Try AWS Native preview for resources not in the classic version.
aws.lambda.Function
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration.
For information about Lambda and how to use it, see What is AWS Lambda?
NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.
NOTE: If you get a
KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was denied
error when invoking anaws.lambda.Function
with environment variables, the IAM role associated with the function may have been deleted and recreated after the function was created. You can fix the problem two ways: 1) updating the function’s role to another role and then updating it back again to the recreated role, or 2) by using Pulumi totaint
the function andapply
your configuration again to recreate the function. (When you create a function, Lambda grants permissions on the KMS key to the function’s IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function’s role or recreating the function causes Lambda to update the grant.)
To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the
aws.lambda.Permission
resource. See Lambda Permission Model for more details. On the other hand, therole
argument of this resource is the function’s execution role for identity and access to AWS services and resources.
CloudWatch Logging and Permissions
For more information about CloudWatch Logs for Lambda, see the Lambda User Guide.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const config = new pulumi.Config();
const lambdaFunctionName = config.get("lambdaFunctionName") || "lambda_function_name";
// This is to optionally manage the CloudWatch Log Group for the Lambda Function.
// If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
const example = new aws.cloudwatch.LogGroup("example", {retentionInDays: 14});
const lambdaLoggingPolicyDocument = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
actions: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
resources: ["arn:aws:logs:*:*:*"],
}],
});
const lambdaLoggingPolicy = new aws.iam.Policy("lambdaLoggingPolicy", {
path: "/",
description: "IAM policy for logging from a lambda",
policy: lambdaLoggingPolicyDocument.then(lambdaLoggingPolicyDocument => lambdaLoggingPolicyDocument.json),
});
const lambdaLogs = new aws.iam.RolePolicyAttachment("lambdaLogs", {
role: aws_iam_role.iam_for_lambda.name,
policyArn: lambdaLoggingPolicy.arn,
});
const testLambda = new aws.lambda.Function("testLambda", {}, {
dependsOn: [
lambdaLogs,
example,
],
});
import pulumi
import pulumi_aws as aws
config = pulumi.Config()
lambda_function_name = config.get("lambdaFunctionName")
if lambda_function_name is None:
lambda_function_name = "lambda_function_name"
# This is to optionally manage the CloudWatch Log Group for the Lambda Function.
# If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
example = aws.cloudwatch.LogGroup("example", retention_in_days=14)
lambda_logging_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=[
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
resources=["arn:aws:logs:*:*:*"],
)])
lambda_logging_policy = aws.iam.Policy("lambdaLoggingPolicy",
path="/",
description="IAM policy for logging from a lambda",
policy=lambda_logging_policy_document.json)
lambda_logs = aws.iam.RolePolicyAttachment("lambdaLogs",
role=aws_iam_role["iam_for_lambda"]["name"],
policy_arn=lambda_logging_policy.arn)
test_lambda = aws.lambda_.Function("testLambda", opts=pulumi.ResourceOptions(depends_on=[
lambda_logs,
example,
]))
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var lambdaFunctionName = config.Get("lambdaFunctionName") ?? "lambda_function_name";
// This is to optionally manage the CloudWatch Log Group for the Lambda Function.
// If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
var example = new Aws.CloudWatch.LogGroup("example", new()
{
RetentionInDays = 14,
});
var lambdaLoggingPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
},
Resources = new[]
{
"arn:aws:logs:*:*:*",
},
},
},
});
var lambdaLoggingPolicy = new Aws.Iam.Policy("lambdaLoggingPolicy", new()
{
Path = "/",
Description = "IAM policy for logging from a lambda",
PolicyDocument = lambdaLoggingPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var lambdaLogs = new Aws.Iam.RolePolicyAttachment("lambdaLogs", new()
{
Role = aws_iam_role.Iam_for_lambda.Name,
PolicyArn = lambdaLoggingPolicy.Arn,
});
var testLambda = new Aws.Lambda.Function("testLambda", new()
{
}, new CustomResourceOptions
{
DependsOn = new[]
{
lambdaLogs,
example,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
lambdaFunctionName := "lambda_function_name"
if param := cfg.Get("lambdaFunctionName"); param != "" {
lambdaFunctionName = param
}
example, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{
RetentionInDays: pulumi.Int(14),
})
if err != nil {
return err
}
lambdaLoggingPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
},
Resources: []string{
"arn:aws:logs:*:*:*",
},
},
},
}, nil)
if err != nil {
return err
}
lambdaLoggingPolicy, err := iam.NewPolicy(ctx, "lambdaLoggingPolicy", &iam.PolicyArgs{
Path: pulumi.String("/"),
Description: pulumi.String("IAM policy for logging from a lambda"),
Policy: *pulumi.String(lambdaLoggingPolicyDocument.Json),
})
if err != nil {
return err
}
lambdaLogs, err := iam.NewRolePolicyAttachment(ctx, "lambdaLogs", &iam.RolePolicyAttachmentArgs{
Role: pulumi.Any(aws_iam_role.Iam_for_lambda.Name),
PolicyArn: lambdaLoggingPolicy.Arn,
})
if err != nil {
return err
}
_, err = lambda.NewFunction(ctx, "testLambda", nil, pulumi.DependsOn([]pulumi.Resource{
lambdaLogs,
example,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var lambdaFunctionName = config.get("lambdaFunctionName").orElse("lambda_function_name");
var example = new LogGroup("example", LogGroupArgs.builder()
.retentionInDays(14)
.build());
final var lambdaLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents")
.resources("arn:aws:logs:*:*:*")
.build())
.build());
var lambdaLoggingPolicy = new Policy("lambdaLoggingPolicy", PolicyArgs.builder()
.path("/")
.description("IAM policy for logging from a lambda")
.policy(lambdaLoggingPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var lambdaLogs = new RolePolicyAttachment("lambdaLogs", RolePolicyAttachmentArgs.builder()
.role(aws_iam_role.iam_for_lambda().name())
.policyArn(lambdaLoggingPolicy.arn())
.build());
var testLambda = new Function("testLambda", FunctionArgs.Empty, CustomResourceOptions.builder()
.dependsOn(
lambdaLogs,
example)
.build());
}
}
configuration:
lambdaFunctionName:
type: string
default: lambda_function_name
resources:
testLambda:
type: aws:lambda:Function
options:
dependson:
- ${lambdaLogs}
- ${example}
# This is to optionally manage the CloudWatch Log Group for the Lambda Function.
# If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
example:
type: aws:cloudwatch:LogGroup
properties:
retentionInDays: 14
lambdaLoggingPolicy:
type: aws:iam:Policy
properties:
path: /
description: IAM policy for logging from a lambda
policy: ${lambdaLoggingPolicyDocument.json}
lambdaLogs:
type: aws:iam:RolePolicyAttachment
properties:
role: ${aws_iam_role.iam_for_lambda.name}
policyArn: ${lambdaLoggingPolicy.arn}
variables:
lambdaLoggingPolicyDocument:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
resources:
- arn:aws:logs:*:*:*
Specifying the Deployment Package
AWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which runtime
is in use. See Runtimes for the valid values of runtime
. The expected structure of the deployment package can be found in the AWS Lambda documentation for each runtime.
Once you have created your deployment package you can specify it either directly as a local file (using the filename
argument) or indirectly via Amazon S3 (using the s3_bucket
, s3_key
and s3_object_version
arguments). When providing the deployment package via S3 it may be useful to use the aws.s3.BucketObjectv2
resource to upload it.
For larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.
Example Usage
Basic Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Archive = Pulumi.Archive;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"lambda.amazonaws.com",
},
},
},
Actions = new[]
{
"sts:AssumeRole",
},
},
},
});
var iamForLambda = new Aws.Iam.Role("iamForLambda", new()
{
AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var lambda = Archive.GetFile.Invoke(new()
{
Type = "zip",
SourceFile = "lambda.js",
OutputPath = "lambda_function_payload.zip",
});
var testLambda = new Aws.Lambda.Function("testLambda", new()
{
Code = new FileArchive("lambda_function_payload.zip"),
Role = iamForLambda.Arn,
Handler = "index.test",
Runtime = "nodejs18.x",
Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs
{
Variables =
{
{ "foo", "bar" },
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-archive/sdk/go/archive"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"lambda.amazonaws.com",
},
},
},
Actions: []string{
"sts:AssumeRole",
},
},
},
}, nil)
if err != nil {
return err
}
iamForLambda, err := iam.NewRole(ctx, "iamForLambda", &iam.RoleArgs{
AssumeRolePolicy: *pulumi.String(assumeRole.Json),
})
if err != nil {
return err
}
_, err = archive.LookupFile(ctx, &archive.LookupFileArgs{
Type: "zip",
SourceFile: pulumi.StringRef("lambda.js"),
OutputPath: "lambda_function_payload.zip",
}, nil)
if err != nil {
return err
}
_, err = lambda.NewFunction(ctx, "testLambda", &lambda.FunctionArgs{
Code: pulumi.NewFileArchive("lambda_function_payload.zip"),
Role: iamForLambda.Arn,
Handler: pulumi.String("index.test"),
Runtime: pulumi.String("nodejs18.x"),
Environment: &lambda.FunctionEnvironmentArgs{
Variables: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.archive.ArchiveFunctions;
import com.pulumi.archive.inputs.GetFileArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionEnvironmentArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("lambda.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var iamForLambda = new Role("iamForLambda", RoleArgs.builder()
.assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
final var lambda = ArchiveFunctions.getFile(GetFileArgs.builder()
.type("zip")
.sourceFile("lambda.js")
.outputPath("lambda_function_payload.zip")
.build());
var testLambda = new Function("testLambda", FunctionArgs.builder()
.code(new FileArchive("lambda_function_payload.zip"))
.role(iamForLambda.arn())
.handler("index.test")
.runtime("nodejs18.x")
.environment(FunctionEnvironmentArgs.builder()
.variables(Map.of("foo", "bar"))
.build())
.build());
}
}
import pulumi
import pulumi_archive as archive
import pulumi_aws as aws
assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="Service",
identifiers=["lambda.amazonaws.com"],
)],
actions=["sts:AssumeRole"],
)])
iam_for_lambda = aws.iam.Role("iamForLambda", assume_role_policy=assume_role.json)
lambda_ = archive.get_file(type="zip",
source_file="lambda.js",
output_path="lambda_function_payload.zip")
test_lambda = aws.lambda_.Function("testLambda",
code=pulumi.FileArchive("lambda_function_payload.zip"),
role=iam_for_lambda.arn,
handler="index.test",
runtime="nodejs18.x",
environment=aws.lambda_.FunctionEnvironmentArgs(
variables={
"foo": "bar",
},
))
import * as pulumi from "@pulumi/pulumi";
import * as archive from "@pulumi/archive";
import * as aws from "@pulumi/aws";
const assumeRole = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["lambda.amazonaws.com"],
}],
actions: ["sts:AssumeRole"],
}],
});
const iamForLambda = new aws.iam.Role("iamForLambda", {assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json)});
const lambda = archive.getFile({
type: "zip",
sourceFile: "lambda.js",
outputPath: "lambda_function_payload.zip",
});
const testLambda = new aws.lambda.Function("testLambda", {
code: new pulumi.asset.FileArchive("lambda_function_payload.zip"),
role: iamForLambda.arn,
handler: "index.test",
runtime: "nodejs18.x",
environment: {
variables: {
foo: "bar",
},
},
});
resources:
iamForLambda:
type: aws:iam:Role
properties:
assumeRolePolicy: ${assumeRole.json}
testLambda:
type: aws:lambda:Function
properties:
# If the file is not in the current working directory you will need to include a
# # path.module in the filename.
code:
fn::FileArchive: lambda_function_payload.zip
role: ${iamForLambda.arn}
handler: index.test
runtime: nodejs18.x
environment:
variables:
foo: bar
variables:
assumeRole:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- lambda.amazonaws.com
actions:
- sts:AssumeRole
lambda:
fn::invoke:
Function: archive:getFile
Arguments:
type: zip
sourceFile: lambda.js
outputPath: lambda_function_payload.zip
Lambda Layers
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleLayerVersion = new Aws.Lambda.LayerVersion("exampleLayerVersion");
// ... other configuration ...
var exampleFunction = new Aws.Lambda.Function("exampleFunction", new()
{
Layers = new[]
{
exampleLayerVersion.Arn,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleLayerVersion, err := lambda.NewLayerVersion(ctx, "exampleLayerVersion", nil)
if err != nil {
return err
}
_, err = lambda.NewFunction(ctx, "exampleFunction", &lambda.FunctionArgs{
Layers: pulumi.StringArray{
exampleLayerVersion.Arn,
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lambda.LayerVersion;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleLayerVersion = new LayerVersion("exampleLayerVersion");
var exampleFunction = new Function("exampleFunction", FunctionArgs.builder()
.layers(exampleLayerVersion.arn())
.build());
}
}
import pulumi
import pulumi_aws as aws
example_layer_version = aws.lambda_.LayerVersion("exampleLayerVersion")
# ... other configuration ...
example_function = aws.lambda_.Function("exampleFunction", layers=[example_layer_version.arn])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleLayerVersion = new aws.lambda.LayerVersion("exampleLayerVersion", {});
// ... other configuration ...
const exampleFunction = new aws.lambda.Function("exampleFunction", {layers: [exampleLayerVersion.arn]});
resources:
exampleLayerVersion:
type: aws:lambda:LayerVersion
exampleFunction:
type: aws:lambda:Function
properties:
# ... other configuration ...
layers:
- ${exampleLayerVersion.arn}
Lambda Ephemeral Storage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"lambda.amazonaws.com",
},
},
},
Actions = new[]
{
"sts:AssumeRole",
},
},
},
});
var iamForLambda = new Aws.Iam.Role("iamForLambda", new()
{
AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var testLambda = new Aws.Lambda.Function("testLambda", new()
{
Code = new FileArchive("lambda_function_payload.zip"),
Role = iamForLambda.Arn,
Handler = "index.test",
Runtime = "nodejs18.x",
EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs
{
Size = 10240,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"lambda.amazonaws.com",
},
},
},
Actions: []string{
"sts:AssumeRole",
},
},
},
}, nil)
if err != nil {
return err
}
iamForLambda, err := iam.NewRole(ctx, "iamForLambda", &iam.RoleArgs{
AssumeRolePolicy: *pulumi.String(assumeRole.Json),
})
if err != nil {
return err
}
_, err = lambda.NewFunction(ctx, "testLambda", &lambda.FunctionArgs{
Code: pulumi.NewFileArchive("lambda_function_payload.zip"),
Role: iamForLambda.Arn,
Handler: pulumi.String("index.test"),
Runtime: pulumi.String("nodejs18.x"),
EphemeralStorage: &lambda.FunctionEphemeralStorageArgs{
Size: pulumi.Int(10240),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionEphemeralStorageArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("lambda.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var iamForLambda = new Role("iamForLambda", RoleArgs.builder()
.assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var testLambda = new Function("testLambda", FunctionArgs.builder()
.code(new FileArchive("lambda_function_payload.zip"))
.role(iamForLambda.arn())
.handler("index.test")
.runtime("nodejs18.x")
.ephemeralStorage(FunctionEphemeralStorageArgs.builder()
.size(10240)
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="Service",
identifiers=["lambda.amazonaws.com"],
)],
actions=["sts:AssumeRole"],
)])
iam_for_lambda = aws.iam.Role("iamForLambda", assume_role_policy=assume_role.json)
test_lambda = aws.lambda_.Function("testLambda",
code=pulumi.FileArchive("lambda_function_payload.zip"),
role=iam_for_lambda.arn,
handler="index.test",
runtime="nodejs18.x",
ephemeral_storage=aws.lambda_.FunctionEphemeralStorageArgs(
size=10240,
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const assumeRole = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["lambda.amazonaws.com"],
}],
actions: ["sts:AssumeRole"],
}],
});
const iamForLambda = new aws.iam.Role("iamForLambda", {assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json)});
const testLambda = new aws.lambda.Function("testLambda", {
code: new pulumi.asset.FileArchive("lambda_function_payload.zip"),
role: iamForLambda.arn,
handler: "index.test",
runtime: "nodejs18.x",
ephemeralStorage: {
size: 10240,
},
});
resources:
iamForLambda:
type: aws:iam:Role
properties:
assumeRolePolicy: ${assumeRole.json}
testLambda:
type: aws:lambda:Function
properties:
code:
fn::FileArchive: lambda_function_payload.zip
role: ${iamForLambda.arn}
handler: index.test
runtime: nodejs18.x
ephemeralStorage:
size: 10240
variables:
assumeRole:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- lambda.amazonaws.com
actions:
- sts:AssumeRole
Lambda File Systems
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// EFS file system
var efsForLambda = new Aws.Efs.FileSystem("efsForLambda", new()
{
Tags =
{
{ "Name", "efs_for_lambda" },
},
});
// Mount target connects the file system to the subnet
var alpha = new Aws.Efs.MountTarget("alpha", new()
{
FileSystemId = efsForLambda.Id,
SubnetId = aws_subnet.Subnet_for_lambda.Id,
SecurityGroups = new[]
{
aws_security_group.Sg_for_lambda.Id,
},
});
// EFS access point used by lambda file system
var accessPointForLambda = new Aws.Efs.AccessPoint("accessPointForLambda", new()
{
FileSystemId = efsForLambda.Id,
RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs
{
Path = "/lambda",
CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs
{
OwnerGid = 1000,
OwnerUid = 1000,
Permissions = "777",
},
},
PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs
{
Gid = 1000,
Uid = 1000,
},
});
// A lambda function connected to an EFS file system
// ... other configuration ...
var example = new Aws.Lambda.Function("example", new()
{
FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs
{
Arn = accessPointForLambda.Arn,
LocalMountPath = "/mnt/efs",
},
VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs
{
SubnetIds = new[]
{
aws_subnet.Subnet_for_lambda.Id,
},
SecurityGroupIds = new[]
{
aws_security_group.Sg_for_lambda.Id,
},
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
alpha,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/efs"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
efsForLambda, err := efs.NewFileSystem(ctx, "efsForLambda", &efs.FileSystemArgs{
Tags: pulumi.StringMap{
"Name": pulumi.String("efs_for_lambda"),
},
})
if err != nil {
return err
}
alpha, err := efs.NewMountTarget(ctx, "alpha", &efs.MountTargetArgs{
FileSystemId: efsForLambda.ID(),
SubnetId: pulumi.Any(aws_subnet.Subnet_for_lambda.Id),
SecurityGroups: pulumi.StringArray{
aws_security_group.Sg_for_lambda.Id,
},
})
if err != nil {
return err
}
accessPointForLambda, err := efs.NewAccessPoint(ctx, "accessPointForLambda", &efs.AccessPointArgs{
FileSystemId: efsForLambda.ID(),
RootDirectory: &efs.AccessPointRootDirectoryArgs{
Path: pulumi.String("/lambda"),
CreationInfo: &efs.AccessPointRootDirectoryCreationInfoArgs{
OwnerGid: pulumi.Int(1000),
OwnerUid: pulumi.Int(1000),
Permissions: pulumi.String("777"),
},
},
PosixUser: &efs.AccessPointPosixUserArgs{
Gid: pulumi.Int(1000),
Uid: pulumi.Int(1000),
},
})
if err != nil {
return err
}
_, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{
FileSystemConfig: &lambda.FunctionFileSystemConfigArgs{
Arn: accessPointForLambda.Arn,
LocalMountPath: pulumi.String("/mnt/efs"),
},
VpcConfig: &lambda.FunctionVpcConfigArgs{
SubnetIds: pulumi.StringArray{
aws_subnet.Subnet_for_lambda.Id,
},
SecurityGroupIds: pulumi.StringArray{
aws_security_group.Sg_for_lambda.Id,
},
},
}, pulumi.DependsOn([]pulumi.Resource{
alpha,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.efs.FileSystem;
import com.pulumi.aws.efs.FileSystemArgs;
import com.pulumi.aws.efs.MountTarget;
import com.pulumi.aws.efs.MountTargetArgs;
import com.pulumi.aws.efs.AccessPoint;
import com.pulumi.aws.efs.AccessPointArgs;
import com.pulumi.aws.efs.inputs.AccessPointRootDirectoryArgs;
import com.pulumi.aws.efs.inputs.AccessPointRootDirectoryCreationInfoArgs;
import com.pulumi.aws.efs.inputs.AccessPointPosixUserArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.lambda.inputs.FunctionFileSystemConfigArgs;
import com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var efsForLambda = new FileSystem("efsForLambda", FileSystemArgs.builder()
.tags(Map.of("Name", "efs_for_lambda"))
.build());
var alpha = new MountTarget("alpha", MountTargetArgs.builder()
.fileSystemId(efsForLambda.id())
.subnetId(aws_subnet.subnet_for_lambda().id())
.securityGroups(aws_security_group.sg_for_lambda().id())
.build());
var accessPointForLambda = new AccessPoint("accessPointForLambda", AccessPointArgs.builder()
.fileSystemId(efsForLambda.id())
.rootDirectory(AccessPointRootDirectoryArgs.builder()
.path("/lambda")
.creationInfo(AccessPointRootDirectoryCreationInfoArgs.builder()
.ownerGid(1000)
.ownerUid(1000)
.permissions("777")
.build())
.build())
.posixUser(AccessPointPosixUserArgs.builder()
.gid(1000)
.uid(1000)
.build())
.build());
var example = new Function("example", FunctionArgs.builder()
.fileSystemConfig(FunctionFileSystemConfigArgs.builder()
.arn(accessPointForLambda.arn())
.localMountPath("/mnt/efs")
.build())
.vpcConfig(FunctionVpcConfigArgs.builder()
.subnetIds(aws_subnet.subnet_for_lambda().id())
.securityGroupIds(aws_security_group.sg_for_lambda().id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(alpha)
.build());
}
}
import pulumi
import pulumi_aws as aws
# EFS file system
efs_for_lambda = aws.efs.FileSystem("efsForLambda", tags={
"Name": "efs_for_lambda",
})
# Mount target connects the file system to the subnet
alpha = aws.efs.MountTarget("alpha",
file_system_id=efs_for_lambda.id,
subnet_id=aws_subnet["subnet_for_lambda"]["id"],
security_groups=[aws_security_group["sg_for_lambda"]["id"]])
# EFS access point used by lambda file system
access_point_for_lambda = aws.efs.AccessPoint("accessPointForLambda",
file_system_id=efs_for_lambda.id,
root_directory=aws.efs.AccessPointRootDirectoryArgs(
path="/lambda",
creation_info=aws.efs.AccessPointRootDirectoryCreationInfoArgs(
owner_gid=1000,
owner_uid=1000,
permissions="777",
),
),
posix_user=aws.efs.AccessPointPosixUserArgs(
gid=1000,
uid=1000,
))
# A lambda function connected to an EFS file system
# ... other configuration ...
example = aws.lambda_.Function("example",
file_system_config=aws.lambda_.FunctionFileSystemConfigArgs(
arn=access_point_for_lambda.arn,
local_mount_path="/mnt/efs",
),
vpc_config=aws.lambda_.FunctionVpcConfigArgs(
subnet_ids=[aws_subnet["subnet_for_lambda"]["id"]],
security_group_ids=[aws_security_group["sg_for_lambda"]["id"]],
),
opts=pulumi.ResourceOptions(depends_on=[alpha]))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// EFS file system
const efsForLambda = new aws.efs.FileSystem("efsForLambda", {tags: {
Name: "efs_for_lambda",
}});
// Mount target connects the file system to the subnet
const alpha = new aws.efs.MountTarget("alpha", {
fileSystemId: efsForLambda.id,
subnetId: aws_subnet.subnet_for_lambda.id,
securityGroups: [aws_security_group.sg_for_lambda.id],
});
// EFS access point used by lambda file system
const accessPointForLambda = new aws.efs.AccessPoint("accessPointForLambda", {
fileSystemId: efsForLambda.id,
rootDirectory: {
path: "/lambda",
creationInfo: {
ownerGid: 1000,
ownerUid: 1000,
permissions: "777",
},
},
posixUser: {
gid: 1000,
uid: 1000,
},
});
// A lambda function connected to an EFS file system
// ... other configuration ...
const example = new aws.lambda.Function("example", {
fileSystemConfig: {
arn: accessPointForLambda.arn,
localMountPath: "/mnt/efs",
},
vpcConfig: {
subnetIds: [aws_subnet.subnet_for_lambda.id],
securityGroupIds: [aws_security_group.sg_for_lambda.id],
},
}, {
dependsOn: [alpha],
});
resources:
# A lambda function connected to an EFS file system
example:
type: aws:lambda:Function
properties:
fileSystemConfig:
arn: ${accessPointForLambda.arn}
localMountPath: /mnt/efs
vpcConfig:
subnetIds:
- ${aws_subnet.subnet_for_lambda.id}
securityGroupIds:
- ${aws_security_group.sg_for_lambda.id}
options:
dependson:
- ${alpha}
# EFS file system
efsForLambda:
type: aws:efs:FileSystem
properties:
tags:
Name: efs_for_lambda
# Mount target connects the file system to the subnet
alpha:
type: aws:efs:MountTarget
properties:
fileSystemId: ${efsForLambda.id}
subnetId: ${aws_subnet.subnet_for_lambda.id}
securityGroups:
- ${aws_security_group.sg_for_lambda.id}
# EFS access point used by lambda file system
accessPointForLambda:
type: aws:efs:AccessPoint
properties:
fileSystemId: ${efsForLambda.id}
rootDirectory:
path: /lambda
creationInfo:
ownerGid: 1000
ownerUid: 1000
permissions: '777'
posixUser:
gid: 1000
uid: 1000
Lambda retries
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var lambdaFunctionName = config.Get("lambdaFunctionName") ?? "lambda_function_name";
// This is to optionally manage the CloudWatch Log Group for the Lambda Function.
// If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
var example = new Aws.CloudWatch.LogGroup("example", new()
{
RetentionInDays = 14,
});
var lambdaLoggingPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
},
Resources = new[]
{
"arn:aws:logs:*:*:*",
},
},
},
});
var lambdaLoggingPolicy = new Aws.Iam.Policy("lambdaLoggingPolicy", new()
{
Path = "/",
Description = "IAM policy for logging from a lambda",
PolicyDocument = lambdaLoggingPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var lambdaLogs = new Aws.Iam.RolePolicyAttachment("lambdaLogs", new()
{
Role = aws_iam_role.Iam_for_lambda.Name,
PolicyArn = lambdaLoggingPolicy.Arn,
});
var testLambda = new Aws.Lambda.Function("testLambda", new()
{
}, new CustomResourceOptions
{
DependsOn = new[]
{
lambdaLogs,
example,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
lambdaFunctionName := "lambda_function_name"
if param := cfg.Get("lambdaFunctionName"); param != "" {
lambdaFunctionName = param
}
example, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{
RetentionInDays: pulumi.Int(14),
})
if err != nil {
return err
}
lambdaLoggingPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
},
Resources: []string{
"arn:aws:logs:*:*:*",
},
},
},
}, nil)
if err != nil {
return err
}
lambdaLoggingPolicy, err := iam.NewPolicy(ctx, "lambdaLoggingPolicy", &iam.PolicyArgs{
Path: pulumi.String("/"),
Description: pulumi.String("IAM policy for logging from a lambda"),
Policy: *pulumi.String(lambdaLoggingPolicyDocument.Json),
})
if err != nil {
return err
}
lambdaLogs, err := iam.NewRolePolicyAttachment(ctx, "lambdaLogs", &iam.RolePolicyAttachmentArgs{
Role: pulumi.Any(aws_iam_role.Iam_for_lambda.Name),
PolicyArn: lambdaLoggingPolicy.Arn,
})
if err != nil {
return err
}
_, err = lambda.NewFunction(ctx, "testLambda", nil, pulumi.DependsOn([]pulumi.Resource{
lambdaLogs,
example,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Policy;
import com.pulumi.aws.iam.PolicyArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var lambdaFunctionName = config.get("lambdaFunctionName").orElse("lambda_function_name");
var example = new LogGroup("example", LogGroupArgs.builder()
.retentionInDays(14)
.build());
final var lambdaLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents")
.resources("arn:aws:logs:*:*:*")
.build())
.build());
var lambdaLoggingPolicy = new Policy("lambdaLoggingPolicy", PolicyArgs.builder()
.path("/")
.description("IAM policy for logging from a lambda")
.policy(lambdaLoggingPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var lambdaLogs = new RolePolicyAttachment("lambdaLogs", RolePolicyAttachmentArgs.builder()
.role(aws_iam_role.iam_for_lambda().name())
.policyArn(lambdaLoggingPolicy.arn())
.build());
var testLambda = new Function("testLambda", FunctionArgs.Empty, CustomResourceOptions.builder()
.dependsOn(
lambdaLogs,
example)
.build());
}
}
import pulumi
import pulumi_aws as aws
config = pulumi.Config()
lambda_function_name = config.get("lambdaFunctionName")
if lambda_function_name is None:
lambda_function_name = "lambda_function_name"
# This is to optionally manage the CloudWatch Log Group for the Lambda Function.
# If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
example = aws.cloudwatch.LogGroup("example", retention_in_days=14)
lambda_logging_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=[
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
resources=["arn:aws:logs:*:*:*"],
)])
lambda_logging_policy = aws.iam.Policy("lambdaLoggingPolicy",
path="/",
description="IAM policy for logging from a lambda",
policy=lambda_logging_policy_document.json)
lambda_logs = aws.iam.RolePolicyAttachment("lambdaLogs",
role=aws_iam_role["iam_for_lambda"]["name"],
policy_arn=lambda_logging_policy.arn)
test_lambda = aws.lambda_.Function("testLambda", opts=pulumi.ResourceOptions(depends_on=[
lambda_logs,
example,
]))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const config = new pulumi.Config();
const lambdaFunctionName = config.get("lambdaFunctionName") || "lambda_function_name";
// This is to optionally manage the CloudWatch Log Group for the Lambda Function.
// If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
const example = new aws.cloudwatch.LogGroup("example", {retentionInDays: 14});
const lambdaLoggingPolicyDocument = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
actions: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
resources: ["arn:aws:logs:*:*:*"],
}],
});
const lambdaLoggingPolicy = new aws.iam.Policy("lambdaLoggingPolicy", {
path: "/",
description: "IAM policy for logging from a lambda",
policy: lambdaLoggingPolicyDocument.then(lambdaLoggingPolicyDocument => lambdaLoggingPolicyDocument.json),
});
const lambdaLogs = new aws.iam.RolePolicyAttachment("lambdaLogs", {
role: aws_iam_role.iam_for_lambda.name,
policyArn: lambdaLoggingPolicy.arn,
});
const testLambda = new aws.lambda.Function("testLambda", {}, {
dependsOn: [
lambdaLogs,
example,
],
});
configuration:
lambdaFunctionName:
type: string
default: lambda_function_name
resources:
testLambda:
type: aws:lambda:Function
options:
dependson:
- ${lambdaLogs}
- ${example}
# This is to optionally manage the CloudWatch Log Group for the Lambda Function.
# If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
example:
type: aws:cloudwatch:LogGroup
properties:
retentionInDays: 14
lambdaLoggingPolicy:
type: aws:iam:Policy
properties:
path: /
description: IAM policy for logging from a lambda
policy: ${lambdaLoggingPolicyDocument.json}
lambdaLogs:
type: aws:iam:RolePolicyAttachment
properties:
role: ${aws_iam_role.iam_for_lambda.name}
policyArn: ${lambdaLoggingPolicy.arn}
variables:
lambdaLoggingPolicyDocument:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
resources:
- arn:aws:logs:*:*:*
Create Function Resource
new Function(name: string, args: FunctionArgs, opts?: CustomResourceOptions);
@overload
def Function(resource_name: str,
opts: Optional[ResourceOptions] = None,
architectures: Optional[Sequence[str]] = None,
code: Optional[pulumi.Archive] = None,
code_signing_config_arn: Optional[str] = None,
dead_letter_config: Optional[_lambda_.FunctionDeadLetterConfigArgs] = None,
description: Optional[str] = None,
environment: Optional[_lambda_.FunctionEnvironmentArgs] = None,
ephemeral_storage: Optional[_lambda_.FunctionEphemeralStorageArgs] = None,
file_system_config: Optional[_lambda_.FunctionFileSystemConfigArgs] = None,
handler: Optional[str] = None,
image_config: Optional[_lambda_.FunctionImageConfigArgs] = None,
image_uri: Optional[str] = None,
kms_key_arn: Optional[str] = None,
layers: Optional[Sequence[str]] = None,
memory_size: Optional[int] = None,
name: Optional[str] = None,
package_type: Optional[str] = None,
publish: Optional[bool] = None,
replace_security_groups_on_destroy: Optional[bool] = None,
replacement_security_group_ids: Optional[Sequence[str]] = None,
reserved_concurrent_executions: Optional[int] = None,
role: Optional[str] = None,
runtime: Optional[Union[str, lambda_.Runtime]] = None,
s3_bucket: Optional[str] = None,
s3_key: Optional[str] = None,
s3_object_version: Optional[str] = None,
skip_destroy: Optional[bool] = None,
snap_start: Optional[_lambda_.FunctionSnapStartArgs] = None,
source_code_hash: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
timeout: Optional[int] = None,
tracing_config: Optional[_lambda_.FunctionTracingConfigArgs] = None,
vpc_config: Optional[_lambda_.FunctionVpcConfigArgs] = None)
@overload
def Function(resource_name: str,
args: FunctionArgs,
opts: Optional[ResourceOptions] = None)
func NewFunction(ctx *Context, name string, args FunctionArgs, opts ...ResourceOption) (*Function, error)
public Function(string name, FunctionArgs args, CustomResourceOptions? opts = null)
public Function(String name, FunctionArgs args)
public Function(String name, FunctionArgs args, CustomResourceOptions options)
type: aws:lambda:Function
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Function Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Function resource accepts the following input properties:
- Role string
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- Architectures List<string>
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- Code Archive
Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- Code
Signing stringConfig Arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- Dead
Letter FunctionConfig Dead Letter Config Configuration block. Detailed below.
- Description string
Description of what your Lambda Function does.
- Environment
Function
Environment Configuration block. Detailed below.
- Ephemeral
Storage FunctionEphemeral Storage The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- File
System FunctionConfig File System Config Configuration block. Detailed below.
- Handler string
Function entrypoint in your code.
- Image
Config FunctionImage Config Configuration block. Detailed below.
- Image
Uri string ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- Kms
Key stringArn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- Layers List<string>
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- Memory
Size int Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- Name string
Unique name for your Lambda Function.
- Package
Type string Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- Publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- Replace
Security boolGroups On Destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- Replacement
Security List<string>Group Ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- Reserved
Concurrent intExecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- Runtime
string | Pulumi.
Aws. Lambda. Runtime Identifier of the function's runtime. See Runtimes for valid values.
- S3Bucket string
S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- S3Key string
S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- S3Object
Version string Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- Skip
Destroy bool Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- Snap
Start FunctionSnap Start Snap start settings block. Detailed below.
- Source
Code stringHash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- Dictionary<string, string>
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- Tracing
Config FunctionTracing Config Configuration block. Detailed below.
- Vpc
Config FunctionVpc Config Configuration block. Detailed below.
- Role string
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- Architectures []string
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- Code
pulumi.
Archive Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- Code
Signing stringConfig Arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- Dead
Letter FunctionConfig Dead Letter Config Args Configuration block. Detailed below.
- Description string
Description of what your Lambda Function does.
- Environment
Function
Environment Args Configuration block. Detailed below.
- Ephemeral
Storage FunctionEphemeral Storage Args The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- File
System FunctionConfig File System Config Args Configuration block. Detailed below.
- Handler string
Function entrypoint in your code.
- Image
Config FunctionImage Config Args Configuration block. Detailed below.
- Image
Uri string ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- Kms
Key stringArn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- Layers []string
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- Memory
Size int Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- Name string
Unique name for your Lambda Function.
- Package
Type string Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- Publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- Replace
Security boolGroups On Destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- Replacement
Security []stringGroup Ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- Reserved
Concurrent intExecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- Runtime string | Runtime
Identifier of the function's runtime. See Runtimes for valid values.
- S3Bucket string
S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- S3Key string
S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- S3Object
Version string Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- Skip
Destroy bool Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- Snap
Start FunctionSnap Start Args Snap start settings block. Detailed below.
- Source
Code stringHash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- map[string]string
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- Tracing
Config FunctionTracing Config Args Configuration block. Detailed below.
- Vpc
Config FunctionVpc Config Args Configuration block. Detailed below.
- role String
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- architectures List<String>
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- code Archive
Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- code
Signing StringConfig Arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- dead
Letter FunctionConfig Dead Letter Config Configuration block. Detailed below.
- description String
Description of what your Lambda Function does.
- environment
Function
Environment Configuration block. Detailed below.
- ephemeral
Storage FunctionEphemeral Storage The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- file
System FunctionConfig File System Config Configuration block. Detailed below.
- handler String
Function entrypoint in your code.
- image
Config FunctionImage Config Configuration block. Detailed below.
- image
Uri String ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- kms
Key StringArn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- layers List<String>
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- memory
Size Integer Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- name String
Unique name for your Lambda Function.
- package
Type String Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- publish Boolean
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- replace
Security BooleanGroups On Destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- replacement
Security List<String>Group Ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- reserved
Concurrent IntegerExecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- runtime String | Runtime
Identifier of the function's runtime. See Runtimes for valid values.
- s3Bucket String
S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- s3Key String
S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- s3Object
Version String Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- skip
Destroy Boolean Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- snap
Start FunctionSnap Start Snap start settings block. Detailed below.
- source
Code StringHash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- Map<String,String>
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- timeout Integer
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- tracing
Config FunctionTracing Config Configuration block. Detailed below.
- vpc
Config FunctionVpc Config Configuration block. Detailed below.
- role ARN
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- architectures string[]
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- code
pulumi.asset.
Archive Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- code
Signing stringConfig Arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- dead
Letter FunctionConfig Dead Letter Config Configuration block. Detailed below.
- description string
Description of what your Lambda Function does.
- environment
Function
Environment Configuration block. Detailed below.
- ephemeral
Storage FunctionEphemeral Storage The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- file
System FunctionConfig File System Config Configuration block. Detailed below.
- handler string
Function entrypoint in your code.
- image
Config FunctionImage Config Configuration block. Detailed below.
- image
Uri string ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- kms
Key stringArn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- layers string[]
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- memory
Size number Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- name string
Unique name for your Lambda Function.
- package
Type string Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- publish boolean
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- replace
Security booleanGroups On Destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- replacement
Security string[]Group Ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- reserved
Concurrent numberExecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- runtime string | Runtime
Identifier of the function's runtime. See Runtimes for valid values.
- s3Bucket string
S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- s3Key string
S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- s3Object
Version string Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- skip
Destroy boolean Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- snap
Start FunctionSnap Start Snap start settings block. Detailed below.
- source
Code stringHash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- {[key: string]: string}
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- timeout number
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- tracing
Config FunctionTracing Config Configuration block. Detailed below.
- vpc
Config FunctionVpc Config Configuration block. Detailed below.
- role str
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- architectures Sequence[str]
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- code
pulumi.
Archive Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- code_
signing_ strconfig_ arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- dead_
letter_ Functionconfig Dead Letter Config Args Configuration block. Detailed below.
- description str
Description of what your Lambda Function does.
- environment
Function
Environment Args Configuration block. Detailed below.
- ephemeral_
storage FunctionEphemeral Storage Args The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- file_
system_ Functionconfig File System Config Args Configuration block. Detailed below.
- handler str
Function entrypoint in your code.
- image_
config FunctionImage Config Args Configuration block. Detailed below.
- image_
uri str ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- kms_
key_ strarn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- layers Sequence[str]
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- memory_
size int Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- name str
Unique name for your Lambda Function.
- package_
type str Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- replace_
security_ boolgroups_ on_ destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- replacement_
security_ Sequence[str]group_ ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- reserved_
concurrent_ intexecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- runtime str | Runtime
Identifier of the function's runtime. See Runtimes for valid values.
- s3_
bucket str S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- s3_
key str S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- s3_
object_ strversion Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- skip_
destroy bool Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- snap_
start FunctionSnap Start Args Snap start settings block. Detailed below.
- source_
code_ strhash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- Mapping[str, str]
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- tracing_
config FunctionTracing Config Args Configuration block. Detailed below.
- vpc_
config FunctionVpc Config Args Configuration block. Detailed below.
- role
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- architectures List<String>
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- code Archive
Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- code
Signing StringConfig Arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- dead
Letter Property MapConfig Configuration block. Detailed below.
- description String
Description of what your Lambda Function does.
- environment Property Map
Configuration block. Detailed below.
- ephemeral
Storage Property Map The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- file
System Property MapConfig Configuration block. Detailed below.
- handler String
Function entrypoint in your code.
- image
Config Property Map Configuration block. Detailed below.
- image
Uri String ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- kms
Key StringArn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- layers List<String>
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- memory
Size Number Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- name String
Unique name for your Lambda Function.
- package
Type String Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- publish Boolean
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- replace
Security BooleanGroups On Destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- replacement
Security List<String>Group Ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- reserved
Concurrent NumberExecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- runtime String | "dotnetcore2.1" | "dotnetcore3.1" | "dotnet5.0" | "dotnet6" | "go1.x" | "java8" | "java8.al2" | "java11" | "java17" | "ruby2.5" | "ruby2.7" | "ruby3.2" | "nodejs10.x" | "nodejs12.x" | "nodejs14.x" | "nodejs16.x" | "nodejs18.x" | "python2.7" | "python3.6" | "python3.7" | "python3.8" | "python3.9" | "python3.10" | "python3.11" | "provided" | "provided.al2"
Identifier of the function's runtime. See Runtimes for valid values.
- s3Bucket String
S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- s3Key String
S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- s3Object
Version String Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- skip
Destroy Boolean Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- snap
Start Property Map Snap start settings block. Detailed below.
- source
Code StringHash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- Map<String>
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- timeout Number
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- tracing
Config Property Map Configuration block. Detailed below.
- vpc
Config Property Map Configuration block. Detailed below.
Outputs
All input properties are implicitly available as output properties. Additionally, the Function resource produces the following output properties:
- Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- Id string
The provider-assigned unique ID for this managed resource.
- Invoke
Arn string ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- Last
Modified string Date this resource was last modified.
- Qualified
Arn string ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- Qualified
Invoke stringArn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- Signing
Job stringArn ARN of the signing job.
- Signing
Profile stringVersion Arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- Source
Code intSize Size in bytes of the function .zip file.
- Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- Version string
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
- Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- Id string
The provider-assigned unique ID for this managed resource.
- Invoke
Arn string ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- Last
Modified string Date this resource was last modified.
- Qualified
Arn string ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- Qualified
Invoke stringArn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- Signing
Job stringArn ARN of the signing job.
- Signing
Profile stringVersion Arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- Source
Code intSize Size in bytes of the function .zip file.
- map[string]string
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- Version string
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
- arn String
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- id String
The provider-assigned unique ID for this managed resource.
- invoke
Arn String ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- last
Modified String Date this resource was last modified.
- qualified
Arn String ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- qualified
Invoke StringArn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- signing
Job StringArn ARN of the signing job.
- signing
Profile StringVersion Arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- source
Code IntegerSize Size in bytes of the function .zip file.
- Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- version String
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
- arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- id string
The provider-assigned unique ID for this managed resource.
- invoke
Arn string ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- last
Modified string Date this resource was last modified.
- qualified
Arn string ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- qualified
Invoke stringArn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- signing
Job stringArn ARN of the signing job.
- signing
Profile stringVersion Arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- source
Code numberSize Size in bytes of the function .zip file.
- {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- version string
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
- arn str
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- id str
The provider-assigned unique ID for this managed resource.
- invoke_
arn str ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- last_
modified str Date this resource was last modified.
- qualified_
arn str ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- qualified_
invoke_ strarn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- signing_
job_ strarn ARN of the signing job.
- signing_
profile_ strversion_ arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- source_
code_ intsize Size in bytes of the function .zip file.
- Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- version str
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
- arn String
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- id String
The provider-assigned unique ID for this managed resource.
- invoke
Arn String ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- last
Modified String Date this resource was last modified.
- qualified
Arn String ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- qualified
Invoke StringArn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- signing
Job StringArn ARN of the signing job.
- signing
Profile StringVersion Arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- source
Code NumberSize Size in bytes of the function .zip file.
- Map<String>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- version String
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
Look up Existing Function Resource
Get an existing Function resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FunctionState, opts?: CustomResourceOptions): Function
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
architectures: Optional[Sequence[str]] = None,
arn: Optional[str] = None,
code: Optional[pulumi.Archive] = None,
code_signing_config_arn: Optional[str] = None,
dead_letter_config: Optional[_lambda_.FunctionDeadLetterConfigArgs] = None,
description: Optional[str] = None,
environment: Optional[_lambda_.FunctionEnvironmentArgs] = None,
ephemeral_storage: Optional[_lambda_.FunctionEphemeralStorageArgs] = None,
file_system_config: Optional[_lambda_.FunctionFileSystemConfigArgs] = None,
handler: Optional[str] = None,
image_config: Optional[_lambda_.FunctionImageConfigArgs] = None,
image_uri: Optional[str] = None,
invoke_arn: Optional[str] = None,
kms_key_arn: Optional[str] = None,
last_modified: Optional[str] = None,
layers: Optional[Sequence[str]] = None,
memory_size: Optional[int] = None,
name: Optional[str] = None,
package_type: Optional[str] = None,
publish: Optional[bool] = None,
qualified_arn: Optional[str] = None,
qualified_invoke_arn: Optional[str] = None,
replace_security_groups_on_destroy: Optional[bool] = None,
replacement_security_group_ids: Optional[Sequence[str]] = None,
reserved_concurrent_executions: Optional[int] = None,
role: Optional[str] = None,
runtime: Optional[Union[str, lambda_.Runtime]] = None,
s3_bucket: Optional[str] = None,
s3_key: Optional[str] = None,
s3_object_version: Optional[str] = None,
signing_job_arn: Optional[str] = None,
signing_profile_version_arn: Optional[str] = None,
skip_destroy: Optional[bool] = None,
snap_start: Optional[_lambda_.FunctionSnapStartArgs] = None,
source_code_hash: Optional[str] = None,
source_code_size: Optional[int] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
timeout: Optional[int] = None,
tracing_config: Optional[_lambda_.FunctionTracingConfigArgs] = None,
version: Optional[str] = None,
vpc_config: Optional[_lambda_.FunctionVpcConfigArgs] = None) -> Function
func GetFunction(ctx *Context, name string, id IDInput, state *FunctionState, opts ...ResourceOption) (*Function, error)
public static Function Get(string name, Input<string> id, FunctionState? state, CustomResourceOptions? opts = null)
public static Function get(String name, Output<String> id, FunctionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Architectures List<string>
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- Code Archive
Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- Code
Signing stringConfig Arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- Dead
Letter FunctionConfig Dead Letter Config Configuration block. Detailed below.
- Description string
Description of what your Lambda Function does.
- Environment
Function
Environment Configuration block. Detailed below.
- Ephemeral
Storage FunctionEphemeral Storage The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- File
System FunctionConfig File System Config Configuration block. Detailed below.
- Handler string
Function entrypoint in your code.
- Image
Config FunctionImage Config Configuration block. Detailed below.
- Image
Uri string ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- Invoke
Arn string ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- Kms
Key stringArn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- Last
Modified string Date this resource was last modified.
- Layers List<string>
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- Memory
Size int Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- Name string
Unique name for your Lambda Function.
- Package
Type string Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- Publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- Qualified
Arn string ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- Qualified
Invoke stringArn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- Replace
Security boolGroups On Destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- Replacement
Security List<string>Group Ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- Reserved
Concurrent intExecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- Role string
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- Runtime
string | Pulumi.
Aws. Lambda. Runtime Identifier of the function's runtime. See Runtimes for valid values.
- S3Bucket string
S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- S3Key string
S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- S3Object
Version string Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- Signing
Job stringArn ARN of the signing job.
- Signing
Profile stringVersion Arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- Skip
Destroy bool Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- Snap
Start FunctionSnap Start Snap start settings block. Detailed below.
- Source
Code stringHash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- Source
Code intSize Size in bytes of the function .zip file.
- Dictionary<string, string>
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- Timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- Tracing
Config FunctionTracing Config Configuration block. Detailed below.
- Version string
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
- Vpc
Config FunctionVpc Config Configuration block. Detailed below.
- Architectures []string
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- Code
pulumi.
Archive Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- Code
Signing stringConfig Arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- Dead
Letter FunctionConfig Dead Letter Config Args Configuration block. Detailed below.
- Description string
Description of what your Lambda Function does.
- Environment
Function
Environment Args Configuration block. Detailed below.
- Ephemeral
Storage FunctionEphemeral Storage Args The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- File
System FunctionConfig File System Config Args Configuration block. Detailed below.
- Handler string
Function entrypoint in your code.
- Image
Config FunctionImage Config Args Configuration block. Detailed below.
- Image
Uri string ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- Invoke
Arn string ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- Kms
Key stringArn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- Last
Modified string Date this resource was last modified.
- Layers []string
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- Memory
Size int Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- Name string
Unique name for your Lambda Function.
- Package
Type string Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- Publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- Qualified
Arn string ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- Qualified
Invoke stringArn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- Replace
Security boolGroups On Destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- Replacement
Security []stringGroup Ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- Reserved
Concurrent intExecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- Role string
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- Runtime string | Runtime
Identifier of the function's runtime. See Runtimes for valid values.
- S3Bucket string
S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- S3Key string
S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- S3Object
Version string Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- Signing
Job stringArn ARN of the signing job.
- Signing
Profile stringVersion Arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- Skip
Destroy bool Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- Snap
Start FunctionSnap Start Args Snap start settings block. Detailed below.
- Source
Code stringHash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- Source
Code intSize Size in bytes of the function .zip file.
- map[string]string
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- map[string]string
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- Timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- Tracing
Config FunctionTracing Config Args Configuration block. Detailed below.
- Version string
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
- Vpc
Config FunctionVpc Config Args Configuration block. Detailed below.
- architectures List<String>
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- arn String
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- code Archive
Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- code
Signing StringConfig Arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- dead
Letter FunctionConfig Dead Letter Config Configuration block. Detailed below.
- description String
Description of what your Lambda Function does.
- environment
Function
Environment Configuration block. Detailed below.
- ephemeral
Storage FunctionEphemeral Storage The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- file
System FunctionConfig File System Config Configuration block. Detailed below.
- handler String
Function entrypoint in your code.
- image
Config FunctionImage Config Configuration block. Detailed below.
- image
Uri String ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- invoke
Arn String ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- kms
Key StringArn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- last
Modified String Date this resource was last modified.
- layers List<String>
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- memory
Size Integer Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- name String
Unique name for your Lambda Function.
- package
Type String Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- publish Boolean
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- qualified
Arn String ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- qualified
Invoke StringArn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- replace
Security BooleanGroups On Destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- replacement
Security List<String>Group Ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- reserved
Concurrent IntegerExecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- role String
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- runtime String | Runtime
Identifier of the function's runtime. See Runtimes for valid values.
- s3Bucket String
S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- s3Key String
S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- s3Object
Version String Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- signing
Job StringArn ARN of the signing job.
- signing
Profile StringVersion Arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- skip
Destroy Boolean Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- snap
Start FunctionSnap Start Snap start settings block. Detailed below.
- source
Code StringHash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- source
Code IntegerSize Size in bytes of the function .zip file.
- Map<String,String>
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- timeout Integer
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- tracing
Config FunctionTracing Config Configuration block. Detailed below.
- version String
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
- vpc
Config FunctionVpc Config Configuration block. Detailed below.
- architectures string[]
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- code
pulumi.asset.
Archive Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- code
Signing stringConfig Arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- dead
Letter FunctionConfig Dead Letter Config Configuration block. Detailed below.
- description string
Description of what your Lambda Function does.
- environment
Function
Environment Configuration block. Detailed below.
- ephemeral
Storage FunctionEphemeral Storage The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- file
System FunctionConfig File System Config Configuration block. Detailed below.
- handler string
Function entrypoint in your code.
- image
Config FunctionImage Config Configuration block. Detailed below.
- image
Uri string ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- invoke
Arn string ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- kms
Key stringArn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- last
Modified string Date this resource was last modified.
- layers string[]
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- memory
Size number Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- name string
Unique name for your Lambda Function.
- package
Type string Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- publish boolean
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- qualified
Arn string ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- qualified
Invoke stringArn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- replace
Security booleanGroups On Destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- replacement
Security string[]Group Ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- reserved
Concurrent numberExecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- role ARN
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- runtime string | Runtime
Identifier of the function's runtime. See Runtimes for valid values.
- s3Bucket string
S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- s3Key string
S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- s3Object
Version string Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- signing
Job stringArn ARN of the signing job.
- signing
Profile stringVersion Arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- skip
Destroy boolean Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- snap
Start FunctionSnap Start Snap start settings block. Detailed below.
- source
Code stringHash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- source
Code numberSize Size in bytes of the function .zip file.
- {[key: string]: string}
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- timeout number
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- tracing
Config FunctionTracing Config Configuration block. Detailed below.
- version string
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
- vpc
Config FunctionVpc Config Configuration block. Detailed below.
- architectures Sequence[str]
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- arn str
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- code
pulumi.
Archive Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- code_
signing_ strconfig_ arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- dead_
letter_ Functionconfig Dead Letter Config Args Configuration block. Detailed below.
- description str
Description of what your Lambda Function does.
- environment
Function
Environment Args Configuration block. Detailed below.
- ephemeral_
storage FunctionEphemeral Storage Args The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- file_
system_ Functionconfig File System Config Args Configuration block. Detailed below.
- handler str
Function entrypoint in your code.
- image_
config FunctionImage Config Args Configuration block. Detailed below.
- image_
uri str ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- invoke_
arn str ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- kms_
key_ strarn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- last_
modified str Date this resource was last modified.
- layers Sequence[str]
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- memory_
size int Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- name str
Unique name for your Lambda Function.
- package_
type str Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- publish bool
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- qualified_
arn str ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- qualified_
invoke_ strarn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- replace_
security_ boolgroups_ on_ destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- replacement_
security_ Sequence[str]group_ ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- reserved_
concurrent_ intexecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- role str
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- runtime str | Runtime
Identifier of the function's runtime. See Runtimes for valid values.
- s3_
bucket str S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- s3_
key str S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- s3_
object_ strversion Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- signing_
job_ strarn ARN of the signing job.
- signing_
profile_ strversion_ arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- skip_
destroy bool Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- snap_
start FunctionSnap Start Args Snap start settings block. Detailed below.
- source_
code_ strhash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- source_
code_ intsize Size in bytes of the function .zip file.
- Mapping[str, str]
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- timeout int
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- tracing_
config FunctionTracing Config Args Configuration block. Detailed below.
- version str
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
- vpc_
config FunctionVpc Config Args Configuration block. Detailed below.
- architectures List<String>
Instruction set architecture for your Lambda function. Valid values are
["x86_64"]
and["arm64"]
. Default is["x86_64"]
. Removing this attribute, function's architecture stay the same.- arn String
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- code Archive
Path to the function's deployment package within the local filesystem. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- code
Signing StringConfig Arn To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
- dead
Letter Property MapConfig Configuration block. Detailed below.
- description String
Description of what your Lambda Function does.
- environment Property Map
Configuration block. Detailed below.
- ephemeral
Storage Property Map The amount of Ephemeral storage(
/tmp
) to allocate for the Lambda Function in MB. This parameter is used to expand the total amount of Ephemeral storage available, beyond the default amount of512
MB. Detailed below.- file
System Property MapConfig Configuration block. Detailed below.
- handler String
Function entrypoint in your code.
- image
Config Property Map Configuration block. Detailed below.
- image
Uri String ECR image URI containing the function's deployment package. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified.- invoke
Arn String ARN to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- kms
Key StringArn Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.
- last
Modified String Date this resource was last modified.
- layers List<String>
List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers
- memory
Size Number Amount of memory in MB your Lambda Function can use at runtime. Defaults to
128
. See Limits- name String
Unique name for your Lambda Function.
- package
Type String Lambda deployment package type. Valid values are
Zip
andImage
. Defaults toZip
.- publish Boolean
Whether to publish creation/change as new Lambda Function Version. Defaults to
false
.- qualified
Arn String ARN identifying your Lambda Function Version (if versioning is enabled via
publish = true
).- qualified
Invoke StringArn Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in
aws.apigateway.Integration
'suri
.- replace
Security BooleanGroups On Destroy AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version. Whether to replace the security groups on associated lambda network interfaces upon destruction. Removing these security groups from orphaned network interfaces can speed up security group deletion times by avoiding a dependency on AWS's internal cleanup operations. By default, the ENI security groups will be replaced with the
default
security group in the function's VPC. Set thereplacement_security_group_ids
attribute to use a custom list of security groups for replacement.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- replacement
Security List<String>Group Ids List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction.
replace_security_groups_on_destroy
must be set totrue
to use this attribute.AWS no longer supports this operation. This attribute now has no effect and will be removed in a future major version.
- reserved
Concurrent NumberExecutions Amount of reserved concurrent executions for this lambda function. A value of
0
disables lambda from being triggered and-1
removes any concurrency limitations. Defaults to Unreserved Concurrency Limits-1
. See Managing Concurrency- role
Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.
The following arguments are optional:
- runtime String | "dotnetcore2.1" | "dotnetcore3.1" | "dotnet5.0" | "dotnet6" | "go1.x" | "java8" | "java8.al2" | "java11" | "java17" | "ruby2.5" | "ruby2.7" | "ruby3.2" | "nodejs10.x" | "nodejs12.x" | "nodejs14.x" | "nodejs16.x" | "nodejs18.x" | "python2.7" | "python3.6" | "python3.7" | "python3.8" | "python3.9" | "python3.10" | "python3.11" | "provided" | "provided.al2"
Identifier of the function's runtime. See Runtimes for valid values.
- s3Bucket String
S3 bucket location containing the function's deployment package. This bucket must reside in the same AWS region where you are creating the Lambda function. Exactly one of
filename
,image_uri
, ors3_bucket
must be specified. Whens3_bucket
is set,s3_key
is required.- s3Key String
S3 key of an object containing the function's deployment package. When
s3_bucket
is set,s3_key
is required.- s3Object
Version String Object version containing the function's deployment package. Conflicts with
filename
andimage_uri
.- signing
Job StringArn ARN of the signing job.
- signing
Profile StringVersion Arn ARN of the signing profile version.
snap_start.optimization_status
- Optimization status of the snap start configuration. Valid values areOn
andOff
.
- skip
Destroy Boolean Set to true if you do not wish the function to be deleted at destroy time, and instead just remove the function from the Pulumi state.
- snap
Start Property Map Snap start settings block. Detailed below.
- source
Code StringHash Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename
ors3_key
.- source
Code NumberSize Size in bytes of the function .zip file.
- Map<String>
Map of tags to assign to the object. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- timeout Number
Amount of time your Lambda Function has to run in seconds. Defaults to
3
. See Limits.- tracing
Config Property Map Configuration block. Detailed below.
- version String
Latest published version of your Lambda Function.
vpc_config.vpc_id
- ID of the VPC.
- vpc
Config Property Map Configuration block. Detailed below.
Supporting Types
FunctionDeadLetterConfig, FunctionDeadLetterConfigArgs
- Target
Arn string ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the
sns:Publish
orsqs:SendMessage
action on this ARN, depending on which service is targeted.
- Target
Arn string ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the
sns:Publish
orsqs:SendMessage
action on this ARN, depending on which service is targeted.
- target
Arn String ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the
sns:Publish
orsqs:SendMessage
action on this ARN, depending on which service is targeted.
- target
Arn string ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the
sns:Publish
orsqs:SendMessage
action on this ARN, depending on which service is targeted.
- target_
arn str ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the
sns:Publish
orsqs:SendMessage
action on this ARN, depending on which service is targeted.
- target
Arn String ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the
sns:Publish
orsqs:SendMessage
action on this ARN, depending on which service is targeted.
FunctionEnvironment, FunctionEnvironmentArgs
- Variables Dictionary<string, string>
Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.
- Variables map[string]string
Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.
- variables Map<String,String>
Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.
- variables {[key: string]: string}
Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.
- variables Mapping[str, str]
Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.
- variables Map<String>
Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present.
FunctionEphemeralStorage, FunctionEphemeralStorageArgs
- Size int
The size of the Lambda function Ephemeral storage(
/tmp
) represented in MB. The minimum supportedephemeral_storage
value defaults to512
MB and the maximum supported value is10240
MB.
- Size int
The size of the Lambda function Ephemeral storage(
/tmp
) represented in MB. The minimum supportedephemeral_storage
value defaults to512
MB and the maximum supported value is10240
MB.
- size Integer
The size of the Lambda function Ephemeral storage(
/tmp
) represented in MB. The minimum supportedephemeral_storage
value defaults to512
MB and the maximum supported value is10240
MB.
- size number
The size of the Lambda function Ephemeral storage(
/tmp
) represented in MB. The minimum supportedephemeral_storage
value defaults to512
MB and the maximum supported value is10240
MB.
- size int
The size of the Lambda function Ephemeral storage(
/tmp
) represented in MB. The minimum supportedephemeral_storage
value defaults to512
MB and the maximum supported value is10240
MB.
- size Number
The size of the Lambda function Ephemeral storage(
/tmp
) represented in MB. The minimum supportedephemeral_storage
value defaults to512
MB and the maximum supported value is10240
MB.
FunctionFileSystemConfig, FunctionFileSystemConfigArgs
- Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- Local
Mount stringPath Path where the function can access the file system, starting with /mnt/.
- Arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- Local
Mount stringPath Path where the function can access the file system, starting with /mnt/.
- arn String
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- local
Mount StringPath Path where the function can access the file system, starting with /mnt/.
- arn string
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- local
Mount stringPath Path where the function can access the file system, starting with /mnt/.
- arn str
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- local_
mount_ strpath Path where the function can access the file system, starting with /mnt/.
- arn String
Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.
- local
Mount StringPath Path where the function can access the file system, starting with /mnt/.
FunctionImageConfig, FunctionImageConfigArgs
- Commands List<string>
Parameters that you want to pass in with
entry_point
.- Entry
Points List<string> Entry point to your application, which is typically the location of the runtime executable.
- Working
Directory string Working directory.
- Commands []string
Parameters that you want to pass in with
entry_point
.- Entry
Points []string Entry point to your application, which is typically the location of the runtime executable.
- Working
Directory string Working directory.
- commands List<String>
Parameters that you want to pass in with
entry_point
.- entry
Points List<String> Entry point to your application, which is typically the location of the runtime executable.
- working
Directory String Working directory.
- commands string[]
Parameters that you want to pass in with
entry_point
.- entry
Points string[] Entry point to your application, which is typically the location of the runtime executable.
- working
Directory string Working directory.
- commands Sequence[str]
Parameters that you want to pass in with
entry_point
.- entry_
points Sequence[str] Entry point to your application, which is typically the location of the runtime executable.
- working_
directory str Working directory.
- commands List<String>
Parameters that you want to pass in with
entry_point
.- entry
Points List<String> Entry point to your application, which is typically the location of the runtime executable.
- working
Directory String Working directory.
FunctionSnapStart, FunctionSnapStartArgs
- Apply
On string Conditions where snap start is enabled. Valid values are
PublishedVersions
.- Optimization
Status string
- Apply
On string Conditions where snap start is enabled. Valid values are
PublishedVersions
.- Optimization
Status string
- apply
On String Conditions where snap start is enabled. Valid values are
PublishedVersions
.- optimization
Status String
- apply
On string Conditions where snap start is enabled. Valid values are
PublishedVersions
.- optimization
Status string
- apply_
on str Conditions where snap start is enabled. Valid values are
PublishedVersions
.- optimization_
status str
- apply
On String Conditions where snap start is enabled. Valid values are
PublishedVersions
.- optimization
Status String
FunctionTracingConfig, FunctionTracingConfigArgs
- Mode string
Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are
PassThrough
andActive
. IfPassThrough
, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". IfActive
, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.
- Mode string
Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are
PassThrough
andActive
. IfPassThrough
, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". IfActive
, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.
- mode String
Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are
PassThrough
andActive
. IfPassThrough
, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". IfActive
, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.
- mode string
Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are
PassThrough
andActive
. IfPassThrough
, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". IfActive
, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.
- mode str
Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are
PassThrough
andActive
. IfPassThrough
, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". IfActive
, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.
- mode String
Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are
PassThrough
andActive
. IfPassThrough
, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". IfActive
, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.
FunctionVpcConfig, FunctionVpcConfigArgs
- Security
Group List<string>Ids List of security group IDs associated with the Lambda function.
- Subnet
Ids List<string> List of subnet IDs associated with the Lambda function.
- Ipv6Allowed
For boolDual Stack Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is
false
.- Vpc
Id string
- Security
Group []stringIds List of security group IDs associated with the Lambda function.
- Subnet
Ids []string List of subnet IDs associated with the Lambda function.
- Ipv6Allowed
For boolDual Stack Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is
false
.- Vpc
Id string
- security
Group List<String>Ids List of security group IDs associated with the Lambda function.
- subnet
Ids List<String> List of subnet IDs associated with the Lambda function.
- ipv6Allowed
For BooleanDual Stack Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is
false
.- vpc
Id String
- security
Group string[]Ids List of security group IDs associated with the Lambda function.
- subnet
Ids string[] List of subnet IDs associated with the Lambda function.
- ipv6Allowed
For booleanDual Stack Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is
false
.- vpc
Id string
- security_
group_ Sequence[str]ids List of security group IDs associated with the Lambda function.
- subnet_
ids Sequence[str] List of subnet IDs associated with the Lambda function.
- ipv6_
allowed_ boolfor_ dual_ stack Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is
false
.- vpc_
id str
- security
Group List<String>Ids List of security group IDs associated with the Lambda function.
- subnet
Ids List<String> List of subnet IDs associated with the Lambda function.
- ipv6Allowed
For BooleanDual Stack Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is
false
.- vpc
Id String
Runtime, RuntimeArgs
- Dotnet
Core2d1 - dotnetcore2.1
This runtime is now deprecated
- Dotnet
Core3d1 - dotnetcore3.1
- Dotnet5d0
- dotnet5.0
- Dotnet6
- dotnet6
- Go1dx
- go1.x
- Java8
- java8
- Java8AL2
- java8.al2
- Java11
- java11
- Java17
- java17
- Ruby2d5
- ruby2.5
This runtime is now deprecated
- Ruby2d7
- ruby2.7
- Ruby3d2
- ruby3.2
- Node
JS10d X - nodejs10.x
This runtime is now deprecated
- Node
JS12d X - nodejs12.x
- Node
JS14d X - nodejs14.x
- Node
JS16d X - nodejs16.x
- Node
JS18d X - nodejs18.x
- Python2d7
- python2.7
This runtime is now deprecated
- Python3d6
- python3.6
This runtime is now deprecated
- Python3d7
- python3.7
- Python3d8
- python3.8
- Python3d9
- python3.9
- Python3d10
- python3.10
- Python3d11
- python3.11
- Custom
- provided
- Custom
AL2 - provided.al2
- Runtime
Dotnet Core2d1 - dotnetcore2.1
This runtime is now deprecated
- Runtime
Dotnet Core3d1 - dotnetcore3.1
- Runtime
Dotnet5d0 - dotnet5.0
- Runtime
Dotnet6 - dotnet6
- Runtime
Go1dx - go1.x
- Runtime
Java8 - java8
- Runtime
Java8AL2 - java8.al2
- Runtime
Java11 - java11
- Runtime
Java17 - java17
- Runtime
Ruby2d5 - ruby2.5
This runtime is now deprecated
- Runtime
Ruby2d7 - ruby2.7
- Runtime
Ruby3d2 - ruby3.2
- Runtime
Node JS10d X - nodejs10.x
This runtime is now deprecated
- Runtime
Node JS12d X - nodejs12.x
- Runtime
Node JS14d X - nodejs14.x
- Runtime
Node JS16d X - nodejs16.x
- Runtime
Node JS18d X - nodejs18.x
- Runtime
Python2d7 - python2.7
This runtime is now deprecated
- Runtime
Python3d6 - python3.6
This runtime is now deprecated
- Runtime
Python3d7 - python3.7
- Runtime
Python3d8 - python3.8
- Runtime
Python3d9 - python3.9
- Runtime
Python3d10 - python3.10
- Runtime
Python3d11 - python3.11
- Runtime
Custom - provided
- Runtime
Custom AL2 - provided.al2
- Dotnet
Core2d1 - dotnetcore2.1
This runtime is now deprecated
- Dotnet
Core3d1 - dotnetcore3.1
- Dotnet5d0
- dotnet5.0
- Dotnet6
- dotnet6
- Go1dx
- go1.x
- Java8
- java8
- Java8AL2
- java8.al2
- Java11
- java11
- Java17
- java17
- Ruby2d5
- ruby2.5
This runtime is now deprecated
- Ruby2d7
- ruby2.7
- Ruby3d2
- ruby3.2
- Node
JS10d X - nodejs10.x
This runtime is now deprecated
- Node
JS12d X - nodejs12.x
- Node
JS14d X - nodejs14.x
- Node
JS16d X - nodejs16.x
- Node
JS18d X - nodejs18.x
- Python2d7
- python2.7
This runtime is now deprecated
- Python3d6
- python3.6
This runtime is now deprecated
- Python3d7
- python3.7
- Python3d8
- python3.8
- Python3d9
- python3.9
- Python3d10
- python3.10
- Python3d11
- python3.11
- Custom
- provided
- Custom
AL2 - provided.al2
- Dotnet
Core2d1 - dotnetcore2.1
This runtime is now deprecated
- Dotnet
Core3d1 - dotnetcore3.1
- Dotnet5d0
- dotnet5.0
- Dotnet6
- dotnet6
- Go1dx
- go1.x
- Java8
- java8
- Java8AL2
- java8.al2
- Java11
- java11
- Java17
- java17
- Ruby2d5
- ruby2.5
This runtime is now deprecated
- Ruby2d7
- ruby2.7
- Ruby3d2
- ruby3.2
- Node
JS10d X - nodejs10.x
This runtime is now deprecated
- Node
JS12d X - nodejs12.x
- Node
JS14d X - nodejs14.x
- Node
JS16d X - nodejs16.x
- Node
JS18d X - nodejs18.x
- Python2d7
- python2.7
This runtime is now deprecated
- Python3d6
- python3.6
This runtime is now deprecated
- Python3d7
- python3.7
- Python3d8
- python3.8
- Python3d9
- python3.9
- Python3d10
- python3.10
- Python3d11
- python3.11
- Custom
- provided
- Custom
AL2 - provided.al2
- DOTNET_CORE2D1
- dotnetcore2.1
This runtime is now deprecated
- DOTNET_CORE3D1
- dotnetcore3.1
- DOTNET5D0
- dotnet5.0
- DOTNET6
- dotnet6
- GO1DX
- go1.x
- JAVA8
- java8
- JAVA8_AL2
- java8.al2
- JAVA11
- java11
- JAVA17
- java17
- RUBY2D5
- ruby2.5
This runtime is now deprecated
- RUBY2D7
- ruby2.7
- RUBY3D2
- ruby3.2
- NODE_JS10D_X
- nodejs10.x
This runtime is now deprecated
- NODE_JS12D_X
- nodejs12.x
- NODE_JS14D_X
- nodejs14.x
- NODE_JS16D_X
- nodejs16.x
- NODE_JS18D_X
- nodejs18.x
- PYTHON2D7
- python2.7
This runtime is now deprecated
- PYTHON3D6
- python3.6
This runtime is now deprecated
- PYTHON3D7
- python3.7
- PYTHON3D8
- python3.8
- PYTHON3D9
- python3.9
- PYTHON3D10
- python3.10
- PYTHON3D11
- python3.11
- CUSTOM
- provided
- CUSTOM_AL2
- provided.al2
- "dotnetcore2.1"
- dotnetcore2.1
This runtime is now deprecated
- "dotnetcore3.1"
- dotnetcore3.1
- "dotnet5.0"
- dotnet5.0
- "dotnet6"
- dotnet6
- "go1.x"
- go1.x
- "java8"
- java8
- "java8.al2"
- java8.al2
- "java11"
- java11
- "java17"
- java17
- "ruby2.5"
- ruby2.5
This runtime is now deprecated
- "ruby2.7"
- ruby2.7
- "ruby3.2"
- ruby3.2
- "nodejs10.x"
- nodejs10.x
This runtime is now deprecated
- "nodejs12.x"
- nodejs12.x
- "nodejs14.x"
- nodejs14.x
- "nodejs16.x"
- nodejs16.x
- "nodejs18.x"
- nodejs18.x
- "python2.7"
- python2.7
This runtime is now deprecated
- "python3.6"
- python3.6
This runtime is now deprecated
- "python3.7"
- python3.7
- "python3.8"
- python3.8
- "python3.9"
- python3.9
- "python3.10"
- python3.10
- "python3.11"
- python3.11
- "provided"
- provided
- "provided.al2"
- provided.al2
Import
Using pulumi import
, import Lambda Functions using the function_name
. For example:
$ pulumi import aws:lambda/function:Function test_lambda my_test_lambda_function
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aws
Terraform Provider.
Try AWS Native preview for resources not in the classic version.