AWS Classic

v5.21.1 published on Thursday, Nov 17, 2022 by Pulumi

Function

Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration.

For information about Lambda and how to use it, see What is AWS Lambda?

NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.

To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the aws.lambda.Permission resource. See Lambda Permission Model for more details. On the other hand, the role argument of this resource is the function’s execution role for identity and access to AWS services and resources.

CloudWatch Logging and Permissions

For more information about CloudWatch Logs for Lambda, see the Lambda User Guide.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const lambdaFunctionName = config.get("lambdaFunctionName") || "lambda_function_name";
// This is to optionally manage the CloudWatch Log Group for the Lambda Function.
// If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
const example = new aws.cloudwatch.LogGroup("example", {retentionInDays: 14});
// See also the following AWS managed policy: AWSLambdaBasicExecutionRole
const lambdaLogging = new aws.iam.Policy("lambdaLogging", {
    path: "/",
    description: "IAM policy for logging from a lambda",
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
`,
});
const lambdaLogs = new aws.iam.RolePolicyAttachment("lambdaLogs", {
    role: aws_iam_role.iam_for_lambda.name,
    policyArn: lambdaLogging.arn,
});
const testLambda = new aws.lambda.Function("testLambda", {}, {
    dependsOn: [
        lambdaLogs,
        example,
    ],
});

import pulumi
import pulumi_aws as aws

config = pulumi.Config()
lambda_function_name = config.get("lambdaFunctionName")
if lambda_function_name is None:
    lambda_function_name = "lambda_function_name"
# This is to optionally manage the CloudWatch Log Group for the Lambda Function.
# If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
example = aws.cloudwatch.LogGroup("example", retention_in_days=14)
# See also the following AWS managed policy: AWSLambdaBasicExecutionRole
lambda_logging = aws.iam.Policy("lambdaLogging",
    path="/",
    description="IAM policy for logging from a lambda",
    policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
""")
lambda_logs = aws.iam.RolePolicyAttachment("lambdaLogs",
    role=aws_iam_role["iam_for_lambda"]["name"],
    policy_arn=lambda_logging.arn)
test_lambda = aws.lambda_.Function("testLambda", opts=pulumi.ResourceOptions(depends_on=[
        lambda_logs,
        example,
    ]))

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var lambdaFunctionName = config.Get("lambdaFunctionName") ?? "lambda_function_name";
    // This is to optionally manage the CloudWatch Log Group for the Lambda Function.
    // If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
    var example = new Aws.CloudWatch.LogGroup("example", new()
    {
        RetentionInDays = 14,
    });

    // See also the following AWS managed policy: AWSLambdaBasicExecutionRole
    var lambdaLogging = new Aws.Iam.Policy("lambdaLogging", new()
    {
        Path = "/",
        Description = "IAM policy for logging from a lambda",
        PolicyDocument = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""logs:CreateLogGroup"",
        ""logs:CreateLogStream"",
        ""logs:PutLogEvents""
      ],
      ""Resource"": ""arn:aws:logs:*:*:*"",
      ""Effect"": ""Allow""
    }
  ]
}
",
    });

    var lambdaLogs = new Aws.Iam.RolePolicyAttachment("lambdaLogs", new()
    {
        Role = aws_iam_role.Iam_for_lambda.Name,
        PolicyArn = lambdaLogging.Arn,
    });

    var testLambda = new Aws.Lambda.Function("testLambda", new()
    {
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            lambdaLogs,
            example,
        },
    });

});

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cloudwatch"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		lambdaFunctionName := "lambda_function_name"
		if param := cfg.Get("lambdaFunctionName"); param != "" {
			lambdaFunctionName = param
		}
		example, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{
			RetentionInDays: pulumi.Int(14),
		})
		if err != nil {
			return err
		}
		lambdaLogging, err := iam.NewPolicy(ctx, "lambdaLogging", &iam.PolicyArgs{
			Path:        pulumi.String("/"),
			Description: pulumi.String("IAM policy for logging from a lambda"),
			Policy: pulumi.Any(fmt.Sprintf(`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
`)),
		})
		if err != nil {
			return err
		}
		lambdaLogs, err := iam.NewRolePolicyAttachment(ctx, "lambdaLogs", &iam.RolePolicyAttachmentArgs{
			Role:      pulumi.Any(aws_iam_role.Iam_for_lambda.Name),
			PolicyArn: lambdaLogging.Arn,
		})
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "testLambda", nil, pulumi.DependsOn([]pulumi.Resource{
			lambdaLogs,
			example,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var lambdaFunctionName = config.get("lambdaFunctionName").orElse("lambda_function_name");
        var example = new LogGroup("example", LogGroupArgs.builder()        
            .retentionInDays(14)
            .build());

        var lambdaLogging = new Policy("lambdaLogging", PolicyArgs.builder()        
            .path("/")
            .description("IAM policy for logging from a lambda")
            .policy("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
            """)
            .build());

        var lambdaLogs = new RolePolicyAttachment("lambdaLogs", RolePolicyAttachmentArgs.builder()        
            .role(aws_iam_role.iam_for_lambda().name())
            .policyArn(lambdaLogging.arn())
            .build());

        var testLambda = new Function("testLambda", FunctionArgs.Empty, CustomResourceOptions.builder()
            .dependsOn(            
                lambdaLogs,
                example)
            .build());

    }
}

configuration:
  lambdaFunctionName:
    type: string
    default: lambda_function_name
resources:
  testLambda:
    type: aws:lambda:Function
    options:
      dependson:
        - ${lambdaLogs}
        - ${example}
  # This is to optionally manage the CloudWatch Log Group for the Lambda Function.
  # If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
  example:
    type: aws:cloudwatch:LogGroup
    properties:
      retentionInDays: 14
  # See also the following AWS managed policy: AWSLambdaBasicExecutionRole
  lambdaLogging:
    type: aws:iam:Policy
    properties:
      path: /
      description: IAM policy for logging from a lambda
      policy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Resource": "arn:aws:logs:*:*:*",
              "Effect": "Allow"
            }
          ]
        }        
  lambdaLogs:
    type: aws:iam:RolePolicyAttachment
    properties:
      role: ${aws_iam_role.iam_for_lambda.name}
      policyArn: ${lambdaLogging.arn}

Specifying the Deployment Package

AWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which runtime is in use. See Runtimes for the valid values of runtime. The expected structure of the deployment package can be found in the AWS Lambda documentation for each runtime.

Once you have created your deployment package you can specify it either directly as a local file (using the filename argument) or indirectly via Amazon S3 (using the s3_bucket, s3_key and s3_object_version arguments). When providing the deployment package via S3 it may be useful to use the aws.s3.BucketObjectv2 resource to upload it.

For larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.

Example Usage

Basic Example

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var iamForLambda = new Aws.Iam.Role("iamForLambda", new()
    {
        AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""lambda.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}
",
    });

    var testLambda = new Aws.Lambda.Function("testLambda", new()
    {
        Code = new FileArchive("lambda_function_payload.zip"),
        Role = iamForLambda.Arn,
        Handler = "index.test",
        Runtime = "nodejs16.x",
        Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs
        {
            Variables = 
            {
                { "foo", "bar" },
            },
        },
    });

});

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		iamForLambda, err := iam.NewRole(ctx, "iamForLambda", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.Any(fmt.Sprintf(`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`)),
		})
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "testLambda", &lambda.FunctionArgs{
			Code:    pulumi.NewFileArchive("lambda_function_payload.zip"),
			Role:    iamForLambda.Arn,
			Handler: pulumi.String("index.test"),
			Runtime: pulumi.String("nodejs16.x"),
			Environment: &lambda.FunctionEnvironmentArgs{
				Variables: pulumi.StringMap{
					"foo": pulumi.String("bar"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionEnvironmentArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var iamForLambda = new Role("iamForLambda", RoleArgs.builder()        
            .assumeRolePolicy("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
            """)
            .build());

        var testLambda = new Function("testLambda", FunctionArgs.builder()        
            .code(new FileArchive("lambda_function_payload.zip"))
            .role(iamForLambda.arn())
            .handler("index.test")
            .runtime("nodejs16.x")
            .environment(FunctionEnvironmentArgs.builder()
                .variables(Map.of("foo", "bar"))
                .build())
            .build());

    }
}

import pulumi
import pulumi_aws as aws

iam_for_lambda = aws.iam.Role("iamForLambda", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
""")
test_lambda = aws.lambda_.Function("testLambda",
    code=pulumi.FileArchive("lambda_function_payload.zip"),
    role=iam_for_lambda.arn,
    handler="index.test",
    runtime="nodejs16.x",
    environment=aws.lambda_.FunctionEnvironmentArgs(
        variables={
            "foo": "bar",
        },
    ))

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const iamForLambda = new aws.iam.Role("iamForLambda", {assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`});
const testLambda = new aws.lambda.Function("testLambda", {
    code: new pulumi.asset.FileArchive("lambda_function_payload.zip"),
    role: iamForLambda.arn,
    handler: "index.test",
    runtime: "nodejs16.x",
    environment: {
        variables: {
            foo: "bar",
        },
    },
});

resources:
  iamForLambda:
    type: aws:iam:Role
    properties:
      assumeRolePolicy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              },
              "Effect": "Allow",
              "Sid": ""
            }
          ]
        }        
  testLambda:
    type: aws:lambda:Function
    properties:
      # If the file is not in the current working directory you will need to include a
      #   # path.module in the filename.
      code:
        Fn::FileArchive: lambda_function_payload.zip
      role: ${iamForLambda.arn}
      handler: index.test
      runtime: nodejs16.x
      environment:
        variables:
          foo: bar

Lambda Layers

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var exampleLayerVersion = new Aws.Lambda.LayerVersion("exampleLayerVersion");

    // ... other configuration ...
    var exampleFunction = new Aws.Lambda.Function("exampleFunction", new()
    {
        Layers = new[]
        {
            exampleLayerVersion.Arn,
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleLayerVersion, err := lambda.NewLayerVersion(ctx, "exampleLayerVersion", nil)
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "exampleFunction", &lambda.FunctionArgs{
			Layers: pulumi.StringArray{
				exampleLayerVersion.Arn,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.LayerVersion;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleLayerVersion = new LayerVersion("exampleLayerVersion");

        var exampleFunction = new Function("exampleFunction", FunctionArgs.builder()        
            .layers(exampleLayerVersion.arn())
            .build());

    }
}

import pulumi
import pulumi_aws as aws

example_layer_version = aws.lambda_.LayerVersion("exampleLayerVersion")
# ... other configuration ...
example_function = aws.lambda_.Function("exampleFunction", layers=[example_layer_version.arn])

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleLayerVersion = new aws.lambda.LayerVersion("exampleLayerVersion", {});
// ... other configuration ...
const exampleFunction = new aws.lambda.Function("exampleFunction", {layers: [exampleLayerVersion.arn]});

resources:
  exampleLayerVersion:
    type: aws:lambda:LayerVersion
  exampleFunction:
    type: aws:lambda:Function
    properties:
      # ... other configuration ...
      layers:
        - ${exampleLayerVersion.arn}

Lambda Ephemeral Storage

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var iamForLambda = new Aws.Iam.Role("iamForLambda", new()
    {
        AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""lambda.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}
",
    });

    var testLambda = new Aws.Lambda.Function("testLambda", new()
    {
        Code = new FileArchive("lambda_function_payload.zip"),
        Role = iamForLambda.Arn,
        Handler = "index.test",
        Runtime = "nodejs14.x",
        EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs
        {
            Size = 10240,
        },
    });

});

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		iamForLambda, err := iam.NewRole(ctx, "iamForLambda", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.Any(fmt.Sprintf(`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`)),
		})
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "testLambda", &lambda.FunctionArgs{
			Code:    pulumi.NewFileArchive("lambda_function_payload.zip"),
			Role:    iamForLambda.Arn,
			Handler: pulumi.String("index.test"),
			Runtime: pulumi.String("nodejs14.x"),
			EphemeralStorage: &lambda.FunctionEphemeralStorageArgs{
				Size: pulumi.Int(10240),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionEphemeralStorageArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var iamForLambda = new Role("iamForLambda", RoleArgs.builder()        
            .assumeRolePolicy("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
            """)
            .build());

        var testLambda = new Function("testLambda", FunctionArgs.builder()        
            .code(new FileArchive("lambda_function_payload.zip"))
            .role(iamForLambda.arn())
            .handler("index.test")
            .runtime("nodejs14.x")
            .ephemeralStorage(FunctionEphemeralStorageArgs.builder()
                .size(10240)
                .build())
            .build());

    }
}

import pulumi
import pulumi_aws as aws

iam_for_lambda = aws.iam.Role("iamForLambda", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
""")
test_lambda = aws.lambda_.Function("testLambda",
    code=pulumi.FileArchive("lambda_function_payload.zip"),
    role=iam_for_lambda.arn,
    handler="index.test",
    runtime="nodejs14.x",
    ephemeral_storage=aws.lambda_.FunctionEphemeralStorageArgs(
        size=10240,
    ))

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const iamForLambda = new aws.iam.Role("iamForLambda", {assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`});
const testLambda = new aws.lambda.Function("testLambda", {
    code: new pulumi.asset.FileArchive("lambda_function_payload.zip"),
    role: iamForLambda.arn,
    handler: "index.test",
    runtime: "nodejs14.x",
    ephemeralStorage: {
        size: 10240,
    },
});

resources:
  iamForLambda:
    type: aws:iam:Role
    properties:
      assumeRolePolicy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              },
              "Effect": "Allow",
              "Sid": ""
            }
          ]
        }        
  testLambda:
    type: aws:lambda:Function
    properties:
      code:
        Fn::FileArchive: lambda_function_payload.zip
      role: ${iamForLambda.arn}
      handler: index.test
      runtime: nodejs14.x
      ephemeralStorage:
        size: 10240

Lambda File Systems

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    // EFS file system
    var efsForLambda = new Aws.Efs.FileSystem("efsForLambda", new()
    {
        Tags = 
        {
            { "Name", "efs_for_lambda" },
        },
    });

    // Mount target connects the file system to the subnet
    var alpha = new Aws.Efs.MountTarget("alpha", new()
    {
        FileSystemId = efsForLambda.Id,
        SubnetId = aws_subnet.Subnet_for_lambda.Id,
        SecurityGroups = new[]
        {
            aws_security_group.Sg_for_lambda.Id,
        },
    });

    // EFS access point used by lambda file system
    var accessPointForLambda = new Aws.Efs.AccessPoint("accessPointForLambda", new()
    {
        FileSystemId = efsForLambda.Id,
        RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs
        {
            Path = "/lambda",
            CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs
            {
                OwnerGid = 1000,
                OwnerUid = 1000,
                Permissions = "777",
            },
        },
        PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs
        {
            Gid = 1000,
            Uid = 1000,
        },
    });

    // A lambda function connected to an EFS file system
    // ... other configuration ...
    var example = new Aws.Lambda.Function("example", new()
    {
        FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs
        {
            Arn = accessPointForLambda.Arn,
            LocalMountPath = "/mnt/efs",
        },
        VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs
        {
            SubnetIds = new[]
            {
                aws_subnet.Subnet_for_lambda.Id,
            },
            SecurityGroupIds = new[]
            {
                aws_security_group.Sg_for_lambda.Id,
            },
        },
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            alpha,
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/efs"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		efsForLambda, err := efs.NewFileSystem(ctx, "efsForLambda", &efs.FileSystemArgs{
			Tags: pulumi.StringMap{
				"Name": pulumi.String("efs_for_lambda"),
			},
		})
		if err != nil {
			return err
		}
		alpha, err := efs.NewMountTarget(ctx, "alpha", &efs.MountTargetArgs{
			FileSystemId: efsForLambda.ID(),
			SubnetId:     pulumi.Any(aws_subnet.Subnet_for_lambda.Id),
			SecurityGroups: pulumi.StringArray{
				pulumi.Any(aws_security_group.Sg_for_lambda.Id),
			},
		})
		if err != nil {
			return err
		}
		accessPointForLambda, err := efs.NewAccessPoint(ctx, "accessPointForLambda", &efs.AccessPointArgs{
			FileSystemId: efsForLambda.ID(),
			RootDirectory: &efs.AccessPointRootDirectoryArgs{
				Path: pulumi.String("/lambda"),
				CreationInfo: &efs.AccessPointRootDirectoryCreationInfoArgs{
					OwnerGid:    pulumi.Int(1000),
					OwnerUid:    pulumi.Int(1000),
					Permissions: pulumi.String("777"),
				},
			},
			PosixUser: &efs.AccessPointPosixUserArgs{
				Gid: pulumi.Int(1000),
				Uid: pulumi.Int(1000),
			},
		})
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
			FileSystemConfig: &lambda.FunctionFileSystemConfigArgs{
				Arn:            accessPointForLambda.Arn,
				LocalMountPath: pulumi.String("/mnt/efs"),
			},
			VpcConfig: &lambda.FunctionVpcConfigArgs{
				SubnetIds: pulumi.StringArray{
					pulumi.Any(aws_subnet.Subnet_for_lambda.Id),
				},
				SecurityGroupIds: pulumi.StringArray{
					pulumi.Any(aws_security_group.Sg_for_lambda.Id),
				},
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			alpha,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.efs.FileSystem;
import com.pulumi.aws.efs.FileSystemArgs;
import com.pulumi.aws.efs.MountTarget;
import com.pulumi.aws.efs.MountTargetArgs;
import com.pulumi.aws.efs.AccessPoint;
import com.pulumi.aws.efs.AccessPointArgs;
import com.pulumi.aws.efs.inputs.AccessPointRootDirectoryArgs;
import com.pulumi.aws.efs.inputs.AccessPointRootDirectoryCreationInfoArgs;
import com.pulumi.aws.efs.inputs.AccessPointPosixUserArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionFileSystemConfigArgs;
import com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var efsForLambda = new FileSystem("efsForLambda", FileSystemArgs.builder()        
            .tags(Map.of("Name", "efs_for_lambda"))
            .build());

        var alpha = new MountTarget("alpha", MountTargetArgs.builder()        
            .fileSystemId(efsForLambda.id())
            .subnetId(aws_subnet.subnet_for_lambda().id())
            .securityGroups(aws_security_group.sg_for_lambda().id())
            .build());

        var accessPointForLambda = new AccessPoint("accessPointForLambda", AccessPointArgs.builder()        
            .fileSystemId(efsForLambda.id())
            .rootDirectory(AccessPointRootDirectoryArgs.builder()
                .path("/lambda")
                .creationInfo(AccessPointRootDirectoryCreationInfoArgs.builder()
                    .ownerGid(1000)
                    .ownerUid(1000)
                    .permissions("777")
                    .build())
                .build())
            .posixUser(AccessPointPosixUserArgs.builder()
                .gid(1000)
                .uid(1000)
                .build())
            .build());

        var example = new Function("example", FunctionArgs.builder()        
            .fileSystemConfig(FunctionFileSystemConfigArgs.builder()
                .arn(accessPointForLambda.arn())
                .localMountPath("/mnt/efs")
                .build())
            .vpcConfig(FunctionVpcConfigArgs.builder()
                .subnetIds(aws_subnet.subnet_for_lambda().id())
                .securityGroupIds(aws_security_group.sg_for_lambda().id())
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(alpha)
                .build());

    }
}

import pulumi
import pulumi_aws as aws

# EFS file system
efs_for_lambda = aws.efs.FileSystem("efsForLambda", tags={
    "Name": "efs_for_lambda",
})
# Mount target connects the file system to the subnet
alpha = aws.efs.MountTarget("alpha",
    file_system_id=efs_for_lambda.id,
    subnet_id=aws_subnet["subnet_for_lambda"]["id"],
    security_groups=[aws_security_group["sg_for_lambda"]["id"]])
# EFS access point used by lambda file system
access_point_for_lambda = aws.efs.AccessPoint("accessPointForLambda",
    file_system_id=efs_for_lambda.id,
    root_directory=aws.efs.AccessPointRootDirectoryArgs(
        path="/lambda",
        creation_info=aws.efs.AccessPointRootDirectoryCreationInfoArgs(
            owner_gid=1000,
            owner_uid=1000,
            permissions="777",
        ),
    ),
    posix_user=aws.efs.AccessPointPosixUserArgs(
        gid=1000,
        uid=1000,
    ))
# A lambda function connected to an EFS file system
# ... other configuration ...
example = aws.lambda_.Function("example",
    file_system_config=aws.lambda_.FunctionFileSystemConfigArgs(
        arn=access_point_for_lambda.arn,
        local_mount_path="/mnt/efs",
    ),
    vpc_config=aws.lambda_.FunctionVpcConfigArgs(
        subnet_ids=[aws_subnet["subnet_for_lambda"]["id"]],
        security_group_ids=[aws_security_group["sg_for_lambda"]["id"]],
    ),
    opts=pulumi.ResourceOptions(depends_on=[alpha]))

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// EFS file system
const efsForLambda = new aws.efs.FileSystem("efsForLambda", {tags: {
    Name: "efs_for_lambda",
}});
// Mount target connects the file system to the subnet
const alpha = new aws.efs.MountTarget("alpha", {
    fileSystemId: efsForLambda.id,
    subnetId: aws_subnet.subnet_for_lambda.id,
    securityGroups: [aws_security_group.sg_for_lambda.id],
});
// EFS access point used by lambda file system
const accessPointForLambda = new aws.efs.AccessPoint("accessPointForLambda", {
    fileSystemId: efsForLambda.id,
    rootDirectory: {
        path: "/lambda",
        creationInfo: {
            ownerGid: 1000,
            ownerUid: 1000,
            permissions: "777",
        },
    },
    posixUser: {
        gid: 1000,
        uid: 1000,
    },
});
// A lambda function connected to an EFS file system
// ... other configuration ...
const example = new aws.lambda.Function("example", {
    fileSystemConfig: {
        arn: accessPointForLambda.arn,
        localMountPath: "/mnt/efs",
    },
    vpcConfig: {
        subnetIds: [aws_subnet.subnet_for_lambda.id],
        securityGroupIds: [aws_security_group.sg_for_lambda.id],
    },
}, {
    dependsOn: [alpha],
});

resources:
  # A lambda function connected to an EFS file system
  example:
    type: aws:lambda:Function
    properties:
      fileSystemConfig:
        arn: ${accessPointForLambda.arn}
        localMountPath: /mnt/efs
      vpcConfig:
        subnetIds:
          - ${aws_subnet.subnet_for_lambda.id}
        securityGroupIds:
          - ${aws_security_group.sg_for_lambda.id}
    options:
      dependson:
        - ${alpha}
  # EFS file system
  efsForLambda:
    type: aws:efs:FileSystem
    properties:
      tags:
        Name: efs_for_lambda
  # Mount target connects the file system to the subnet
  alpha:
    type: aws:efs:MountTarget
    properties:
      fileSystemId: ${efsForLambda.id}
      subnetId: ${aws_subnet.subnet_for_lambda.id}
      securityGroups:
        - ${aws_security_group.sg_for_lambda.id}
  # EFS access point used by lambda file system
  accessPointForLambda:
    type: aws:efs:AccessPoint
    properties:
      fileSystemId: ${efsForLambda.id}
      rootDirectory:
        path: /lambda
        creationInfo:
          ownerGid: 1000
          ownerUid: 1000
          permissions: 777
      posixUser:
        gid: 1000
        uid: 1000

Lambda retries

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var lambdaFunctionName = config.Get("lambdaFunctionName") ?? "lambda_function_name";
    // This is to optionally manage the CloudWatch Log Group for the Lambda Function.
    // If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
    var example = new Aws.CloudWatch.LogGroup("example", new()
    {
        RetentionInDays = 14,
    });

    // See also the following AWS managed policy: AWSLambdaBasicExecutionRole
    var lambdaLogging = new Aws.Iam.Policy("lambdaLogging", new()
    {
        Path = "/",
        Description = "IAM policy for logging from a lambda",
        PolicyDocument = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""logs:CreateLogGroup"",
        ""logs:CreateLogStream"",
        ""logs:PutLogEvents""
      ],
      ""Resource"": ""arn:aws:logs:*:*:*"",
      ""Effect"": ""Allow""
    }
  ]
}
",
    });

    var lambdaLogs = new Aws.Iam.RolePolicyAttachment("lambdaLogs", new()
    {
        Role = aws_iam_role.Iam_for_lambda.Name,
        PolicyArn = lambdaLogging.Arn,
    });

    var testLambda = new Aws.Lambda.Function("testLambda", new()
    {
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            lambdaLogs,
            example,
        },
    });

});

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cloudwatch"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		lambdaFunctionName := "lambda_function_name"
		if param := cfg.Get("lambdaFunctionName"); param != "" {
			lambdaFunctionName = param
		}
		example, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{
			RetentionInDays: pulumi.Int(14),
		})
		if err != nil {
			return err
		}
		lambdaLogging, err := iam.NewPolicy(ctx, "lambdaLogging", &iam.PolicyArgs{
			Path:        pulumi.String("/"),
			Description: pulumi.String("IAM policy for logging from a lambda"),
			Policy: pulumi.Any(fmt.Sprintf(`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
`)),
		})
		if err != nil {
			return err
		}
		lambdaLogs, err := iam.NewRolePolicyAttachment(ctx, "lambdaLogs", &iam.RolePolicyAttachmentArgs{
			Role:      pulumi.Any(aws_iam_role.Iam_for_lambda.Name),
			PolicyArn: lambdaLogging.Arn,
		})
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "testLambda", nil, pulumi.DependsOn([]pulumi.Resource{
			lambdaLogs,
			example,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var lambdaFunctionName = config.get("lambdaFunctionName").orElse("lambda_function_name");
        var example = new LogGroup("example", LogGroupArgs.builder()        
            .retentionInDays(14)
            .build());

        var lambdaLogging = new Policy("lambdaLogging", PolicyArgs.builder()        
            .path("/")
            .description("IAM policy for logging from a lambda")
            .policy("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
            """)
            .build());

        var lambdaLogs = new RolePolicyAttachment("lambdaLogs", RolePolicyAttachmentArgs.builder()        
            .role(aws_iam_role.iam_for_lambda().name())
            .policyArn(lambdaLogging.arn())
            .build());

        var testLambda = new Function("testLambda", FunctionArgs.Empty, CustomResourceOptions.builder()
            .dependsOn(            
                lambdaLogs,
                example)
            .build());

    }
}

import pulumi
import pulumi_aws as aws

config = pulumi.Config()
lambda_function_name = config.get("lambdaFunctionName")
if lambda_function_name is None:
    lambda_function_name = "lambda_function_name"
# This is to optionally manage the CloudWatch Log Group for the Lambda Function.
# If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
example = aws.cloudwatch.LogGroup("example", retention_in_days=14)
# See also the following AWS managed policy: AWSLambdaBasicExecutionRole
lambda_logging = aws.iam.Policy("lambdaLogging",
    path="/",
    description="IAM policy for logging from a lambda",
    policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
""")
lambda_logs = aws.iam.RolePolicyAttachment("lambdaLogs",
    role=aws_iam_role["iam_for_lambda"]["name"],
    policy_arn=lambda_logging.arn)
test_lambda = aws.lambda_.Function("testLambda", opts=pulumi.ResourceOptions(depends_on=[
        lambda_logs,
        example,
    ]))

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const lambdaFunctionName = config.get("lambdaFunctionName") || "lambda_function_name";
// This is to optionally manage the CloudWatch Log Group for the Lambda Function.
// If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
const example = new aws.cloudwatch.LogGroup("example", {retentionInDays: 14});
// See also the following AWS managed policy: AWSLambdaBasicExecutionRole
const lambdaLogging = new aws.iam.Policy("lambdaLogging", {
    path: "/",
    description: "IAM policy for logging from a lambda",
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
`,
});
const lambdaLogs = new aws.iam.RolePolicyAttachment("lambdaLogs", {
    role: aws_iam_role.iam_for_lambda.name,
    policyArn: lambdaLogging.arn,
});
const testLambda = new aws.lambda.Function("testLambda", {}, {
    dependsOn: [
        lambdaLogs,
        example,
    ],
});

configuration:
  lambdaFunctionName:
    type: string
    default: lambda_function_name
resources:
  testLambda:
    type: aws:lambda:Function
    options:
      dependson:
        - ${lambdaLogs}
        - ${example}
  # This is to optionally manage the CloudWatch Log Group for the Lambda Function.
  # If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
  example:
    type: aws:cloudwatch:LogGroup
    properties:
      retentionInDays: 14
  # See also the following AWS managed policy: AWSLambdaBasicExecutionRole
  lambdaLogging:
    type: aws:iam:Policy
    properties:
      path: /
      description: IAM policy for logging from a lambda
      policy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Resource": "arn:aws:logs:*:*:*",
              "Effect": "Allow"
            }
          ]
        }        
  lambdaLogs:
    type: aws:iam:RolePolicyAttachment
    properties:
      role: ${aws_iam_role.iam_for_lambda.name}
      policyArn: ${lambdaLogging.arn}

Create Function Resource

new Function(name: string, args: FunctionArgs, opts?: CustomResourceOptions);

@overload
def Function(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             architectures: Optional[Sequence[str]] = None,
             code: Optional[pulumi.Archive] = None,
             code_signing_config_arn: Optional[str] = None,
             dead_letter_config: Optional[_lambda_.FunctionDeadLetterConfigArgs] = None,
             description: Optional[str] = None,
             environment: Optional[_lambda_.FunctionEnvironmentArgs] = None,
             ephemeral_storage: Optional[_lambda_.FunctionEphemeralStorageArgs] = None,
             file_system_config: Optional[_lambda_.FunctionFileSystemConfigArgs] = None,
             handler: Optional[str] = None,
             image_config: Optional[_lambda_.FunctionImageConfigArgs] = None,
             image_uri: Optional[str] = None,
             kms_key_arn: Optional[str] = None,
             layers: Optional[Sequence[str]] = None,
             memory_size: Optional[int] = None,
             name: Optional[str] = None,
             package_type: Optional[str] = None,
             publish: Optional[bool] = None,
             reserved_concurrent_executions: Optional[int] = None,
             role: Optional[str] = None,
             runtime: Optional[Union[str, _lambda_.Runtime]] = None,
             s3_bucket: Optional[str] = None,
             s3_key: Optional[str] = None,
             s3_object_version: Optional[str] = None,
             source_code_hash: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None,
             timeout: Optional[int] = None,
             tracing_config: Optional[_lambda_.FunctionTracingConfigArgs] = None,
             vpc_config: Optional[_lambda_.FunctionVpcConfigArgs] = None)
@overload
def Function(resource_name: str,
             args: FunctionArgs,
             opts: Optional[ResourceOptions] = None)

func NewFunction(ctx *Context, name string, args FunctionArgs, opts ...ResourceOption) (*Function, error)

public Function(string name, FunctionArgs args, CustomResourceOptions? opts = null)

public Function(String name, FunctionArgs args)
public Function(String name, FunctionArgs args, CustomResourceOptions options)

type: aws:lambda:Function
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Function Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Function resource accepts the following input properties:

Role string: Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
Architectures List<string>: Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.
Code Archive: Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
CodeSigningConfigArn string: To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
DeadLetterConfig FunctionDeadLetterConfigArgs: Configuration block. Detailed below.
Description string: Description of what your Lambda Function does.
Environment FunctionEnvironmentArgs: Configuration block. Detailed below.
EphemeralStorage FunctionEphemeralStorageArgs: The amount of Ephemeral storage(/tmp) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of 512MB. Detailed below.
FileSystemConfig FunctionFileSystemConfigArgs: Configuration block. Detailed below.
Handler string: Function entrypoint in your code.
ImageConfig FunctionImageConfigArgs: Configuration block. Detailed below.
ImageUri string: ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
KmsKeyArn string: Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
Layers List<string>: List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
MemorySize int: Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
Name string: Unique name for your Lambda Function.
PackageType string: Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
Publish bool: Whether to publish creation/change as new Lambda Function Version. Defaults to false.
ReservedConcurrentExecutions int: Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
Runtime string | Pulumi.Aws.Lambda.Runtime: Identifier of the function's runtime. See Runtimes for valid values.
S3Bucket string: S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
S3Key string: S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.
S3ObjectVersion string: Object version containing the function's deployment package. Conflicts with filename and image_uri.
SourceCodeHash string: Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.
Tags Dictionary<string, string>: Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Timeout int: Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
TracingConfig FunctionTracingConfigArgs: Configuration block. Detailed below.
VpcConfig FunctionVpcConfigArgs: Configuration block. Detailed below.

Role string: Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
Architectures []string: Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.
Code pulumi.Archive: Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
CodeSigningConfigArn string: To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
DeadLetterConfig FunctionDeadLetterConfigArgs: Configuration block. Detailed below.
Description string: Description of what your Lambda Function does.
Environment FunctionEnvironmentArgs: Configuration block. Detailed below.
EphemeralStorage FunctionEphemeralStorageArgs: The amount of Ephemeral storage(/tmp) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of 512MB. Detailed below.
FileSystemConfig FunctionFileSystemConfigArgs: Configuration block. Detailed below.
Handler string: Function entrypoint in your code.
ImageConfig FunctionImageConfigArgs: Configuration block. Detailed below.
ImageUri string: ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
KmsKeyArn string: Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
Layers []string: List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
MemorySize int: Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
Name string: Unique name for your Lambda Function.
PackageType string: Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
Publish bool: Whether to publish creation/change as new Lambda Function Version. Defaults to false.
ReservedConcurrentExecutions int: Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
Runtime string | Runtime: Identifier of the function's runtime. See Runtimes for valid values.
S3Bucket string: S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
S3Key string: S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.
S3ObjectVersion string: Object version containing the function's deployment package. Conflicts with filename and image_uri.
SourceCodeHash string: Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.
Tags map[string]string: Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Timeout int: Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
TracingConfig FunctionTracingConfigArgs: Configuration block. Detailed below.
VpcConfig FunctionVpcConfigArgs: Configuration block. Detailed below.

role String: Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
architectures List<String>: Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.
code Archive: Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
codeSigningConfigArn String: To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
deadLetterConfig FunctionDeadLetterConfigArgs: Configuration block. Detailed below.
description String: Description of what your Lambda Function does.
environment FunctionEnvironmentArgs: Configuration block. Detailed below.
ephemeralStorage FunctionEphemeralStorageArgs: The amount of Ephemeral storage(/tmp) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of 512MB. Detailed below.
fileSystemConfig FunctionFileSystemConfigArgs: Configuration block. Detailed below.
handler String: Function entrypoint in your code.
imageConfig FunctionImageConfigArgs: Configuration block. Detailed below.
imageUri String: ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
kmsKeyArn String: Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
layers List<String>: List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
memorySize Integer: Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
name String: Unique name for your Lambda Function.
packageType String: Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
publish Boolean: Whether to publish creation/change as new Lambda Function Version. Defaults to false.
reservedConcurrentExecutions Integer: Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
runtime String | Runtime: Identifier of the function's runtime. See Runtimes for valid values.
s3Bucket String: S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
s3Key String: S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.
s3ObjectVersion String: Object version containing the function's deployment package. Conflicts with filename and image_uri.
sourceCodeHash String: Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.
tags Map<String,String>: Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
timeout Integer: Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
tracingConfig FunctionTracingConfigArgs: Configuration block. Detailed below.
vpcConfig FunctionVpcConfigArgs: Configuration block. Detailed below.

role ARN: Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
architectures string[]: Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.
code pulumi.asset.Archive: Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
codeSigningConfigArn string: To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
deadLetterConfig FunctionDeadLetterConfigArgs: Configuration block. Detailed below.
description string: Description of what your Lambda Function does.
environment FunctionEnvironmentArgs: Configuration block. Detailed below.
ephemeralStorage FunctionEphemeralStorageArgs: The amount of Ephemeral storage(/tmp) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of 512MB. Detailed below.
fileSystemConfig FunctionFileSystemConfigArgs: Configuration block. Detailed below.
handler string: Function entrypoint in your code.
imageConfig FunctionImageConfigArgs: Configuration block. Detailed below.
imageUri string: ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
kmsKeyArn string: Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
layers string[]: List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
memorySize number: Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
name string: Unique name for your Lambda Function.
packageType string: Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
publish boolean: Whether to publish creation/change as new Lambda Function Version. Defaults to false.
reservedConcurrentExecutions number: Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
runtime string | Runtime: Identifier of the function's runtime. See Runtimes for valid values.
s3Bucket string: S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
s3Key string: S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.
s3ObjectVersion string: Object version containing the function's deployment package. Conflicts with filename and image_uri.
sourceCodeHash string: Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.
tags {[key: string]: string}: Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
timeout number: Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
tracingConfig FunctionTracingConfigArgs: Configuration block. Detailed below.
vpcConfig FunctionVpcConfigArgs: Configuration block. Detailed below.

role str: Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
architectures Sequence[str]: Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.
code pulumi.Archive: Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
code_signing_config_arn str: To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
dead_letter_config FunctionDeadLetterConfigArgs: Configuration block. Detailed below.
description str: Description of what your Lambda Function does.
environment FunctionEnvironmentArgs: Configuration block. Detailed below.
ephemeral_storage FunctionEphemeralStorageArgs: The amount of Ephemeral storage(/tmp) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of 512MB. Detailed below.
file_system_config FunctionFileSystemConfigArgs: Configuration block. Detailed below.
handler str: Function entrypoint in your code.
image_config FunctionImageConfigArgs: Configuration block. Detailed below.
image_uri str: ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
kms_key_arn str: Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
layers Sequence[str]: List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
memory_size int: Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
name str: Unique name for your Lambda Function.
package_type str: Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
publish bool: Whether to publish creation/change as new Lambda Function Version. Defaults to false.
reserved_concurrent_executions int: Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
runtime str | Runtime: Identifier of the function's runtime. See Runtimes for valid values.
s3_bucket str: S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
s3_key str: S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.
s3_object_version str: Object version containing the function's deployment package. Conflicts with filename and image_uri.
source_code_hash str: Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.
tags Mapping[str, str]: Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
timeout int: Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
tracing_config FunctionTracingConfigArgs: Configuration block. Detailed below.
vpc_config FunctionVpcConfigArgs: Configuration block. Detailed below.

role: Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
architectures List<String>: Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.
code Archive: Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
codeSigningConfigArn String: To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
deadLetterConfig Property Map: Configuration block. Detailed below.
description String: Description of what your Lambda Function does.
environment Property Map: Configuration block. Detailed below.
ephemeralStorage Property Map: The amount of Ephemeral storage(/tmp) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of 512MB. Detailed below.
fileSystemConfig Property Map: Configuration block. Detailed below.
handler String: Function entrypoint in your code.
imageConfig Property Map: Configuration block. Detailed below.
imageUri String: ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
kmsKeyArn String: Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
layers List<String>: List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
memorySize Number: Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
name String: Unique name for your Lambda Function.
packageType String: Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
publish Boolean: Whether to publish creation/change as new Lambda Function Version. Defaults to false.
reservedConcurrentExecutions Number: Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
runtime String | "dotnetcore2.1" | "dotnetcore3.1" | "dotnet6" | "go1.x" | "java8" | "java8.al2" | "java11" | "ruby2.5" | "ruby2.7" | "nodejs10.x" | "nodejs12.x" | "nodejs14.x" | "nodejs16.x" | "python2.7" | "python3.6" | "python3.7" | "python3.8" | "python3.9" | "provided" | "provided.al2": Identifier of the function's runtime. See Runtimes for valid values.
s3Bucket String: S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
s3Key String: S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.
s3ObjectVersion String: Object version containing the function's deployment package. Conflicts with filename and image_uri.
sourceCodeHash String: Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.
tags Map<String>: Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
timeout Number: Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
tracingConfig Property Map: Configuration block. Detailed below.
vpcConfig Property Map: Configuration block. Detailed below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Function resource produces the following output properties:

Arn string

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

Id string

The provider-assigned unique ID for this managed resource.

InvokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

LastModified string

Date this resource was last modified.

QualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

QualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

SigningJobArn string

ARN of the signing job.

SigningProfileVersionArn string

ARN of the signing profile version.

SourceCodeSize int

Size in bytes of the function .zip file.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Version string

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

Arn string

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

Id string

The provider-assigned unique ID for this managed resource.

InvokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

LastModified string

Date this resource was last modified.

QualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

QualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

SigningJobArn string

ARN of the signing job.

SigningProfileVersionArn string

ARN of the signing profile version.

SourceCodeSize int

Size in bytes of the function .zip file.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Version string

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

arn String

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

id String

The provider-assigned unique ID for this managed resource.

invokeArn String

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

lastModified String

Date this resource was last modified.

qualifiedArn String

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn String

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

signingJobArn String

ARN of the signing job.

signingProfileVersionArn String

ARN of the signing profile version.

sourceCodeSize Integer

Size in bytes of the function .zip file.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

version String

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

arn string

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

id string

The provider-assigned unique ID for this managed resource.

invokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

lastModified string

Date this resource was last modified.

qualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

signingJobArn string

ARN of the signing job.

signingProfileVersionArn string

ARN of the signing profile version.

sourceCodeSize number

Size in bytes of the function .zip file.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

version string

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

arn str

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

id str

The provider-assigned unique ID for this managed resource.

invoke_arn str

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

last_modified str

Date this resource was last modified.

qualified_arn str

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualified_invoke_arn str

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

signing_job_arn str

ARN of the signing job.

signing_profile_version_arn str

ARN of the signing profile version.

source_code_size int

Size in bytes of the function .zip file.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

version str

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

arn String

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

id String

The provider-assigned unique ID for this managed resource.

invokeArn String

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

lastModified String

Date this resource was last modified.

qualifiedArn String

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn String

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

signingJobArn String

ARN of the signing job.

signingProfileVersionArn String

ARN of the signing profile version.

sourceCodeSize Number

Size in bytes of the function .zip file.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

version String

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

Look up Existing Function Resource

Get an existing Function resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FunctionState, opts?: CustomResourceOptions): Function

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        architectures: Optional[Sequence[str]] = None,
        arn: Optional[str] = None,
        code: Optional[pulumi.Archive] = None,
        code_signing_config_arn: Optional[str] = None,
        dead_letter_config: Optional[_lambda_.FunctionDeadLetterConfigArgs] = None,
        description: Optional[str] = None,
        environment: Optional[_lambda_.FunctionEnvironmentArgs] = None,
        ephemeral_storage: Optional[_lambda_.FunctionEphemeralStorageArgs] = None,
        file_system_config: Optional[_lambda_.FunctionFileSystemConfigArgs] = None,
        handler: Optional[str] = None,
        image_config: Optional[_lambda_.FunctionImageConfigArgs] = None,
        image_uri: Optional[str] = None,
        invoke_arn: Optional[str] = None,
        kms_key_arn: Optional[str] = None,
        last_modified: Optional[str] = None,
        layers: Optional[Sequence[str]] = None,
        memory_size: Optional[int] = None,
        name: Optional[str] = None,
        package_type: Optional[str] = None,
        publish: Optional[bool] = None,
        qualified_arn: Optional[str] = None,
        qualified_invoke_arn: Optional[str] = None,
        reserved_concurrent_executions: Optional[int] = None,
        role: Optional[str] = None,
        runtime: Optional[Union[str, _lambda_.Runtime]] = None,
        s3_bucket: Optional[str] = None,
        s3_key: Optional[str] = None,
        s3_object_version: Optional[str] = None,
        signing_job_arn: Optional[str] = None,
        signing_profile_version_arn: Optional[str] = None,
        source_code_hash: Optional[str] = None,
        source_code_size: Optional[int] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        timeout: Optional[int] = None,
        tracing_config: Optional[_lambda_.FunctionTracingConfigArgs] = None,
        version: Optional[str] = None,
        vpc_config: Optional[_lambda_.FunctionVpcConfigArgs] = None) -> Function

func GetFunction(ctx *Context, name string, id IDInput, state *FunctionState, opts ...ResourceOption) (*Function, error)

public static Function Get(string name, Input<string> id, FunctionState? state, CustomResourceOptions? opts = null)

public static Function get(String name, Output<String> id, FunctionState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Architectures List<string>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

Arn string

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

Code Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.

CodeSigningConfigArn string

To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.

DeadLetterConfig FunctionDeadLetterConfigArgs

Configuration block. Detailed below.

Description string

Description of what your Lambda Function does.

Environment FunctionEnvironmentArgs

Configuration block. Detailed below.

EphemeralStorage FunctionEphemeralStorageArgs

The amount of Ephemeral storage(/tmp) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of 512MB. Detailed below.

FileSystemConfig FunctionFileSystemConfigArgs

Configuration block. Detailed below.

Handler string

Function entrypoint in your code.

ImageConfig FunctionImageConfigArgs

Configuration block. Detailed below.

ImageUri string

ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.

InvokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

KmsKeyArn string

Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.

LastModified string

Date this resource was last modified.

Layers List<string>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

MemorySize int

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

Name string

Unique name for your Lambda Function.

PackageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

Publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

QualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

QualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

ReservedConcurrentExecutions int

Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency

Role string

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

Runtime string | Pulumi.Aws.Lambda.Runtime

Identifier of the function's runtime. See Runtimes for valid values.

S3Bucket string

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.

S3Key string

S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.

S3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

SigningJobArn string

ARN of the signing job.

SigningProfileVersionArn string

ARN of the signing profile version.

SourceCodeHash string

Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

SourceCodeSize int

Size in bytes of the function .zip file.

Tags Dictionary<string, string>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

TracingConfig FunctionTracingConfigArgs

Configuration block. Detailed below.

Version string

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

VpcConfig FunctionVpcConfigArgs

Configuration block. Detailed below.

Architectures []string

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

Arn string

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

Code pulumi.Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.

CodeSigningConfigArn string

DeadLetterConfig FunctionDeadLetterConfigArgs

Configuration block. Detailed below.

Description string

Description of what your Lambda Function does.

Environment FunctionEnvironmentArgs

Configuration block. Detailed below.

EphemeralStorage FunctionEphemeralStorageArgs

FileSystemConfig FunctionFileSystemConfigArgs

Configuration block. Detailed below.

Handler string

Function entrypoint in your code.

ImageConfig FunctionImageConfigArgs

Configuration block. Detailed below.

ImageUri string

ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.

InvokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

KmsKeyArn string

LastModified string

Date this resource was last modified.

Layers []string

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

MemorySize int

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

Name string

Unique name for your Lambda Function.

PackageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

Publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

QualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

QualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

ReservedConcurrentExecutions int

Role string

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

Runtime string | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

S3Bucket string

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.

S3Key string

S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.

S3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

SigningJobArn string

ARN of the signing job.

SigningProfileVersionArn string

ARN of the signing profile version.

SourceCodeHash string

Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

SourceCodeSize int

Size in bytes of the function .zip file.

Tags map[string]string

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

TracingConfig FunctionTracingConfigArgs

Configuration block. Detailed below.

Version string

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

VpcConfig FunctionVpcConfigArgs

Configuration block. Detailed below.

architectures List<String>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

arn String

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

code Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.

codeSigningConfigArn String

deadLetterConfig FunctionDeadLetterConfigArgs

Configuration block. Detailed below.

description String

Description of what your Lambda Function does.

environment FunctionEnvironmentArgs

Configuration block. Detailed below.

ephemeralStorage FunctionEphemeralStorageArgs

fileSystemConfig FunctionFileSystemConfigArgs

Configuration block. Detailed below.

handler String

Function entrypoint in your code.

imageConfig FunctionImageConfigArgs

Configuration block. Detailed below.

imageUri String

ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.

invokeArn String

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kmsKeyArn String

lastModified String

Date this resource was last modified.

layers List<String>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

memorySize Integer

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name String

Unique name for your Lambda Function.

packageType String

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish Boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualifiedArn String

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn String

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

reservedConcurrentExecutions Integer

role String

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

runtime String | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

s3Bucket String

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.

s3Key String

S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.

s3ObjectVersion String

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signingJobArn String

ARN of the signing job.

signingProfileVersionArn String

ARN of the signing profile version.

sourceCodeHash String

Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

sourceCodeSize Integer

Size in bytes of the function .zip file.

tags Map<String,String>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

timeout Integer

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracingConfig FunctionTracingConfigArgs

Configuration block. Detailed below.

version String

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

vpcConfig FunctionVpcConfigArgs

Configuration block. Detailed below.

architectures string[]

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

arn string

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

code pulumi.asset.Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.

codeSigningConfigArn string

deadLetterConfig FunctionDeadLetterConfigArgs

Configuration block. Detailed below.

description string

Description of what your Lambda Function does.

environment FunctionEnvironmentArgs

Configuration block. Detailed below.

ephemeralStorage FunctionEphemeralStorageArgs

fileSystemConfig FunctionFileSystemConfigArgs

Configuration block. Detailed below.

handler string

Function entrypoint in your code.

imageConfig FunctionImageConfigArgs

Configuration block. Detailed below.

imageUri string

ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.

invokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kmsKeyArn string

lastModified string

Date this resource was last modified.

layers string[]

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

memorySize number

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name string

Unique name for your Lambda Function.

packageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

reservedConcurrentExecutions number

role ARN

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

runtime string | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

s3Bucket string

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.

s3Key string

S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.

s3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signingJobArn string

ARN of the signing job.

signingProfileVersionArn string

ARN of the signing profile version.

sourceCodeHash string

Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

sourceCodeSize number

Size in bytes of the function .zip file.

tags {[key: string]: string}

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

timeout number

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracingConfig FunctionTracingConfigArgs

Configuration block. Detailed below.

version string

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

vpcConfig FunctionVpcConfigArgs

Configuration block. Detailed below.

architectures Sequence[str]

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

arn str

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

code pulumi.Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.

code_signing_config_arn str

dead_letter_config FunctionDeadLetterConfigArgs

Configuration block. Detailed below.

description str

Description of what your Lambda Function does.

environment FunctionEnvironmentArgs

Configuration block. Detailed below.

ephemeral_storage FunctionEphemeralStorageArgs

file_system_config FunctionFileSystemConfigArgs

Configuration block. Detailed below.

handler str

Function entrypoint in your code.

image_config FunctionImageConfigArgs

Configuration block. Detailed below.

image_uri str

ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.

invoke_arn str

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kms_key_arn str

last_modified str

Date this resource was last modified.

layers Sequence[str]

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

memory_size int

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name str

Unique name for your Lambda Function.

package_type str

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualified_arn str

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualified_invoke_arn str

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

reserved_concurrent_executions int

role str

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

runtime str | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

s3_bucket str

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.

s3_key str

S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.

s3_object_version str

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signing_job_arn str

ARN of the signing job.

signing_profile_version_arn str

ARN of the signing profile version.

source_code_hash str

Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

source_code_size int

Size in bytes of the function .zip file.

tags Mapping[str, str]

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracing_config FunctionTracingConfigArgs

Configuration block. Detailed below.

version str

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

vpc_config FunctionVpcConfigArgs

Configuration block. Detailed below.

architectures List<String>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

arn String

Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.

code Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.

codeSigningConfigArn String

deadLetterConfig Property Map

Configuration block. Detailed below.

description String

Description of what your Lambda Function does.

environment Property Map

Configuration block. Detailed below.

ephemeralStorage Property Map

fileSystemConfig Property Map

Configuration block. Detailed below.

handler String

Function entrypoint in your code.

imageConfig Property Map

Configuration block. Detailed below.

imageUri String

ECR image URI containing the function's deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.

invokeArn String

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kmsKeyArn String

lastModified String

Date this resource was last modified.

layers List<String>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

memorySize Number

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name String

Unique name for your Lambda Function.

packageType String

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish Boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualifiedArn String

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn String

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

reservedConcurrentExecutions Number

role

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

Identifier of the function's runtime. See Runtimes for valid values.

s3Bucket String

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.

s3Key String

S3 key of an object containing the function's deployment package. Conflicts with filename and image_uri.

s3ObjectVersion String

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signingJobArn String

ARN of the signing job.

signingProfileVersionArn String

ARN of the signing profile version.

sourceCodeHash String

Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

sourceCodeSize Number

Size in bytes of the function .zip file.

tags Map<String>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

timeout Number

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracingConfig Property Map

Configuration block. Detailed below.

version String

Latest published version of your Lambda Function.

vpc_config.vpc_id - ID of the VPC.

vpcConfig Property Map

Configuration block. Detailed below.

Supporting Types

FunctionDeadLetterConfig

TargetArn string: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

TargetArn string: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

targetArn String: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

targetArn string: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

target_arn str: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

targetArn String: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

FunctionEnvironment

Variables Dictionary<string, string>: Map of environment variables that are accessible from the function code during execution.

Variables map[string]string: Map of environment variables that are accessible from the function code during execution.

variables Map<String,String>: Map of environment variables that are accessible from the function code during execution.

variables {[key: string]: string}: Map of environment variables that are accessible from the function code during execution.

variables Mapping[str, str]: Map of environment variables that are accessible from the function code during execution.

variables Map<String>: Map of environment variables that are accessible from the function code during execution.

FunctionEphemeralStorage

Size int: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

Size int: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

size Integer: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

size number: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

size int: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

size Number: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

FunctionFileSystemConfig

Arn string: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
LocalMountPath string: Path where the function can access the file system, starting with /mnt/.

Arn string: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
LocalMountPath string: Path where the function can access the file system, starting with /mnt/.

arn String: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
localMountPath String: Path where the function can access the file system, starting with /mnt/.

arn string: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
localMountPath string: Path where the function can access the file system, starting with /mnt/.

arn str: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
local_mount_path str: Path where the function can access the file system, starting with /mnt/.

arn String: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
localMountPath String: Path where the function can access the file system, starting with /mnt/.

FunctionImageConfig

Commands List<string>: Parameters that you want to pass in with entry_point.
EntryPoints List<string>: Entry point to your application, which is typically the location of the runtime executable.
WorkingDirectory string: Working directory.

Commands []string: Parameters that you want to pass in with entry_point.
EntryPoints []string: Entry point to your application, which is typically the location of the runtime executable.
WorkingDirectory string: Working directory.

commands List<String>: Parameters that you want to pass in with entry_point.
entryPoints List<String>: Entry point to your application, which is typically the location of the runtime executable.
workingDirectory String: Working directory.

commands string[]: Parameters that you want to pass in with entry_point.
entryPoints string[]: Entry point to your application, which is typically the location of the runtime executable.
workingDirectory string: Working directory.

commands Sequence[str]: Parameters that you want to pass in with entry_point.
entry_points Sequence[str]: Entry point to your application, which is typically the location of the runtime executable.
working_directory str: Working directory.

commands List<String>: Parameters that you want to pass in with entry_point.
entryPoints List<String>: Entry point to your application, which is typically the location of the runtime executable.
workingDirectory String: Working directory.

FunctionTracingConfig

Mode string: Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

Mode string: Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

mode String: Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

mode string: Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

mode str: Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

mode String: Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

FunctionVpcConfig

SecurityGroupIds List<string>: List of security group IDs associated with the Lambda function.
SubnetIds List<string>: List of subnet IDs associated with the Lambda function.
VpcId string

SecurityGroupIds []string: List of security group IDs associated with the Lambda function.
SubnetIds []string: List of subnet IDs associated with the Lambda function.
VpcId string

securityGroupIds List<String>: List of security group IDs associated with the Lambda function.
subnetIds List<String>: List of subnet IDs associated with the Lambda function.
vpcId String

securityGroupIds string[]: List of security group IDs associated with the Lambda function.
subnetIds string[]: List of subnet IDs associated with the Lambda function.
vpcId string

security_group_ids Sequence[str]: List of security group IDs associated with the Lambda function.
subnet_ids Sequence[str]: List of subnet IDs associated with the Lambda function.
vpc_id str

securityGroupIds List<String>: List of security group IDs associated with the Lambda function.
subnetIds List<String>: List of subnet IDs associated with the Lambda function.
vpcId String

Runtime

DotnetCore2d1

dotnetcore2.1

Deprecated:

This runtime is now deprecated

DotnetCore3d1

dotnetcore3.1

Dotnet6

dotnet6

Go1dx

go1.x

Java8

java8

Java8AL2

java8.al2

Java11

java11

Ruby2d5

ruby2.5

Deprecated:

This runtime is now deprecated

Ruby2d7

ruby2.7

NodeJS10dX

nodejs10.x

Deprecated:

This runtime is now deprecated

NodeJS12dX

nodejs12.x

NodeJS14dX

nodejs14.x

NodeJS16dX

nodejs16.x

Python2d7

python2.7

Deprecated:

This runtime is now deprecated

Python3d6

python3.6

Python3d7

python3.7

Python3d8

python3.8

Python3d9

python3.9

Custom

provided

CustomAL2

provided.al2

RuntimeDotnetCore2d1

dotnetcore2.1

Deprecated:

This runtime is now deprecated

RuntimeDotnetCore3d1

dotnetcore3.1

RuntimeDotnet6

dotnet6

RuntimeGo1dx

go1.x

RuntimeJava8

java8

RuntimeJava8AL2

java8.al2

RuntimeJava11

java11

RuntimeRuby2d5

ruby2.5

Deprecated:

This runtime is now deprecated

RuntimeRuby2d7

ruby2.7

RuntimeNodeJS10dX

nodejs10.x

Deprecated:

This runtime is now deprecated

RuntimeNodeJS12dX

nodejs12.x

RuntimeNodeJS14dX

nodejs14.x

RuntimeNodeJS16dX

nodejs16.x

RuntimePython2d7

python2.7

Deprecated:

This runtime is now deprecated

RuntimePython3d6

python3.6

RuntimePython3d7

python3.7

RuntimePython3d8

python3.8

RuntimePython3d9

python3.9

RuntimeCustom

provided

RuntimeCustomAL2

provided.al2

DotnetCore2d1

dotnetcore2.1

Deprecated:

This runtime is now deprecated

DotnetCore3d1

dotnetcore3.1

Dotnet6

dotnet6

Go1dx

go1.x

Java8

java8

Java8AL2

java8.al2

Java11

java11

Ruby2d5

ruby2.5

Deprecated:

This runtime is now deprecated

Ruby2d7

ruby2.7

NodeJS10dX

nodejs10.x

Deprecated:

This runtime is now deprecated

NodeJS12dX

nodejs12.x

NodeJS14dX

nodejs14.x

NodeJS16dX

nodejs16.x

Python2d7

python2.7

Deprecated:

This runtime is now deprecated

Python3d6

python3.6

Python3d7

python3.7

Python3d8

python3.8

Python3d9

python3.9

Custom

provided

CustomAL2

provided.al2

DotnetCore2d1

dotnetcore2.1

Deprecated:

This runtime is now deprecated

DotnetCore3d1

dotnetcore3.1

Dotnet6

dotnet6

Go1dx

go1.x

Java8

java8

Java8AL2

java8.al2

Java11

java11

Ruby2d5

ruby2.5

Deprecated:

This runtime is now deprecated

Ruby2d7

ruby2.7

NodeJS10dX

nodejs10.x

Deprecated:

This runtime is now deprecated

NodeJS12dX

nodejs12.x

NodeJS14dX

nodejs14.x

NodeJS16dX

nodejs16.x

Python2d7

python2.7

Deprecated:

This runtime is now deprecated

Python3d6

python3.6

Python3d7

python3.7

Python3d8

python3.8

Python3d9

python3.9

Custom

provided

CustomAL2

provided.al2

DOTNET_CORE2D1

dotnetcore2.1

Deprecated:

This runtime is now deprecated

DOTNET_CORE3D1

dotnetcore3.1

DOTNET6

dotnet6

GO1DX

go1.x

JAVA8

java8

JAVA8_AL2

java8.al2

JAVA11

java11

RUBY2D5

ruby2.5

Deprecated:

This runtime is now deprecated

RUBY2D7

ruby2.7

NODE_JS10D_X

nodejs10.x

Deprecated:

This runtime is now deprecated

NODE_JS12D_X

nodejs12.x

NODE_JS14D_X

nodejs14.x

NODE_JS16D_X

nodejs16.x

PYTHON2D7

python2.7

Deprecated:

This runtime is now deprecated

PYTHON3D6

python3.6

PYTHON3D7

python3.7

PYTHON3D8

python3.8

PYTHON3D9

python3.9

CUSTOM

provided

CUSTOM_AL2

provided.al2

"dotnetcore2.1"

dotnetcore2.1

Deprecated:

This runtime is now deprecated

"dotnetcore3.1"

dotnetcore3.1

"dotnet6"

dotnet6

"go1.x"

go1.x

"java8"

java8

"java8.al2"

java8.al2

"java11"

java11

"ruby2.5"

ruby2.5

Deprecated:

This runtime is now deprecated

"ruby2.7"

ruby2.7

"nodejs10.x"

nodejs10.x

Deprecated:

This runtime is now deprecated

"nodejs12.x"

nodejs12.x

"nodejs14.x"

nodejs14.x

"nodejs16.x"

nodejs16.x

"python2.7"

python2.7

Deprecated:

This runtime is now deprecated

"python3.6"

python3.6

"python3.7"

python3.7

"python3.8"

python3.8

"python3.9"

python3.9

"provided"

provided

"provided.al2"

provided.al2

Import

Lambda Functions can be imported using the function_name, e.g.,

 $ pulumi import aws:lambda/function:Function test_lambda my_test_lambda_function

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS Classic

Function

CloudWatch Logging and Permissions

Specifying the Deployment Package

Example Usage

Basic Example

Lambda Layers

Lambda Ephemeral Storage

Lambda File Systems

Lambda retries

Create Function Resource

Function Resource Properties

Inputs

Outputs

Look up Existing Function Resource

Supporting Types

FunctionDeadLetterConfig

FunctionEnvironment

FunctionEphemeralStorage

FunctionFileSystemConfig

FunctionImageConfig

FunctionTracingConfig

FunctionVpcConfig

Runtime

Import

Package Details

Contents