AWS v6.83.0, Jun 16 25

AWS v6.83.0 published on Monday, Jun 16, 2025 by Pulumi

aws.lambda.Function

Explore with Pulumi AI

AWS v6.83.0 published on Monday, Jun 16, 2025 by Pulumi

NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete. To allow for successful deletion, the provider will wait for at least 45 minutes even if a shorter delete timeout is specified.

NOTE: If you get a KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was denied error when invoking an aws.lambda.Function with environment variables, the IAM role associated with the function may have been deleted and recreated after the function was created. You can fix the problem two ways: 1) updating the function’s role to another role and then updating it back again to the recreated role, or 2) by using Pulumi to taint the function and apply your configuration again to recreate the function. (When you create a function, Lambda grants permissions on the KMS key to the function’s IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function’s role or recreating the function causes Lambda to update the grant.)

To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the aws.lambda.Permission resource. See Lambda Permission Model for more details. On the other hand, the role argument of this resource is the function’s execution role for identity and access to AWS services and resources.

Example Usage

Basic Example

import * as pulumi from "@pulumi/pulumi";
import * as archive from "@pulumi/archive";
import * as aws from "@pulumi/aws";

const assumeRole = aws.iam.getPolicyDocument({
    statements: [{
        effect: "Allow",
        principals: [{
            type: "Service",
            identifiers: ["lambda.amazonaws.com"],
        }],
        actions: ["sts:AssumeRole"],
    }],
});
const iamForLambda = new aws.iam.Role("iam_for_lambda", {
    name: "iam_for_lambda",
    assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
});
const lambda = archive.getFile({
    type: "zip",
    sourceFile: "lambda.js",
    outputPath: "lambda_function_payload.zip",
});
const testLambda = new aws.lambda.Function("test_lambda", {
    code: new pulumi.asset.FileArchive("lambda_function_payload.zip"),
    name: "lambda_function_name",
    role: iamForLambda.arn,
    handler: "index.test",
    sourceCodeHash: lambda.then(lambda => lambda.outputBase64sha256),
    runtime: aws.lambda.Runtime.NodeJS18dX,
    environment: {
        variables: {
            foo: "bar",
        },
    },
});

import pulumi
import pulumi_archive as archive
import pulumi_aws as aws

assume_role = aws.iam.get_policy_document(statements=[{
    "effect": "Allow",
    "principals": [{
        "type": "Service",
        "identifiers": ["lambda.amazonaws.com"],
    }],
    "actions": ["sts:AssumeRole"],
}])
iam_for_lambda = aws.iam.Role("iam_for_lambda",
    name="iam_for_lambda",
    assume_role_policy=assume_role.json)
lambda_ = archive.get_file(type="zip",
    source_file="lambda.js",
    output_path="lambda_function_payload.zip")
test_lambda = aws.lambda_.Function("test_lambda",
    code=pulumi.FileArchive("lambda_function_payload.zip"),
    name="lambda_function_name",
    role=iam_for_lambda.arn,
    handler="index.test",
    source_code_hash=lambda_.output_base64sha256,
    runtime=aws.lambda_.Runtime.NODE_JS18D_X,
    environment={
        "variables": {
            "foo": "bar",
        },
    })

package main

import (
	"github.com/pulumi/pulumi-archive/sdk/go/archive"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Type: "Service",
							Identifiers: []string{
								"lambda.amazonaws.com",
							},
						},
					},
					Actions: []string{
						"sts:AssumeRole",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		iamForLambda, err := iam.NewRole(ctx, "iam_for_lambda", &iam.RoleArgs{
			Name:             pulumi.String("iam_for_lambda"),
			AssumeRolePolicy: pulumi.String(assumeRole.Json),
		})
		if err != nil {
			return err
		}
		lambda, err := archive.LookupFile(ctx, &archive.LookupFileArgs{
			Type:       "zip",
			SourceFile: pulumi.StringRef("lambda.js"),
			OutputPath: "lambda_function_payload.zip",
		}, nil)
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "test_lambda", &lambda.FunctionArgs{
			Code:           pulumi.NewFileArchive("lambda_function_payload.zip"),
			Name:           pulumi.String("lambda_function_name"),
			Role:           iamForLambda.Arn,
			Handler:        pulumi.String("index.test"),
			SourceCodeHash: pulumi.String(lambda.OutputBase64sha256),
			Runtime:        pulumi.String(lambda.RuntimeNodeJS18dX),
			Environment: &lambda.FunctionEnvironmentArgs{
				Variables: pulumi.StringMap{
					"foo": pulumi.String("bar"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Archive = Pulumi.Archive;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "Service",
                        Identifiers = new[]
                        {
                            "lambda.amazonaws.com",
                        },
                    },
                },
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
            },
        },
    });

    var iamForLambda = new Aws.Iam.Role("iam_for_lambda", new()
    {
        Name = "iam_for_lambda",
        AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

    var lambda = Archive.GetFile.Invoke(new()
    {
        Type = "zip",
        SourceFile = "lambda.js",
        OutputPath = "lambda_function_payload.zip",
    });

    var testLambda = new Aws.Lambda.Function("test_lambda", new()
    {
        Code = new FileArchive("lambda_function_payload.zip"),
        Name = "lambda_function_name",
        Role = iamForLambda.Arn,
        Handler = "index.test",
        SourceCodeHash = lambda.Apply(getFileResult => getFileResult.OutputBase64sha256),
        Runtime = Aws.Lambda.Runtime.NodeJS18dX,
        Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs
        {
            Variables = 
            {
                { "foo", "bar" },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.archive.ArchiveFunctions;
import com.pulumi.archive.inputs.GetFileArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionEnvironmentArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("Service")
                    .identifiers("lambda.amazonaws.com")
                    .build())
                .actions("sts:AssumeRole")
                .build())
            .build());

        var iamForLambda = new Role("iamForLambda", RoleArgs.builder()
            .name("iam_for_lambda")
            .assumeRolePolicy(assumeRole.json())
            .build());

        final var lambda = ArchiveFunctions.getFile(GetFileArgs.builder()
            .type("zip")
            .sourceFile("lambda.js")
            .outputPath("lambda_function_payload.zip")
            .build());

        var testLambda = new Function("testLambda", FunctionArgs.builder()
            .code(new FileArchive("lambda_function_payload.zip"))
            .name("lambda_function_name")
            .role(iamForLambda.arn())
            .handler("index.test")
            .sourceCodeHash(lambda.outputBase64sha256())
            .runtime("nodejs18.x")
            .environment(FunctionEnvironmentArgs.builder()
                .variables(Map.of("foo", "bar"))
                .build())
            .build());

    }
}

resources:
  iamForLambda:
    type: aws:iam:Role
    name: iam_for_lambda
    properties:
      name: iam_for_lambda
      assumeRolePolicy: ${assumeRole.json}
  testLambda:
    type: aws:lambda:Function
    name: test_lambda
    properties:
      code:
        fn::FileArchive: lambda_function_payload.zip
      name: lambda_function_name
      role: ${iamForLambda.arn}
      handler: index.test
      sourceCodeHash: ${lambda.outputBase64sha256}
      runtime: nodejs18.x
      environment:
        variables:
          foo: bar
variables:
  assumeRole:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - effect: Allow
            principals:
              - type: Service
                identifiers:
                  - lambda.amazonaws.com
            actions:
              - sts:AssumeRole
  lambda:
    fn::invoke:
      function: archive:getFile
      arguments:
        type: zip
        sourceFile: lambda.js
        outputPath: lambda_function_payload.zip

Lambda Layers

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lambda.LayerVersion("example", {});
const exampleFunction = new aws.lambda.Function("example", {layers: [example.arn]});

import pulumi
import pulumi_aws as aws

example = aws.lambda_.LayerVersion("example")
example_function = aws.lambda_.Function("example", layers=[example.arn])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := lambda.NewLayerVersion(ctx, "example", nil)
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
			Layers: pulumi.StringArray{
				example.Arn,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Lambda.LayerVersion("example");

    var exampleFunction = new Aws.Lambda.Function("example", new()
    {
        Layers = new[]
        {
            example.Arn,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.LayerVersion;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new LayerVersion("example");

        var exampleFunction = new Function("exampleFunction", FunctionArgs.builder()
            .layers(example.arn())
            .build());

    }
}

resources:
  example:
    type: aws:lambda:LayerVersion
  exampleFunction:
    type: aws:lambda:Function
    name: example
    properties:
      layers:
        - ${example.arn}

Lambda Ephemeral Storage

Lambda Function Ephemeral Storage(/tmp) allows you to configure the storage upto 10 GB. The default value set to 512 MB.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const assumeRole = aws.iam.getPolicyDocument({
    statements: [{
        effect: "Allow",
        principals: [{
            type: "Service",
            identifiers: ["lambda.amazonaws.com"],
        }],
        actions: ["sts:AssumeRole"],
    }],
});
const iamForLambda = new aws.iam.Role("iam_for_lambda", {
    name: "iam_for_lambda",
    assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
});
const testLambda = new aws.lambda.Function("test_lambda", {
    code: new pulumi.asset.FileArchive("lambda_function_payload.zip"),
    name: "lambda_function_name",
    role: iamForLambda.arn,
    handler: "index.test",
    runtime: aws.lambda.Runtime.NodeJS18dX,
    ephemeralStorage: {
        size: 10240,
    },
});

import pulumi
import pulumi_aws as aws

assume_role = aws.iam.get_policy_document(statements=[{
    "effect": "Allow",
    "principals": [{
        "type": "Service",
        "identifiers": ["lambda.amazonaws.com"],
    }],
    "actions": ["sts:AssumeRole"],
}])
iam_for_lambda = aws.iam.Role("iam_for_lambda",
    name="iam_for_lambda",
    assume_role_policy=assume_role.json)
test_lambda = aws.lambda_.Function("test_lambda",
    code=pulumi.FileArchive("lambda_function_payload.zip"),
    name="lambda_function_name",
    role=iam_for_lambda.arn,
    handler="index.test",
    runtime=aws.lambda_.Runtime.NODE_JS18D_X,
    ephemeral_storage={
        "size": 10240,
    })

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Type: "Service",
							Identifiers: []string{
								"lambda.amazonaws.com",
							},
						},
					},
					Actions: []string{
						"sts:AssumeRole",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		iamForLambda, err := iam.NewRole(ctx, "iam_for_lambda", &iam.RoleArgs{
			Name:             pulumi.String("iam_for_lambda"),
			AssumeRolePolicy: pulumi.String(assumeRole.Json),
		})
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "test_lambda", &lambda.FunctionArgs{
			Code:    pulumi.NewFileArchive("lambda_function_payload.zip"),
			Name:    pulumi.String("lambda_function_name"),
			Role:    iamForLambda.Arn,
			Handler: pulumi.String("index.test"),
			Runtime: pulumi.String(lambda.RuntimeNodeJS18dX),
			EphemeralStorage: &lambda.FunctionEphemeralStorageArgs{
				Size: pulumi.Int(10240),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "Service",
                        Identifiers = new[]
                        {
                            "lambda.amazonaws.com",
                        },
                    },
                },
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
            },
        },
    });

    var iamForLambda = new Aws.Iam.Role("iam_for_lambda", new()
    {
        Name = "iam_for_lambda",
        AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

    var testLambda = new Aws.Lambda.Function("test_lambda", new()
    {
        Code = new FileArchive("lambda_function_payload.zip"),
        Name = "lambda_function_name",
        Role = iamForLambda.Arn,
        Handler = "index.test",
        Runtime = Aws.Lambda.Runtime.NodeJS18dX,
        EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs
        {
            Size = 10240,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionEphemeralStorageArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("Service")
                    .identifiers("lambda.amazonaws.com")
                    .build())
                .actions("sts:AssumeRole")
                .build())
            .build());

        var iamForLambda = new Role("iamForLambda", RoleArgs.builder()
            .name("iam_for_lambda")
            .assumeRolePolicy(assumeRole.json())
            .build());

        var testLambda = new Function("testLambda", FunctionArgs.builder()
            .code(new FileArchive("lambda_function_payload.zip"))
            .name("lambda_function_name")
            .role(iamForLambda.arn())
            .handler("index.test")
            .runtime("nodejs18.x")
            .ephemeralStorage(FunctionEphemeralStorageArgs.builder()
                .size(10240)
                .build())
            .build());

    }
}

resources:
  iamForLambda:
    type: aws:iam:Role
    name: iam_for_lambda
    properties:
      name: iam_for_lambda
      assumeRolePolicy: ${assumeRole.json}
  testLambda:
    type: aws:lambda:Function
    name: test_lambda
    properties:
      code:
        fn::FileArchive: lambda_function_payload.zip
      name: lambda_function_name
      role: ${iamForLambda.arn}
      handler: index.test
      runtime: nodejs18.x
      ephemeralStorage:
        size: 10240
variables:
  assumeRole:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - effect: Allow
            principals:
              - type: Service
                identifiers:
                  - lambda.amazonaws.com
            actions:
              - sts:AssumeRole

Lambda File Systems

Lambda File Systems allow you to connect an Amazon Elastic File System (EFS) file system to a Lambda function to share data across function invocations, access existing data including large files, and save function state.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// EFS file system
const efsForLambda = new aws.efs.FileSystem("efs_for_lambda", {tags: {
    Name: "efs_for_lambda",
}});
// Mount target connects the file system to the subnet
const alpha = new aws.efs.MountTarget("alpha", {
    fileSystemId: efsForLambda.id,
    subnetId: subnetForLambda.id,
    securityGroups: [sgForLambda.id],
});
// EFS access point used by lambda file system
const accessPointForLambda = new aws.efs.AccessPoint("access_point_for_lambda", {
    fileSystemId: efsForLambda.id,
    rootDirectory: {
        path: "/lambda",
        creationInfo: {
            ownerGid: 1000,
            ownerUid: 1000,
            permissions: "777",
        },
    },
    posixUser: {
        gid: 1000,
        uid: 1000,
    },
});
// A lambda function connected to an EFS file system
const example = new aws.lambda.Function("example", {
    fileSystemConfig: {
        arn: accessPointForLambda.arn,
        localMountPath: "/mnt/efs",
    },
    vpcConfig: {
        subnetIds: [subnetForLambda.id],
        securityGroupIds: [sgForLambda.id],
    },
}, {
    dependsOn: [alpha],
});

import pulumi
import pulumi_aws as aws

# EFS file system
efs_for_lambda = aws.efs.FileSystem("efs_for_lambda", tags={
    "Name": "efs_for_lambda",
})
# Mount target connects the file system to the subnet
alpha = aws.efs.MountTarget("alpha",
    file_system_id=efs_for_lambda.id,
    subnet_id=subnet_for_lambda["id"],
    security_groups=[sg_for_lambda["id"]])
# EFS access point used by lambda file system
access_point_for_lambda = aws.efs.AccessPoint("access_point_for_lambda",
    file_system_id=efs_for_lambda.id,
    root_directory={
        "path": "/lambda",
        "creation_info": {
            "owner_gid": 1000,
            "owner_uid": 1000,
            "permissions": "777",
        },
    },
    posix_user={
        "gid": 1000,
        "uid": 1000,
    })
# A lambda function connected to an EFS file system
example = aws.lambda_.Function("example",
    file_system_config={
        "arn": access_point_for_lambda.arn,
        "local_mount_path": "/mnt/efs",
    },
    vpc_config={
        "subnet_ids": [subnet_for_lambda["id"]],
        "security_group_ids": [sg_for_lambda["id"]],
    },
    opts = pulumi.ResourceOptions(depends_on=[alpha]))

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/efs"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// EFS file system
		efsForLambda, err := efs.NewFileSystem(ctx, "efs_for_lambda", &efs.FileSystemArgs{
			Tags: pulumi.StringMap{
				"Name": pulumi.String("efs_for_lambda"),
			},
		})
		if err != nil {
			return err
		}
		// Mount target connects the file system to the subnet
		alpha, err := efs.NewMountTarget(ctx, "alpha", &efs.MountTargetArgs{
			FileSystemId: efsForLambda.ID(),
			SubnetId:     pulumi.Any(subnetForLambda.Id),
			SecurityGroups: pulumi.StringArray{
				sgForLambda.Id,
			},
		})
		if err != nil {
			return err
		}
		// EFS access point used by lambda file system
		accessPointForLambda, err := efs.NewAccessPoint(ctx, "access_point_for_lambda", &efs.AccessPointArgs{
			FileSystemId: efsForLambda.ID(),
			RootDirectory: &efs.AccessPointRootDirectoryArgs{
				Path: pulumi.String("/lambda"),
				CreationInfo: &efs.AccessPointRootDirectoryCreationInfoArgs{
					OwnerGid:    pulumi.Int(1000),
					OwnerUid:    pulumi.Int(1000),
					Permissions: pulumi.String("777"),
				},
			},
			PosixUser: &efs.AccessPointPosixUserArgs{
				Gid: pulumi.Int(1000),
				Uid: pulumi.Int(1000),
			},
		})
		if err != nil {
			return err
		}
		// A lambda function connected to an EFS file system
		_, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
			FileSystemConfig: &lambda.FunctionFileSystemConfigArgs{
				Arn:            accessPointForLambda.Arn,
				LocalMountPath: pulumi.String("/mnt/efs"),
			},
			VpcConfig: &lambda.FunctionVpcConfigArgs{
				SubnetIds: pulumi.StringArray{
					subnetForLambda.Id,
				},
				SecurityGroupIds: pulumi.StringArray{
					sgForLambda.Id,
				},
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			alpha,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    // EFS file system
    var efsForLambda = new Aws.Efs.FileSystem("efs_for_lambda", new()
    {
        Tags = 
        {
            { "Name", "efs_for_lambda" },
        },
    });

    // Mount target connects the file system to the subnet
    var alpha = new Aws.Efs.MountTarget("alpha", new()
    {
        FileSystemId = efsForLambda.Id,
        SubnetId = subnetForLambda.Id,
        SecurityGroups = new[]
        {
            sgForLambda.Id,
        },
    });

    // EFS access point used by lambda file system
    var accessPointForLambda = new Aws.Efs.AccessPoint("access_point_for_lambda", new()
    {
        FileSystemId = efsForLambda.Id,
        RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs
        {
            Path = "/lambda",
            CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs
            {
                OwnerGid = 1000,
                OwnerUid = 1000,
                Permissions = "777",
            },
        },
        PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs
        {
            Gid = 1000,
            Uid = 1000,
        },
    });

    // A lambda function connected to an EFS file system
    var example = new Aws.Lambda.Function("example", new()
    {
        FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs
        {
            Arn = accessPointForLambda.Arn,
            LocalMountPath = "/mnt/efs",
        },
        VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs
        {
            SubnetIds = new[]
            {
                subnetForLambda.Id,
            },
            SecurityGroupIds = new[]
            {
                sgForLambda.Id,
            },
        },
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            alpha,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.efs.FileSystem;
import com.pulumi.aws.efs.FileSystemArgs;
import com.pulumi.aws.efs.MountTarget;
import com.pulumi.aws.efs.MountTargetArgs;
import com.pulumi.aws.efs.AccessPoint;
import com.pulumi.aws.efs.AccessPointArgs;
import com.pulumi.aws.efs.inputs.AccessPointRootDirectoryArgs;
import com.pulumi.aws.efs.inputs.AccessPointRootDirectoryCreationInfoArgs;
import com.pulumi.aws.efs.inputs.AccessPointPosixUserArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionFileSystemConfigArgs;
import com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // EFS file system
        var efsForLambda = new FileSystem("efsForLambda", FileSystemArgs.builder()
            .tags(Map.of("Name", "efs_for_lambda"))
            .build());

        // Mount target connects the file system to the subnet
        var alpha = new MountTarget("alpha", MountTargetArgs.builder()
            .fileSystemId(efsForLambda.id())
            .subnetId(subnetForLambda.id())
            .securityGroups(sgForLambda.id())
            .build());

        // EFS access point used by lambda file system
        var accessPointForLambda = new AccessPoint("accessPointForLambda", AccessPointArgs.builder()
            .fileSystemId(efsForLambda.id())
            .rootDirectory(AccessPointRootDirectoryArgs.builder()
                .path("/lambda")
                .creationInfo(AccessPointRootDirectoryCreationInfoArgs.builder()
                    .ownerGid(1000)
                    .ownerUid(1000)
                    .permissions("777")
                    .build())
                .build())
            .posixUser(AccessPointPosixUserArgs.builder()
                .gid(1000)
                .uid(1000)
                .build())
            .build());

        // A lambda function connected to an EFS file system
        var example = new Function("example", FunctionArgs.builder()
            .fileSystemConfig(FunctionFileSystemConfigArgs.builder()
                .arn(accessPointForLambda.arn())
                .localMountPath("/mnt/efs")
                .build())
            .vpcConfig(FunctionVpcConfigArgs.builder()
                .subnetIds(subnetForLambda.id())
                .securityGroupIds(sgForLambda.id())
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(alpha)
                .build());

    }
}

resources:
  # A lambda function connected to an EFS file system
  example:
    type: aws:lambda:Function
    properties:
      fileSystemConfig:
        arn: ${accessPointForLambda.arn}
        localMountPath: /mnt/efs
      vpcConfig:
        subnetIds:
          - ${subnetForLambda.id}
        securityGroupIds:
          - ${sgForLambda.id}
    options:
      dependsOn:
        - ${alpha}
  # EFS file system
  efsForLambda:
    type: aws:efs:FileSystem
    name: efs_for_lambda
    properties:
      tags:
        Name: efs_for_lambda
  # Mount target connects the file system to the subnet
  alpha:
    type: aws:efs:MountTarget
    properties:
      fileSystemId: ${efsForLambda.id}
      subnetId: ${subnetForLambda.id}
      securityGroups:
        - ${sgForLambda.id}
  # EFS access point used by lambda file system
  accessPointForLambda:
    type: aws:efs:AccessPoint
    name: access_point_for_lambda
    properties:
      fileSystemId: ${efsForLambda.id}
      rootDirectory:
        path: /lambda
        creationInfo:
          ownerGid: 1000
          ownerUid: 1000
          permissions: '777'
      posixUser:
        gid: 1000
        uid: 1000

Lambda retries

Lambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are Maximum age of event and Retry attempts as stated in Lambda documentation for Configuring error handling for asynchronous invocation. To configure these settings, refer to the aws.lambda.FunctionEventInvokeConfig resource.

CloudWatch Logging and Permissions

For more information about CloudWatch Logs for Lambda, see the Lambda User Guide.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const lambdaFunctionName = config.get("lambdaFunctionName") || "lambda_function_name";
// This is to optionally manage the CloudWatch Log Group for the Lambda Function.
// If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
const example = new aws.cloudwatch.LogGroup("example", {
    name: `/aws/lambda/${lambdaFunctionName}`,
    retentionInDays: 14,
});
// See also the following AWS managed policy: AWSLambdaBasicExecutionRole
const lambdaLogging = aws.iam.getPolicyDocument({
    statements: [{
        effect: "Allow",
        actions: [
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:PutLogEvents",
        ],
        resources: ["arn:aws:logs:*:*:*"],
    }],
});
const lambdaLoggingPolicy = new aws.iam.Policy("lambda_logging", {
    name: "lambda_logging",
    path: "/",
    description: "IAM policy for logging from a lambda",
    policy: lambdaLogging.then(lambdaLogging => lambdaLogging.json),
});
const lambdaLogs = new aws.iam.RolePolicyAttachment("lambda_logs", {
    role: iamForLambda.name,
    policyArn: lambdaLoggingPolicy.arn,
});
const testLambda = new aws.lambda.Function("test_lambda", {
    name: lambdaFunctionName,
    loggingConfig: {
        logFormat: "Text",
    },
}, {
    dependsOn: [
        lambdaLogs,
        example,
    ],
});

import pulumi
import pulumi_aws as aws

config = pulumi.Config()
lambda_function_name = config.get("lambdaFunctionName")
if lambda_function_name is None:
    lambda_function_name = "lambda_function_name"
# This is to optionally manage the CloudWatch Log Group for the Lambda Function.
# If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
example = aws.cloudwatch.LogGroup("example",
    name=f"/aws/lambda/{lambda_function_name}",
    retention_in_days=14)
# See also the following AWS managed policy: AWSLambdaBasicExecutionRole
lambda_logging = aws.iam.get_policy_document(statements=[{
    "effect": "Allow",
    "actions": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
    ],
    "resources": ["arn:aws:logs:*:*:*"],
}])
lambda_logging_policy = aws.iam.Policy("lambda_logging",
    name="lambda_logging",
    path="/",
    description="IAM policy for logging from a lambda",
    policy=lambda_logging.json)
lambda_logs = aws.iam.RolePolicyAttachment("lambda_logs",
    role=iam_for_lambda["name"],
    policy_arn=lambda_logging_policy.arn)
test_lambda = aws.lambda_.Function("test_lambda",
    name=lambda_function_name,
    logging_config={
        "log_format": "Text",
    },
    opts = pulumi.ResourceOptions(depends_on=[
            lambda_logs,
            example,
        ]))

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		lambdaFunctionName := "lambda_function_name"
		if param := cfg.Get("lambdaFunctionName"); param != "" {
			lambdaFunctionName = param
		}
		// This is to optionally manage the CloudWatch Log Group for the Lambda Function.
		// If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
		example, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{
			Name:            pulumi.Sprintf("/aws/lambda/%v", lambdaFunctionName),
			RetentionInDays: pulumi.Int(14),
		})
		if err != nil {
			return err
		}
		// See also the following AWS managed policy: AWSLambdaBasicExecutionRole
		lambdaLogging, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Effect: pulumi.StringRef("Allow"),
					Actions: []string{
						"logs:CreateLogGroup",
						"logs:CreateLogStream",
						"logs:PutLogEvents",
					},
					Resources: []string{
						"arn:aws:logs:*:*:*",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		lambdaLoggingPolicy, err := iam.NewPolicy(ctx, "lambda_logging", &iam.PolicyArgs{
			Name:        pulumi.String("lambda_logging"),
			Path:        pulumi.String("/"),
			Description: pulumi.String("IAM policy for logging from a lambda"),
			Policy:      pulumi.String(lambdaLogging.Json),
		})
		if err != nil {
			return err
		}
		lambdaLogs, err := iam.NewRolePolicyAttachment(ctx, "lambda_logs", &iam.RolePolicyAttachmentArgs{
			Role:      pulumi.Any(iamForLambda.Name),
			PolicyArn: lambdaLoggingPolicy.Arn,
		})
		if err != nil {
			return err
		}
		_, err = lambda.NewFunction(ctx, "test_lambda", &lambda.FunctionArgs{
			Name: pulumi.String(lambdaFunctionName),
			LoggingConfig: &lambda.FunctionLoggingConfigArgs{
				LogFormat: pulumi.String("Text"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			lambdaLogs,
			example,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var lambdaFunctionName = config.Get("lambdaFunctionName") ?? "lambda_function_name";
    // This is to optionally manage the CloudWatch Log Group for the Lambda Function.
    // If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
    var example = new Aws.CloudWatch.LogGroup("example", new()
    {
        Name = $"/aws/lambda/{lambdaFunctionName}",
        RetentionInDays = 14,
    });

    // See also the following AWS managed policy: AWSLambdaBasicExecutionRole
    var lambdaLogging = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Actions = new[]
                {
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents",
                },
                Resources = new[]
                {
                    "arn:aws:logs:*:*:*",
                },
            },
        },
    });

    var lambdaLoggingPolicy = new Aws.Iam.Policy("lambda_logging", new()
    {
        Name = "lambda_logging",
        Path = "/",
        Description = "IAM policy for logging from a lambda",
        PolicyDocument = lambdaLogging.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

    var lambdaLogs = new Aws.Iam.RolePolicyAttachment("lambda_logs", new()
    {
        Role = iamForLambda.Name,
        PolicyArn = lambdaLoggingPolicy.Arn,
    });

    var testLambda = new Aws.Lambda.Function("test_lambda", new()
    {
        Name = lambdaFunctionName,
        LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs
        {
            LogFormat = "Text",
        },
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            lambdaLogs,
            example,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var lambdaFunctionName = config.get("lambdaFunctionName").orElse("lambda_function_name");
        // This is to optionally manage the CloudWatch Log Group for the Lambda Function.
        // If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
        var example = new LogGroup("example", LogGroupArgs.builder()
            .name(String.format("/aws/lambda/%s", lambdaFunctionName))
            .retentionInDays(14)
            .build());

        // See also the following AWS managed policy: AWSLambdaBasicExecutionRole
        final var lambdaLogging = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .actions(                
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents")
                .resources("arn:aws:logs:*:*:*")
                .build())
            .build());

        var lambdaLoggingPolicy = new Policy("lambdaLoggingPolicy", PolicyArgs.builder()
            .name("lambda_logging")
            .path("/")
            .description("IAM policy for logging from a lambda")
            .policy(lambdaLogging.json())
            .build());

        var lambdaLogs = new RolePolicyAttachment("lambdaLogs", RolePolicyAttachmentArgs.builder()
            .role(iamForLambda.name())
            .policyArn(lambdaLoggingPolicy.arn())
            .build());

        var testLambda = new Function("testLambda", FunctionArgs.builder()
            .name(lambdaFunctionName)
            .loggingConfig(FunctionLoggingConfigArgs.builder()
                .logFormat("Text")
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(                
                    lambdaLogs,
                    example)
                .build());

    }
}

configuration:
  lambdaFunctionName:
    type: string
    default: lambda_function_name
resources:
  testLambda:
    type: aws:lambda:Function
    name: test_lambda
    properties:
      name: ${lambdaFunctionName}
      loggingConfig:
        logFormat: Text
    options:
      dependsOn:
        - ${lambdaLogs}
        - ${example}
  # This is to optionally manage the CloudWatch Log Group for the Lambda Function.
  # If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
  example:
    type: aws:cloudwatch:LogGroup
    properties:
      name: /aws/lambda/${lambdaFunctionName}
      retentionInDays: 14
  lambdaLoggingPolicy:
    type: aws:iam:Policy
    name: lambda_logging
    properties:
      name: lambda_logging
      path: /
      description: IAM policy for logging from a lambda
      policy: ${lambdaLogging.json}
  lambdaLogs:
    type: aws:iam:RolePolicyAttachment
    name: lambda_logs
    properties:
      role: ${iamForLambda.name}
      policyArn: ${lambdaLoggingPolicy.arn}
variables:
  # See also the following AWS managed policy: AWSLambdaBasicExecutionRole
  lambdaLogging:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - effect: Allow
            actions:
              - logs:CreateLogGroup
              - logs:CreateLogStream
              - logs:PutLogEvents
            resources:
              - arn:aws:logs:*:*:*

Specifying the Deployment Package

AWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which runtime is in use. See Runtimes for the valid values of runtime. The expected structure of the deployment package can be found in the AWS Lambda documentation for each runtime.

Once you have created your deployment package you can specify it either directly as a local file (using the filename argument) or indirectly via Amazon S3 (using the s3_bucket, s3_key and s3_object_version arguments). When providing the deployment package via S3 it may be useful to use the aws.s3.BucketObjectv2 resource to upload it.

For larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.

Create Function Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Function(name: string, args: FunctionArgs, opts?: CustomResourceOptions);

@overload
def Function(resource_name: str,
             args: FunctionArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Function(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             role: Optional[str] = None,
             package_type: Optional[str] = None,
             replace_security_groups_on_destroy: Optional[bool] = None,
             dead_letter_config: Optional[FunctionDeadLetterConfigArgs] = None,
             description: Optional[str] = None,
             environment: Optional[FunctionEnvironmentArgs] = None,
             ephemeral_storage: Optional[FunctionEphemeralStorageArgs] = None,
             file_system_config: Optional[FunctionFileSystemConfigArgs] = None,
             handler: Optional[str] = None,
             publish: Optional[bool] = None,
             image_uri: Optional[str] = None,
             kms_key_arn: Optional[str] = None,
             layers: Optional[Sequence[str]] = None,
             logging_config: Optional[FunctionLoggingConfigArgs] = None,
             memory_size: Optional[int] = None,
             code_signing_config_arn: Optional[str] = None,
             name: Optional[str] = None,
             image_config: Optional[FunctionImageConfigArgs] = None,
             architectures: Optional[Sequence[str]] = None,
             replacement_security_group_ids: Optional[Sequence[str]] = None,
             reserved_concurrent_executions: Optional[int] = None,
             code: Optional[pulumi.Archive] = None,
             runtime: Optional[Union[str, Runtime]] = None,
             s3_bucket: Optional[str] = None,
             s3_key: Optional[str] = None,
             s3_object_version: Optional[str] = None,
             skip_destroy: Optional[bool] = None,
             snap_start: Optional[FunctionSnapStartArgs] = None,
             source_code_hash: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None,
             timeout: Optional[int] = None,
             tracing_config: Optional[FunctionTracingConfigArgs] = None,
             vpc_config: Optional[FunctionVpcConfigArgs] = None)

func NewFunction(ctx *Context, name string, args FunctionArgs, opts ...ResourceOption) (*Function, error)

public Function(string name, FunctionArgs args, CustomResourceOptions? opts = null)

public Function(String name, FunctionArgs args)
public Function(String name, FunctionArgs args, CustomResourceOptions options)

type: aws:lambda:Function
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var examplefunctionResourceResourceFromLambdafunction = new Aws.Lambda.Function("examplefunctionResourceResourceFromLambdafunction", new()
{
    Role = "string",
    PackageType = "string",
    ReplaceSecurityGroupsOnDestroy = false,
    DeadLetterConfig = new Aws.Lambda.Inputs.FunctionDeadLetterConfigArgs
    {
        TargetArn = "string",
    },
    Description = "string",
    Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs
    {
        Variables = 
        {
            { "string", "string" },
        },
    },
    EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs
    {
        Size = 0,
    },
    FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs
    {
        Arn = "string",
        LocalMountPath = "string",
    },
    Handler = "string",
    Publish = false,
    ImageUri = "string",
    KmsKeyArn = "string",
    Layers = new[]
    {
        "string",
    },
    LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs
    {
        LogFormat = "string",
        ApplicationLogLevel = "string",
        LogGroup = "string",
        SystemLogLevel = "string",
    },
    MemorySize = 0,
    CodeSigningConfigArn = "string",
    Name = "string",
    ImageConfig = new Aws.Lambda.Inputs.FunctionImageConfigArgs
    {
        Commands = new[]
        {
            "string",
        },
        EntryPoints = new[]
        {
            "string",
        },
        WorkingDirectory = "string",
    },
    Architectures = new[]
    {
        "string",
    },
    ReplacementSecurityGroupIds = new[]
    {
        "string",
    },
    ReservedConcurrentExecutions = 0,
    Code = new FileArchive("./path/to/archive"),
    Runtime = "string",
    S3Bucket = "string",
    S3Key = "string",
    S3ObjectVersion = "string",
    SkipDestroy = false,
    SnapStart = new Aws.Lambda.Inputs.FunctionSnapStartArgs
    {
        ApplyOn = "string",
        OptimizationStatus = "string",
    },
    SourceCodeHash = "string",
    Tags = 
    {
        { "string", "string" },
    },
    Timeout = 0,
    TracingConfig = new Aws.Lambda.Inputs.FunctionTracingConfigArgs
    {
        Mode = "string",
    },
    VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs
    {
        SecurityGroupIds = new[]
        {
            "string",
        },
        SubnetIds = new[]
        {
            "string",
        },
        Ipv6AllowedForDualStack = false,
        VpcId = "string",
    },
});

example, err := lambda.NewFunction(ctx, "examplefunctionResourceResourceFromLambdafunction", &lambda.FunctionArgs{
	Role:                           pulumi.String("string"),
	PackageType:                    pulumi.String("string"),
	ReplaceSecurityGroupsOnDestroy: pulumi.Bool(false),
	DeadLetterConfig: &lambda.FunctionDeadLetterConfigArgs{
		TargetArn: pulumi.String("string"),
	},
	Description: pulumi.String("string"),
	Environment: &lambda.FunctionEnvironmentArgs{
		Variables: pulumi.StringMap{
			"string": pulumi.String("string"),
		},
	},
	EphemeralStorage: &lambda.FunctionEphemeralStorageArgs{
		Size: pulumi.Int(0),
	},
	FileSystemConfig: &lambda.FunctionFileSystemConfigArgs{
		Arn:            pulumi.String("string"),
		LocalMountPath: pulumi.String("string"),
	},
	Handler:   pulumi.String("string"),
	Publish:   pulumi.Bool(false),
	ImageUri:  pulumi.String("string"),
	KmsKeyArn: pulumi.String("string"),
	Layers: pulumi.StringArray{
		pulumi.String("string"),
	},
	LoggingConfig: &lambda.FunctionLoggingConfigArgs{
		LogFormat:           pulumi.String("string"),
		ApplicationLogLevel: pulumi.String("string"),
		LogGroup:            pulumi.String("string"),
		SystemLogLevel:      pulumi.String("string"),
	},
	MemorySize:           pulumi.Int(0),
	CodeSigningConfigArn: pulumi.String("string"),
	Name:                 pulumi.String("string"),
	ImageConfig: &lambda.FunctionImageConfigArgs{
		Commands: pulumi.StringArray{
			pulumi.String("string"),
		},
		EntryPoints: pulumi.StringArray{
			pulumi.String("string"),
		},
		WorkingDirectory: pulumi.String("string"),
	},
	Architectures: pulumi.StringArray{
		pulumi.String("string"),
	},
	ReplacementSecurityGroupIds: pulumi.StringArray{
		pulumi.String("string"),
	},
	ReservedConcurrentExecutions: pulumi.Int(0),
	Code:                         pulumi.NewFileArchive("./path/to/archive"),
	Runtime:                      pulumi.String("string"),
	S3Bucket:                     pulumi.String("string"),
	S3Key:                        pulumi.String("string"),
	S3ObjectVersion:              pulumi.String("string"),
	SkipDestroy:                  pulumi.Bool(false),
	SnapStart: &lambda.FunctionSnapStartArgs{
		ApplyOn:            pulumi.String("string"),
		OptimizationStatus: pulumi.String("string"),
	},
	SourceCodeHash: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Timeout: pulumi.Int(0),
	TracingConfig: &lambda.FunctionTracingConfigArgs{
		Mode: pulumi.String("string"),
	},
	VpcConfig: &lambda.FunctionVpcConfigArgs{
		SecurityGroupIds: pulumi.StringArray{
			pulumi.String("string"),
		},
		SubnetIds: pulumi.StringArray{
			pulumi.String("string"),
		},
		Ipv6AllowedForDualStack: pulumi.Bool(false),
		VpcId:                   pulumi.String("string"),
	},
})

var examplefunctionResourceResourceFromLambdafunction = new com.pulumi.aws.lambda.Function("examplefunctionResourceResourceFromLambdafunction", com.pulumi.aws.lambda.FunctionArgs.builder()
    .role("string")
    .packageType("string")
    .replaceSecurityGroupsOnDestroy(false)
    .deadLetterConfig(FunctionDeadLetterConfigArgs.builder()
        .targetArn("string")
        .build())
    .description("string")
    .environment(FunctionEnvironmentArgs.builder()
        .variables(Map.of("string", "string"))
        .build())
    .ephemeralStorage(FunctionEphemeralStorageArgs.builder()
        .size(0)
        .build())
    .fileSystemConfig(FunctionFileSystemConfigArgs.builder()
        .arn("string")
        .localMountPath("string")
        .build())
    .handler("string")
    .publish(false)
    .imageUri("string")
    .kmsKeyArn("string")
    .layers("string")
    .loggingConfig(FunctionLoggingConfigArgs.builder()
        .logFormat("string")
        .applicationLogLevel("string")
        .logGroup("string")
        .systemLogLevel("string")
        .build())
    .memorySize(0)
    .codeSigningConfigArn("string")
    .name("string")
    .imageConfig(FunctionImageConfigArgs.builder()
        .commands("string")
        .entryPoints("string")
        .workingDirectory("string")
        .build())
    .architectures("string")
    .replacementSecurityGroupIds("string")
    .reservedConcurrentExecutions(0)
    .code(new FileArchive("./path/to/archive"))
    .runtime("string")
    .s3Bucket("string")
    .s3Key("string")
    .s3ObjectVersion("string")
    .skipDestroy(false)
    .snapStart(FunctionSnapStartArgs.builder()
        .applyOn("string")
        .optimizationStatus("string")
        .build())
    .sourceCodeHash("string")
    .tags(Map.of("string", "string"))
    .timeout(0)
    .tracingConfig(FunctionTracingConfigArgs.builder()
        .mode("string")
        .build())
    .vpcConfig(FunctionVpcConfigArgs.builder()
        .securityGroupIds("string")
        .subnetIds("string")
        .ipv6AllowedForDualStack(false)
        .vpcId("string")
        .build())
    .build());

examplefunction_resource_resource_from_lambdafunction = aws.lambda_.Function("examplefunctionResourceResourceFromLambdafunction",
    role="string",
    package_type="string",
    replace_security_groups_on_destroy=False,
    dead_letter_config={
        "target_arn": "string",
    },
    description="string",
    environment={
        "variables": {
            "string": "string",
        },
    },
    ephemeral_storage={
        "size": 0,
    },
    file_system_config={
        "arn": "string",
        "local_mount_path": "string",
    },
    handler="string",
    publish=False,
    image_uri="string",
    kms_key_arn="string",
    layers=["string"],
    logging_config={
        "log_format": "string",
        "application_log_level": "string",
        "log_group": "string",
        "system_log_level": "string",
    },
    memory_size=0,
    code_signing_config_arn="string",
    name="string",
    image_config={
        "commands": ["string"],
        "entry_points": ["string"],
        "working_directory": "string",
    },
    architectures=["string"],
    replacement_security_group_ids=["string"],
    reserved_concurrent_executions=0,
    code=pulumi.FileArchive("./path/to/archive"),
    runtime="string",
    s3_bucket="string",
    s3_key="string",
    s3_object_version="string",
    skip_destroy=False,
    snap_start={
        "apply_on": "string",
        "optimization_status": "string",
    },
    source_code_hash="string",
    tags={
        "string": "string",
    },
    timeout=0,
    tracing_config={
        "mode": "string",
    },
    vpc_config={
        "security_group_ids": ["string"],
        "subnet_ids": ["string"],
        "ipv6_allowed_for_dual_stack": False,
        "vpc_id": "string",
    })

const examplefunctionResourceResourceFromLambdafunction = new aws.lambda.Function("examplefunctionResourceResourceFromLambdafunction", {
    role: "string",
    packageType: "string",
    replaceSecurityGroupsOnDestroy: false,
    deadLetterConfig: {
        targetArn: "string",
    },
    description: "string",
    environment: {
        variables: {
            string: "string",
        },
    },
    ephemeralStorage: {
        size: 0,
    },
    fileSystemConfig: {
        arn: "string",
        localMountPath: "string",
    },
    handler: "string",
    publish: false,
    imageUri: "string",
    kmsKeyArn: "string",
    layers: ["string"],
    loggingConfig: {
        logFormat: "string",
        applicationLogLevel: "string",
        logGroup: "string",
        systemLogLevel: "string",
    },
    memorySize: 0,
    codeSigningConfigArn: "string",
    name: "string",
    imageConfig: {
        commands: ["string"],
        entryPoints: ["string"],
        workingDirectory: "string",
    },
    architectures: ["string"],
    replacementSecurityGroupIds: ["string"],
    reservedConcurrentExecutions: 0,
    code: new pulumi.asset.FileArchive("./path/to/archive"),
    runtime: "string",
    s3Bucket: "string",
    s3Key: "string",
    s3ObjectVersion: "string",
    skipDestroy: false,
    snapStart: {
        applyOn: "string",
        optimizationStatus: "string",
    },
    sourceCodeHash: "string",
    tags: {
        string: "string",
    },
    timeout: 0,
    tracingConfig: {
        mode: "string",
    },
    vpcConfig: {
        securityGroupIds: ["string"],
        subnetIds: ["string"],
        ipv6AllowedForDualStack: false,
        vpcId: "string",
    },
});

type: aws:lambda:Function
properties:
    architectures:
        - string
    code:
        fn::FileArchive: ./path/to/archive
    codeSigningConfigArn: string
    deadLetterConfig:
        targetArn: string
    description: string
    environment:
        variables:
            string: string
    ephemeralStorage:
        size: 0
    fileSystemConfig:
        arn: string
        localMountPath: string
    handler: string
    imageConfig:
        commands:
            - string
        entryPoints:
            - string
        workingDirectory: string
    imageUri: string
    kmsKeyArn: string
    layers:
        - string
    loggingConfig:
        applicationLogLevel: string
        logFormat: string
        logGroup: string
        systemLogLevel: string
    memorySize: 0
    name: string
    packageType: string
    publish: false
    replaceSecurityGroupsOnDestroy: false
    replacementSecurityGroupIds:
        - string
    reservedConcurrentExecutions: 0
    role: string
    runtime: string
    s3Bucket: string
    s3Key: string
    s3ObjectVersion: string
    skipDestroy: false
    snapStart:
        applyOn: string
        optimizationStatus: string
    sourceCodeHash: string
    tags:
        string: string
    timeout: 0
    tracingConfig:
        mode: string
    vpcConfig:
        ipv6AllowedForDualStack: false
        securityGroupIds:
            - string
        subnetIds:
            - string
        vpcId: string

Function Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Function resource accepts the following input properties:

Role string

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

Architectures List<string>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

Code Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

CodeSigningConfigArn string

To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.

DeadLetterConfig FunctionDeadLetterConfig

Configuration block. Detailed below.

Description string

Description of what your Lambda Function does.

Environment FunctionEnvironment

Configuration block. Detailed below.

EphemeralStorage FunctionEphemeralStorage

The amount of Ephemeral storage(/tmp) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of 512MB. Detailed below.

FileSystemConfig FunctionFileSystemConfig

Configuration block. Detailed below.

Handler string

Function entrypoint in your code.

ImageConfig FunctionImageConfig

Configuration block. Detailed below.

ImageUri string

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

KmsKeyArn string

Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.

Layers List<string>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

LoggingConfig FunctionLoggingConfig

Configuration block used to specify advanced logging settings. Detailed below.

MemorySize int

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

Name string

Unique name for your Lambda Function.

PackageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

Publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

ReplaceSecurityGroupsOnDestroy bool

Whether to replace the security groups on the function's VPC configuration prior to destruction. Removing these security group associations prior to function destruction can speed up security group deletion times of AWS's internal cleanup operations. By default, the security groups will be replaced with the default security group in the function's configured VPC. Set the replacement_security_group_ids attribute to use a custom list of security groups for replacement.

ReplacementSecurityGroupIds List<string>

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

ReservedConcurrentExecutions int

Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency

Runtime string | Pulumi.Aws.Lambda.Runtime

Identifier of the function's runtime. See Runtimes for valid values.

S3Bucket string

S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of filename, image_uri, or s3_bucket must be specified. When s3_bucket is set, s3_key is required.

S3Key string

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

S3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

SkipDestroy bool

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

SnapStart FunctionSnapStart

Snap start settings block. Detailed below.

SourceCodeHash string

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

Tags Dictionary<string, string>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

TracingConfig FunctionTracingConfig

Configuration block. Detailed below.

VpcConfig FunctionVpcConfig

Configuration block. Detailed below.

Role string

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

Architectures []string

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

Code pulumi.Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

CodeSigningConfigArn string

DeadLetterConfig FunctionDeadLetterConfigArgs

Configuration block. Detailed below.

Description string

Description of what your Lambda Function does.

Environment FunctionEnvironmentArgs

Configuration block. Detailed below.

EphemeralStorage FunctionEphemeralStorageArgs

FileSystemConfig FunctionFileSystemConfigArgs

Configuration block. Detailed below.

Handler string

Function entrypoint in your code.

ImageConfig FunctionImageConfigArgs

Configuration block. Detailed below.

ImageUri string

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

KmsKeyArn string

Layers []string

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

LoggingConfig FunctionLoggingConfigArgs

Configuration block used to specify advanced logging settings. Detailed below.

MemorySize int

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

Name string

Unique name for your Lambda Function.

PackageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

Publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

ReplaceSecurityGroupsOnDestroy bool

ReplacementSecurityGroupIds []string

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

ReservedConcurrentExecutions int

Runtime string | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

S3Bucket string

S3Key string

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

S3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

SkipDestroy bool

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

SnapStart FunctionSnapStartArgs

Snap start settings block. Detailed below.

SourceCodeHash string

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

Tags map[string]string

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

TracingConfig FunctionTracingConfigArgs

Configuration block. Detailed below.

VpcConfig FunctionVpcConfigArgs

Configuration block. Detailed below.

role String

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

architectures List<String>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

code Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

codeSigningConfigArn String

deadLetterConfig FunctionDeadLetterConfig

Configuration block. Detailed below.

description String

Description of what your Lambda Function does.

environment FunctionEnvironment

Configuration block. Detailed below.

ephemeralStorage FunctionEphemeralStorage

fileSystemConfig FunctionFileSystemConfig

Configuration block. Detailed below.

handler String

Function entrypoint in your code.

imageConfig FunctionImageConfig

Configuration block. Detailed below.

imageUri String

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

kmsKeyArn String

layers List<String>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

loggingConfig FunctionLoggingConfig

Configuration block used to specify advanced logging settings. Detailed below.

memorySize Integer

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name String

Unique name for your Lambda Function.

packageType String

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish Boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

replaceSecurityGroupsOnDestroy Boolean

replacementSecurityGroupIds List<String>

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

reservedConcurrentExecutions Integer

runtime String | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

s3Bucket String

s3Key String

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

s3ObjectVersion String

Object version containing the function's deployment package. Conflicts with filename and image_uri.

skipDestroy Boolean

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

snapStart FunctionSnapStart

Snap start settings block. Detailed below.

sourceCodeHash String

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

tags Map<String,String>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

timeout Integer

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracingConfig FunctionTracingConfig

Configuration block. Detailed below.

vpcConfig FunctionVpcConfig

Configuration block. Detailed below.

role ARN

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

architectures string[]

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

code pulumi.asset.Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

codeSigningConfigArn string

deadLetterConfig FunctionDeadLetterConfig

Configuration block. Detailed below.

description string

Description of what your Lambda Function does.

environment FunctionEnvironment

Configuration block. Detailed below.

ephemeralStorage FunctionEphemeralStorage

fileSystemConfig FunctionFileSystemConfig

Configuration block. Detailed below.

handler string

Function entrypoint in your code.

imageConfig FunctionImageConfig

Configuration block. Detailed below.

imageUri string

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

kmsKeyArn string

layers string[]

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

loggingConfig FunctionLoggingConfig

Configuration block used to specify advanced logging settings. Detailed below.

memorySize number

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name string

Unique name for your Lambda Function.

packageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

replaceSecurityGroupsOnDestroy boolean

replacementSecurityGroupIds string[]

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

reservedConcurrentExecutions number

runtime string | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

s3Bucket string

s3Key string

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

s3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

skipDestroy boolean

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

snapStart FunctionSnapStart

Snap start settings block. Detailed below.

sourceCodeHash string

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

tags {[key: string]: string}

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

timeout number

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracingConfig FunctionTracingConfig

Configuration block. Detailed below.

vpcConfig FunctionVpcConfig

Configuration block. Detailed below.

role str

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

architectures Sequence[str]

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

code pulumi.Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

code_signing_config_arn str

dead_letter_config FunctionDeadLetterConfigArgs

Configuration block. Detailed below.

description str

Description of what your Lambda Function does.

environment FunctionEnvironmentArgs

Configuration block. Detailed below.

ephemeral_storage FunctionEphemeralStorageArgs

file_system_config FunctionFileSystemConfigArgs

Configuration block. Detailed below.

handler str

Function entrypoint in your code.

image_config FunctionImageConfigArgs

Configuration block. Detailed below.

image_uri str

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

kms_key_arn str

layers Sequence[str]

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

logging_config FunctionLoggingConfigArgs

Configuration block used to specify advanced logging settings. Detailed below.

memory_size int

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name str

Unique name for your Lambda Function.

package_type str

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

replace_security_groups_on_destroy bool

replacement_security_group_ids Sequence[str]

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

reserved_concurrent_executions int

runtime str | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

s3_bucket str

s3_key str

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

s3_object_version str

Object version containing the function's deployment package. Conflicts with filename and image_uri.

skip_destroy bool

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

snap_start FunctionSnapStartArgs

Snap start settings block. Detailed below.

source_code_hash str

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

tags Mapping[str, str]

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracing_config FunctionTracingConfigArgs

Configuration block. Detailed below.

vpc_config FunctionVpcConfigArgs

Configuration block. Detailed below.

role

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

architectures List<String>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

code Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

codeSigningConfigArn String

deadLetterConfig Property Map

Configuration block. Detailed below.

description String

Description of what your Lambda Function does.

environment Property Map

Configuration block. Detailed below.

ephemeralStorage Property Map

fileSystemConfig Property Map

Configuration block. Detailed below.

handler String

Function entrypoint in your code.

imageConfig Property Map

Configuration block. Detailed below.

imageUri String

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

kmsKeyArn String

layers List<String>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

loggingConfig Property Map

Configuration block used to specify advanced logging settings. Detailed below.

memorySize Number

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name String

Unique name for your Lambda Function.

packageType String

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish Boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

replaceSecurityGroupsOnDestroy Boolean

replacementSecurityGroupIds List<String>

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

reservedConcurrentExecutions Number

Identifier of the function's runtime. See Runtimes for valid values.

s3Bucket String

s3Key String

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

s3ObjectVersion String

Object version containing the function's deployment package. Conflicts with filename and image_uri.

skipDestroy Boolean

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

snapStart Property Map

Snap start settings block. Detailed below.

sourceCodeHash String

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

tags Map<String>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

timeout Number

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracingConfig Property Map

Configuration block. Detailed below.

vpcConfig Property Map

Configuration block. Detailed below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Function resource produces the following output properties:

Arn string: Amazon Resource Name (ARN) identifying your Lambda Function.
CodeSha256 string: Base64-encoded representation of raw SHA-256 sum of the zip file.
Id string: The provider-assigned unique ID for this managed resource.
InvokeArn string: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
LastModified string: Date this resource was last modified.
QualifiedArn string: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
QualifiedInvokeArn string: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
SigningJobArn string: ARN of the signing job.
SigningProfileVersionArn string: ARN of the signing profile version.
SourceCodeSize int: Size in bytes of the function .zip file.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
Version string: Latest published version of your Lambda Function.

Arn string: Amazon Resource Name (ARN) identifying your Lambda Function.
CodeSha256 string: Base64-encoded representation of raw SHA-256 sum of the zip file.
Id string: The provider-assigned unique ID for this managed resource.
InvokeArn string: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
LastModified string: Date this resource was last modified.
QualifiedArn string: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
QualifiedInvokeArn string: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
SigningJobArn string: ARN of the signing job.
SigningProfileVersionArn string: ARN of the signing profile version.
SourceCodeSize int: Size in bytes of the function .zip file.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
Version string: Latest published version of your Lambda Function.

arn String: Amazon Resource Name (ARN) identifying your Lambda Function.
codeSha256 String: Base64-encoded representation of raw SHA-256 sum of the zip file.
id String: The provider-assigned unique ID for this managed resource.
invokeArn String: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
lastModified String: Date this resource was last modified.
qualifiedArn String: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
qualifiedInvokeArn String: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
signingJobArn String: ARN of the signing job.
signingProfileVersionArn String: ARN of the signing profile version.
sourceCodeSize Integer: Size in bytes of the function .zip file.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
version String: Latest published version of your Lambda Function.

arn string: Amazon Resource Name (ARN) identifying your Lambda Function.
codeSha256 string: Base64-encoded representation of raw SHA-256 sum of the zip file.
id string: The provider-assigned unique ID for this managed resource.
invokeArn string: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
lastModified string: Date this resource was last modified.
qualifiedArn string: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
qualifiedInvokeArn string: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
signingJobArn string: ARN of the signing job.
signingProfileVersionArn string: ARN of the signing profile version.
sourceCodeSize number: Size in bytes of the function .zip file.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
version string: Latest published version of your Lambda Function.

arn str: Amazon Resource Name (ARN) identifying your Lambda Function.
code_sha256 str: Base64-encoded representation of raw SHA-256 sum of the zip file.
id str: The provider-assigned unique ID for this managed resource.
invoke_arn str: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
last_modified str: Date this resource was last modified.
qualified_arn str: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
qualified_invoke_arn str: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
signing_job_arn str: ARN of the signing job.
signing_profile_version_arn str: ARN of the signing profile version.
source_code_size int: Size in bytes of the function .zip file.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
version str: Latest published version of your Lambda Function.

arn String: Amazon Resource Name (ARN) identifying your Lambda Function.
codeSha256 String: Base64-encoded representation of raw SHA-256 sum of the zip file.
id String: The provider-assigned unique ID for this managed resource.
invokeArn String: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
lastModified String: Date this resource was last modified.
qualifiedArn String: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
qualifiedInvokeArn String: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
signingJobArn String: ARN of the signing job.
signingProfileVersionArn String: ARN of the signing profile version.
sourceCodeSize Number: Size in bytes of the function .zip file.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
version String: Latest published version of your Lambda Function.

Look up Existing Function Resource

Get an existing Function resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FunctionState, opts?: CustomResourceOptions): Function

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        architectures: Optional[Sequence[str]] = None,
        arn: Optional[str] = None,
        code: Optional[pulumi.Archive] = None,
        code_sha256: Optional[str] = None,
        code_signing_config_arn: Optional[str] = None,
        dead_letter_config: Optional[FunctionDeadLetterConfigArgs] = None,
        description: Optional[str] = None,
        environment: Optional[FunctionEnvironmentArgs] = None,
        ephemeral_storage: Optional[FunctionEphemeralStorageArgs] = None,
        file_system_config: Optional[FunctionFileSystemConfigArgs] = None,
        handler: Optional[str] = None,
        image_config: Optional[FunctionImageConfigArgs] = None,
        image_uri: Optional[str] = None,
        invoke_arn: Optional[str] = None,
        kms_key_arn: Optional[str] = None,
        last_modified: Optional[str] = None,
        layers: Optional[Sequence[str]] = None,
        logging_config: Optional[FunctionLoggingConfigArgs] = None,
        memory_size: Optional[int] = None,
        name: Optional[str] = None,
        package_type: Optional[str] = None,
        publish: Optional[bool] = None,
        qualified_arn: Optional[str] = None,
        qualified_invoke_arn: Optional[str] = None,
        replace_security_groups_on_destroy: Optional[bool] = None,
        replacement_security_group_ids: Optional[Sequence[str]] = None,
        reserved_concurrent_executions: Optional[int] = None,
        role: Optional[str] = None,
        runtime: Optional[Union[str, Runtime]] = None,
        s3_bucket: Optional[str] = None,
        s3_key: Optional[str] = None,
        s3_object_version: Optional[str] = None,
        signing_job_arn: Optional[str] = None,
        signing_profile_version_arn: Optional[str] = None,
        skip_destroy: Optional[bool] = None,
        snap_start: Optional[FunctionSnapStartArgs] = None,
        source_code_hash: Optional[str] = None,
        source_code_size: Optional[int] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        timeout: Optional[int] = None,
        tracing_config: Optional[FunctionTracingConfigArgs] = None,
        version: Optional[str] = None,
        vpc_config: Optional[FunctionVpcConfigArgs] = None) -> Function

func GetFunction(ctx *Context, name string, id IDInput, state *FunctionState, opts ...ResourceOption) (*Function, error)

public static Function Get(string name, Input<string> id, FunctionState? state, CustomResourceOptions? opts = null)

public static Function get(String name, Output<String> id, FunctionState state, CustomResourceOptions options)

resources:  _:    type: aws:lambda:Function    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Architectures List<string>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

Arn string

Amazon Resource Name (ARN) identifying your Lambda Function.

Code Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

CodeSha256 string

Base64-encoded representation of raw SHA-256 sum of the zip file.

CodeSigningConfigArn string

DeadLetterConfig FunctionDeadLetterConfig

Configuration block. Detailed below.

Description string

Description of what your Lambda Function does.

Environment FunctionEnvironment

Configuration block. Detailed below.

EphemeralStorage FunctionEphemeralStorage

FileSystemConfig FunctionFileSystemConfig

Configuration block. Detailed below.

Handler string

Function entrypoint in your code.

ImageConfig FunctionImageConfig

Configuration block. Detailed below.

ImageUri string

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

InvokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

KmsKeyArn string

LastModified string

Date this resource was last modified.

Layers List<string>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

LoggingConfig FunctionLoggingConfig

Configuration block used to specify advanced logging settings. Detailed below.

MemorySize int

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

Name string

Unique name for your Lambda Function.

PackageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

Publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

QualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

QualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

ReplaceSecurityGroupsOnDestroy bool

ReplacementSecurityGroupIds List<string>

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

ReservedConcurrentExecutions int

Role string

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

Runtime string | Pulumi.Aws.Lambda.Runtime

Identifier of the function's runtime. See Runtimes for valid values.

S3Bucket string

S3Key string

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

S3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

SigningJobArn string

ARN of the signing job.

SigningProfileVersionArn string

ARN of the signing profile version.

SkipDestroy bool

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

SnapStart FunctionSnapStart

Snap start settings block. Detailed below.

SourceCodeHash string

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

SourceCodeSize int

Size in bytes of the function .zip file.

Tags Dictionary<string, string>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

TracingConfig FunctionTracingConfig

Configuration block. Detailed below.

Version string

Latest published version of your Lambda Function.

VpcConfig FunctionVpcConfig

Configuration block. Detailed below.

Architectures []string

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

Arn string

Amazon Resource Name (ARN) identifying your Lambda Function.

Code pulumi.Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

CodeSha256 string

Base64-encoded representation of raw SHA-256 sum of the zip file.

CodeSigningConfigArn string

DeadLetterConfig FunctionDeadLetterConfigArgs

Configuration block. Detailed below.

Description string

Description of what your Lambda Function does.

Environment FunctionEnvironmentArgs

Configuration block. Detailed below.

EphemeralStorage FunctionEphemeralStorageArgs

FileSystemConfig FunctionFileSystemConfigArgs

Configuration block. Detailed below.

Handler string

Function entrypoint in your code.

ImageConfig FunctionImageConfigArgs

Configuration block. Detailed below.

ImageUri string

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

InvokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

KmsKeyArn string

LastModified string

Date this resource was last modified.

Layers []string

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

LoggingConfig FunctionLoggingConfigArgs

Configuration block used to specify advanced logging settings. Detailed below.

MemorySize int

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

Name string

Unique name for your Lambda Function.

PackageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

Publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

QualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

QualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

ReplaceSecurityGroupsOnDestroy bool

ReplacementSecurityGroupIds []string

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

ReservedConcurrentExecutions int

Role string

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

Runtime string | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

S3Bucket string

S3Key string

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

S3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

SigningJobArn string

ARN of the signing job.

SigningProfileVersionArn string

ARN of the signing profile version.

SkipDestroy bool

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

SnapStart FunctionSnapStartArgs

Snap start settings block. Detailed below.

SourceCodeHash string

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

SourceCodeSize int

Size in bytes of the function .zip file.

Tags map[string]string

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

TracingConfig FunctionTracingConfigArgs

Configuration block. Detailed below.

Version string

Latest published version of your Lambda Function.

VpcConfig FunctionVpcConfigArgs

Configuration block. Detailed below.

architectures List<String>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

arn String

Amazon Resource Name (ARN) identifying your Lambda Function.

code Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

codeSha256 String

Base64-encoded representation of raw SHA-256 sum of the zip file.

codeSigningConfigArn String

deadLetterConfig FunctionDeadLetterConfig

Configuration block. Detailed below.

description String

Description of what your Lambda Function does.

environment FunctionEnvironment

Configuration block. Detailed below.

ephemeralStorage FunctionEphemeralStorage

fileSystemConfig FunctionFileSystemConfig

Configuration block. Detailed below.

handler String

Function entrypoint in your code.

imageConfig FunctionImageConfig

Configuration block. Detailed below.

imageUri String

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

invokeArn String

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kmsKeyArn String

lastModified String

Date this resource was last modified.

layers List<String>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

loggingConfig FunctionLoggingConfig

Configuration block used to specify advanced logging settings. Detailed below.

memorySize Integer

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name String

Unique name for your Lambda Function.

packageType String

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish Boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualifiedArn String

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn String

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

replaceSecurityGroupsOnDestroy Boolean

replacementSecurityGroupIds List<String>

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

reservedConcurrentExecutions Integer

role String

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

runtime String | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

s3Bucket String

s3Key String

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

s3ObjectVersion String

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signingJobArn String

ARN of the signing job.

signingProfileVersionArn String

ARN of the signing profile version.

skipDestroy Boolean

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

snapStart FunctionSnapStart

Snap start settings block. Detailed below.

sourceCodeHash String

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

sourceCodeSize Integer

Size in bytes of the function .zip file.

tags Map<String,String>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

timeout Integer

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracingConfig FunctionTracingConfig

Configuration block. Detailed below.

version String

Latest published version of your Lambda Function.

vpcConfig FunctionVpcConfig

Configuration block. Detailed below.

architectures string[]

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

arn string

Amazon Resource Name (ARN) identifying your Lambda Function.

code pulumi.asset.Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

codeSha256 string

Base64-encoded representation of raw SHA-256 sum of the zip file.

codeSigningConfigArn string

deadLetterConfig FunctionDeadLetterConfig

Configuration block. Detailed below.

description string

Description of what your Lambda Function does.

environment FunctionEnvironment

Configuration block. Detailed below.

ephemeralStorage FunctionEphemeralStorage

fileSystemConfig FunctionFileSystemConfig

Configuration block. Detailed below.

handler string

Function entrypoint in your code.

imageConfig FunctionImageConfig

Configuration block. Detailed below.

imageUri string

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

invokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kmsKeyArn string

lastModified string

Date this resource was last modified.

layers string[]

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

loggingConfig FunctionLoggingConfig

Configuration block used to specify advanced logging settings. Detailed below.

memorySize number

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name string

Unique name for your Lambda Function.

packageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

replaceSecurityGroupsOnDestroy boolean

replacementSecurityGroupIds string[]

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

reservedConcurrentExecutions number

role ARN

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

runtime string | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

s3Bucket string

s3Key string

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

s3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signingJobArn string

ARN of the signing job.

signingProfileVersionArn string

ARN of the signing profile version.

skipDestroy boolean

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

snapStart FunctionSnapStart

Snap start settings block. Detailed below.

sourceCodeHash string

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

sourceCodeSize number

Size in bytes of the function .zip file.

tags {[key: string]: string}

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

timeout number

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracingConfig FunctionTracingConfig

Configuration block. Detailed below.

version string

Latest published version of your Lambda Function.

vpcConfig FunctionVpcConfig

Configuration block. Detailed below.

architectures Sequence[str]

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

arn str

Amazon Resource Name (ARN) identifying your Lambda Function.

code pulumi.Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

code_sha256 str

Base64-encoded representation of raw SHA-256 sum of the zip file.

code_signing_config_arn str

dead_letter_config FunctionDeadLetterConfigArgs

Configuration block. Detailed below.

description str

Description of what your Lambda Function does.

environment FunctionEnvironmentArgs

Configuration block. Detailed below.

ephemeral_storage FunctionEphemeralStorageArgs

file_system_config FunctionFileSystemConfigArgs

Configuration block. Detailed below.

handler str

Function entrypoint in your code.

image_config FunctionImageConfigArgs

Configuration block. Detailed below.

image_uri str

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

invoke_arn str

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kms_key_arn str

last_modified str

Date this resource was last modified.

layers Sequence[str]

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

logging_config FunctionLoggingConfigArgs

Configuration block used to specify advanced logging settings. Detailed below.

memory_size int

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name str

Unique name for your Lambda Function.

package_type str

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualified_arn str

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualified_invoke_arn str

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

replace_security_groups_on_destroy bool

replacement_security_group_ids Sequence[str]

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

reserved_concurrent_executions int

role str

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

runtime str | Runtime

Identifier of the function's runtime. See Runtimes for valid values.

s3_bucket str

s3_key str

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

s3_object_version str

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signing_job_arn str

ARN of the signing job.

signing_profile_version_arn str

ARN of the signing profile version.

skip_destroy bool

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

snap_start FunctionSnapStartArgs

Snap start settings block. Detailed below.

source_code_hash str

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

source_code_size int

Size in bytes of the function .zip file.

tags Mapping[str, str]

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracing_config FunctionTracingConfigArgs

Configuration block. Detailed below.

version str

Latest published version of your Lambda Function.

vpc_config FunctionVpcConfigArgs

Configuration block. Detailed below.

architectures List<String>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stay the same.

arn String

Amazon Resource Name (ARN) identifying your Lambda Function.

code Archive

Path to the function's deployment package within the local filesystem. Exactly one of filename, image_uri, or s3_bucket must be specified.

codeSha256 String

Base64-encoded representation of raw SHA-256 sum of the zip file.

codeSigningConfigArn String

deadLetterConfig Property Map

Configuration block. Detailed below.

description String

Description of what your Lambda Function does.

environment Property Map

Configuration block. Detailed below.

ephemeralStorage Property Map

fileSystemConfig Property Map

Configuration block. Detailed below.

handler String

Function entrypoint in your code.

imageConfig Property Map

Configuration block. Detailed below.

imageUri String

ECR image URI containing the function's deployment package. Exactly one of filename, image_uri, or s3_bucket must be specified.

invokeArn String

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kmsKeyArn String

lastModified String

Date this resource was last modified.

layers List<String>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

loggingConfig Property Map

Configuration block used to specify advanced logging settings. Detailed below.

memorySize Number

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

name String

Unique name for your Lambda Function.

packageType String

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish Boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualifiedArn String

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn String

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

replaceSecurityGroupsOnDestroy Boolean

replacementSecurityGroupIds List<String>

List of security group IDs to assign to the function's VPC configuration prior to destruction. replace_security_groups_on_destroy must be set to true to use this attribute.

reservedConcurrentExecutions Number

role

Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

Identifier of the function's runtime. See Runtimes for valid values.

s3Bucket String

s3Key String

S3 key of an object containing the function's deployment package. When s3_bucket is set, s3_key is required.

s3ObjectVersion String

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signingJobArn String

ARN of the signing job.

signingProfileVersionArn String

ARN of the signing profile version.

skipDestroy Boolean

Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.

snapStart Property Map

Snap start settings block. Detailed below.

sourceCodeHash String

Virtual attribute used to trigger replacement when source code changes. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key.

sourceCodeSize Number

Size in bytes of the function .zip file.

tags Map<String>

Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

timeout Number

Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.

tracingConfig Property Map

Configuration block. Detailed below.

version String

Latest published version of your Lambda Function.

vpcConfig Property Map

Configuration block. Detailed below.

Supporting Types

FunctionDeadLetterConfig, FunctionDeadLetterConfigArgs

TargetArn string: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

TargetArn string: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

targetArn String: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

targetArn string: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

target_arn str: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

targetArn String: ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.

FunctionEnvironment, FunctionEnvironmentArgs

Variables Dictionary<string, string>: Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.

Variables map[string]string: Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.

variables Map<String,String>: Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.

variables {[key: string]: string}: Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.

variables Mapping[str, str]: Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.

variables Map<String>: Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.

FunctionEphemeralStorage, FunctionEphemeralStorageArgs

Size int: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

Size int: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

size Integer: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

size number: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

size int: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

size Number: The size of the Lambda function Ephemeral storage(/tmp) represented in MB. The minimum supported ephemeral_storage value defaults to 512MB and the maximum supported value is 10240MB.

FunctionFileSystemConfig, FunctionFileSystemConfigArgs

Arn string: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
LocalMountPath string: Path where the function can access the file system, starting with /mnt/.

Arn string: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
LocalMountPath string: Path where the function can access the file system, starting with /mnt/.

arn String: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
localMountPath String: Path where the function can access the file system, starting with /mnt/.

arn string: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
localMountPath string: Path where the function can access the file system, starting with /mnt/.

arn str: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
local_mount_path str: Path where the function can access the file system, starting with /mnt/.

arn String: Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
localMountPath String: Path where the function can access the file system, starting with /mnt/.

FunctionImageConfig, FunctionImageConfigArgs

Commands List<string>: Parameters that you want to pass in with entry_point.
EntryPoints List<string>: Entry point to your application, which is typically the location of the runtime executable.
WorkingDirectory string: Working directory.

Commands []string: Parameters that you want to pass in with entry_point.
EntryPoints []string: Entry point to your application, which is typically the location of the runtime executable.
WorkingDirectory string: Working directory.

commands List<String>: Parameters that you want to pass in with entry_point.
entryPoints List<String>: Entry point to your application, which is typically the location of the runtime executable.
workingDirectory String: Working directory.

commands string[]: Parameters that you want to pass in with entry_point.
entryPoints string[]: Entry point to your application, which is typically the location of the runtime executable.
workingDirectory string: Working directory.

commands Sequence[str]: Parameters that you want to pass in with entry_point.
entry_points Sequence[str]: Entry point to your application, which is typically the location of the runtime executable.
working_directory str: Working directory.

commands List<String>: Parameters that you want to pass in with entry_point.
entryPoints List<String>: Entry point to your application, which is typically the location of the runtime executable.
workingDirectory String: Working directory.

FunctionLoggingConfig, FunctionLoggingConfigArgs

LogFormat string: select between Text and structured JSON format for your function's logs.
ApplicationLogLevel string: for JSON structured logs, choose the detail level of the logs your application sends to CloudWatch when using supported logging libraries.
LogGroup string: the CloudWatch log group your function sends logs to.
SystemLogLevel string: for JSON structured logs, choose the detail level of the Lambda platform event logs sent to CloudWatch, such as WARN, DEBUG, or INFO.

LogFormat string: select between Text and structured JSON format for your function's logs.
ApplicationLogLevel string: for JSON structured logs, choose the detail level of the logs your application sends to CloudWatch when using supported logging libraries.
LogGroup string: the CloudWatch log group your function sends logs to.
SystemLogLevel string: for JSON structured logs, choose the detail level of the Lambda platform event logs sent to CloudWatch, such as WARN, DEBUG, or INFO.

logFormat String: select between Text and structured JSON format for your function's logs.
applicationLogLevel String: for JSON structured logs, choose the detail level of the logs your application sends to CloudWatch when using supported logging libraries.
logGroup String: the CloudWatch log group your function sends logs to.
systemLogLevel String: for JSON structured logs, choose the detail level of the Lambda platform event logs sent to CloudWatch, such as WARN, DEBUG, or INFO.

logFormat string: select between Text and structured JSON format for your function's logs.
applicationLogLevel string: for JSON structured logs, choose the detail level of the logs your application sends to CloudWatch when using supported logging libraries.
logGroup string: the CloudWatch log group your function sends logs to.
systemLogLevel string: for JSON structured logs, choose the detail level of the Lambda platform event logs sent to CloudWatch, such as WARN, DEBUG, or INFO.

log_format str: select between Text and structured JSON format for your function's logs.
application_log_level str: for JSON structured logs, choose the detail level of the logs your application sends to CloudWatch when using supported logging libraries.
log_group str: the CloudWatch log group your function sends logs to.
system_log_level str: for JSON structured logs, choose the detail level of the Lambda platform event logs sent to CloudWatch, such as WARN, DEBUG, or INFO.

logFormat String: select between Text and structured JSON format for your function's logs.
applicationLogLevel String: for JSON structured logs, choose the detail level of the logs your application sends to CloudWatch when using supported logging libraries.
logGroup String: the CloudWatch log group your function sends logs to.
systemLogLevel String: for JSON structured logs, choose the detail level of the Lambda platform event logs sent to CloudWatch, such as WARN, DEBUG, or INFO.

FunctionSnapStart, FunctionSnapStartArgs

ApplyOn string: Conditions where snap start is enabled. Valid values are PublishedVersions.
OptimizationStatus string: Optimization status of the snap start configuration. Valid values are On and Off.

ApplyOn string: Conditions where snap start is enabled. Valid values are PublishedVersions.
OptimizationStatus string: Optimization status of the snap start configuration. Valid values are On and Off.

applyOn String: Conditions where snap start is enabled. Valid values are PublishedVersions.
optimizationStatus String: Optimization status of the snap start configuration. Valid values are On and Off.

applyOn string: Conditions where snap start is enabled. Valid values are PublishedVersions.
optimizationStatus string: Optimization status of the snap start configuration. Valid values are On and Off.

apply_on str: Conditions where snap start is enabled. Valid values are PublishedVersions.
optimization_status str: Optimization status of the snap start configuration. Valid values are On and Off.

applyOn String: Conditions where snap start is enabled. Valid values are PublishedVersions.
optimizationStatus String: Optimization status of the snap start configuration. Valid values are On and Off.

FunctionTracingConfig, FunctionTracingConfigArgs

Mode string: Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

Mode string: Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

mode String: Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

mode string: Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

mode str: Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

mode String: Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

FunctionVpcConfig, FunctionVpcConfigArgs

SecurityGroupIds List<string>: List of security group IDs associated with the Lambda function.
SubnetIds List<string>: List of subnet IDs associated with the Lambda function.
Ipv6AllowedForDualStack bool: Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is false.
VpcId string: ID of the VPC.

SecurityGroupIds []string: List of security group IDs associated with the Lambda function.
SubnetIds []string: List of subnet IDs associated with the Lambda function.
Ipv6AllowedForDualStack bool: Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is false.
VpcId string: ID of the VPC.

securityGroupIds List<String>: List of security group IDs associated with the Lambda function.
subnetIds List<String>: List of subnet IDs associated with the Lambda function.
ipv6AllowedForDualStack Boolean: Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is false.
vpcId String: ID of the VPC.

securityGroupIds string[]: List of security group IDs associated with the Lambda function.
subnetIds string[]: List of subnet IDs associated with the Lambda function.
ipv6AllowedForDualStack boolean: Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is false.
vpcId string: ID of the VPC.

security_group_ids Sequence[str]: List of security group IDs associated with the Lambda function.
subnet_ids Sequence[str]: List of subnet IDs associated with the Lambda function.
ipv6_allowed_for_dual_stack bool: Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is false.
vpc_id str: ID of the VPC.

securityGroupIds List<String>: List of security group IDs associated with the Lambda function.
subnetIds List<String>: List of subnet IDs associated with the Lambda function.
ipv6AllowedForDualStack Boolean: Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is false.
vpcId String: ID of the VPC.

Runtime, RuntimeArgs

Dotnet6: dotnet6
Dotnet8: dotnet8
Java11: java11
Java17: java17
Java21: java21
Java8AL2: java8.al2
NodeJS18dX: nodejs18.x
NodeJS20dX: nodejs20.x
NodeJS22dX: nodejs22.x
CustomAL2: provided.al2
CustomAL2023: provided.al2023
Python3d10: python3.10
Python3d11: python3.11
Python3d12: python3.12
Python3d13: python3.13
Python3d9: python3.9
Ruby3d2: ruby3.2
Ruby3d3: ruby3.3
Dotnet5d0: dotnet5.0
Deprecated: This runtime is now deprecated
Dotnet7: dotnet7
Deprecated: This runtime is now deprecated
DotnetCore2d1: dotnetcore2.1
Deprecated: This runtime is now deprecated
DotnetCore3d1: dotnetcore3.1
Deprecated: This runtime is now deprecated
Go1dx: go1.x
Deprecated: This runtime is now deprecated
Java8: java8
Deprecated: This runtime is now deprecated
NodeJS10dX: nodejs10.x
Deprecated: This runtime is now deprecated
NodeJS12dX: nodejs12.x
Deprecated: This runtime is now deprecated
NodeJS14dX: nodejs14.x
Deprecated: This runtime is now deprecated
NodeJS16dX: nodejs16.x
Deprecated: This runtime is now deprecated
Custom: provided
Deprecated: This runtime is now deprecated
Python2d7: python2.7
Deprecated: This runtime is now deprecated
Python3d6: python3.6
Deprecated: This runtime is now deprecated
Python3d7: python3.7
Deprecated: This runtime is now deprecated
Python3d8: python3.8
Deprecated: This runtime is now deprecated
Ruby2d5: ruby2.5
Deprecated: This runtime is now deprecated
Ruby2d7: ruby2.7
Deprecated: This runtime is now deprecated

RuntimeDotnet6: dotnet6
RuntimeDotnet8: dotnet8
RuntimeJava11: java11
RuntimeJava17: java17
RuntimeJava21: java21
RuntimeJava8AL2: java8.al2
RuntimeNodeJS18dX: nodejs18.x
RuntimeNodeJS20dX: nodejs20.x
RuntimeNodeJS22dX: nodejs22.x
RuntimeCustomAL2: provided.al2
RuntimeCustomAL2023: provided.al2023
RuntimePython3d10: python3.10
RuntimePython3d11: python3.11
RuntimePython3d12: python3.12
RuntimePython3d13: python3.13
RuntimePython3d9: python3.9
RuntimeRuby3d2: ruby3.2
RuntimeRuby3d3: ruby3.3
RuntimeDotnet5d0: dotnet5.0
Deprecated: This runtime is now deprecated
RuntimeDotnet7: dotnet7
Deprecated: This runtime is now deprecated
RuntimeDotnetCore2d1: dotnetcore2.1
Deprecated: This runtime is now deprecated
RuntimeDotnetCore3d1: dotnetcore3.1
Deprecated: This runtime is now deprecated
RuntimeGo1dx: go1.x
Deprecated: This runtime is now deprecated
RuntimeJava8: java8
Deprecated: This runtime is now deprecated
RuntimeNodeJS10dX: nodejs10.x
Deprecated: This runtime is now deprecated
RuntimeNodeJS12dX: nodejs12.x
Deprecated: This runtime is now deprecated
RuntimeNodeJS14dX: nodejs14.x
Deprecated: This runtime is now deprecated
RuntimeNodeJS16dX: nodejs16.x
Deprecated: This runtime is now deprecated
RuntimeCustom: provided
Deprecated: This runtime is now deprecated
RuntimePython2d7: python2.7
Deprecated: This runtime is now deprecated
RuntimePython3d6: python3.6
Deprecated: This runtime is now deprecated
RuntimePython3d7: python3.7
Deprecated: This runtime is now deprecated
RuntimePython3d8: python3.8
Deprecated: This runtime is now deprecated
RuntimeRuby2d5: ruby2.5
Deprecated: This runtime is now deprecated
RuntimeRuby2d7: ruby2.7
Deprecated: This runtime is now deprecated

Dotnet6: dotnet6
Dotnet8: dotnet8
Java11: java11
Java17: java17
Java21: java21
Java8AL2: java8.al2
NodeJS18dX: nodejs18.x
NodeJS20dX: nodejs20.x
NodeJS22dX: nodejs22.x
CustomAL2: provided.al2
CustomAL2023: provided.al2023
Python3d10: python3.10
Python3d11: python3.11
Python3d12: python3.12
Python3d13: python3.13
Python3d9: python3.9
Ruby3d2: ruby3.2
Ruby3d3: ruby3.3
Dotnet5d0: dotnet5.0
Deprecated: This runtime is now deprecated
Dotnet7: dotnet7
Deprecated: This runtime is now deprecated
DotnetCore2d1: dotnetcore2.1
Deprecated: This runtime is now deprecated
DotnetCore3d1: dotnetcore3.1
Deprecated: This runtime is now deprecated
Go1dx: go1.x
Deprecated: This runtime is now deprecated
Java8: java8
Deprecated: This runtime is now deprecated
NodeJS10dX: nodejs10.x
Deprecated: This runtime is now deprecated
NodeJS12dX: nodejs12.x
Deprecated: This runtime is now deprecated
NodeJS14dX: nodejs14.x
Deprecated: This runtime is now deprecated
NodeJS16dX: nodejs16.x
Deprecated: This runtime is now deprecated
Custom: provided
Deprecated: This runtime is now deprecated
Python2d7: python2.7
Deprecated: This runtime is now deprecated
Python3d6: python3.6
Deprecated: This runtime is now deprecated
Python3d7: python3.7
Deprecated: This runtime is now deprecated
Python3d8: python3.8
Deprecated: This runtime is now deprecated
Ruby2d5: ruby2.5
Deprecated: This runtime is now deprecated
Ruby2d7: ruby2.7
Deprecated: This runtime is now deprecated

Dotnet6: dotnet6
Dotnet8: dotnet8
Java11: java11
Java17: java17
Java21: java21
Java8AL2: java8.al2
NodeJS18dX: nodejs18.x
NodeJS20dX: nodejs20.x
NodeJS22dX: nodejs22.x
CustomAL2: provided.al2
CustomAL2023: provided.al2023
Python3d10: python3.10
Python3d11: python3.11
Python3d12: python3.12
Python3d13: python3.13
Python3d9: python3.9
Ruby3d2: ruby3.2
Ruby3d3: ruby3.3
Dotnet5d0: dotnet5.0
Deprecated: This runtime is now deprecated
Dotnet7: dotnet7
Deprecated: This runtime is now deprecated
DotnetCore2d1: dotnetcore2.1
Deprecated: This runtime is now deprecated
DotnetCore3d1: dotnetcore3.1
Deprecated: This runtime is now deprecated
Go1dx: go1.x
Deprecated: This runtime is now deprecated
Java8: java8
Deprecated: This runtime is now deprecated
NodeJS10dX: nodejs10.x
Deprecated: This runtime is now deprecated
NodeJS12dX: nodejs12.x
Deprecated: This runtime is now deprecated
NodeJS14dX: nodejs14.x
Deprecated: This runtime is now deprecated
NodeJS16dX: nodejs16.x
Deprecated: This runtime is now deprecated
Custom: provided
Deprecated: This runtime is now deprecated
Python2d7: python2.7
Deprecated: This runtime is now deprecated
Python3d6: python3.6
Deprecated: This runtime is now deprecated
Python3d7: python3.7
Deprecated: This runtime is now deprecated
Python3d8: python3.8
Deprecated: This runtime is now deprecated
Ruby2d5: ruby2.5
Deprecated: This runtime is now deprecated
Ruby2d7: ruby2.7
Deprecated: This runtime is now deprecated

DOTNET6: dotnet6
DOTNET8: dotnet8
JAVA11: java11
JAVA17: java17
JAVA21: java21
JAVA8_AL2: java8.al2
NODE_JS18D_X: nodejs18.x
NODE_JS20D_X: nodejs20.x
NODE_JS22D_X: nodejs22.x
CUSTOM_AL2: provided.al2
CUSTOM_AL2023: provided.al2023
PYTHON3D10: python3.10
PYTHON3D11: python3.11
PYTHON3D12: python3.12
PYTHON3D13: python3.13
PYTHON3D9: python3.9
RUBY3D2: ruby3.2
RUBY3D3: ruby3.3
DOTNET5D0: dotnet5.0
Deprecated: This runtime is now deprecated
DOTNET7: dotnet7
Deprecated: This runtime is now deprecated
DOTNET_CORE2D1: dotnetcore2.1
Deprecated: This runtime is now deprecated
DOTNET_CORE3D1: dotnetcore3.1
Deprecated: This runtime is now deprecated
GO1DX: go1.x
Deprecated: This runtime is now deprecated
JAVA8: java8
Deprecated: This runtime is now deprecated
NODE_JS10D_X: nodejs10.x
Deprecated: This runtime is now deprecated
NODE_JS12D_X: nodejs12.x
Deprecated: This runtime is now deprecated
NODE_JS14D_X: nodejs14.x
Deprecated: This runtime is now deprecated
NODE_JS16D_X: nodejs16.x
Deprecated: This runtime is now deprecated
CUSTOM: provided
Deprecated: This runtime is now deprecated
PYTHON2D7: python2.7
Deprecated: This runtime is now deprecated
PYTHON3D6: python3.6
Deprecated: This runtime is now deprecated
PYTHON3D7: python3.7
Deprecated: This runtime is now deprecated
PYTHON3D8: python3.8
Deprecated: This runtime is now deprecated
RUBY2D5: ruby2.5
Deprecated: This runtime is now deprecated
RUBY2D7: ruby2.7
Deprecated: This runtime is now deprecated

"dotnet6": dotnet6
"dotnet8": dotnet8
"java11": java11
"java17": java17
"java21": java21
"java8.al2": java8.al2
"nodejs18.x": nodejs18.x
"nodejs20.x": nodejs20.x
"nodejs22.x": nodejs22.x
"provided.al2": provided.al2
"provided.al2023": provided.al2023
"python3.10": python3.10
"python3.11": python3.11
"python3.12": python3.12
"python3.13": python3.13
"python3.9": python3.9
"ruby3.2": ruby3.2
"ruby3.3": ruby3.3
"dotnet5.0": dotnet5.0
Deprecated: This runtime is now deprecated
"dotnet7": dotnet7
Deprecated: This runtime is now deprecated
"dotnetcore2.1": dotnetcore2.1
Deprecated: This runtime is now deprecated
"dotnetcore3.1": dotnetcore3.1
Deprecated: This runtime is now deprecated
"go1.x": go1.x
Deprecated: This runtime is now deprecated
"java8": java8
Deprecated: This runtime is now deprecated
"nodejs10.x": nodejs10.x
Deprecated: This runtime is now deprecated
"nodejs12.x": nodejs12.x
Deprecated: This runtime is now deprecated
"nodejs14.x": nodejs14.x
Deprecated: This runtime is now deprecated
"nodejs16.x": nodejs16.x
Deprecated: This runtime is now deprecated
"provided": provided
Deprecated: This runtime is now deprecated
"python2.7": python2.7
Deprecated: This runtime is now deprecated
"python3.6": python3.6
Deprecated: This runtime is now deprecated
"python3.7": python3.7
Deprecated: This runtime is now deprecated
"python3.8": python3.8
Deprecated: This runtime is now deprecated
"ruby2.5": ruby2.5
Deprecated: This runtime is now deprecated
"ruby2.7": ruby2.7
Deprecated: This runtime is now deprecated

Import

Using pulumi import, import Lambda Functions using the function_name. For example:

$ pulumi import aws:lambda/function:Function test_lambda my_test_lambda_function

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.83.0 published on Monday, Jun 16, 2025 by Pulumi

pulumi/pulumi-aws

aws.lambda.Function

On this page

On this page

Example Usage

Basic Example

Lambda Layers

Lambda Ephemeral Storage

Lambda File Systems

Lambda retries

CloudWatch Logging and Permissions

Specifying the Deployment Package

Create Function Resource

Constructor syntax

Parameters

Constructor example

Function Resource Properties

Inputs

Outputs

Look up Existing Function Resource

Supporting Types

FunctionDeadLetterConfig, FunctionDeadLetterConfigArgs

FunctionEnvironment, FunctionEnvironmentArgs

FunctionEphemeralStorage, FunctionEphemeralStorageArgs

FunctionFileSystemConfig, FunctionFileSystemConfigArgs

FunctionImageConfig, FunctionImageConfigArgs

FunctionLoggingConfig, FunctionLoggingConfigArgs

FunctionSnapStart, FunctionSnapStartArgs

FunctionTracingConfig, FunctionTracingConfigArgs

FunctionVpcConfig, FunctionVpcConfigArgs

Runtime, RuntimeArgs

Import

Package Details

On this page

On this page