AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::Lambda::Function

The AWS::Lambda::Function resource creates an AWS Lambda (Lambda) function that can run code in response to events. To create a function, you need a deployment package and an execution role. For more information, see CreateFunction in the AWS Lambda Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Lambda::Function", "Properties" : { "Code" : Code, "DeadLetterConfig" : DeadLetterConfig, "Description" : String, "Environment" : Environment, "FunctionName" : String, "Handler" : String, "KmsKeyArn" : String, "Layers" : [ String, ... ], "MemorySize" : Integer, "ReservedConcurrentExecutions" : Integer, "Role" : String, "Runtime" : String, "Timeout" : Integer, "TracingConfig" : TracingConfig, "VpcConfig" : VPCConfig, "Tags" : [ Resource Tag, ... ] } }

YAML

Type: "AWS::Lambda::Function" Properties: Code: Code DeadLetterConfig: DeadLetterConfig Description: String Environment: Environment FunctionName: String Handler: String KmsKeyArn: String Layers: - String MemorySize: Integer ReservedConcurrentExecutions: Integer Role: String Runtime: String Timeout: Integer TracingConfig: TracingConfig VpcConfig: VPCConfig Tags: Resource Tag

Properties

For more information about each property, including defaults, valid values, and constraints, see CreateFunction in the AWS Lambda Developer Guide.

Code

The code for the function.

Required: Yes

Type: AWS Lambda Function Code

Update requires: No interruption

DeadLetterConfig

A dead letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see Dead Letter Queues.

Required: No

Type: AWS Lambda Function DeadLetterConfig

Update requires: No interruption

Description

A description of the function.

Required: No

Type: String

Update requires: No interruption

Environment

Environment variables that are accessible from function code during execution.

Required: No

Type: AWS Lambda Function Environment

Update requires: No interruption

FunctionName

The name of the Lambda function. If you don't specify a name, AWS CloudFormation generates one. For more information, see Name Type.

Important

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

Required: No

Type: String

Update requires: Replacement

Handler

The name of the method within your code that Lambda calls to execute your function. The format includes the filename and can also include namespaces and other qualifiers, depending on the runtime. For more information, see Programming Model.

Required: Yes

Type: String

Update requires: No interruption

KmsKeyArn

The Amazon Resource Name (ARN) of the AWS Key Management Service key used to encrypt your function's environment variables. If not provided, Lambda uses a default service key.

Type: String

Required: No

Update requires: No interruption

Layers

A list of function layers to add to the function's execution environment. Specify each layer by ARN, including the version.

Required: No

Type: List of String values

Update requires: No interruption

MemorySize

The amount of memory that your function has access to. Increasing the function's memory also increases it's CPU allocation. The default value is 128 MB. The value must be a multiple of 64 MB.

Required: No

Type: Integer

Update requires: No interruption

ReservedConcurrentExecutions

The maximum number of instances of your function that process events simultaneously. This option both sets the maximum concurrency for your function and reserves concurrency to ensure that it is available. For more information, see Managing Concurrency in the AWS Lambda Developer Guide.

Required: No

Type: Integer

Update requires: No interruption

Role

The ARN of the function's execution role.

Required: Yes

Type: String

Update requires: No interruption

Runtime

The identifier of the function's runtime.

Required: Yes

Type: String

Update requires: No interruption

Timeout

The amount of time that Lambda allows a function to run before terminating it. The default is 3 seconds. The maximum allowed value is 900 seconds.

Required: No

Type: Integer

Update requires: No interruption

TracingConfig

Set Mode to Active to sample and trace a subset of incoming requests with AWS X-Ray.

Required: No

Type: AWS Lambda Function TracingConfig

Update requires: No interruption

VpcConfig

For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can only access resources and the internet through that VPC. For more information, see VPC Settings.

Note

When you specify this property, AWS CloudFormation might not be able to delete the stack if another resource in the template (such as a security group) requires the attached ENI to be deleted before it can be deleted. We recommend that you run AWS CloudFormation with the ec2:DescribeNetworkInterfaces permission, which enables AWS CloudFormation to monitor the state of the ENI and to wait (up to 40 minutes) for Lambda to delete the ENI.

Required: No

Type: AWS Lambda Function VpcConfig

Update requires: No interruption

Tags

A list of tags to apply to the function.

Required: No

Type: Resource Tag

Update requires: No interruption

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource name.

In the following sample, the Ref function returns the name of the AMILookUp function, such as MyStack-AMILookUp-NT5EUXTNTXXD.

{ "Ref": "AMILookUp" }

For more information about using the Ref function, see Ref.

Fn::GetAtt

Fn::GetAtt returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

Arn

The ARN of the Lambda function, such as arn:aws:lambda:us-west-2:123456789012:MyStack-AMILookUp-NT5EUXTNTXXD.

For more information about using Fn::GetAtt, see Fn::GetAtt.

Example

The following example uses a packaged file in an S3 bucket to create a Lambda function.

JSON

"AMIIDLookup": { "Type": "AWS::Lambda::Function", "Properties": { "Handler": "index.handler", "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] }, "Code": { "S3Bucket": "lambda-functions", "S3Key": "amilookup.zip" }, "Runtime": "nodejs8.10", "Timeout": 25, "TracingConfig": { "Mode": "Active" } } }

YAML

AMIIDLookup: Type: "AWS::Lambda::Function" Properties: Handler: "index.handler" Role: Fn::GetAtt: - "LambdaExecutionRole" - "Arn" Code: S3Bucket: "lambda-functions" S3Key: "amilookup.zip" Runtime: "nodejs8.10" Timeout: 25 TracingConfig: Mode: "Active"

Related Resources

For more information about how you can use a Lambda function with AWS CloudFormation custom resources, see AWS Lambda-backed Custom Resources.

For a sample template, see AWS Lambda Template.