
.build());
}
}
resources:
example:
type: aws:cloudwatch:LogGroup
properties:
name: /aws/lambda/example_function
retentionInDays: 14
tags:
Environment: production
Application: example
exampleFunction:
type: aws:lambda:Function
name: example
properties:
code:
fn::FileArchive: function.zip
name: example_function
role: ${exampleAwsIamRole.arn}
handler: index.handler
runtime: nodejs20.x
loggingConfig:
logFormat: JSON
applicationLogLevel: INFO
systemLogLevel: WARN
options:
dependsOn:
- ${example}
Function with logging to S3 or Data Firehose
Required Resources
An S3 bucket or Data Firehose delivery stream to store the logs.
A CloudWatch Log Group with:
log_group_class = "DELIVERY"- A subscription filter whose
destination_arnpoints to the S3 bucket or the Data Firehose delivery stream.
IAM roles:
- Assumed by the
logs.amazonaws.comservice to deliver logs to the S3 bucket or Data Firehose delivery stream. - Assumed by the
lambda.amazonaws.comservice to send logs to CloudWatch Logs
- Assumed by the
A Lambda function:
- In the
logging_configuration, specify the name of the Log Group created above using thelog_groupfield - No special configuration is required to use S3 or Firehose as the log destination
- In the
For more details, see Sending Lambda function logs to Amazon S3.
Example: Exporting Lambda Logs to S3 Bucket
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lambdaFunctionName = "lambda-log-export-example";
const lambdaLogExportBucket = new aws.s3.Bucket("lambda_log_export", {bucket: `${lambdaFunctionName}-bucket`});
const _export = new aws.cloudwatch.LogGroup("export", {
name: `/aws/lambda/${lambdaFunctionName}`,
logGroupClass: "DELIVERY",
});
const logsAssumeRole = aws.iam.getPolicyDocument({
statements: [{
actions: ["sts:AssumeRole"],
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["logs.amazonaws.com"],
}],
}],
});
const logsLogExport = new aws.iam.Role("logs_log_export", {
name: `${lambdaFunctionName}-lambda-log-export-role`,
assumeRolePolicy: logsAssumeRole.then(logsAssumeRole => logsAssumeRole.json),
});
const lambdaLogExport = aws.iam.getPolicyDocumentOutput({
statements: [{
actions: ["s3:PutObject"],
effect: "Allow",
resources: [pulumi.interpolate`${lambdaLogExportBucket.arn}/*`],
}],
});
const lambdaLogExportRolePolicy = new aws.iam.RolePolicy("lambda_log_export", {
policy: lambdaLogExport.apply(lambdaLogExport => lambdaLogExport.json),
role: logsLogExport.name,
});
const lambdaLogExportLogSubscriptionFilter = new aws.cloudwatch.LogSubscriptionFilter("lambda_log_export", {
name: `${lambdaFunctionName}-filter`,
logGroup: _export.name,
filterPattern: "",
destinationArn: lambdaLogExportBucket.arn,
roleArn: logsLogExport.arn,
});
const logExport = new aws.lambda.Function("log_export", {
name: lambdaFunctionName,
handler: "index.lambda_handler",
runtime: aws.lambda.Runtime.Python3d13,
role: example.arn,
code: new pulumi.asset.FileArchive("function.zip"),
loggingConfig: {
logFormat: "Text",
logGroup: _export.name,
},
}, {
dependsOn: [_export],
});
import pulumi
import pulumi_aws as aws
lambda_function_name = "lambda-log-export-example"
lambda_log_export_bucket = aws.s3.Bucket("lambda_log_export", bucket=f"{lambda_function_name}-bucket")
export = aws.cloudwatch.LogGroup("export",
name=f"/aws/lambda/{lambda_function_name}",
log_group_class="DELIVERY")
logs_assume_role = aws.iam.get_policy_document(statements=[{
"actions": ["sts:AssumeRole"],
"effect": "Allow",
"principals": [{
"type": "Service",
"identifiers": ["logs.amazonaws.com"],
}],
}])
logs_log_export = aws.iam.Role("logs_log_export",
name=f"{lambda_function_name}-lambda-log-export-role",
assume_role_policy=logs_assume_role.json)
lambda_log_export = aws.iam.get_policy_document_output(statements=[{
"actions": ["s3:PutObject"],
"effect": "Allow",
"resources": [lambda_log_export_bucket.arn.apply(lambda arn: f"{arn}/*")],
}])
lambda_log_export_role_policy = aws.iam.RolePolicy("lambda_log_export",
policy=lambda_log_export.json,
role=logs_log_export.name)
lambda_log_export_log_subscription_filter = aws.cloudwatch.LogSubscriptionFilter("lambda_log_export",
name=f"{lambda_function_name}-filter",
log_group=export.name,
filter_pattern="",
destination_arn=lambda_log_export_bucket.arn,
role_arn=logs_log_export.arn)
log_export = aws.lambda_.Function("log_export",
name=lambda_function_name,
handler="index.lambda_handler",
runtime=aws.lambda_.Runtime.PYTHON3D13,
role=example["arn"],
code=pulumi.FileArchive("function.zip"),
logging_config={
"log_format": "Text",
"log_group": export.name,
},
opts = pulumi.ResourceOptions(depends_on=[export]))
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
lambdaFunctionName := "lambda-log-export-example"
lambdaLogExportBucket, err := s3.NewBucket(ctx, "lambda_log_export", &s3.BucketArgs{
Bucket: pulumi.Sprintf("%v-bucket", lambdaFunctionName),
})
if err != nil {
return err
}
export, err := cloudwatch.NewLogGroup(ctx, "export", &cloudwatch.LogGroupArgs{
Name: pulumi.Sprintf("/aws/lambda/%v", lambdaFunctionName),
LogGroupClass: pulumi.String("DELIVERY"),
})
if err != nil {
return err
}
logsAssumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Actions: []string{
"sts:AssumeRole",
},
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"logs.amazonaws.com",
},
},
},
},
},
}, nil)
if err != nil {
return err
}
logsLogExport, err := iam.NewRole(ctx, "logs_log_export", &iam.RoleArgs{
Name: pulumi.Sprintf("%v-lambda-log-export-role", lambdaFunctionName),
AssumeRolePolicy: pulumi.String(logsAssumeRole.Json),
})
if err != nil {
return err
}
lambdaLogExport := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Actions: pulumi.StringArray{
pulumi.String("s3:PutObject"),
},
Effect: pulumi.String("Allow"),
Resources: pulumi.StringArray{
lambdaLogExportBucket.Arn.ApplyT(func(arn string) (string, error) {
return fmt.Sprintf("%v/*", arn), nil
}).(pulumi.StringOutput),
},
},
},
}, nil)
_, err = iam.NewRolePolicy(ctx, "lambda_log_export", &iam.RolePolicyArgs{
Policy: pulumi.String(lambdaLogExport.ApplyT(func(lambdaLogExport iam.GetPolicyDocumentResult) (*string, error) {
return &lambdaLogExport.Json, nil
}).(pulumi.StringPtrOutput)),
Role: logsLogExport.Name,
})
if err != nil {
return err
}
_, err = cloudwatch.NewLogSubscriptionFilter(ctx, "lambda_log_export", &cloudwatch.LogSubscriptionFilterArgs{
Name: pulumi.Sprintf("%v-filter", lambdaFunctionName),
LogGroup: export.Name,
FilterPattern: pulumi.String(""),
DestinationArn: lambdaLogExportBucket.Arn,
RoleArn: logsLogExport.Arn,
})
if err != nil {
return err
}
_, err = lambda.NewFunction(ctx, "log_export", &lambda.FunctionArgs{
Name: pulumi.String(lambdaFunctionName),
Handler: pulumi.String("index.lambda_handler"),
Runtime: pulumi.String(lambda.RuntimePython3d13),
Role: pulumi.Any(example.Arn),
Code: pulumi.NewFileArchive("function.zip"),
LoggingConfig: &lambda.FunctionLoggingConfigArgs{
LogFormat: pulumi.String("Text"),
LogGroup: export.Name,
},
}, pulumi.DependsOn([]pulumi.Resource{
export,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var lambdaFunctionName = "lambda-log-export-example";
var lambdaLogExportBucket = new Aws.S3.Bucket("lambda_log_export", new()
{
BucketName = $"{lambdaFunctionName}-bucket",
});
var export = new Aws.CloudWatch.LogGroup("export", new()
{
Name = $"/aws/lambda/{lambdaFunctionName}",
LogGroupClass = "DELIVERY",
});
var logsAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"sts:AssumeRole",
},
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"logs.amazonaws.com",
},
},
},
},
},
});
var logsLogExport = new Aws.Iam.Role("logs_log_export", new()
{
Name = $"{lambdaFunctionName}-lambda-log-export-role",
AssumeRolePolicy = logsAssumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var lambdaLogExport = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"s3:PutObject",
},
Effect = "Allow",
Resources = new[]
{
$"{lambdaLogExportBucket.Arn}/*",
},
},
},
});
var lambdaLogExportRolePolicy = new Aws.Iam.RolePolicy("lambda_log_export", new()
{
Policy = lambdaLogExport.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
Role = logsLogExport.Name,
});
var lambdaLogExportLogSubscriptionFilter = new Aws.CloudWatch.LogSubscriptionFilter("lambda_log_export", new()
{
Name = $"{lambdaFunctionName}-filter",
LogGroup = export.Name,
FilterPattern = "",
DestinationArn = lambdaLogExportBucket.Arn,
RoleArn = logsLogExport.Arn,
});
var logExport = new Aws.Lambda.Function("log_export", new()
{
Name = lambdaFunctionName,
Handler = "index.lambda_handler",
Runtime = Aws.Lambda.Runtime.Python3d13,
Role = example.Arn,
Code = new FileArchive("function.zip"),
LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs
{
LogFormat = "Text",
LogGroup = export.Name,
},
}, new CustomResourceOptions
{
DependsOn =
{
export,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.aws.cloudwatch.LogSubscriptionFilter;
import com.pulumi.aws.cloudwatch.LogSubscriptionFilterArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs;
import com.pulumi.asset.FileArchive;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var lambdaFunctionName = "lambda-log-export-example";
var lambdaLogExportBucket = new Bucket("lambdaLogExportBucket", BucketArgs.builder()
.bucket(String.format("%s-bucket", lambdaFunctionName))
.build());
var export = new LogGroup("export", LogGroupArgs.builder()
.name(String.format("/aws/lambda/%s", lambdaFunctionName))
.logGroupClass("DELIVERY")
.build());
final var logsAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("sts:AssumeRole")
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("logs.amazonaws.com")
.build())
.build())
.build());
var logsLogExport = new Role("logsLogExport", RoleArgs.builder()
.name(String.format("%s-lambda-log-export-role", lambdaFunctionName))
.assumeRolePolicy(logsAssumeRole.json())
.build());
final var lambdaLogExport = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions("s3:PutObject")
.effect("Allow")
.resources(lambdaLogExportBucket.arn().applyValue(_arn -> String.format("%s/*", _arn)))
.build())
.build());
var lambdaLogExportRolePolicy = new RolePolicy("lambdaLogExportRolePolicy", RolePolicyArgs.builder()
.policy(lambdaLogExport.applyValue(_lambdaLogExport -> _lambdaLogExport.json()))
.role(logsLogExport.name())
.build());
var lambdaLogExportLogSubscriptionFilter = new LogSubscriptionFilter("lambdaLogExportLogSubscriptionFilter", LogSubscriptionFilterArgs.builder()
.name(String.format("%s-filter", lambdaFunctionName))
.logGroup(export.name())
.filterPattern("")
.destinationArn(lambdaLogExportBucket.arn())
.roleArn(logsLogExport.arn())
.build());
var logExport = new Function("logExport", FunctionArgs.builder()
.name(lambdaFunctionName)
.handler("index.lambda_handler")
.runtime("python3.13")
.role(example.arn())
.code(new FileArchive("function.zip"))
.loggingConfig(FunctionLoggingConfigArgs.builder()
.logFormat("Text")
.logGroup(export.name())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(export)
.build());
}
}
resources:
lambdaLogExportBucket:
type: aws:s3:Bucket
name: lambda_log_export
properties:
bucket: ${lambdaFunctionName}-bucket
export:
type: aws:cloudwatch:LogGroup
properties:
name: /aws/lambda/${lambdaFunctionName}
logGroupClass: DELIVERY
logsLogExport:
type: aws:iam:Role
name: logs_log_export
properties:
name: ${lambdaFunctionName}-lambda-log-export-role
assumeRolePolicy: ${logsAssumeRole.json}
lambdaLogExportRolePolicy:
type: aws:iam:RolePolicy
name: lambda_log_export
properties:
policy: ${lambdaLogExport.json}
role: ${logsLogExport.name}
lambdaLogExportLogSubscriptionFilter:
type: aws:cloudwatch:LogSubscriptionFilter
name: lambda_log_export
properties:
name: ${lambdaFunctionName}-filter
logGroup: ${export.name}
filterPattern: ""
destinationArn: ${lambdaLogExportBucket.arn}
roleArn: ${logsLogExport.arn}
logExport:
type: aws:lambda:Function
name: log_export
properties:
name: ${lambdaFunctionName}
handler: index.lambda_handler
runtime: python3.13
role: ${example.arn}
code:
fn::FileArchive: function.zip
loggingConfig:
logFormat: Text
logGroup: ${export.name}
options:
dependsOn:
- ${export}
variables:
lambdaFunctionName: lambda-log-export-example
logsAssumeRole:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- actions:
- sts:AssumeRole
effect: Allow
principals:
- type: Service
identifiers:
- logs.amazonaws.com
lambdaLogExport:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- actions:
- s3:PutObject
effect: Allow
resources:
- ${lambdaLogExportBucket.arn}/*
Function with Error Handling
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Main Lambda function
const example = new aws.lambda.Function("example", {
code: new pulumi.asset.FileArchive("function.zip"),
name: "example_function",
role: exampleAwsIamRole.arn,
handler: "index.handler",
runtime: aws.lambda.Runtime.NodeJS20dX,
deadLetterConfig: {
targetArn: dlq.arn,
},
});
// Event invoke configuration for retries
const exampleFunctionEventInvokeConfig = new aws.lambda.FunctionEventInvokeConfig("example", {
functionName: example.name,
maximumEventAgeInSeconds: 60,
maximumRetryAttempts: 2,
destinationConfig: {
onFailure: {
destination: dlq.arn,
},
onSuccess: {
destination: success.arn,
},
},
});
import pulumi
import pulumi_aws as aws
# Main Lambda function
example = aws.lambda_.Function("example",
code=pulumi.FileArchive("function.zip"),
name="example_function",
role=example_aws_iam_role["arn"],
handler="index.handler",
runtime=aws.lambda_.Runtime.NODE_JS20D_X,
dead_letter_config={
"target_arn": dlq["arn"],
})
# Event invoke configuration for retries
example_function_event_invoke_config = aws.lambda_.FunctionEventInvokeConfig("example",
function_name=example.name,
maximum_event_age_in_seconds=60,
maximum_retry_attempts=2,
destination_config={
"on_failure": {
"destination": dlq["arn"],
},
"on_success": {
"destination": success["arn"],
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Main Lambda function
example, err := lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
Code: pulumi.NewFileArchive("function.zip"),
Name: pulumi.String("example_function"),
Role: pulumi.Any(exampleAwsIamRole.Arn),
Handler: pulumi.String("index.handler"),
Runtime: pulumi.String(lambda.RuntimeNodeJS20dX),
DeadLetterConfig: &lambda.FunctionDeadLetterConfigArgs{
TargetArn: pulumi.Any(dlq.Arn),
},
})
if err != nil {
return err
}
// Event invoke configuration for retries
_, err = lambda.NewFunctionEventInvokeConfig(ctx, "example", &lambda.FunctionEventInvokeConfigArgs{
FunctionName: example.Name,
MaximumEventAgeInSeconds: pulumi.Int(60),
MaximumRetryAttempts: pulumi.Int(2),
DestinationConfig: &lambda.FunctionEventInvokeConfigDestinationConfigArgs{
OnFailure: &lambda.FunctionEventInvokeConfigDestinationConfigOnFailureArgs{
Destination: pulumi.Any(dlq.Arn),
},
OnSuccess: &lambda.FunctionEventInvokeConfigDestinationConfigOnSuccessArgs{
Destination: pulumi.Any(success.Arn),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// Main Lambda function
var example = new Aws.Lambda.Function("example", new()
{
Code = new FileArchive("function.zip"),
Name = "example_function",
Role = exampleAwsIamRole.Arn,
Handler = "index.handler",
Runtime = Aws.Lambda.Runtime.NodeJS20dX,
DeadLetterConfig = new Aws.Lambda.Inputs.FunctionDeadLetterConfigArgs
{
TargetArn = dlq.Arn,
},
});
// Event invoke configuration for retries
var exampleFunctionEventInvokeConfig = new Aws.Lambda.FunctionEventInvokeConfig("example", new()
{
FunctionName = example.Name,
MaximumEventAgeInSeconds = 60,
MaximumRetryAttempts = 2,
DestinationConfig = new Aws.Lambda.Inputs.FunctionEventInvokeConfigDestinationConfigArgs
{
OnFailure = new Aws.Lambda.Inputs.FunctionEventInvokeConfigDestinationConfigOnFailureArgs
{
Destination = dlq.Arn,
},
OnSuccess = new Aws.Lambda.Inputs.FunctionEventInvokeConfigDestinationConfigOnSuccessArgs
{
Destination = success.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionDeadLetterConfigArgs;
import com.pulumi.aws.lambda.FunctionEventInvokeConfig;
import com.pulumi.aws.lambda.FunctionEventInvokeConfigArgs;
import com.pulumi.aws.lambda.inputs.FunctionEventInvokeConfigDestinationConfigArgs;
import com.pulumi.aws.lambda.inputs.FunctionEventInvokeConfigDestinationConfigOnFailureArgs;
import com.pulumi.aws.lambda.inputs.FunctionEventInvokeConfigDestinationConfigOnSuccessArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Main Lambda function
var example = new Function("example", FunctionArgs.builder()
.code(new FileArchive("function.zip"))
.name("example_function")
.role(exampleAwsIamRole.arn())
.handler("index.handler")
.runtime("nodejs20.x")
.deadLetterConfig(FunctionDeadLetterConfigArgs.builder()
.targetArn(dlq.arn())
.build())
.build());
// Event invoke configuration for retries
var exampleFunctionEventInvokeConfig = new FunctionEventInvokeConfig("exampleFunctionEventInvokeConfig", FunctionEventInvokeConfigArgs.builder()
.functionName(example.name())
.maximumEventAgeInSeconds(60)
.maximumRetryAttempts(2)
.destinationConfig(FunctionEventInvokeConfigDestinationConfigArgs.builder()
.onFailure(FunctionEventInvokeConfigDestinationConfigOnFailureArgs.builder()
.destination(dlq.arn())
.build())
.onSuccess(FunctionEventInvokeConfigDestinationConfigOnSuccessArgs.builder()
.destination(success.arn())
.build())
.build())
.build());
}
}
resources:
# Main Lambda function
example:
type: aws:lambda:Function
properties:
code:
fn::FileArchive: function.zip
name: example_function
role: ${exampleAwsIamRole.arn}
handler: index.handler
runtime: nodejs20.x
deadLetterConfig:
targetArn: ${dlq.arn}
# Event invoke configuration for retries
exampleFunctionEventInvokeConfig:
type: aws:lambda:FunctionEventInvokeConfig
name: example
properties:
functionName: ${example.name}
maximumEventAgeInSeconds: 60
maximumRetryAttempts: 2
destinationConfig:
onFailure:
destination: ${dlq.arn}
onSuccess:
destination: ${success.arn}
CloudWatch Logging and Permissions
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const config = new pulumi.Config();
// Name of the Lambda function
const functionName = config.get("functionName") || "example_function";
// CloudWatch Log Group with retention
const example = new aws.cloudwatch.LogGroup("example", {
name: `/aws/lambda/${functionName}`,
retentionInDays: 14,
tags: {
Environment: "production",
Function: functionName,
},
});
// Lambda execution role
const exampleRole = new aws.iam.Role("example", {
name: "lambda_execution_role",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Effect: "Allow",
Principal: {
Service: "lambda.amazonaws.com",
},
}],
}),
});
// CloudWatch Logs policy
const lambdaLogging = new aws.iam.Policy("lambda_logging", {
name: "lambda_logging",
path: "/",
description: "IAM policy for logging from Lambda",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Action: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
Resource: ["arn:aws:logs:*:*:*"],
}],
}),
});
// Attach logging policy to Lambda role
const lambdaLogs = new aws.iam.RolePolicyAttachment("lambda_logs", {
role: exampleRole.name,
policyArn: lambdaLogging.arn,
});
// Lambda function with logging
const exampleFunction = new aws.lambda.Function("example", {
code: new pulumi.asset.FileArchive("function.zip"),
name: functionName,
role: exampleRole.arn,
handler: "index.handler",
runtime: aws.lambda.Runtime.NodeJS20dX,
loggingConfig: {
logFormat: "JSON",
applicationLogLevel: "INFO",
systemLogLevel: "WARN",
},
}, {
dependsOn: [
lambdaLogs,
example,
],
});
import pulumi
import json
import pulumi_aws as aws
config = pulumi.Config()
# Name of the Lambda function
function_name = config.get("functionName")
if function_name is None:
function_name = "example_function"
# CloudWatch Log Group with retention
example = aws.cloudwatch.LogGroup("example",
name=f"/aws/lambda/{function_name}",
retention_in_days=14,
tags={
"Environment": "production",
"Function": function_name,
})
# Lambda execution role
example_role = aws.iam.Role("example",
name="lambda_execution_role",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com",
},
}],
}))
# CloudWatch Logs policy
lambda_logging = aws.iam.Policy("lambda_logging",
name="lambda_logging",
path="/",
description="IAM policy for logging from Lambda",
policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Resource": ["arn:aws:logs:*:*:*"],
}],
}))
# Attach logging policy to Lambda role
lambda_logs = aws.iam.RolePolicyAttachment("lambda_logs",
role=example_role.name,
policy_arn=lambda_logging.arn)
# Lambda function with logging
example_function = aws.lambda_.Function("example",
code=pulumi.FileArchive("function.zip"),
name=function_name,
role=example_role.arn,
handler="index.handler",
runtime=aws.lambda_.Runtime.NODE_JS20D_X,
logging_config={
"log_format": "JSON",
"application_log_level": "INFO",
"system_log_level": "WARN",
},
opts = pulumi.ResourceOptions(depends_on=[
lambda_logs,
example,
]))
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
// Name of the Lambda function
functionName := "example_function"
if param := cfg.Get("functionName"); param != "" {
functionName = param
}
// CloudWatch Log Group with retention
example, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{
Name: pulumi.Sprintf("/aws/lambda/%v", functionName),
RetentionInDays: pulumi.Int(14),
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
"Function": pulumi.String(functionName),
},
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "lambda.amazonaws.com",
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
// Lambda execution role
exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
Name: pulumi.String("lambda_execution_role"),
AssumeRolePolicy: pulumi.String(json0),
})
if err != nil {
return err
}
tmpJSON1, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Effect": "Allow",
"Action": []string{
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
},
"Resource": []string{
"arn:aws:logs:*:*:*",
},
},
},
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
// CloudWatch Logs policy
lambdaLogging, err := iam.NewPolicy(ctx, "lambda_logging", &iam.PolicyArgs{
Name: pulumi.String("lambda_logging"),
Path: pulumi.String("/"),
Description: pulumi.String("IAM policy for logging from Lambda"),
Policy: pulumi.String(json1),
})
if err != nil {
return err
}
// Attach logging policy to Lambda role
lambdaLogs, err := iam.NewRolePolicyAttachment(ctx, "lambda_logs", &iam.RolePolicyAttachmentArgs{
Role: exampleRole.Name,
PolicyArn: lambdaLogging.Arn,
})
if err != nil {
return err
}
// Lambda function with logging
_, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
Code: pulumi.NewFileArchive("function.zip"),
Name: pulumi.String(functionName),
Role: exampleRole.Arn,
Handler: pulumi.String("index.handler"),
Runtime: pulumi.String(lambda.RuntimeNodeJS20dX),
LoggingConfig: &lambda.FunctionLoggingConfigArgs{
LogFormat: pulumi.String("JSON"),
ApplicationLogLevel: pulumi.String("INFO"),
SystemLogLevel: pulumi.String("WARN"),
},
}, pulumi.DependsOn([]pulumi.Resource{
lambdaLogs,
example,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var config = new Config();
// Name of the Lambda function
var functionName = config.Get("functionName") ?? "example_function";
// CloudWatch Log Group with retention
var example = new Aws.CloudWatch.LogGroup("example", new()
{
Name = $"/aws/lambda/{functionName}",
RetentionInDays = 14,
Tags =
{
{ "Environment", "production" },
{ "Function", functionName },
},
});
// Lambda execution role
var exampleRole = new Aws.Iam.Role("example", new()
{
Name = "lambda_execution_role",
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = "sts:AssumeRole",
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "lambda.amazonaws.com",
},
},
},
}),
});
// CloudWatch Logs policy
var lambdaLogging = new Aws.Iam.Policy("lambda_logging", new()
{
Name = "lambda_logging",
Path = "/",
Description = "IAM policy for logging from Lambda",
PolicyDocument = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Effect"] = "Allow",
["Action"] = new[]
{
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
},
["Resource"] = new[]
{
"arn:aws:logs:*:*:*",
},
},
},
}),
});
// Attach logging policy to Lambda role
var lambdaLogs = new Aws.Iam.RolePolicyAttachment("lambda_logs", new()
{
Role = exampleRole.Name,
PolicyArn = lambdaLogging.Arn,
});
// Lambda function with logging
var exampleFunction = new Aws.Lambda.Function("example", new()
{
Code = new FileArchive("function.zip"),
Name = functionName,
Role = exampleRole.Arn,
Handler = "index.handler",
Runtime = Aws.Lambda.Runtime.NodeJS20dX,
LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs
{
LogFormat = "JSON",
ApplicationLogLevel = "INFO",
SystemLogLevel = "WARN",
},
}, new CustomResourceOptions
{
DependsOn =
{
lambdaLogs,
example,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs;
import com.pulumi.asset.FileArchive;
import static com.pulumi.codegen.internal.Serialization.*;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var functionName = config.get("functionName").orElse("example_function");
// CloudWatch Log Group with retention
var example = new LogGroup("example", LogGroupArgs.builder()
.name(String.format("/aws/lambda/%s", functionName))
.retentionInDays(14)
.tags(Map.ofEntries(
Map.entry("Environment", "production"),
Map.entry("Function", functionName)
))
.build());
// Lambda execution role
var exampleRole = new Role("exampleRole", RoleArgs.builder()
.name("lambda_execution_role")
.assumeRolePolicy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", "sts:AssumeRole"),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "lambda.amazonaws.com")
))
)))
)))
.build());
// CloudWatch Logs policy
var lambdaLogging = new Policy("lambdaLogging", PolicyArgs.builder()
.name("lambda_logging")
.path("/")
.description("IAM policy for logging from Lambda")
.policy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Effect", "Allow"),
jsonProperty("Action", jsonArray(
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
)),
jsonProperty("Resource", jsonArray("arn:aws:logs:*:*:*"))
)))
)))
.build());
// Attach logging policy to Lambda role
var lambdaLogs = new RolePolicyAttachment("lambdaLogs", RolePolicyAttachmentArgs.builder()
.role(exampleRole.name())
.policyArn(lambdaLogging.arn())
.build());
// Lambda function with logging
var exampleFunction = new Function("exampleFunction", FunctionArgs.builder()
.code(new FileArchive("function.zip"))
.name(functionName)
.role(exampleRole.arn())
.handler("index.handler")
.runtime("nodejs20.x")
.loggingConfig(FunctionLoggingConfigArgs.builder()
.logFormat("JSON")
.applicationLogLevel("INFO")
.systemLogLevel("WARN")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
lambdaLogs,
example)
.build());
}
}
configuration:
# Function name variable
functionName:
type: string
default: example_function
resources:
# CloudWatch Log Group with retention
example:
type: aws:cloudwatch:LogGroup
properties:
name: /aws/lambda/${functionName}
retentionInDays: 14
tags:
Environment: production
Function: ${functionName}
# Lambda execution role
exampleRole:
type: aws:iam:Role
name: example
properties:
name: lambda_execution_role
assumeRolePolicy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: lambda.amazonaws.com
# CloudWatch Logs policy
lambdaLogging:
type: aws:iam:Policy
name: lambda_logging
properties:
name: lambda_logging
path: /
description: IAM policy for logging from Lambda
policy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- arn:aws:logs:*:*:*
# Attach logging policy to Lambda role
lambdaLogs:
type: aws:iam:RolePolicyAttachment
name: lambda_logs
properties:
role: ${exampleRole.name}
policyArn: ${lambdaLogging.arn}
# Lambda function with logging
exampleFunction:
type: aws:lambda:Function
name: example
properties:
code:
fn::FileArchive: function.zip
name: ${functionName}
role: ${exampleRole.arn}
handler: index.handler
runtime: nodejs20.x
loggingConfig:
logFormat: JSON
applicationLogLevel: INFO
systemLogLevel: WARN
options:
dependsOn:
- ${lambdaLogs}
- ${example}
Specifying the Deployment Package
AWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which runtime is in use. See Runtimes for the valid values of runtime. The expected structure of the deployment package can be found in the AWS Lambda documentation for each runtime.
Once you have created your deployment package you can specify it either directly as a local file (using the filename argument) or indirectly via Amazon S3 (using the s3_bucket, s3_key and s3_object_version arguments). When providing the deployment package via S3 it may be useful to use the aws.s3.BucketObjectv2 resource to upload it.
For larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.
Create Function Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Function(name: string, args: FunctionArgs, opts?: CustomResourceOptions);@overload
def Function(resource_name: str,
args: FunctionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Function(resource_name: str,
opts: Optional[ResourceOptions] = None,
role: Optional[str] = None,
package_type: Optional[str] = None,
region: Optional[str] = None,
dead_letter_config: Optional[FunctionDeadLetterConfigArgs] = None,
description: Optional[str] = None,
environment: Optional[FunctionEnvironmentArgs] = None,
ephemeral_storage: Optional[FunctionEphemeralStorageArgs] = None,
file_system_config: Optional[FunctionFileSystemConfigArgs] = None,
handler: Optional[str] = None,
image_config: Optional[FunctionImageConfigArgs] = None,
image_uri: Optional[str] = None,
kms_key_arn: Optional[str] = None,
layers: Optional[Sequence[str]] = None,
logging_config: Optional[FunctionLoggingConfigArgs] = None,
memory_size: Optional[int] = None,
name: Optional[str] = None,
architectures: Optional[Sequence[str]] = None,
code_signing_config_arn: Optional[str] = None,
replace_security_groups_on_destroy: Optional[bool] = None,
publish: Optional[bool] = None,
replacement_security_group_ids: Optional[Sequence[str]] = None,
reserved_concurrent_executions: Optional[int] = None,
code: Optional[pulumi.Archive] = None,
runtime: Optional[Union[str, Runtime]] = None,
s3_bucket: Optional[str] = None,
s3_key: Optional[str] = None,
s3_object_version: Optional[str] = None,
skip_destroy: Optional[bool] = None,
snap_start: Optional[FunctionSnapStartArgs] = None,
source_code_hash: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
timeout: Optional[int] = None,
tracing_config: Optional[FunctionTracingConfigArgs] = None,
vpc_config: Optional[FunctionVpcConfigArgs] = None)func NewFunction(ctx *Context, name string, args FunctionArgs, opts ...ResourceOption) (*Function, error)public Function(string name, FunctionArgs args, CustomResourceOptions? opts = null)
public Function(String name, FunctionArgs args)
public Function(String name, FunctionArgs args, CustomResourceOptions options)
type: aws:lambda:Function
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplefunctionResourceResourceFromLambdafunction = new Aws.Lambda.Function("examplefunctionResourceResourceFromLambdafunction", new()
{
Role = "string",
PackageType = "string",
Region = "string",
DeadLetterConfig = new Aws.Lambda.Inputs.FunctionDeadLetterConfigArgs
{
TargetArn = "string",
},
Description = "string",
Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs
{
Variables =
{
{ "string", "string" },
},
},
EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs
{
Size = 0,
},
FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs
{
Arn = "string",
LocalMountPath = "string",
},
Handler = "string",
ImageConfig = new Aws.Lambda.Inputs.FunctionImageConfigArgs
{
Commands = new[]
{
"string",
},
EntryPoints = new[]
{
"string",
},
WorkingDirectory = "string",
},
ImageUri = "string",
KmsKeyArn = "string",
Layers = new[]
{
"string",
},
LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs
{
LogFormat = "string",
ApplicationLogLevel = "string",
LogGroup = "string",
SystemLogLevel = "string",
},
MemorySize = 0,
Name = "string",
Architectures = new[]
{
"string",
},
CodeSigningConfigArn = "string",
ReplaceSecurityGroupsOnDestroy = false,
Publish = false,
ReplacementSecurityGroupIds = new[]
{
"string",
},
ReservedConcurrentExecutions = 0,
Code = new FileArchive("./path/to/archive"),
Runtime = "string",
S3Bucket = "string",
S3Key = "string",
S3ObjectVersion = "string",
SkipDestroy = false,
SnapStart = new Aws.Lambda.Inputs.FunctionSnapStartArgs
{
ApplyOn = "string",
OptimizationStatus = "string",
},
SourceCodeHash = "string",
Tags =
{
{ "string", "string" },
},
Timeout = 0,
TracingConfig = new Aws.Lambda.Inputs.FunctionTracingConfigArgs
{
Mode = "string",
},
VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs
{
SecurityGroupIds = new[]
{
"string",
},
SubnetIds = new[]
{
"string",
},
Ipv6AllowedForDualStack = false,
VpcId = "string",
},
});
example, err := lambda.NewFunction(ctx, "examplefunctionResourceResourceFromLambdafunction", &lambda.FunctionArgs{
Role: pulumi.String("string"),
PackageType: pulumi.String("string"),
Region: pulumi.String("string"),
DeadLetterConfig: &lambda.FunctionDeadLetterConfigArgs{
TargetArn: pulumi.String("string"),
},
Description: pulumi.String("string"),
Environment: &lambda.FunctionEnvironmentArgs{
Variables: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
EphemeralStorage: &lambda.FunctionEphemeralStorageArgs{
Size: pulumi.Int(0),
},
FileSystemConfig: &lambda.FunctionFileSystemConfigArgs{
Arn: pulumi.String("string"),
LocalMountPath: pulumi.String("string"),
},
Handler: pulumi.String("string"),
ImageConfig: &lambda.FunctionImageConfigArgs{
Commands: pulumi.StringArray{
pulumi.String("string"),
},
EntryPoints: pulumi.StringArray{
pulumi.String("string"),
},
WorkingDirectory: pulumi.String("string"),
},
ImageUri: pulumi.String("string"),
KmsKeyArn: pulumi.String("string"),
Layers: pulumi.StringArray{
pulumi.String("string"),
},
LoggingConfig: &lambda.FunctionLoggingConfigArgs{
LogFormat: pulumi.String("string"),
ApplicationLogLevel: pulumi.String("string"),
LogGroup: pulumi.String("string"),
SystemLogLevel: pulumi.String("string"),
},
MemorySize: pulumi.Int(0),
Name: pulumi.String("string"),
Architectures: pulumi.StringArray{
pulumi.String("string"),
},
CodeSigningConfigArn: pulumi.String("string"),
ReplaceSecurityGroupsOnDestroy: pulumi.Bool(false),
Publish: pulumi.Bool(false),
ReplacementSecurityGroupIds: pulumi.StringArray{
pulumi.String("string"),
},
ReservedConcurrentExecutions: pulumi.Int(0),
Code: pulumi.NewFileArchive("./path/to/archive"),
Runtime: pulumi.String("string"),
S3Bucket: pulumi.String("string"),
S3Key: pulumi.String("string"),
S3ObjectVersion: pulumi.String("string"),
SkipDestroy: pulumi.Bool(false),
SnapStart: &lambda.FunctionSnapStartArgs{
ApplyOn: pulumi.String("string"),
OptimizationStatus: pulumi.String("string"),
},
SourceCodeHash: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Timeout: pulumi.Int(0),
TracingConfig: &lambda.FunctionTracingConfigArgs{
Mode: pulumi.String("string"),
},
VpcConfig: &lambda.FunctionVpcConfigArgs{
SecurityGroupIds: pulumi.StringArray{
pulumi.String("string"),
},
SubnetIds: pulumi.StringArray{
pulumi.String("string"),
},
Ipv6AllowedForDualStack: pulumi.Bool(false),
VpcId: pulumi.String("string"),
},
})
var examplefunctionResourceResourceFromLambdafunction = new com.pulumi.aws.lambda.Function("examplefunctionResourceResourceFromLambdafunction", com.pulumi.aws.lambda.FunctionArgs.builder()
.role("string")
.packageType("string")
.region("string")
.deadLetterConfig(FunctionDeadLetterConfigArgs.builder()
.targetArn("string")
.build())
.description("string")
.environment(FunctionEnvironmentArgs.builder()
.variables(Map.of("string", "string"))
.build())
.ephemeralStorage(FunctionEphemeralStorageArgs.builder()
.size(0)
.build())
.fileSystemConfig(FunctionFileSystemConfigArgs.builder()
.arn("string")
.localMountPath("string")
.build())
.handler("string")
.imageConfig(FunctionImageConfigArgs.builder()
.commands("string")
.entryPoints("string")
.workingDirectory("string")
.build())
.imageUri("string")
.kmsKeyArn("string")
.layers("string")
.loggingConfig(FunctionLoggingConfigArgs.builder()
.logFormat("string")
.applicationLogLevel("string")
.logGroup("string")
.systemLogLevel("string")
.build())
.memorySize(0)
.name("string")
.architectures("string")
.codeSigningConfigArn("string")
.replaceSecurityGroupsOnDestroy(false)
.publish(false)
.replacementSecurityGroupIds("string")
.reservedConcurrentExecutions(0)
.code(new FileArchive("./path/to/archive"))
.runtime("string")
.s3Bucket("string")
.s3Key("string")
.s3ObjectVersion("string")
.skipDestroy(false)
.snapStart(FunctionSnapStartArgs.builder()
.applyOn("string")
.optimizationStatus("string")
.build())
.sourceCodeHash("string")
.tags(Map.of("string", "string"))
.timeout(0)
.tracingConfig(FunctionTracingConfigArgs.builder()
.mode("string")
.build())
.vpcConfig(FunctionVpcConfigArgs.builder()
.securityGroupIds("string")
.subnetIds("string")
.ipv6AllowedForDualStack(false)
.vpcId("string")
.build())
.build());
examplefunction_resource_resource_from_lambdafunction = aws.lambda_.Function("examplefunctionResourceResourceFromLambdafunction",
role="string",
package_type="string",
region="string",
dead_letter_config={
"target_arn": "string",
},
description="string",
environment={
"variables": {
"string": "string",
},
},
ephemeral_storage={
"size": 0,
},
file_system_config={
"arn": "string",
"local_mount_path": "string",
},
handler="string",
image_config={
"commands": ["string"],
"entry_points": ["string"],
"working_directory": "string",
},
image_uri="string",
kms_key_arn="string",
layers=["string"],
logging_config={
"log_format": "string",
"application_log_level": "string",
"log_group": "string",
"system_log_level": "string",
},
memory_size=0,
name="string",
architectures=["string"],
code_signing_config_arn="string",
replace_security_groups_on_destroy=False,
publish=False,
replacement_security_group_ids=["string"],
reserved_concurrent_executions=0,
code=pulumi.FileArchive("./path/to/archive"),
runtime="string",
s3_bucket="string",
s3_key="string",
s3_object_version="string",
skip_destroy=False,
snap_start={
"apply_on": "string",
"optimization_status": "string",
},
source_code_hash="string",
tags={
"string": "string",
},
timeout=0,
tracing_config={
"mode": "string",
},
vpc_config={
"security_group_ids": ["string"],
"subnet_ids": ["string"],
"ipv6_allowed_for_dual_stack": False,
"vpc_id": "string",
})
const examplefunctionResourceResourceFromLambdafunction = new aws.lambda.Function("examplefunctionResourceResourceFromLambdafunction", {
role: "string",
packageType: "string",
region: "string",
deadLetterConfig: {
targetArn: "string",
},
description: "string",
environment: {
variables: {
string: "string",
},
},
ephemeralStorage: {
size: 0,
},
fileSystemConfig: {
arn: "string",
localMountPath: "string",
},
handler: "string",
imageConfig: {
commands: ["string"],
entryPoints: ["string"],
workingDirectory: "string",
},
imageUri: "string",
kmsKeyArn: "string",
layers: ["string"],
loggingConfig: {
logFormat: "string",
applicationLogLevel: "string",
logGroup: "string",
systemLogLevel: "string",
},
memorySize: 0,
name: "string",
architectures: ["string"],
codeSigningConfigArn: "string",
replaceSecurityGroupsOnDestroy: false,
publish: false,
replacementSecurityGroupIds: ["string"],
reservedConcurrentExecutions: 0,
code: new pulumi.asset.FileArchive("./path/to/archive"),
runtime: "string",
s3Bucket: "string",
s3Key: "string",
s3ObjectVersion: "string",
skipDestroy: false,
snapStart: {
applyOn: "string",
optimizationStatus: "string",
},
sourceCodeHash: "string",
tags: {
string: "string",
},
timeout: 0,
tracingConfig: {
mode: "string",
},
vpcConfig: {
securityGroupIds: ["string"],
subnetIds: ["string"],
ipv6AllowedForDualStack: false,
vpcId: "string",
},
});
type: aws:lambda:Function
properties:
architectures:
- string
code:
fn::FileArchive: ./path/to/archive
codeSigningConfigArn: string
deadLetterConfig:
targetArn: string
description: string
environment:
variables:
string: string
ephemeralStorage:
size: 0
fileSystemConfig:
arn: string
localMountPath: string
handler: string
imageConfig:
commands:
- string
entryPoints:
- string
workingDirectory: string
imageUri: string
kmsKeyArn: string
layers:
- string
loggingConfig:
applicationLogLevel: string
logFormat: string
logGroup: string
systemLogLevel: string
memorySize: 0
name: string
packageType: string
publish: false
region: string
replaceSecurityGroupsOnDestroy: false
replacementSecurityGroupIds:
- string
reservedConcurrentExecutions: 0
role: string
runtime: string
s3Bucket: string
s3Key: string
s3ObjectVersion: string
skipDestroy: false
snapStart:
applyOn: string
optimizationStatus: string
sourceCodeHash: string
tags:
string: string
timeout: 0
tracingConfig:
mode: string
vpcConfig:
ipv6AllowedForDualStack: false
securityGroupIds:
- string
subnetIds:
- string
vpcId: string
Function Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Function resource accepts the following input properties:
- Role string
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- Architectures List<string>
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - Code Archive
- Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - Code
Signing stringConfig Arn - ARN of a code-signing configuration to enable code signing for this function.
- Dead
Letter FunctionConfig Dead Letter Config - Configuration block for dead letter queue. See below.
- Description string
- Description of what your Lambda Function does.
- Environment
Function
Environment - Configuration block for environment variables. See below.
- Ephemeral
Storage FunctionEphemeral Storage - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - File
System FunctionConfig File System Config - Configuration block for EFS file system. See below.
- Handler string
- Function entry point in your code. Required if
package_typeisZip. - Image
Config FunctionImage Config - Container image configuration values. See below.
- Image
Uri string - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - Kms
Key stringArn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- Layers List<string>
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- Logging
Config FunctionLogging Config - Configuration block for advanced logging settings. See below.
- Memory
Size int - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- Name string
- Unique name for your Lambda Function.
- Package
Type string - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - Publish bool
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Replace
Security boolGroups On Destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - Replacement
Security List<string>Group Ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - Reserved
Concurrent intExecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - Runtime
string | Pulumi.
Aws. Lambda. Runtime - Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - S3Bucket string
- S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - S3Key string
- S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - S3Object
Version string - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - Skip
Destroy bool - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - Snap
Start FunctionSnap Start - Configuration block for snap start settings. See below.
- Source
Code stringHash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- Dictionary<string, string>
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeout int
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- Tracing
Config FunctionTracing Config - Configuration block for X-Ray tracing. See below.
- Vpc
Config FunctionVpc Config - Configuration block for VPC. See below.
- Role string
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- Architectures []string
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - Code
pulumi.
Archive - Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - Code
Signing stringConfig Arn - ARN of a code-signing configuration to enable code signing for this function.
- Dead
Letter FunctionConfig Dead Letter Config Args - Configuration block for dead letter queue. See below.
- Description string
- Description of what your Lambda Function does.
- Environment
Function
Environment Args - Configuration block for environment variables. See below.
- Ephemeral
Storage FunctionEphemeral Storage Args - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - File
System FunctionConfig File System Config Args - Configuration block for EFS file system. See below.
- Handler string
- Function entry point in your code. Required if
package_typeisZip. - Image
Config FunctionImage Config Args - Container image configuration values. See below.
- Image
Uri string - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - Kms
Key stringArn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- Layers []string
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- Logging
Config FunctionLogging Config Args - Configuration block for advanced logging settings. See below.
- Memory
Size int - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- Name string
- Unique name for your Lambda Function.
- Package
Type string - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - Publish bool
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Replace
Security boolGroups On Destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - Replacement
Security []stringGroup Ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - Reserved
Concurrent intExecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - Runtime string | Runtime
- Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - S3Bucket string
- S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - S3Key string
- S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - S3Object
Version string - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - Skip
Destroy bool - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - Snap
Start FunctionSnap Start Args - Configuration block for snap start settings. See below.
- Source
Code stringHash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- map[string]string
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeout int
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- Tracing
Config FunctionTracing Config Args - Configuration block for X-Ray tracing. See below.
- Vpc
Config FunctionVpc Config Args - Configuration block for VPC. See below.
- role String
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- architectures List<String>
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - code Archive
- Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - code
Signing StringConfig Arn - ARN of a code-signing configuration to enable code signing for this function.
- dead
Letter FunctionConfig Dead Letter Config - Configuration block for dead letter queue. See below.
- description String
- Description of what your Lambda Function does.
- environment
Function
Environment - Configuration block for environment variables. See below.
- ephemeral
Storage FunctionEphemeral Storage - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - file
System FunctionConfig File System Config - Configuration block for EFS file system. See below.
- handler String
- Function entry point in your code. Required if
package_typeisZip. - image
Config FunctionImage Config - Container image configuration values. See below.
- image
Uri String - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - kms
Key StringArn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- layers List<String>
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- logging
Config FunctionLogging Config - Configuration block for advanced logging settings. See below.
- memory
Size Integer - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- name String
- Unique name for your Lambda Function.
- package
Type String - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - publish Boolean
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- replace
Security BooleanGroups On Destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - replacement
Security List<String>Group Ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - reserved
Concurrent IntegerExecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - runtime String | Runtime
- Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - s3Bucket String
- S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - s3Key String
- S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - s3Object
Version String - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - skip
Destroy Boolean - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - snap
Start FunctionSnap Start - Configuration block for snap start settings. See below.
- source
Code StringHash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- Map<String,String>
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeout Integer
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- tracing
Config FunctionTracing Config - Configuration block for X-Ray tracing. See below.
- vpc
Config FunctionVpc Config - Configuration block for VPC. See below.
- role string
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- architectures string[]
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - code
pulumi.asset.
Archive - Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - code
Signing stringConfig Arn - ARN of a code-signing configuration to enable code signing for this function.
- dead
Letter FunctionConfig Dead Letter Config - Configuration block for dead letter queue. See below.
- description string
- Description of what your Lambda Function does.
- environment
Function
Environment - Configuration block for environment variables. See below.
- ephemeral
Storage FunctionEphemeral Storage - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - file
System FunctionConfig File System Config - Configuration block for EFS file system. See below.
- handler string
- Function entry point in your code. Required if
package_typeisZip. - image
Config FunctionImage Config - Container image configuration values. See below.
- image
Uri string - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - kms
Key stringArn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- layers string[]
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- logging
Config FunctionLogging Config - Configuration block for advanced logging settings. See below.
- memory
Size number - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- name string
- Unique name for your Lambda Function.
- package
Type string - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - publish boolean
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- replace
Security booleanGroups On Destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - replacement
Security string[]Group Ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - reserved
Concurrent numberExecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - runtime string | Runtime
- Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - s3Bucket string
- S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - s3Key string
- S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - s3Object
Version string - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - skip
Destroy boolean - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - snap
Start FunctionSnap Start - Configuration block for snap start settings. See below.
- source
Code stringHash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- {[key: string]: string}
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeout number
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- tracing
Config FunctionTracing Config - Configuration block for X-Ray tracing. See below.
- vpc
Config FunctionVpc Config - Configuration block for VPC. See below.
- role str
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- architectures Sequence[str]
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - code
pulumi.
Archive - Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - code_
signing_ strconfig_ arn - ARN of a code-signing configuration to enable code signing for this function.
- dead_
letter_ Functionconfig Dead Letter Config Args - Configuration block for dead letter queue. See below.
- description str
- Description of what your Lambda Function does.
- environment
Function
Environment Args - Configuration block for environment variables. See below.
- ephemeral_
storage FunctionEphemeral Storage Args - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - file_
system_ Functionconfig File System Config Args - Configuration block for EFS file system. See below.
- handler str
- Function entry point in your code. Required if
package_typeisZip. - image_
config FunctionImage Config Args - Container image configuration values. See below.
- image_
uri str - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - kms_
key_ strarn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- layers Sequence[str]
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- logging_
config FunctionLogging Config Args - Configuration block for advanced logging settings. See below.
- memory_
size int - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- name str
- Unique name for your Lambda Function.
- package_
type str - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - publish bool
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- replace_
security_ boolgroups_ on_ destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - replacement_
security_ Sequence[str]group_ ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - reserved_
concurrent_ intexecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - runtime str | Runtime
- Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - s3_
bucket str - S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - s3_
key str - S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - s3_
object_ strversion - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - skip_
destroy bool - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - snap_
start FunctionSnap Start Args - Configuration block for snap start settings. See below.
- source_
code_ strhash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- Mapping[str, str]
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeout int
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- tracing_
config FunctionTracing Config Args - Configuration block for X-Ray tracing. See below.
- vpc_
config FunctionVpc Config Args - Configuration block for VPC. See below.
- role String
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- architectures List<String>
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - code Archive
- Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - code
Signing StringConfig Arn - ARN of a code-signing configuration to enable code signing for this function.
- dead
Letter Property MapConfig - Configuration block for dead letter queue. See below.
- description String
- Description of what your Lambda Function does.
- environment Property Map
- Configuration block for environment variables. See below.
- ephemeral
Storage Property Map - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - file
System Property MapConfig - Configuration block for EFS file system. See below.
- handler String
- Function entry point in your code. Required if
package_typeisZip. - image
Config Property Map - Container image configuration values. See below.
- image
Uri String - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - kms
Key StringArn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- layers List<String>
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- logging
Config Property Map - Configuration block for advanced logging settings. See below.
- memory
Size Number - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- name String
- Unique name for your Lambda Function.
- package
Type String - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - publish Boolean
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- replace
Security BooleanGroups On Destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - replacement
Security List<String>Group Ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - reserved
Concurrent NumberExecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - runtime String | "dotnet6" | "dotnet8" | "java11" | "java17" | "java21" | "java8.al2" | "nodejs18.x" | "nodejs20.x" | "nodejs22.x" | "provided.al2" | "provided.al2023" | "python3.10" | "python3.11" | "python3.12" | "python3.13" | "python3.9" | "ruby3.2" | "ruby3.3" | "dotnet5.0" | "dotnet7" | "dotnetcore2.1" | "dotnetcore3.1" | "go1.x" | "java8" | "nodejs10.x" | "nodejs12.x" | "nodejs14.x" | "nodejs16.x" | "provided" | "python2.7" | "python3.6" | "python3.7" | "python3.8" | "ruby2.5" | "ruby2.7"
- Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - s3Bucket String
- S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - s3Key String
- S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - s3Object
Version String - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - skip
Destroy Boolean - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - snap
Start Property Map - Configuration block for snap start settings. See below.
- source
Code StringHash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- Map<String>
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeout Number
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- tracing
Config Property Map - Configuration block for X-Ray tracing. See below.
- vpc
Config Property Map - Configuration block for VPC. See below.
Outputs
All input properties are implicitly available as output properties. Additionally, the Function resource produces the following output properties:
- Arn string
- ARN identifying your Lambda Function.
- Code
Sha256 string - Base64-encoded representation of raw SHA-256 sum of the zip file.
- Id string
- The provider-assigned unique ID for this managed resource.
- Invoke
Arn string - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - Last
Modified string - Date this resource was last modified.
- Qualified
Arn string - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - Qualified
Invoke stringArn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - Signing
Job stringArn - ARN of the signing job.
- Signing
Profile stringVersion Arn - ARN of the signing profile version.
- Source
Code intSize - Size in bytes of the function .zip file.
- Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Version string
- Latest published version of your Lambda Function.
- Arn string
- ARN identifying your Lambda Function.
- Code
Sha256 string - Base64-encoded representation of raw SHA-256 sum of the zip file.
- Id string
- The provider-assigned unique ID for this managed resource.
- Invoke
Arn string - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - Last
Modified string - Date this resource was last modified.
- Qualified
Arn string - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - Qualified
Invoke stringArn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - Signing
Job stringArn - ARN of the signing job.
- Signing
Profile stringVersion Arn - ARN of the signing profile version.
- Source
Code intSize - Size in bytes of the function .zip file.
- map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Version string
- Latest published version of your Lambda Function.
- arn String
- ARN identifying your Lambda Function.
- code
Sha256 String - Base64-encoded representation of raw SHA-256 sum of the zip file.
- id String
- The provider-assigned unique ID for this managed resource.
- invoke
Arn String - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - last
Modified String - Date this resource was last modified.
- qualified
Arn String - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - qualified
Invoke StringArn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - signing
Job StringArn - ARN of the signing job.
- signing
Profile StringVersion Arn - ARN of the signing profile version.
- source
Code IntegerSize - Size in bytes of the function .zip file.
- Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version String
- Latest published version of your Lambda Function.
- arn string
- ARN identifying your Lambda Function.
- code
Sha256 string - Base64-encoded representation of raw SHA-256 sum of the zip file.
- id string
- The provider-assigned unique ID for this managed resource.
- invoke
Arn string - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - last
Modified string - Date this resource was last modified.
- qualified
Arn string - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - qualified
Invoke stringArn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - signing
Job stringArn - ARN of the signing job.
- signing
Profile stringVersion Arn - ARN of the signing profile version.
- source
Code numberSize - Size in bytes of the function .zip file.
- {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version string
- Latest published version of your Lambda Function.
- arn str
- ARN identifying your Lambda Function.
- code_
sha256 str - Base64-encoded representation of raw SHA-256 sum of the zip file.
- id str
- The provider-assigned unique ID for this managed resource.
- invoke_
arn str - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - last_
modified str - Date this resource was last modified.
- qualified_
arn str - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - qualified_
invoke_ strarn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - signing_
job_ strarn - ARN of the signing job.
- signing_
profile_ strversion_ arn - ARN of the signing profile version.
- source_
code_ intsize - Size in bytes of the function .zip file.
- Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version str
- Latest published version of your Lambda Function.
- arn String
- ARN identifying your Lambda Function.
- code
Sha256 String - Base64-encoded representation of raw SHA-256 sum of the zip file.
- id String
- The provider-assigned unique ID for this managed resource.
- invoke
Arn String - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - last
Modified String - Date this resource was last modified.
- qualified
Arn String - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - qualified
Invoke StringArn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - signing
Job StringArn - ARN of the signing job.
- signing
Profile StringVersion Arn - ARN of the signing profile version.
- source
Code NumberSize - Size in bytes of the function .zip file.
- Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - version String
- Latest published version of your Lambda Function.
Look up Existing Function Resource
Get an existing Function resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FunctionState, opts?: CustomResourceOptions): Function@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
architectures: Optional[Sequence[str]] = None,
arn: Optional[str] = None,
code: Optional[pulumi.Archive] = None,
code_sha256: Optional[str] = None,
code_signing_config_arn: Optional[str] = None,
dead_letter_config: Optional[FunctionDeadLetterConfigArgs] = None,
description: Optional[str] = None,
environment: Optional[FunctionEnvironmentArgs] = None,
ephemeral_storage: Optional[FunctionEphemeralStorageArgs] = None,
file_system_config: Optional[FunctionFileSystemConfigArgs] = None,
handler: Optional[str] = None,
image_config: Optional[FunctionImageConfigArgs] = None,
image_uri: Optional[str] = None,
invoke_arn: Optional[str] = None,
kms_key_arn: Optional[str] = None,
last_modified: Optional[str] = None,
layers: Optional[Sequence[str]] = None,
logging_config: Optional[FunctionLoggingConfigArgs] = None,
memory_size: Optional[int] = None,
name: Optional[str] = None,
package_type: Optional[str] = None,
publish: Optional[bool] = None,
qualified_arn: Optional[str] = None,
qualified_invoke_arn: Optional[str] = None,
region: Optional[str] = None,
replace_security_groups_on_destroy: Optional[bool] = None,
replacement_security_group_ids: Optional[Sequence[str]] = None,
reserved_concurrent_executions: Optional[int] = None,
role: Optional[str] = None,
runtime: Optional[Union[str, Runtime]] = None,
s3_bucket: Optional[str] = None,
s3_key: Optional[str] = None,
s3_object_version: Optional[str] = None,
signing_job_arn: Optional[str] = None,
signing_profile_version_arn: Optional[str] = None,
skip_destroy: Optional[bool] = None,
snap_start: Optional[FunctionSnapStartArgs] = None,
source_code_hash: Optional[str] = None,
source_code_size: Optional[int] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
timeout: Optional[int] = None,
tracing_config: Optional[FunctionTracingConfigArgs] = None,
version: Optional[str] = None,
vpc_config: Optional[FunctionVpcConfigArgs] = None) -> Functionfunc GetFunction(ctx *Context, name string, id IDInput, state *FunctionState, opts ...ResourceOption) (*Function, error)public static Function Get(string name, Input<string> id, FunctionState? state, CustomResourceOptions? opts = null)public static Function get(String name, Output<String> id, FunctionState state, CustomResourceOptions options)resources: _: type: aws:lambda:Function get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Architectures List<string>
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - Arn string
- ARN identifying your Lambda Function.
- Code Archive
- Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - Code
Sha256 string - Base64-encoded representation of raw SHA-256 sum of the zip file.
- Code
Signing stringConfig Arn - ARN of a code-signing configuration to enable code signing for this function.
- Dead
Letter FunctionConfig Dead Letter Config - Configuration block for dead letter queue. See below.
- Description string
- Description of what your Lambda Function does.
- Environment
Function
Environment - Configuration block for environment variables. See below.
- Ephemeral
Storage FunctionEphemeral Storage - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - File
System FunctionConfig File System Config - Configuration block for EFS file system. See below.
- Handler string
- Function entry point in your code. Required if
package_typeisZip. - Image
Config FunctionImage Config - Container image configuration values. See below.
- Image
Uri string - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - Invoke
Arn string - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - Kms
Key stringArn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- Last
Modified string - Date this resource was last modified.
- Layers List<string>
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- Logging
Config FunctionLogging Config - Configuration block for advanced logging settings. See below.
- Memory
Size int - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- Name string
- Unique name for your Lambda Function.
- Package
Type string - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - Publish bool
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - Qualified
Arn string - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - Qualified
Invoke stringArn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Replace
Security boolGroups On Destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - Replacement
Security List<string>Group Ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - Reserved
Concurrent intExecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - Role string
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- Runtime
string | Pulumi.
Aws. Lambda. Runtime - Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - S3Bucket string
- S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - S3Key string
- S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - S3Object
Version string - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - Signing
Job stringArn - ARN of the signing job.
- Signing
Profile stringVersion Arn - ARN of the signing profile version.
- Skip
Destroy bool - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - Snap
Start FunctionSnap Start - Configuration block for snap start settings. See below.
- Source
Code stringHash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- Source
Code intSize - Size in bytes of the function .zip file.
- Dictionary<string, string>
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Timeout int
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- Tracing
Config FunctionTracing Config - Configuration block for X-Ray tracing. See below.
- Version string
- Latest published version of your Lambda Function.
- Vpc
Config FunctionVpc Config - Configuration block for VPC. See below.
- Architectures []string
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - Arn string
- ARN identifying your Lambda Function.
- Code
pulumi.
Archive - Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - Code
Sha256 string - Base64-encoded representation of raw SHA-256 sum of the zip file.
- Code
Signing stringConfig Arn - ARN of a code-signing configuration to enable code signing for this function.
- Dead
Letter FunctionConfig Dead Letter Config Args - Configuration block for dead letter queue. See below.
- Description string
- Description of what your Lambda Function does.
- Environment
Function
Environment Args - Configuration block for environment variables. See below.
- Ephemeral
Storage FunctionEphemeral Storage Args - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - File
System FunctionConfig File System Config Args - Configuration block for EFS file system. See below.
- Handler string
- Function entry point in your code. Required if
package_typeisZip. - Image
Config FunctionImage Config Args - Container image configuration values. See below.
- Image
Uri string - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - Invoke
Arn string - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - Kms
Key stringArn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- Last
Modified string - Date this resource was last modified.
- Layers []string
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- Logging
Config FunctionLogging Config Args - Configuration block for advanced logging settings. See below.
- Memory
Size int - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- Name string
- Unique name for your Lambda Function.
- Package
Type string - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - Publish bool
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - Qualified
Arn string - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - Qualified
Invoke stringArn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Replace
Security boolGroups On Destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - Replacement
Security []stringGroup Ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - Reserved
Concurrent intExecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - Role string
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- Runtime string | Runtime
- Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - S3Bucket string
- S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - S3Key string
- S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - S3Object
Version string - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - Signing
Job stringArn - ARN of the signing job.
- Signing
Profile stringVersion Arn - ARN of the signing profile version.
- Skip
Destroy bool - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - Snap
Start FunctionSnap Start Args - Configuration block for snap start settings. See below.
- Source
Code stringHash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- Source
Code intSize - Size in bytes of the function .zip file.
- map[string]string
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Timeout int
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- Tracing
Config FunctionTracing Config Args - Configuration block for X-Ray tracing. See below.
- Version string
- Latest published version of your Lambda Function.
- Vpc
Config FunctionVpc Config Args - Configuration block for VPC. See below.
- architectures List<String>
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - arn String
- ARN identifying your Lambda Function.
- code Archive
- Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - code
Sha256 String - Base64-encoded representation of raw SHA-256 sum of the zip file.
- code
Signing StringConfig Arn - ARN of a code-signing configuration to enable code signing for this function.
- dead
Letter FunctionConfig Dead Letter Config - Configuration block for dead letter queue. See below.
- description String
- Description of what your Lambda Function does.
- environment
Function
Environment - Configuration block for environment variables. See below.
- ephemeral
Storage FunctionEphemeral Storage - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - file
System FunctionConfig File System Config - Configuration block for EFS file system. See below.
- handler String
- Function entry point in your code. Required if
package_typeisZip. - image
Config FunctionImage Config - Container image configuration values. See below.
- image
Uri String - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - invoke
Arn String - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - kms
Key StringArn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- last
Modified String - Date this resource was last modified.
- layers List<String>
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- logging
Config FunctionLogging Config - Configuration block for advanced logging settings. See below.
- memory
Size Integer - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- name String
- Unique name for your Lambda Function.
- package
Type String - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - publish Boolean
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - qualified
Arn String - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - qualified
Invoke StringArn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- replace
Security BooleanGroups On Destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - replacement
Security List<String>Group Ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - reserved
Concurrent IntegerExecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - role String
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- runtime String | Runtime
- Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - s3Bucket String
- S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - s3Key String
- S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - s3Object
Version String - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - signing
Job StringArn - ARN of the signing job.
- signing
Profile StringVersion Arn - ARN of the signing profile version.
- skip
Destroy Boolean - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - snap
Start FunctionSnap Start - Configuration block for snap start settings. See below.
- source
Code StringHash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- source
Code IntegerSize - Size in bytes of the function .zip file.
- Map<String,String>
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeout Integer
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- tracing
Config FunctionTracing Config - Configuration block for X-Ray tracing. See below.
- version String
- Latest published version of your Lambda Function.
- vpc
Config FunctionVpc Config - Configuration block for VPC. See below.
- architectures string[]
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - arn string
- ARN identifying your Lambda Function.
- code
pulumi.asset.
Archive - Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - code
Sha256 string - Base64-encoded representation of raw SHA-256 sum of the zip file.
- code
Signing stringConfig Arn - ARN of a code-signing configuration to enable code signing for this function.
- dead
Letter FunctionConfig Dead Letter Config - Configuration block for dead letter queue. See below.
- description string
- Description of what your Lambda Function does.
- environment
Function
Environment - Configuration block for environment variables. See below.
- ephemeral
Storage FunctionEphemeral Storage - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - file
System FunctionConfig File System Config - Configuration block for EFS file system. See below.
- handler string
- Function entry point in your code. Required if
package_typeisZip. - image
Config FunctionImage Config - Container image configuration values. See below.
- image
Uri string - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - invoke
Arn string - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - kms
Key stringArn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- last
Modified string - Date this resource was last modified.
- layers string[]
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- logging
Config FunctionLogging Config - Configuration block for advanced logging settings. See below.
- memory
Size number - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- name string
- Unique name for your Lambda Function.
- package
Type string - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - publish boolean
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - qualified
Arn string - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - qualified
Invoke stringArn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- replace
Security booleanGroups On Destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - replacement
Security string[]Group Ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - reserved
Concurrent numberExecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - role string
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- runtime string | Runtime
- Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - s3Bucket string
- S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - s3Key string
- S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - s3Object
Version string - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - signing
Job stringArn - ARN of the signing job.
- signing
Profile stringVersion Arn - ARN of the signing profile version.
- skip
Destroy boolean - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - snap
Start FunctionSnap Start - Configuration block for snap start settings. See below.
- source
Code stringHash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- source
Code numberSize - Size in bytes of the function .zip file.
- {[key: string]: string}
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeout number
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- tracing
Config FunctionTracing Config - Configuration block for X-Ray tracing. See below.
- version string
- Latest published version of your Lambda Function.
- vpc
Config FunctionVpc Config - Configuration block for VPC. See below.
- architectures Sequence[str]
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - arn str
- ARN identifying your Lambda Function.
- code
pulumi.
Archive - Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - code_
sha256 str - Base64-encoded representation of raw SHA-256 sum of the zip file.
- code_
signing_ strconfig_ arn - ARN of a code-signing configuration to enable code signing for this function.
- dead_
letter_ Functionconfig Dead Letter Config Args - Configuration block for dead letter queue. See below.
- description str
- Description of what your Lambda Function does.
- environment
Function
Environment Args - Configuration block for environment variables. See below.
- ephemeral_
storage FunctionEphemeral Storage Args - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - file_
system_ Functionconfig File System Config Args - Configuration block for EFS file system. See below.
- handler str
- Function entry point in your code. Required if
package_typeisZip. - image_
config FunctionImage Config Args - Container image configuration values. See below.
- image_
uri str - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - invoke_
arn str - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - kms_
key_ strarn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- last_
modified str - Date this resource was last modified.
- layers Sequence[str]
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- logging_
config FunctionLogging Config Args - Configuration block for advanced logging settings. See below.
- memory_
size int - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- name str
- Unique name for your Lambda Function.
- package_
type str - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - publish bool
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - qualified_
arn str - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - qualified_
invoke_ strarn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- replace_
security_ boolgroups_ on_ destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - replacement_
security_ Sequence[str]group_ ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - reserved_
concurrent_ intexecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - role str
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- runtime str | Runtime
- Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - s3_
bucket str - S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - s3_
key str - S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - s3_
object_ strversion - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - signing_
job_ strarn - ARN of the signing job.
- signing_
profile_ strversion_ arn - ARN of the signing profile version.
- skip_
destroy bool - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - snap_
start FunctionSnap Start Args - Configuration block for snap start settings. See below.
- source_
code_ strhash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- source_
code_ intsize - Size in bytes of the function .zip file.
- Mapping[str, str]
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeout int
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- tracing_
config FunctionTracing Config Args - Configuration block for X-Ray tracing. See below.
- version str
- Latest published version of your Lambda Function.
- vpc_
config FunctionVpc Config Args - Configuration block for VPC. See below.
- architectures List<String>
- Instruction set architecture for your Lambda function. Valid values are
["x86_64"]and["arm64"]. Default is["x86_64"]. Removing this attribute, function's architecture stays the same. - arn String
- ARN identifying your Lambda Function.
- code Archive
- Path to the function's deployment package within the local filesystem. Conflicts with
image_uriands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - code
Sha256 String - Base64-encoded representation of raw SHA-256 sum of the zip file.
- code
Signing StringConfig Arn - ARN of a code-signing configuration to enable code signing for this function.
- dead
Letter Property MapConfig - Configuration block for dead letter queue. See below.
- description String
- Description of what your Lambda Function does.
- environment Property Map
- Configuration block for environment variables. See below.
- ephemeral
Storage Property Map - Amount of ephemeral storage (
/tmp) to allocate for the Lambda Function. See below. - file
System Property MapConfig - Configuration block for EFS file system. See below.
- handler String
- Function entry point in your code. Required if
package_typeisZip. - image
Config Property Map - Container image configuration values. See below.
- image
Uri String - ECR image URI containing the function's deployment package. Conflicts with
filenameands3_bucket. One offilename,image_uri, ors3_bucketmust be specified. - invoke
Arn String - ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - kms
Key StringArn - ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.
- last
Modified String - Date this resource was last modified.
- layers List<String>
- List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.
- logging
Config Property Map - Configuration block for advanced logging settings. See below.
- memory
Size Number - Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.
- name String
- Unique name for your Lambda Function.
- package
Type String - Lambda deployment package type. Valid values are
ZipandImage. Defaults toZip. - publish Boolean
- Whether to publish creation/change as new Lambda Function Version. Defaults to
false. - qualified
Arn String - ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true). - qualified
Invoke StringArn - Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration'suri. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- replace
Security BooleanGroups On Destroy - Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is
false. - replacement
Security List<String>Group Ids - List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if
replace_security_groups_on_destroyistrue. - reserved
Concurrent NumberExecutions - Amount of reserved concurrent executions for this lambda function. A value of
0disables lambda from being triggered and-1removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1. - role String
ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- runtime String | "dotnet6" | "dotnet8" | "java11" | "java17" | "java21" | "java8.al2" | "nodejs18.x" | "nodejs20.x" | "nodejs22.x" | "provided.al2" | "provided.al2023" | "python3.10" | "python3.11" | "python3.12" | "python3.13" | "python3.9" | "ruby3.2" | "ruby3.3" | "dotnet5.0" | "dotnet7" | "dotnetcore2.1" | "dotnetcore3.1" | "go1.x" | "java8" | "nodejs10.x" | "nodejs12.x" | "nodejs14.x" | "nodejs16.x" | "provided" | "python2.7" | "python3.6" | "python3.7" | "python3.8" | "ruby2.5" | "ruby2.7"
- Identifier of the function's runtime. Required if
package_typeisZip. See Runtimes for valid values. - s3Bucket String
- S3 bucket location containing the function's deployment package. Conflicts with
filenameandimage_uri. One offilename,image_uri, ors3_bucketmust be specified. - s3Key String
- S3 key of an object containing the function's deployment package. Required if
s3_bucketis set. - s3Object
Version String - Object version containing the function's deployment package. Conflicts with
filenameandimage_uri. - signing
Job StringArn - ARN of the signing job.
- signing
Profile StringVersion Arn - ARN of the signing profile version.
- skip
Destroy Boolean - Whether to retain the old version of a previously deployed Lambda Layer. Default is
false. - snap
Start Property Map - Configuration block for snap start settings. See below.
- source
Code StringHash - Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.
- source
Code NumberSize - Size in bytes of the function .zip file.
- Map<String>
- Key-value map of tags for the Lambda function. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeout Number
- Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
- tracing
Config Property Map - Configuration block for X-Ray tracing. See below.
- version String
- Latest published version of your Lambda Function.
- vpc
Config Property Map - Configuration block for VPC. See below.
Supporting Types
FunctionDeadLetterConfig, FunctionDeadLetterConfigArgs
- Target
Arn string - ARN of an SNS topic or SQS queue to notify when an invocation fails.
- Target
Arn string - ARN of an SNS topic or SQS queue to notify when an invocation fails.
- target
Arn String - ARN of an SNS topic or SQS queue to notify when an invocation fails.
- target
Arn string - ARN of an SNS topic or SQS queue to notify when an invocation fails.
- target_
arn str - ARN of an SNS topic or SQS queue to notify when an invocation fails.
- target
Arn String - ARN of an SNS topic or SQS queue to notify when an invocation fails.
FunctionEnvironment, FunctionEnvironmentArgs
- Variables Dictionary<string, string>
- Map of environment variables available to your Lambda function during execution.
- Variables map[string]string
- Map of environment variables available to your Lambda function during execution.
- variables Map<String,String>
- Map of environment variables available to your Lambda function during execution.
- variables {[key: string]: string}
- Map of environment variables available to your Lambda function during execution.
- variables Mapping[str, str]
- Map of environment variables available to your Lambda function during execution.
- variables Map<String>
- Map of environment variables available to your Lambda function during execution.
FunctionEphemeralStorage, FunctionEphemeralStorageArgs
- Size int
- Amount of ephemeral storage (
/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).
- Size int
- Amount of ephemeral storage (
/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).
- size Integer
- Amount of ephemeral storage (
/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).
- size number
- Amount of ephemeral storage (
/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).
- size int
- Amount of ephemeral storage (
/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).
- size Number
- Amount of ephemeral storage (
/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).
FunctionFileSystemConfig, FunctionFileSystemConfigArgs
- Arn string
- ARN of the Amazon EFS Access Point.
- Local
Mount stringPath - Path where the function can access the file system. Must start with
/mnt/.
- Arn string
- ARN of the Amazon EFS Access Point.
- Local
Mount stringPath - Path where the function can access the file system. Must start with
/mnt/.
- arn String
- ARN of the Amazon EFS Access Point.
- local
Mount StringPath - Path where the function can access the file system. Must start with
/mnt/.
- arn string
- ARN of the Amazon EFS Access Point.
- local
Mount stringPath - Path where the function can access the file system. Must start with
/mnt/.
- arn str
- ARN of the Amazon EFS Access Point.
- local_
mount_ strpath - Path where the function can access the file system. Must start with
/mnt/.
- arn String
- ARN of the Amazon EFS Access Point.
- local
Mount StringPath - Path where the function can access the file system. Must start with
/mnt/.
FunctionImageConfig, FunctionImageConfigArgs
- Commands List<string>
- Parameters to pass to the container image.
- Entry
Points List<string> - Entry point to your application.
- Working
Directory string - Working directory for the container image.
- Commands []string
- Parameters to pass to the container image.
- Entry
Points []string - Entry point to your application.
- Working
Directory string - Working directory for the container image.
- commands List<String>
- Parameters to pass to the container image.
- entry
Points List<String> - Entry point to your application.
- working
Directory String - Working directory for the container image.
- commands string[]
- Parameters to pass to the container image.
- entry
Points string[] - Entry point to your application.
- working
Directory string - Working directory for the container image.
- commands Sequence[str]
- Parameters to pass to the container image.
- entry_
points Sequence[str] - Entry point to your application.
- working_
directory str - Working directory for the container image.
- commands List<String>
- Parameters to pass to the container image.
- entry
Points List<String> - Entry point to your application.
- working
Directory String - Working directory for the container image.
FunctionLoggingConfig, FunctionLoggingConfigArgs
- Log
Format string - Log format. Valid values:
Text,JSON. - Application
Log stringLevel - Detail level of application logs. Valid values:
TRACE,DEBUG,INFO,WARN,ERROR,FATAL. - Log
Group string - CloudWatch log group where logs are sent.
- System
Log stringLevel - Detail level of Lambda platform logs. Valid values:
DEBUG,INFO,WARN.
- Log
Format string - Log format. Valid values:
Text,JSON. - Application
Log stringLevel - Detail level of application logs. Valid values:
TRACE,DEBUG,INFO,WARN,ERROR,FATAL. - Log
Group string - CloudWatch log group where logs are sent.
- System
Log stringLevel - Detail level of Lambda platform logs. Valid values:
DEBUG,INFO,WARN.
- log
Format String - Log format. Valid values:
Text,JSON. - application
Log StringLevel - Detail level of application logs. Valid values:
TRACE,DEBUG,INFO,WARN,ERROR,FATAL. - log
Group String - CloudWatch log group where logs are sent.
- system
Log StringLevel - Detail level of Lambda platform logs. Valid values:
DEBUG,INFO,WARN.
- log
Format string - Log format. Valid values:
Text,JSON. - application
Log stringLevel - Detail level of application logs. Valid values:
TRACE,DEBUG,INFO,WARN,ERROR,FATAL. - log
Group string - CloudWatch log group where logs are sent.
- system
Log stringLevel - Detail level of Lambda platform logs. Valid values:
DEBUG,INFO,WARN.
- log_
format str - Log format. Valid values:
Text,JSON. - application_
log_ strlevel - Detail level of application logs. Valid values:
TRACE,DEBUG,INFO,WARN,ERROR,FATAL. - log_
group str - CloudWatch log group where logs are sent.
- system_
log_ strlevel - Detail level of Lambda platform logs. Valid values:
DEBUG,INFO,WARN.
- log
Format String - Log format. Valid values:
Text,JSON. - application
Log StringLevel - Detail level of application logs. Valid values:
TRACE,DEBUG,INFO,WARN,ERROR,FATAL. - log
Group String - CloudWatch log group where logs are sent.
- system
Log StringLevel - Detail level of Lambda platform logs. Valid values:
DEBUG,INFO,WARN.
FunctionSnapStart, FunctionSnapStartArgs
- Apply
On string - When to apply snap start optimization. Valid value:
PublishedVersions. - Optimization
Status string - Optimization status of the snap start configuration. Valid values are
OnandOff.
- Apply
On string - When to apply snap start optimization. Valid value:
PublishedVersions. - Optimization
Status string - Optimization status of the snap start configuration. Valid values are
OnandOff.
- apply
On String - When to apply snap start optimization. Valid value:
PublishedVersions. - optimization
Status String - Optimization status of the snap start configuration. Valid values are
OnandOff.
- apply
On string - When to apply snap start optimization. Valid value:
PublishedVersions. - optimization
Status string - Optimization status of the snap start configuration. Valid values are
OnandOff.
- apply_
on str - When to apply snap start optimization. Valid value:
PublishedVersions. - optimization_
status str - Optimization status of the snap start configuration. Valid values are
OnandOff.
- apply
On String - When to apply snap start optimization. Valid value:
PublishedVersions. - optimization
Status String - Optimization status of the snap start configuration. Valid values are
OnandOff.
FunctionTracingConfig, FunctionTracingConfigArgs
- Mode string
- X-Ray tracing mode. Valid values:
Active,PassThrough.
- Mode string
- X-Ray tracing mode. Valid values:
Active,PassThrough.
- mode String
- X-Ray tracing mode. Valid values:
Active,PassThrough.
- mode string
- X-Ray tracing mode. Valid values:
Active,PassThrough.
- mode str
- X-Ray tracing mode. Valid values:
Active,PassThrough.
- mode String
- X-Ray tracing mode. Valid values:
Active,PassThrough.
FunctionVpcConfig, FunctionVpcConfigArgs
- Security
Group List<string>Ids - List of security group IDs associated with the Lambda function.
- Subnet
Ids List<string> - List of subnet IDs associated with the Lambda function.
- Ipv6Allowed
For boolDual Stack - Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default:
false. - Vpc
Id string - ID of the VPC.
- Security
Group []stringIds - List of security group IDs associated with the Lambda function.
- Subnet
Ids []string - List of subnet IDs associated with the Lambda function.
- Ipv6Allowed
For boolDual Stack - Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default:
false. - Vpc
Id string - ID of the VPC.
- security
Group List<String>Ids - List of security group IDs associated with the Lambda function.
- subnet
Ids List<String> - List of subnet IDs associated with the Lambda function.
- ipv6Allowed
For BooleanDual Stack - Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default:
false. - vpc
Id String - ID of the VPC.
- security
Group string[]Ids - List of security group IDs associated with the Lambda function.
- subnet
Ids string[] - List of subnet IDs associated with the Lambda function.
- ipv6Allowed
For booleanDual Stack - Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default:
false. - vpc
Id string - ID of the VPC.
- security_
group_ Sequence[str]ids - List of security group IDs associated with the Lambda function.
- subnet_
ids Sequence[str] - List of subnet IDs associated with the Lambda function.
- ipv6_
allowed_ boolfor_ dual_ stack - Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default:
false. - vpc_
id str - ID of the VPC.
- security
Group List<String>Ids - List of security group IDs associated with the Lambda function.
- subnet
Ids List<String> - List of subnet IDs associated with the Lambda function.
- ipv6Allowed
For BooleanDual Stack - Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default:
false. - vpc
Id String - ID of the VPC.
Runtime, RuntimeArgs
- Dotnet6
- dotnet6
- Dotnet8
- dotnet8
- Java11
- java11
- Java17
- java17
- Java21
- java21
- Java8AL2
- java8.al2
- Node
JS18d X - nodejs18.x
- Node
JS20d X - nodejs20.x
- Node
JS22d X - nodejs22.x
- Custom
AL2 - provided.al2
- Custom
AL2023 - provided.al2023
- Python3d10
- python3.10
- Python3d11
- python3.11
- Python3d12
- python3.12
- Python3d13
- python3.13
- Python3d9
- python3.9
- Ruby3d2
- ruby3.2
- Ruby3d3
- ruby3.3
- Dotnet5d0
- dotnet5.0
- Dotnet7
- dotnet7
- Dotnet
Core2d1 - dotnetcore2.1
- Dotnet
Core3d1 - dotnetcore3.1
- Go1dx
- go1.x
- Java8
- java8
- Node
JS10d X - nodejs10.x
- Node
JS12d X - nodejs12.x
- Node
JS14d X - nodejs14.x
- Node
JS16d X - nodejs16.x
- Custom
- provided
- Python2d7
- python2.7
- Python3d6
- python3.6
- Python3d7
- python3.7
- Python3d8
- python3.8
- Ruby2d5
- ruby2.5
- Ruby2d7
- ruby2.7
- Runtime
Dotnet6 - dotnet6
- Runtime
Dotnet8 - dotnet8
- Runtime
Java11 - java11
- Runtime
Java17 - java17
- Runtime
Java21 - java21
- Runtime
Java8AL2 - java8.al2
- Runtime
Node JS18d X - nodejs18.x
- Runtime
Node JS20d X - nodejs20.x
- Runtime
Node JS22d X - nodejs22.x
- Runtime
Custom AL2 - provided.al2
- Runtime
Custom AL2023 - provided.al2023
- Runtime
Python3d10 - python3.10
- Runtime
Python3d11 - python3.11
- Runtime
Python3d12 - python3.12
- Runtime
Python3d13 - python3.13
- Runtime
Python3d9 - python3.9
- Runtime
Ruby3d2 - ruby3.2
- Runtime
Ruby3d3 - ruby3.3
- Runtime
Dotnet5d0 - dotnet5.0
- Runtime
Dotnet7 - dotnet7
- Runtime
Dotnet Core2d1 - dotnetcore2.1
- Runtime
Dotnet Core3d1 - dotnetcore3.1
- Runtime
Go1dx - go1.x
- Runtime
Java8 - java8
- Runtime
Node JS10d X - nodejs10.x
- Runtime
Node JS12d X - nodejs12.x
- Runtime
Node JS14d X - nodejs14.x
- Runtime
Node JS16d X - nodejs16.x
- Runtime
Custom - provided
- Runtime
Python2d7 - python2.7
- Runtime
Python3d6 - python3.6
- Runtime
Python3d7 - python3.7
- Runtime
Python3d8 - python3.8
- Runtime
Ruby2d5 - ruby2.5
- Runtime
Ruby2d7 - ruby2.7
- Dotnet6
- dotnet6
- Dotnet8
- dotnet8
- Java11
- java11
- Java17
- java17
- Java21
- java21
- Java8AL2
- java8.al2
- Node
JS18d X - nodejs18.x
- Node
JS20d X - nodejs20.x
- Node
JS22d X - nodejs22.x
- Custom
AL2 - provided.al2
- Custom
AL2023 - provided.al2023
- Python3d10
- python3.10
- Python3d11
- python3.11
- Python3d12
- python3.12
- Python3d13
- python3.13
- Python3d9
- python3.9
- Ruby3d2
- ruby3.2
- Ruby3d3
- ruby3.3
- Dotnet5d0
- dotnet5.0
- Dotnet7
- dotnet7
- Dotnet
Core2d1 - dotnetcore2.1
- Dotnet
Core3d1 - dotnetcore3.1
- Go1dx
- go1.x
- Java8
- java8
- Node
JS10d X - nodejs10.x
- Node
JS12d X - nodejs12.x
- Node
JS14d X - nodejs14.x
- Node
JS16d X - nodejs16.x
- Custom
- provided
- Python2d7
- python2.7
- Python3d6
- python3.6
- Python3d7
- python3.7
- Python3d8
- python3.8
- Ruby2d5
- ruby2.5
- Ruby2d7
- ruby2.7
- Dotnet6
- dotnet6
- Dotnet8
- dotnet8
- Java11
- java11
- Java17
- java17
- Java21
- java21
- Java8AL2
- java8.al2
- Node
JS18d X - nodejs18.x
- Node
JS20d X - nodejs20.x
- Node
JS22d X - nodejs22.x
- Custom
AL2 - provided.al2
- Custom
AL2023 - provided.al2023
- Python3d10
- python3.10
- Python3d11
- python3.11
- Python3d12
- python3.12
- Python3d13
- python3.13
- Python3d9
- python3.9
- Ruby3d2
- ruby3.2
- Ruby3d3
- ruby3.3
- Dotnet5d0
- dotnet5.0
- Dotnet7
- dotnet7
- Dotnet
Core2d1 - dotnetcore2.1
- Dotnet
Core3d1 - dotnetcore3.1
- Go1dx
- go1.x
- Java8
- java8
- Node
JS10d X - nodejs10.x
- Node
JS12d X - nodejs12.x
- Node
JS14d X - nodejs14.x
- Node
JS16d X - nodejs16.x
- Custom
- provided
- Python2d7
- python2.7
- Python3d6
- python3.6
- Python3d7
- python3.7
- Python3d8
- python3.8
- Ruby2d5
- ruby2.5
- Ruby2d7
- ruby2.7
- DOTNET6
- dotnet6
- DOTNET8
- dotnet8
- JAVA11
- java11
- JAVA17
- java17
- JAVA21
- java21
- JAVA8_AL2
- java8.al2
- NODE_JS18D_X
- nodejs18.x
- NODE_JS20D_X
- nodejs20.x
- NODE_JS22D_X
- nodejs22.x
- CUSTOM_AL2
- provided.al2
- CUSTOM_AL2023
- provided.al2023
- PYTHON3D10
- python3.10
- PYTHON3D11
- python3.11
- PYTHON3D12
- python3.12
- PYTHON3D13
- python3.13
- PYTHON3D9
- python3.9
- RUBY3D2
- ruby3.2
- RUBY3D3
- ruby3.3
- DOTNET5D0
- dotnet5.0
- DOTNET7
- dotnet7
- DOTNET_CORE2D1
- dotnetcore2.1
- DOTNET_CORE3D1
- dotnetcore3.1
- GO1DX
- go1.x
- JAVA8
- java8
- NODE_JS10D_X
- nodejs10.x
- NODE_JS12D_X
- nodejs12.x
- NODE_JS14D_X
- nodejs14.x
- NODE_JS16D_X
- nodejs16.x
- CUSTOM
- provided
- PYTHON2D7
- python2.7
- PYTHON3D6
- python3.6
- PYTHON3D7
- python3.7
- PYTHON3D8
- python3.8
- RUBY2D5
- ruby2.5
- RUBY2D7
- ruby2.7
- "dotnet6"
- dotnet6
- "dotnet8"
- dotnet8
- "java11"
- java11
- "java17"
- java17
- "java21"
- java21
- "java8.al2"
- java8.al2
- "nodejs18.x"
- nodejs18.x
- "nodejs20.x"
- nodejs20.x
- "nodejs22.x"
- nodejs22.x
- "provided.al2"
- provided.al2
- "provided.al2023"
- provided.al2023
- "python3.10"
- python3.10
- "python3.11"
- python3.11
- "python3.12"
- python3.12
- "python3.13"
- python3.13
- "python3.9"
- python3.9
- "ruby3.2"
- ruby3.2
- "ruby3.3"
- ruby3.3
- "dotnet5.0"
- dotnet5.0
- "dotnet7"
- dotnet7
- "dotnetcore2.1"
- dotnetcore2.1
- "dotnetcore3.1"
- dotnetcore3.1
- "go1.x"
- go1.x
- "java8"
- java8
- "nodejs10.x"
- nodejs10.x
- "nodejs12.x"
- nodejs12.x
- "nodejs14.x"
- nodejs14.x
- "nodejs16.x"
- nodejs16.x
- "provided"
- provided
- "python2.7"
- python2.7
- "python3.6"
- python3.6
- "python3.7"
- python3.7
- "python3.8"
- python3.8
- "ruby2.5"
- ruby2.5
- "ruby2.7"
- ruby2.7
Import
Using pulumi import, import Lambda Functions using the function_name. For example:
$ pulumi import aws:lambda/function:Function example example
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.