AWS Classic

v4.30.0 published on Tuesday, Nov 30, 2021 by Pulumi

Function

Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration.

For information about Lambda and how to use it, see What is AWS Lambda?

To give an external source (like a CloudWatch Event Rule, SNS, or S3) permission to access the Lambda function, use the aws.lambda.Permission resource. See [Lambda ****Permission Model][4] for more details. On the other hand, the role argument of this resource is the function’s execution role for identity and access to AWS services and resources.

NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.

To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the aws.lambda.Permission resource. See Lambda Permission Model for more details. On the other hand, the role argument of this resource is the function’s execution role for identity and access to AWS services and resources.

Example Usage

Basic Example

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var iamForLambda = new Aws.Iam.Role("iamForLambda", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""lambda.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}
",
        });
        var testLambda = new Aws.Lambda.Function("testLambda", new Aws.Lambda.FunctionArgs
        {
            Code = new FileArchive("lambda_function_payload.zip"),
            Role = iamForLambda.Arn,
            Handler = "index.test",
            Runtime = "nodejs12.x",
            Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs
            {
                Variables = 
                {
                    { "foo", "bar" },
                },
            },
        });
    }

}

Coming soon!

import pulumi
import pulumi_aws as aws

iam_for_lambda = aws.iam.Role("iamForLambda", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
""")
test_lambda = aws.lambda_.Function("testLambda",
    code=pulumi.FileArchive("lambda_function_payload.zip"),
    role=iam_for_lambda.arn,
    handler="index.test",
    runtime="nodejs12.x",
    environment=aws.lambda..FunctionEnvironmentArgs(
        variables={
            "foo": "bar",
        },
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const iamForLambda = new aws.iam.Role("iamForLambda", {assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`});
const testLambda = new aws.lambda.Function("testLambda", {
    code: new pulumi.asset.FileArchive("lambda_function_payload.zip"),
    role: iamForLambda.arn,
    handler: "index.test",
    runtime: "nodejs12.x",
    environment: {
        variables: {
            foo: "bar",
        },
    },
});

Lambda Layers

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleLayerVersion = new Aws.Lambda.LayerVersion("exampleLayerVersion", new Aws.Lambda.LayerVersionArgs
        {
        });
        // ... other configuration ...
        var exampleFunction = new Aws.Lambda.Function("exampleFunction", new Aws.Lambda.FunctionArgs
        {
            Layers = 
            {
                exampleLayerVersion.Arn,
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleLayerVersion, err := lambda.NewLayerVersion(ctx, "exampleLayerVersion", nil)
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "exampleFunction", &lambda.FunctionArgs{
			Layers: pulumi.StringArray{
				exampleLayerVersion.Arn,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

example_layer_version = aws.lambda_.LayerVersion("exampleLayerVersion")
# ... other configuration ...
example_function = aws.lambda_.Function("exampleFunction", layers=[example_layer_version.arn])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleLayerVersion = new aws.lambda.LayerVersion("exampleLayerVersion", {});
// ... other configuration ...
const exampleFunction = new aws.lambda.Function("exampleFunction", {layers: [exampleLayerVersion.arn]});

Lambda File Systems

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        // EFS file system
        var efsForLambda = new Aws.Efs.FileSystem("efsForLambda", new Aws.Efs.FileSystemArgs
        {
            Tags = 
            {
                { "Name", "efs_for_lambda" },
            },
        });
        // Mount target connects the file system to the subnet
        var alpha = new Aws.Efs.MountTarget("alpha", new Aws.Efs.MountTargetArgs
        {
            FileSystemId = efsForLambda.Id,
            SubnetId = aws_subnet.Subnet_for_lambda.Id,
            SecurityGroups = 
            {
                aws_security_group.Sg_for_lambda.Id,
            },
        });
        // EFS access point used by lambda file system
        var accessPointForLambda = new Aws.Efs.AccessPoint("accessPointForLambda", new Aws.Efs.AccessPointArgs
        {
            FileSystemId = efsForLambda.Id,
            RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs
            {
                Path = "/lambda",
                CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs
                {
                    OwnerGid = 1000,
                    OwnerUid = 1000,
                    Permissions = "777",
                },
            },
            PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs
            {
                Gid = 1000,
                Uid = 1000,
            },
        });
        // A lambda function connected to an EFS file system
        // ... other configuration ...
        var example = new Aws.Lambda.Function("example", new Aws.Lambda.FunctionArgs
        {
            FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs
            {
                Arn = accessPointForLambda.Arn,
                LocalMountPath = "/mnt/efs",
            },
            VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs
            {
                SubnetIds = 
                {
                    aws_subnet.Subnet_for_lambda.Id,
                },
                SecurityGroupIds = 
                {
                    aws_security_group.Sg_for_lambda.Id,
                },
            },
        }, new CustomResourceOptions
        {
            DependsOn = 
            {
                alpha,
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs"
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		efsForLambda, err := efs.NewFileSystem(ctx, "efsForLambda", &efs.FileSystemArgs{
			Tags: pulumi.StringMap{
				"Name": pulumi.String("efs_for_lambda"),
			},
		})
		if err != nil {
			return err
		}
		alpha, err := efs.NewMountTarget(ctx, "alpha", &efs.MountTargetArgs{
			FileSystemId: efsForLambda.ID(),
			SubnetId:     pulumi.Any(aws_subnet.Subnet_for_lambda.Id),
			SecurityGroups: pulumi.StringArray{
				pulumi.Any(aws_security_group.Sg_for_lambda.Id),
			},
		})
		if err != nil {
			return err
		}
		accessPointForLambda, err := efs.NewAccessPoint(ctx, "accessPointForLambda", &efs.AccessPointArgs{
			FileSystemId: efsForLambda.ID(),
			RootDirectory: &efs.AccessPointRootDirectoryArgs{
				Path: pulumi.String("/lambda"),
				CreationInfo: &efs.AccessPointRootDirectoryCreationInfoArgs{
					OwnerGid:    pulumi.Int(1000),
					OwnerUid:    pulumi.Int(1000),
					Permissions: pulumi.String("777"),
				},
			},
			PosixUser: &efs.AccessPointPosixUserArgs{
				Gid: pulumi.Int(1000),
				Uid: pulumi.Int(1000),
			},
		})
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
			FileSystemConfig: &lambda.FunctionFileSystemConfigArgs{
				Arn:            accessPointForLambda.Arn,
				LocalMountPath: pulumi.String("/mnt/efs"),
			},
			VpcConfig: &lambda.FunctionVpcConfigArgs{
				SubnetIds: pulumi.StringArray{
					pulumi.Any(aws_subnet.Subnet_for_lambda.Id),
				},
				SecurityGroupIds: pulumi.StringArray{
					pulumi.Any(aws_security_group.Sg_for_lambda.Id),
				},
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			alpha,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

# EFS file system
efs_for_lambda = aws.efs.FileSystem("efsForLambda", tags={
    "Name": "efs_for_lambda",
})
# Mount target connects the file system to the subnet
alpha = aws.efs.MountTarget("alpha",
    file_system_id=efs_for_lambda.id,
    subnet_id=aws_subnet["subnet_for_lambda"]["id"],
    security_groups=[aws_security_group["sg_for_lambda"]["id"]])
# EFS access point used by lambda file system
access_point_for_lambda = aws.efs.AccessPoint("accessPointForLambda",
    file_system_id=efs_for_lambda.id,
    root_directory=aws.efs.AccessPointRootDirectoryArgs(
        path="/lambda",
        creation_info=aws.efs.AccessPointRootDirectoryCreationInfoArgs(
            owner_gid=1000,
            owner_uid=1000,
            permissions="777",
        ),
    ),
    posix_user=aws.efs.AccessPointPosixUserArgs(
        gid=1000,
        uid=1000,
    ))
# A lambda function connected to an EFS file system
# ... other configuration ...
example = aws.lambda_.Function("example",
    file_system_config=aws.lambda..FunctionFileSystemConfigArgs(
        arn=access_point_for_lambda.arn,
        local_mount_path="/mnt/efs",
    ),
    vpc_config=aws.lambda..FunctionVpcConfigArgs(
        subnet_ids=[aws_subnet["subnet_for_lambda"]["id"]],
        security_group_ids=[aws_security_group["sg_for_lambda"]["id"]],
    ),
    opts=pulumi.ResourceOptions(depends_on=[alpha]))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// EFS file system
const efsForLambda = new aws.efs.FileSystem("efsForLambda", {tags: {
    Name: "efs_for_lambda",
}});
// Mount target connects the file system to the subnet
const alpha = new aws.efs.MountTarget("alpha", {
    fileSystemId: efsForLambda.id,
    subnetId: aws_subnet.subnet_for_lambda.id,
    securityGroups: [aws_security_group.sg_for_lambda.id],
});
// EFS access point used by lambda file system
const accessPointForLambda = new aws.efs.AccessPoint("accessPointForLambda", {
    fileSystemId: efsForLambda.id,
    rootDirectory: {
        path: "/lambda",
        creationInfo: {
            ownerGid: 1000,
            ownerUid: 1000,
            permissions: "777",
        },
    },
    posixUser: {
        gid: 1000,
        uid: 1000,
    },
});
// A lambda function connected to an EFS file system
// ... other configuration ...
const example = new aws.lambda.Function("example", {
    fileSystemConfig: {
        arn: accessPointForLambda.arn,
        localMountPath: "/mnt/efs",
    },
    vpcConfig: {
        subnetIds: [aws_subnet.subnet_for_lambda.id],
        securityGroupIds: [aws_security_group.sg_for_lambda.id],
    },
}, {
    dependsOn: [alpha],
});

CloudWatch Logging and Permissions

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var config = new Config();
        var lambdaFunctionName = config.Get("lambdaFunctionName") ?? "lambda_function_name";
        // This is to optionally manage the CloudWatch Log Group for the Lambda Function.
        // If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
        var example = new Aws.CloudWatch.LogGroup("example", new Aws.CloudWatch.LogGroupArgs
        {
            RetentionInDays = 14,
        });
        // See also the following AWS managed policy: AWSLambdaBasicExecutionRole
        var lambdaLogging = new Aws.Iam.Policy("lambdaLogging", new Aws.Iam.PolicyArgs
        {
            Path = "/",
            Description = "IAM policy for logging from a lambda",
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""logs:CreateLogGroup"",
        ""logs:CreateLogStream"",
        ""logs:PutLogEvents""
      ],
      ""Resource"": ""arn:aws:logs:*:*:*"",
      ""Effect"": ""Allow""
    }
  ]
}
",
        });
        var lambdaLogs = new Aws.Iam.RolePolicyAttachment("lambdaLogs", new Aws.Iam.RolePolicyAttachmentArgs
        {
            Role = aws_iam_role.Iam_for_lambda.Name,
            PolicyArn = lambdaLogging.Arn,
        });
        var testLambda = new Aws.Lambda.Function("testLambda", new Aws.Lambda.FunctionArgs
        {
        }, new CustomResourceOptions
        {
            DependsOn = 
            {
                lambdaLogs,
                example,
            },
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch"
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		lambdaFunctionName := "lambda_function_name"
		if param := cfg.Get("lambdaFunctionName"); param != "" {
			lambdaFunctionName = param
		}
		example, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{
			RetentionInDays: pulumi.Int(14),
		})
		if err != nil {
			return err
		}
		lambdaLogging, err := iam.NewPolicy(ctx, "lambdaLogging", &iam.PolicyArgs{
			Path:        pulumi.String("/"),
			Description: pulumi.String("IAM policy for logging from a lambda"),
			Policy:      pulumi.Any(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": [\n", "        \"logs:CreateLogGroup\",\n", "        \"logs:CreateLogStream\",\n", "        \"logs:PutLogEvents\"\n", "      ],\n", "      \"Resource\": \"arn:aws:logs:*:*:*\",\n", "      \"Effect\": \"Allow\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		lambdaLogs, err := iam.NewRolePolicyAttachment(ctx, "lambdaLogs", &iam.RolePolicyAttachmentArgs{
			Role:      pulumi.Any(aws_iam_role.Iam_for_lambda.Name),
			PolicyArn: lambdaLogging.Arn,
		})
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "testLambda", nil, pulumi.DependsOn([]pulumi.Resource{
			lambdaLogs,
			example,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

config = pulumi.Config()
lambda_function_name = config.get("lambdaFunctionName")
if lambda_function_name is None:
    lambda_function_name = "lambda_function_name"
# This is to optionally manage the CloudWatch Log Group for the Lambda Function.
# If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
example = aws.cloudwatch.LogGroup("example", retention_in_days=14)
# See also the following AWS managed policy: AWSLambdaBasicExecutionRole
lambda_logging = aws.iam.Policy("lambdaLogging",
    path="/",
    description="IAM policy for logging from a lambda",
    policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
""")
lambda_logs = aws.iam.RolePolicyAttachment("lambdaLogs",
    role=aws_iam_role["iam_for_lambda"]["name"],
    policy_arn=lambda_logging.arn)
test_lambda = aws.lambda_.Function("testLambda", opts=pulumi.ResourceOptions(depends_on=[
        lambda_logs,
        example,
    ]))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const lambdaFunctionName = config.get("lambdaFunctionName") || "lambda_function_name";
// This is to optionally manage the CloudWatch Log Group for the Lambda Function.
// If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
const example = new aws.cloudwatch.LogGroup("example", {retentionInDays: 14});
// See also the following AWS managed policy: AWSLambdaBasicExecutionRole
const lambdaLogging = new aws.iam.Policy("lambdaLogging", {
    path: "/",
    description: "IAM policy for logging from a lambda",
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*",
      "Effect": "Allow"
    }
  ]
}
`,
});
const lambdaLogs = new aws.iam.RolePolicyAttachment("lambdaLogs", {
    role: aws_iam_role.iam_for_lambda.name,
    policyArn: lambdaLogging.arn,
});
const testLambda = new aws.lambda.Function("testLambda", {}, {
    dependsOn: [
        lambdaLogs,
        example,
    ],
});

Lambda with Targetted Architecture

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var iamForLambda = new Aws.Iam.Role("iamForLambda", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""lambda.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}
",
        });
        var testLambda = new Aws.Lambda.Function("testLambda", new Aws.Lambda.FunctionArgs
        {
            Code = new FileArchive("lambda_function_payload.zip"),
            Role = iamForLambda.Arn,
            Handler = "index.test",
            Runtime = "nodejs12.x",
            Architectures = 
            {
                "arm64",
            },
            Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs
            {
                Variables = 
                {
                    { "foo", "bar" },
                },
            },
        });
    }

}

Coming soon!

import pulumi
import pulumi_aws as aws

iam_for_lambda = aws.iam.Role("iamForLambda", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
""")
test_lambda = aws.lambda_.Function("testLambda",
    code=pulumi.FileArchive("lambda_function_payload.zip"),
    role=iam_for_lambda.arn,
    handler="index.test",
    runtime="nodejs12.x",
    architectures=["arm64"],
    environment=aws.lambda..FunctionEnvironmentArgs(
        variables={
            "foo": "bar",
        },
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const iamForLambda = new aws.iam.Role("iamForLambda", {assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`});
const testLambda = new aws.lambda.Function("testLambda", {
    code: new pulumi.asset.FileArchive("lambda_function_payload.zip"),
    role: iamForLambda.arn,
    handler: "index.test",
    runtime: "nodejs12.x",
    architectures: ["arm64"],
    environment: {
        variables: {
            foo: "bar",
        },
    },
});

Create a Function Resource

new Function(name: string, args: FunctionArgs, opts?: CustomResourceOptions);
@overload
def Function(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             architectures: Optional[Sequence[str]] = None,
             code: Optional[pulumi.Archive] = None,
             code_signing_config_arn: Optional[str] = None,
             dead_letter_config: Optional[_lambda_.FunctionDeadLetterConfigArgs] = None,
             description: Optional[str] = None,
             environment: Optional[_lambda_.FunctionEnvironmentArgs] = None,
             file_system_config: Optional[_lambda_.FunctionFileSystemConfigArgs] = None,
             handler: Optional[str] = None,
             image_config: Optional[_lambda_.FunctionImageConfigArgs] = None,
             image_uri: Optional[str] = None,
             kms_key_arn: Optional[str] = None,
             layers: Optional[Sequence[str]] = None,
             memory_size: Optional[int] = None,
             name: Optional[str] = None,
             package_type: Optional[str] = None,
             publish: Optional[bool] = None,
             reserved_concurrent_executions: Optional[int] = None,
             role: Optional[str] = None,
             runtime: Optional[Union[str, _lambda_.Runtime]] = None,
             s3_bucket: Optional[str] = None,
             s3_key: Optional[str] = None,
             s3_object_version: Optional[str] = None,
             source_code_hash: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None,
             timeout: Optional[int] = None,
             tracing_config: Optional[_lambda_.FunctionTracingConfigArgs] = None,
             vpc_config: Optional[_lambda_.FunctionVpcConfigArgs] = None)
@overload
def Function(resource_name: str,
             args: FunctionArgs,
             opts: Optional[ResourceOptions] = None)
func NewFunction(ctx *Context, name string, args FunctionArgs, opts ...ResourceOption) (*Function, error)
public Function(string name, FunctionArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args FunctionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FunctionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FunctionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FunctionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Function Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Function resource accepts the following input properties:

Role string
Amazon Resource Name (ARN) of the function’s execution role. The role provides the function’s identity and access to AWS services and resources.
Architectures List<string>
Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function’s architecture stay the same.
Code Archive
Path to the function’s deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
CodeSigningConfigArn string
To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
DeadLetterConfig FunctionDeadLetterConfigArgs
Configuration block. Detailed below.
Description string
Description of what your Lambda Function does.
Environment FunctionEnvironmentArgs
Configuration block. Detailed below.
FileSystemConfig FunctionFileSystemConfigArgs
Configuration block. Detailed below.
Handler string
Function entrypoint in your code.
ImageConfig FunctionImageConfigArgs
Configuration block. Detailed below.
ImageUri string
ECR image URI containing the function’s deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
KmsKeyArn string
Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
Layers List<string>
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
MemorySize int
Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
Name string
Unique name for your Lambda Function.
PackageType string
Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
Publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to false.
ReservedConcurrentExecutions int
Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
Runtime string | Pulumi.Aws.Lambda.Runtime
Identifier of the function’s runtime. See Runtimes for valid values.
S3Bucket string
S3 bucket location containing the function’s deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
S3Key string
S3 key of an object containing the function’s deployment package. Conflicts with filename and image_uri.
S3ObjectVersion string
Object version containing the function’s deployment package. Conflicts with filename and image_uri.
SourceCodeHash string
Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256("file.zip"), where “file.zip” is the local filename of the lambda function source archive.
Tags Dictionary<string, string>
Map of tags to assign to the object.
Timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
TracingConfig FunctionTracingConfigArgs
Configuration block. Detailed below.
VpcConfig FunctionVpcConfigArgs
Configuration block. Detailed below.
Role string
Amazon Resource Name (ARN) of the function’s execution role. The role provides the function’s identity and access to AWS services and resources.
Architectures []string
Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function’s architecture stay the same.
Code pulumi.Archive
Path to the function’s deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
CodeSigningConfigArn string
To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
DeadLetterConfig FunctionDeadLetterConfigArgs
Configuration block. Detailed below.
Description string
Description of what your Lambda Function does.
Environment FunctionEnvironmentArgs
Configuration block. Detailed below.
FileSystemConfig FunctionFileSystemConfigArgs
Configuration block. Detailed below.
Handler string
Function entrypoint in your code.
ImageConfig FunctionImageConfigArgs
Configuration block. Detailed below.
ImageUri string
ECR image URI containing the function’s deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
KmsKeyArn string
Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
Layers []string
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
MemorySize int
Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
Name string
Unique name for your Lambda Function.
PackageType string
Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
Publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to false.
ReservedConcurrentExecutions int
Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
Runtime string | Runtime
Identifier of the function’s runtime. See Runtimes for valid values.
S3Bucket string
S3 bucket location containing the function’s deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
S3Key string
S3 key of an object containing the function’s deployment package. Conflicts with filename and image_uri.
S3ObjectVersion string
Object version containing the function’s deployment package. Conflicts with filename and image_uri.
SourceCodeHash string
Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256("file.zip"), where “file.zip” is the local filename of the lambda function source archive.
Tags map[string]string
Map of tags to assign to the object.
Timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
TracingConfig FunctionTracingConfigArgs
Configuration block. Detailed below.
VpcConfig FunctionVpcConfigArgs
Configuration block. Detailed below.
role ARN
Amazon Resource Name (ARN) of the function’s execution role. The role provides the function’s identity and access to AWS services and resources.
architectures string[]
Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function’s architecture stay the same.
code pulumi.asset.Archive
Path to the function’s deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
codeSigningConfigArn string
To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
deadLetterConfig FunctionDeadLetterConfigArgs
Configuration block. Detailed below.
description string
Description of what your Lambda Function does.
environment FunctionEnvironmentArgs
Configuration block. Detailed below.
fileSystemConfig FunctionFileSystemConfigArgs
Configuration block. Detailed below.
handler string
Function entrypoint in your code.
imageConfig FunctionImageConfigArgs
Configuration block. Detailed below.
imageUri string
ECR image URI containing the function’s deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
kmsKeyArn string
Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
layers string[]
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
memorySize number
Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
name string
Unique name for your Lambda Function.
packageType string
Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
publish boolean
Whether to publish creation/change as new Lambda Function Version. Defaults to false.
reservedConcurrentExecutions number
Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
runtime string | Runtime
Identifier of the function’s runtime. See Runtimes for valid values.
s3Bucket string
S3 bucket location containing the function’s deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
s3Key string
S3 key of an object containing the function’s deployment package. Conflicts with filename and image_uri.
s3ObjectVersion string
Object version containing the function’s deployment package. Conflicts with filename and image_uri.
sourceCodeHash string
Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256("file.zip"), where “file.zip” is the local filename of the lambda function source archive.
tags {[key: string]: string}
Map of tags to assign to the object.
timeout number
Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
tracingConfig FunctionTracingConfigArgs
Configuration block. Detailed below.
vpcConfig FunctionVpcConfigArgs
Configuration block. Detailed below.
role str
Amazon Resource Name (ARN) of the function’s execution role. The role provides the function’s identity and access to AWS services and resources.
architectures Sequence[str]
Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function’s architecture stay the same.
code pulumi.Archive
Path to the function’s deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
code_signing_config_arn str
To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
dead_letter_config FunctionDeadLetterConfigArgs
Configuration block. Detailed below.
description str
Description of what your Lambda Function does.
environment FunctionEnvironmentArgs
Configuration block. Detailed below.
file_system_config FunctionFileSystemConfigArgs
Configuration block. Detailed below.
handler str
Function entrypoint in your code.
image_config FunctionImageConfigArgs
Configuration block. Detailed below.
image_uri str
ECR image URI containing the function’s deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
kms_key_arn str
Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
layers Sequence[str]
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
memory_size int
Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
name str
Unique name for your Lambda Function.
package_type str
Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to false.
reserved_concurrent_executions int
Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
runtime str | Runtime
Identifier of the function’s runtime. See Runtimes for valid values.
s3_bucket str
S3 bucket location containing the function’s deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
s3_key str
S3 key of an object containing the function’s deployment package. Conflicts with filename and image_uri.
s3_object_version str
Object version containing the function’s deployment package. Conflicts with filename and image_uri.
source_code_hash str
Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256("file.zip"), where “file.zip” is the local filename of the lambda function source archive.
tags Mapping[str, str]
Map of tags to assign to the object.
timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
tracing_config FunctionTracingConfigArgs
Configuration block. Detailed below.
vpc_config FunctionVpcConfigArgs
Configuration block. Detailed below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Function resource produces the following output properties:

Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
Id string
The provider-assigned unique ID for this managed resource.
InvokeArn string
ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration’s uri.
LastModified string
Date this resource was last modified.
QualifiedArn string
ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
SigningJobArn string
ARN of the signing job.
SigningProfileVersionArn string
ARN of the signing profile version.
SourceCodeSize int
Size in bytes of the function .zip file.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
Version string

Latest published version of your Lambda Function.

  • vpc_config.vpc_id - ID of the VPC.
Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
Id string
The provider-assigned unique ID for this managed resource.
InvokeArn string
ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration’s uri.
LastModified string
Date this resource was last modified.
QualifiedArn string
ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
SigningJobArn string
ARN of the signing job.
SigningProfileVersionArn string
ARN of the signing profile version.
SourceCodeSize int
Size in bytes of the function .zip file.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
Version string

Latest published version of your Lambda Function.

  • vpc_config.vpc_id - ID of the VPC.
arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
id string
The provider-assigned unique ID for this managed resource.
invokeArn string
ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration’s uri.
lastModified string
Date this resource was last modified.
qualifiedArn string
ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
signingJobArn string
ARN of the signing job.
signingProfileVersionArn string
ARN of the signing profile version.
sourceCodeSize number
Size in bytes of the function .zip file.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
version string

Latest published version of your Lambda Function.

  • vpc_config.vpc_id - ID of the VPC.
arn str
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
id str
The provider-assigned unique ID for this managed resource.
invoke_arn str
ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration’s uri.
last_modified str
Date this resource was last modified.
qualified_arn str
ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
signing_job_arn str
ARN of the signing job.
signing_profile_version_arn str
ARN of the signing profile version.
source_code_size int
Size in bytes of the function .zip file.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .
version str

Latest published version of your Lambda Function.

  • vpc_config.vpc_id - ID of the VPC.

Look up an Existing Function Resource

Get an existing Function resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FunctionState, opts?: CustomResourceOptions): Function
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        architectures: Optional[Sequence[str]] = None,
        arn: Optional[str] = None,
        code: Optional[pulumi.Archive] = None,
        code_signing_config_arn: Optional[str] = None,
        dead_letter_config: Optional[_lambda_.FunctionDeadLetterConfigArgs] = None,
        description: Optional[str] = None,
        environment: Optional[_lambda_.FunctionEnvironmentArgs] = None,
        file_system_config: Optional[_lambda_.FunctionFileSystemConfigArgs] = None,
        handler: Optional[str] = None,
        image_config: Optional[_lambda_.FunctionImageConfigArgs] = None,
        image_uri: Optional[str] = None,
        invoke_arn: Optional[str] = None,
        kms_key_arn: Optional[str] = None,
        last_modified: Optional[str] = None,
        layers: Optional[Sequence[str]] = None,
        memory_size: Optional[int] = None,
        name: Optional[str] = None,
        package_type: Optional[str] = None,
        publish: Optional[bool] = None,
        qualified_arn: Optional[str] = None,
        reserved_concurrent_executions: Optional[int] = None,
        role: Optional[str] = None,
        runtime: Optional[Union[str, _lambda_.Runtime]] = None,
        s3_bucket: Optional[str] = None,
        s3_key: Optional[str] = None,
        s3_object_version: Optional[str] = None,
        signing_job_arn: Optional[str] = None,
        signing_profile_version_arn: Optional[str] = None,
        source_code_hash: Optional[str] = None,
        source_code_size: Optional[int] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        timeout: Optional[int] = None,
        tracing_config: Optional[_lambda_.FunctionTracingConfigArgs] = None,
        version: Optional[str] = None,
        vpc_config: Optional[_lambda_.FunctionVpcConfigArgs] = None) -> Function
func GetFunction(ctx *Context, name string, id IDInput, state *FunctionState, opts ...ResourceOption) (*Function, error)
public static Function Get(string name, Input<string> id, FunctionState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Architectures List<string>
Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function’s architecture stay the same.
Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
Code Archive
Path to the function’s deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
CodeSigningConfigArn string
To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
DeadLetterConfig FunctionDeadLetterConfigArgs
Configuration block. Detailed below.
Description string
Description of what your Lambda Function does.
Environment FunctionEnvironmentArgs
Configuration block. Detailed below.
FileSystemConfig FunctionFileSystemConfigArgs
Configuration block. Detailed below.
Handler string
Function entrypoint in your code.
ImageConfig FunctionImageConfigArgs
Configuration block. Detailed below.
ImageUri string
ECR image URI containing the function’s deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
InvokeArn string
ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration’s uri.
KmsKeyArn string
Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
LastModified string
Date this resource was last modified.
Layers List<string>
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
MemorySize int
Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
Name string
Unique name for your Lambda Function.
PackageType string
Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
Publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to false.
QualifiedArn string
ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
ReservedConcurrentExecutions int
Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
Role string
Amazon Resource Name (ARN) of the function’s execution role. The role provides the function’s identity and access to AWS services and resources.
Runtime string | Pulumi.Aws.Lambda.Runtime
Identifier of the function’s runtime. See Runtimes for valid values.
S3Bucket string
S3 bucket location containing the function’s deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
S3Key string
S3 key of an object containing the function’s deployment package. Conflicts with filename and image_uri.
S3ObjectVersion string
Object version containing the function’s deployment package. Conflicts with filename and image_uri.
SigningJobArn string
ARN of the signing job.
SigningProfileVersionArn string
ARN of the signing profile version.
SourceCodeHash string
Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256("file.zip"), where “file.zip” is the local filename of the lambda function source archive.
SourceCodeSize int
Size in bytes of the function .zip file.
Tags Dictionary<string, string>
Map of tags to assign to the object.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
Timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
TracingConfig FunctionTracingConfigArgs
Configuration block. Detailed below.
Version string

Latest published version of your Lambda Function.

  • vpc_config.vpc_id - ID of the VPC.
VpcConfig FunctionVpcConfigArgs
Configuration block. Detailed below.
Architectures []string
Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function’s architecture stay the same.
Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
Code pulumi.Archive
Path to the function’s deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
CodeSigningConfigArn string
To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
DeadLetterConfig FunctionDeadLetterConfigArgs
Configuration block. Detailed below.
Description string
Description of what your Lambda Function does.
Environment FunctionEnvironmentArgs
Configuration block. Detailed below.
FileSystemConfig FunctionFileSystemConfigArgs
Configuration block. Detailed below.
Handler string
Function entrypoint in your code.
ImageConfig FunctionImageConfigArgs
Configuration block. Detailed below.
ImageUri string
ECR image URI containing the function’s deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
InvokeArn string
ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration’s uri.
KmsKeyArn string
Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
LastModified string
Date this resource was last modified.
Layers []string
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
MemorySize int
Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
Name string
Unique name for your Lambda Function.
PackageType string
Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
Publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to false.
QualifiedArn string
ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
ReservedConcurrentExecutions int
Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
Role string
Amazon Resource Name (ARN) of the function’s execution role. The role provides the function’s identity and access to AWS services and resources.
Runtime string | Runtime
Identifier of the function’s runtime. See Runtimes for valid values.
S3Bucket string
S3 bucket location containing the function’s deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
S3Key string
S3 key of an object containing the function’s deployment package. Conflicts with filename and image_uri.
S3ObjectVersion string
Object version containing the function’s deployment package. Conflicts with filename and image_uri.
SigningJobArn string
ARN of the signing job.
SigningProfileVersionArn string
ARN of the signing profile version.
SourceCodeHash string
Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256("file.zip"), where “file.zip” is the local filename of the lambda function source archive.
SourceCodeSize int
Size in bytes of the function .zip file.
Tags map[string]string
Map of tags to assign to the object.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
Timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
TracingConfig FunctionTracingConfigArgs
Configuration block. Detailed below.
Version string

Latest published version of your Lambda Function.

  • vpc_config.vpc_id - ID of the VPC.
VpcConfig FunctionVpcConfigArgs
Configuration block. Detailed below.
architectures string[]
Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function’s architecture stay the same.
arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
code pulumi.asset.Archive
Path to the function’s deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
codeSigningConfigArn string
To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
deadLetterConfig FunctionDeadLetterConfigArgs
Configuration block. Detailed below.
description string
Description of what your Lambda Function does.
environment FunctionEnvironmentArgs
Configuration block. Detailed below.
fileSystemConfig FunctionFileSystemConfigArgs
Configuration block. Detailed below.
handler string
Function entrypoint in your code.
imageConfig FunctionImageConfigArgs
Configuration block. Detailed below.
imageUri string
ECR image URI containing the function’s deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
invokeArn string
ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration’s uri.
kmsKeyArn string
Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
lastModified string
Date this resource was last modified.
layers string[]
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
memorySize number
Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
name string
Unique name for your Lambda Function.
packageType string
Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
publish boolean
Whether to publish creation/change as new Lambda Function Version. Defaults to false.
qualifiedArn string
ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
reservedConcurrentExecutions number
Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
role ARN
Amazon Resource Name (ARN) of the function’s execution role. The role provides the function’s identity and access to AWS services and resources.
runtime string | Runtime
Identifier of the function’s runtime. See Runtimes for valid values.
s3Bucket string
S3 bucket location containing the function’s deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
s3Key string
S3 key of an object containing the function’s deployment package. Conflicts with filename and image_uri.
s3ObjectVersion string
Object version containing the function’s deployment package. Conflicts with filename and image_uri.
signingJobArn string
ARN of the signing job.
signingProfileVersionArn string
ARN of the signing profile version.
sourceCodeHash string
Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256("file.zip"), where “file.zip” is the local filename of the lambda function source archive.
sourceCodeSize number
Size in bytes of the function .zip file.
tags {[key: string]: string}
Map of tags to assign to the object.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
timeout number
Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
tracingConfig FunctionTracingConfigArgs
Configuration block. Detailed below.
version string

Latest published version of your Lambda Function.

  • vpc_config.vpc_id - ID of the VPC.
vpcConfig FunctionVpcConfigArgs
Configuration block. Detailed below.
architectures Sequence[str]
Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function’s architecture stay the same.
arn str
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
code pulumi.Archive
Path to the function’s deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.
code_signing_config_arn str
To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
dead_letter_config FunctionDeadLetterConfigArgs
Configuration block. Detailed below.
description str
Description of what your Lambda Function does.
environment FunctionEnvironmentArgs
Configuration block. Detailed below.
file_system_config FunctionFileSystemConfigArgs
Configuration block. Detailed below.
handler str
Function entrypoint in your code.
image_config FunctionImageConfigArgs
Configuration block. Detailed below.
image_uri str
ECR image URI containing the function’s deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.
invoke_arn str
ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration’s uri.
kms_key_arn str
Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
last_modified str
Date this resource was last modified.
layers Sequence[str]
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
memory_size int
Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
name str
Unique name for your Lambda Function.
package_type str
Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.
publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to false.
qualified_arn str
ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
reserved_concurrent_executions int
Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency
role str
Amazon Resource Name (ARN) of the function’s execution role. The role provides the function’s identity and access to AWS services and resources.
runtime str | Runtime
Identifier of the function’s runtime. See Runtimes for valid values.
s3_bucket str
S3 bucket location containing the function’s deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.
s3_key str
S3 key of an object containing the function’s deployment package. Conflicts with filename and image_uri.
s3_object_version str
Object version containing the function’s deployment package. Conflicts with filename and image_uri.
signing_job_arn str
ARN of the signing job.
signing_profile_version_arn str
ARN of the signing profile version.
source_code_hash str
Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256("file.zip"), where “file.zip” is the local filename of the lambda function source archive.
source_code_size int
Size in bytes of the function .zip file.
tags Mapping[str, str]
Map of tags to assign to the object.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .
timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.
tracing_config FunctionTracingConfigArgs
Configuration block. Detailed below.
version str

Latest published version of your Lambda Function.

  • vpc_config.vpc_id - ID of the VPC.
vpc_config FunctionVpcConfigArgs
Configuration block. Detailed below.

Supporting Types

FunctionDeadLetterConfig

TargetArn string
ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function’s IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.
TargetArn string
ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function’s IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.
targetArn string
ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function’s IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.
target_arn str
ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function’s IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

FunctionEnvironment

Variables Dictionary<string, string>
Map of environment variables that are accessible from the function code during execution.
Variables map[string]string
Map of environment variables that are accessible from the function code during execution.
variables {[key: string]: string}
Map of environment variables that are accessible from the function code during execution.
variables Mapping[str, str]
Map of environment variables that are accessible from the function code during execution.

FunctionFileSystemConfig

Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
LocalMountPath string
Path where the function can access the file system, starting with /mnt/.
Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
LocalMountPath string
Path where the function can access the file system, starting with /mnt/.
arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
localMountPath string
Path where the function can access the file system, starting with /mnt/.
arn str
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
local_mount_path str
Path where the function can access the file system, starting with /mnt/.

FunctionImageConfig

Commands List<string>
Parameters that you want to pass in with entry_point.
EntryPoints List<string>
Entry point to your application, which is typically the location of the runtime executable.
WorkingDirectory string
Working directory.
Commands []string
Parameters that you want to pass in with entry_point.
EntryPoints []string
Entry point to your application, which is typically the location of the runtime executable.
WorkingDirectory string
Working directory.
commands string[]
Parameters that you want to pass in with entry_point.
entryPoints string[]
Entry point to your application, which is typically the location of the runtime executable.
workingDirectory string
Working directory.
commands Sequence[str]
Parameters that you want to pass in with entry_point.
entry_points Sequence[str]
Entry point to your application, which is typically the location of the runtime executable.
working_directory str
Working directory.

FunctionTracingConfig

Mode string
Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with “sampled=1”. If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.
Mode string
Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with “sampled=1”. If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.
mode string
Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with “sampled=1”. If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.
mode str
Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with “sampled=1”. If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

FunctionVpcConfig

SecurityGroupIds List<string>
List of security group IDs associated with the Lambda function.
SubnetIds List<string>
List of subnet IDs associated with the Lambda function.
VpcId string
SecurityGroupIds []string
List of security group IDs associated with the Lambda function.
SubnetIds []string
List of subnet IDs associated with the Lambda function.
VpcId string
securityGroupIds string[]
List of security group IDs associated with the Lambda function.
subnetIds string[]
List of subnet IDs associated with the Lambda function.
vpcId string
security_group_ids Sequence[str]
List of security group IDs associated with the Lambda function.
subnet_ids Sequence[str]
List of subnet IDs associated with the Lambda function.
vpc_id str

Runtime

DotnetCore2d1
dotnetcore2.1
DotnetCore3d1
dotnetcore3.1
Go1dx
go1.x
Java8
java8
Java8AL2
java8.al2
Java11
java11
Ruby2d5
ruby2.5
Ruby2d7
ruby2.7
NodeJS10dX
nodejs10.x
NodeJS12dX
nodejs12.x
NodeJS14dX
nodejs14.x
Python2d7
python2.7
Python3d6
python3.6
Python3d7
python3.7
Python3d8
python3.8
Custom
provided
CustomAL2
provided.al2
RuntimeDotnetCore2d1
dotnetcore2.1
RuntimeDotnetCore3d1
dotnetcore3.1
RuntimeGo1dx
go1.x
RuntimeJava8
java8
RuntimeJava8AL2
java8.al2
RuntimeJava11
java11
RuntimeRuby2d5
ruby2.5
RuntimeRuby2d7
ruby2.7
RuntimeNodeJS10dX
nodejs10.x
RuntimeNodeJS12dX
nodejs12.x
RuntimeNodeJS14dX
nodejs14.x
RuntimePython2d7
python2.7
RuntimePython3d6
python3.6
RuntimePython3d7
python3.7
RuntimePython3d8
python3.8
RuntimeCustom
provided
RuntimeCustomAL2
provided.al2
DotnetCore2d1
dotnetcore2.1
DotnetCore3d1
dotnetcore3.1
Go1dx
go1.x
Java8
java8
Java8AL2
java8.al2
Java11
java11
Ruby2d5
ruby2.5
Ruby2d7
ruby2.7
NodeJS10dX
nodejs10.x
NodeJS12dX
nodejs12.x
NodeJS14dX
nodejs14.x
Python2d7
python2.7
Python3d6
python3.6
Python3d7
python3.7
Python3d8
python3.8
Custom
provided
CustomAL2
provided.al2
DOTNET_CORE2D1
dotnetcore2.1
DOTNET_CORE3D1
dotnetcore3.1
GO1DX
go1.x
JAVA8
java8
JAVA8_AL2
java8.al2
JAVA11
java11
RUBY2D5
ruby2.5
RUBY2D7
ruby2.7
NODE_JS10D_X
nodejs10.x
NODE_JS12D_X
nodejs12.x
NODE_JS14D_X
nodejs14.x
PYTHON2D7
python2.7
PYTHON3D6
python3.6
PYTHON3D7
python3.7
PYTHON3D8
python3.8
CUSTOM
provided
CUSTOM_AL2
provided.al2

Import

Lambda Functions can be imported using the function_name, e.g.,

 $ pulumi import aws:lambda/function:Function test_lambda my_test_lambda_function

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.