AWS::Lambda::Function - AWS CloudFormation

AWS::Lambda::Function

The AWS::Lambda::Function resource creates a Lambda function. To create a function, you need a deployment package and an execution role. The deployment package contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Lambda::Function", "Properties" : { "Code" : Code, "DeadLetterConfig" : DeadLetterConfig, "Description" : String, "Environment" : Environment, "FileSystemConfigs" : [ FileSystemConfig, ... ], "FunctionName" : String, "Handler" : String, "KmsKeyArn" : String, "Layers" : [ String, ... ], "MemorySize" : Integer, "ReservedConcurrentExecutions" : Integer, "Role" : String, "Runtime" : String, "Tags" : [ Tag, ... ], "Timeout" : Integer, "TracingConfig" : TracingConfig, "VpcConfig" : VpcConfig } }

YAML

Type: AWS::Lambda::Function Properties: Code: Code DeadLetterConfig: DeadLetterConfig Description: String Environment: Environment FileSystemConfigs: - FileSystemConfig FunctionName: String Handler: String KmsKeyArn: String Layers: - String MemorySize: Integer ReservedConcurrentExecutions: Integer Role: String Runtime: String Tags: - Tag Timeout: Integer TracingConfig: TracingConfig VpcConfig: VpcConfig

Properties

Code

The code for the function.

Required: Yes

Type: Code

Update requires: No interruption

DeadLetterConfig

A dead letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see Dead Letter Queues.

Required: No

Type: DeadLetterConfig

Update requires: No interruption

Description

A description of the function.

Required: No

Type: String

Minimum: 0

Maximum: 256

Update requires: No interruption

Environment

Environment variables that are accessible from function code during execution.

Required: No

Type: Environment

Update requires: No interruption

FileSystemConfigs

Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an AWS::EFS::MountTarget resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function.

For more information about using the DependsOn attribute, see DependsOn Attribute.

Required: No

Type: List of FileSystemConfig

Maximum: 1

Update requires: No interruption

FunctionName

The name of the Lambda function, up to 64 characters in length. If you don't specify a name, AWS CloudFormation generates one.

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

Required: No

Type: String

Update requires: Replacement

Handler

The name of the method within your code that Lambda calls to execute your function. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see Programming Model.

Required: Yes

Type: String

Maximum: 128

Pattern: [^\s]+

Update requires: No interruption

KmsKeyArn

The ARN of the AWS Key Management Service (AWS KMS) key that's used to encrypt your function's environment variables. If it's not provided, AWS Lambda uses a default service key.

Required: No

Type: String

Pattern: (arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()

Update requires: No interruption

Layers

A list of function layers to add to the function's execution environment. Specify each layer by its ARN, including the version.

Required: No

Type: List of String

Update requires: No interruption

MemorySize

The amount of memory that your function has access to. Increasing the function's memory also increases its CPU allocation. The default value is 128 MB. The value must be a multiple of 64 MB.

Required: No

Type: Integer

Minimum: 128

Maximum: 3008

Update requires: No interruption

ReservedConcurrentExecutions

The number of simultaneous executions to reserve for the function.

Required: No

Type: Integer

Minimum: 0

Update requires: No interruption

Role

The Amazon Resource Name (ARN) of the function's execution role.

Required: Yes

Type: String

Pattern: arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+

Update requires: No interruption

Runtime

The identifier of the function's runtime.

Required: Yes

Type: String

Allowed values: dotnetcore2.1 | dotnetcore3.1 | go1.x | java11 | java8 | java8.al2 | nodejs10.x | nodejs12.x | provided | provided.al2 | python2.7 | python3.6 | python3.7 | python3.8 | ruby2.5 | ruby2.7

Update requires: No interruption

Tags

A list of tags to apply to the function.

Required: No

Type: List of Tag

Update requires: No interruption

Timeout

The amount of time that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds.

Required: No

Type: Integer

Minimum: 1

Update requires: No interruption

TracingConfig

Set Mode to Active to sample and trace a subset of incoming requests with AWS X-Ray.

Required: No

Type: TracingConfig

Update requires: No interruption

VpcConfig

For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC.

Required: No

Type: VpcConfig

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the function.

Examples

Function

Create a Node.js function.

JSON

"AMIIDLookup": { "Type": "AWS::Lambda::Function", "Properties": { "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "LambdaExecutionRole", "Arn" ] }, "Code": { "S3Bucket": "lambda-functions", "S3Key": "amilookup.zip" }, "Runtime": "nodejs12.x", "Timeout": 25, "TracingConfig": { "Mode": "Active" } } }

Inline Function

Inline Node.js function that uses the cfn-response library.

YAML

AWSTemplateFormatVersion: '2010-09-09' Description: Lambda function with cfn-response. Resources: primer: Type: AWS::Lambda::Function Properties: Runtime: nodejs12.x Role: arn:aws:iam::123456789012:role/lambda-role Handler: index.handler Code: ZipFile: | var aws = require('aws-sdk') var response = require('cfn-response') exports.handler = function(event, context) { console.log("REQUEST RECEIVED:\n" + JSON.stringify(event)) // For Delete requests, immediately send a SUCCESS response. if (event.RequestType == "Delete") { response.send(event, context, "SUCCESS") return } var responseStatus = "FAILED" var responseData = {} var functionName = event.ResourceProperties.FunctionName var lambda = new aws.Lambda() lambda.invoke({ FunctionName: functionName }, function(err, invokeResult) { if (err) { responseData = {Error: "Invoke call failed"} console.log(responseData.Error + ":\n", err) } else responseStatus = "SUCCESS" response.send(event, context, responseStatus, responseData) }) } Description: Invoke a function during stack creation. TracingConfig: Mode: Active

VPC Function

Function connected to a VPC.

YAML

AWSTemplateFormatVersion: '2010-09-09' Description: VPC function. Resources: Function: Type: AWS::Lambda::Function Properties: Handler: index.handler Role: arn:aws:iam::123456789012:role/lambda-role Code: S3Bucket: my-bucket S3Key: function.zip Runtime: nodejs12.x Timeout: 5 TracingConfig: Mode: Active VpcConfig: SecurityGroupIds: - sg-085912345678492fb SubnetIds: - subnet-071f712345678e7c8 - subnet-07fd123456788a036