PythonFunctionProps

class aws_cdk.aws_lambda_python.PythonFunctionProps(*, max_event_age=None, on_failure=None, on_success=None, retry_attempts=None, allow_all_outbound=None, allow_public_subnet=None, architecture=None, architectures=None, code_signing_config=None, current_version_options=None, dead_letter_queue=None, dead_letter_queue_enabled=None, description=None, environment=None, environment_encryption=None, events=None, filesystem=None, function_name=None, initial_policy=None, insights_version=None, layers=None, log_retention=None, log_retention_retry_options=None, log_retention_role=None, memory_size=None, profiling=None, profiling_group=None, reserved_concurrent_executions=None, role=None, security_group=None, security_groups=None, timeout=None, tracing=None, vpc=None, vpc_subnets=None, entry, asset_hash=None, asset_hash_type=None, handler=None, index=None, runtime=None)

Bases: aws_cdk.aws_lambda.FunctionOptions

(experimental) Properties for a PythonFunction.

Parameters
  • max_event_age (Optional[Duration]) – The maximum age of a request that Lambda sends to a function for processing. Minimum: 60 seconds Maximum: 6 hours Default: Duration.hours(6)

  • on_failure (Optional[IDestination]) – The destination for failed invocations. Default: - no destination

  • on_success (Optional[IDestination]) – The destination for successful invocations. Default: - no destination

  • retry_attempts (Union[int, float, None]) – The maximum number of times to retry when the function returns an error. Minimum: 0 Maximum: 2 Default: 2

  • allow_all_outbound (Optional[bool]) – Whether to allow the Lambda to send all network traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets. Default: true

  • allow_public_subnet (Optional[bool]) – Lambda Functions in a public subnet can NOT access the internet. Use this property to acknowledge this limitation and still place the function in a public subnet. Default: false

  • architecture (Optional[Architecture]) – The system architectures compatible with this lambda function. Default: Architecture.X86_64

  • architectures (Optional[Sequence[Architecture]]) – (deprecated) DEPRECATED. Default: [Architecture.X86_64]

  • code_signing_config (Optional[ICodeSigningConfig]) – Code signing config associated with this function. Default: - Not Sign the Code

  • current_version_options (Optional[VersionOptions]) – Options for the lambda.Version resource automatically created by the fn.currentVersion method. Default: - default options as described in VersionOptions

  • dead_letter_queue (Optional[IQueue]) – The SQS queue to use if DLQ is enabled. Default: - SQS queue with 14 day retention period if deadLetterQueueEnabled is true

  • dead_letter_queue_enabled (Optional[bool]) – Enabled DLQ. If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function. Default: - false unless deadLetterQueue is set, which implies DLQ is enabled.

  • description (Optional[str]) – A description of the function. Default: - No description.

  • environment (Optional[Mapping[str, str]]) – Key-value pairs that Lambda caches and makes available for your Lambda functions. Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code. Default: - No environment variables.

  • environment_encryption (Optional[IKey]) – The AWS KMS key that’s used to encrypt your function’s environment variables. Default: - AWS Lambda creates and uses an AWS managed customer master key (CMK).

  • events (Optional[Sequence[IEventSource]]) – Event sources for this function. You can also add event sources using addEventSource. Default: - No event sources.

  • filesystem (Optional[FileSystem]) – The filesystem configuration for the lambda function. Default: - will not mount any filesystem

  • function_name (Optional[str]) – A name for the function. Default: - AWS CloudFormation generates a unique physical ID and uses that ID for the function’s name. For more information, see Name Type.

  • initial_policy (Optional[Sequence[PolicyStatement]]) – Initial policy statements to add to the created Lambda Role. You can call addToRolePolicy to the created lambda to add statements post creation. Default: - No policy statements are added to the created Lambda role.

  • insights_version (Optional[LambdaInsightsVersion]) – Specify the version of CloudWatch Lambda insights to use for monitoring. Default: - No Lambda Insights

  • layers (Optional[Sequence[ILayerVersion]]) – A list of layers to add to the function’s execution environment. You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions. Default: - No layers.

  • log_retention (Optional[RetentionDays]) – The number of days log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn’t remove the log retention policy. To remove the retention policy, set the value to INFINITE. Default: logs.RetentionDays.INFINITE

  • log_retention_retry_options (Optional[LogRetentionRetryOptions]) – When log retention is specified, a custom resource attempts to create the CloudWatch log group. These options control the retry policy when interacting with CloudWatch APIs. Default: - Default AWS SDK retry options.

  • log_retention_role (Optional[IRole]) – The IAM role for the Lambda function associated with the custom resource that sets the retention policy. Default: - A new role is created.

  • memory_size (Union[int, float, None]) – The amount of memory, in MB, that is allocated to your Lambda function. Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide. Default: 128

  • profiling (Optional[bool]) – Enable profiling. Default: - No profiling.

  • profiling_group (Optional[IProfilingGroup]) – Profiling Group. Default: - A new profiling group will be created if profiling is set.

  • reserved_concurrent_executions (Union[int, float, None]) – The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.

  • role (Optional[IRole]) – Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the ‘lambda.amazonaws.com’ service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are “service-role/AWSLambdaBasicExecutionRole” and “service-role/AWSLambdaVPCAccessExecutionRole”. Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

  • security_group (Optional[ISecurityGroup]) – (deprecated) What security group to associate with the Lambda’s network interfaces. This property is being deprecated, consider using securityGroups instead. Only used if ‘vpc’ is supplied. Use securityGroups property instead. Function constructor will throw an error if both are specified. Default: - If the function is placed within a VPC and a security group is not specified, either by this or securityGroups prop, a dedicated security group will be created for this function.

  • security_groups (Optional[Sequence[ISecurityGroup]]) – The list of security groups to associate with the Lambda’s network interfaces. Only used if ‘vpc’ is supplied. Default: - If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

  • timeout (Optional[Duration]) – The function execution time (in seconds) after which Lambda terminates the function. Because the execution time affects cost, set this value based on the function’s expected execution time. Default: Duration.seconds(3)

  • tracing (Optional[Tracing]) – Enable AWS X-Ray Tracing for Lambda Function. Default: Tracing.Disabled

  • vpc (Optional[IVpc]) – VPC network to place Lambda network interfaces. Specify this if the Lambda function needs to access resources in a VPC. Default: - Function is not placed within a VPC.

  • vpc_subnets (Optional[SubnetSelection]) – Where to place the network interfaces within the VPC. Only used if ‘vpc’ is supplied. Note: internet access for Lambdas requires a NAT gateway, so picking Public subnets is not allowed. Default: - the Vpc default strategy if not specified

  • entry (str) – (experimental) The path to the root directory of the function.

  • asset_hash (Optional[str]) – (experimental) Specify a custom hash for this asset. If assetHashType is set it must be set to AssetHashType.CUSTOM. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on assetHashType

  • asset_hash_type (Optional[AssetHashType]) – (experimental) Determines how asset hash is calculated. Assets will get rebuild and uploaded only if their hash has changed. If asset hash is set to SOURCE (default), then only changes to the source directory will cause the asset to rebuild. This means, for example, that in order to pick up a new dependency version, a change must be made to the source tree. Ideally, this can be implemented by including a dependency lockfile in your source tree or using fixed dependencies. If the asset hash is set to OUTPUT, the hash is calculated after bundling. This means that any change in the output will cause the asset to be invalidated and uploaded. Bear in mind that pip adds timestamps to dependencies it installs, which implies that in this mode Python bundles will always get rebuild and uploaded. Normally this is an anti-pattern since build Default: AssetHashType.SOURCE By default, hash is calculated based on the contents of the source directory. This means that only updates to the source will cause the asset to rebuild.

  • handler (Optional[str]) – (experimental) The name of the exported handler in the index file. Default: handler

  • index (Optional[str]) – (experimental) The path (relative to entry) to the index file containing the exported handler. Default: index.py

  • runtime (Optional[Runtime]) – (experimental) The runtime environment. Only runtimes of the Python family are supported. Default: lambda.Runtime.PYTHON_3_7

Stability

experimental

Example:

lambda_.PythonFunction(self, "MyFunction",
    entry="/path/to/my/function",  # required
    index="my_index.py",  # optional, defaults to 'index.py'
    handler="my_exported_func",  # optional, defaults to 'handler'
    runtime=Runtime.PYTHON_3_6
)

Attributes

allow_all_outbound

Whether to allow the Lambda to send all network traffic.

If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets.

Default

true

Return type

Optional[bool]

allow_public_subnet

Lambda Functions in a public subnet can NOT access the internet.

Use this property to acknowledge this limitation and still place the function in a public subnet.

Default

false

See

https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the/52994841#52994841

Return type

Optional[bool]

architecture

The system architectures compatible with this lambda function.

Default

Architecture.X86_64

Return type

Optional[Architecture]

architectures

(deprecated) DEPRECATED.

Default

[Architecture.X86_64]

Deprecated

use architecture

Stability

deprecated

Return type

Optional[List[Architecture]]

asset_hash

(experimental) Specify a custom hash for this asset.

If assetHashType is set it must be set to AssetHashType.CUSTOM. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash.

NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated.

Default
  • based on assetHashType

Stability

experimental

Return type

Optional[str]

asset_hash_type

(experimental) Determines how asset hash is calculated. Assets will get rebuild and uploaded only if their hash has changed.

If asset hash is set to SOURCE (default), then only changes to the source directory will cause the asset to rebuild. This means, for example, that in order to pick up a new dependency version, a change must be made to the source tree. Ideally, this can be implemented by including a dependency lockfile in your source tree or using fixed dependencies.

If the asset hash is set to OUTPUT, the hash is calculated after bundling. This means that any change in the output will cause the asset to be invalidated and uploaded. Bear in mind that pip adds timestamps to dependencies it installs, which implies that in this mode Python bundles will always get rebuild and uploaded. Normally this is an anti-pattern since build

Default

AssetHashType.SOURCE By default, hash is calculated based on the contents of the source directory. This means that only updates to the source will cause the asset to rebuild.

Stability

experimental

Return type

Optional[AssetHashType]

code_signing_config

Code signing config associated with this function.

Default
  • Not Sign the Code

Return type

Optional[ICodeSigningConfig]

current_version_options

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

Default
  • default options as described in VersionOptions

Return type

Optional[VersionOptions]

dead_letter_queue

The SQS queue to use if DLQ is enabled.

Default
  • SQS queue with 14 day retention period if deadLetterQueueEnabled is true

Return type

Optional[IQueue]

dead_letter_queue_enabled

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

Default
  • false unless deadLetterQueue is set, which implies DLQ is enabled.

Return type

Optional[bool]

description

A description of the function.

Default
  • No description.

Return type

Optional[str]

entry

(experimental) The path to the root directory of the function.

Stability

experimental

Return type

str

environment

Key-value pairs that Lambda caches and makes available for your Lambda functions.

Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code.

Default
  • No environment variables.

Return type

Optional[Mapping[str, str]]

environment_encryption

The AWS KMS key that’s used to encrypt your function’s environment variables.

Default
  • AWS Lambda creates and uses an AWS managed customer master key (CMK).

Return type

Optional[IKey]

events

Event sources for this function.

You can also add event sources using addEventSource.

Default
  • No event sources.

Return type

Optional[List[IEventSource]]

filesystem

The filesystem configuration for the lambda function.

Default
  • will not mount any filesystem

Return type

Optional[FileSystem]

function_name

A name for the function.

Default

  • AWS CloudFormation generates a unique physical ID and uses that

ID for the function’s name. For more information, see Name Type.

Return type

Optional[str]

handler

(experimental) The name of the exported handler in the index file.

Default

handler

Stability

experimental

Return type

Optional[str]

index

(experimental) The path (relative to entry) to the index file containing the exported handler.

Default

index.py

Stability

experimental

Return type

Optional[str]

initial_policy

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

Default
  • No policy statements are added to the created Lambda role.

Return type

Optional[List[PolicyStatement]]

insights_version

Specify the version of CloudWatch Lambda insights to use for monitoring.

Default
  • No Lambda Insights

See

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-Getting-Started-docker.html

Return type

Optional[LambdaInsightsVersion]

layers

A list of layers to add to the function’s execution environment.

You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions.

Default
  • No layers.

Return type

Optional[List[ILayerVersion]]

log_retention

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn’t remove the log retention policy. To remove the retention policy, set the value to INFINITE.

Default

logs.RetentionDays.INFINITE

Return type

Optional[RetentionDays]

log_retention_retry_options

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

Default
  • Default AWS SDK retry options.

Return type

Optional[LogRetentionRetryOptions]

log_retention_role

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

Default
  • A new role is created.

Return type

Optional[IRole]

max_event_age

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

Default

Duration.hours(6)

Return type

Optional[Duration]

memory_size

The amount of memory, in MB, that is allocated to your Lambda function.

Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide.

Default

128

Return type

Union[int, float, None]

on_failure

The destination for failed invocations.

Default
  • no destination

Return type

Optional[IDestination]

on_success

The destination for successful invocations.

Default
  • no destination

Return type

Optional[IDestination]

profiling

Enable profiling.

Default
  • No profiling.

See

https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html

Return type

Optional[bool]

profiling_group

Profiling Group.

Default
  • A new profiling group will be created if profiling is set.

See

https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html

Return type

Optional[IProfilingGroup]

reserved_concurrent_executions

The maximum of concurrent executions you want to reserve for the function.

Default
  • No specific limit - account limit.

See

https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html

Return type

Union[int, float, None]

retry_attempts

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

Default

2

Return type

Union[int, float, None]

role

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the ‘lambda.amazonaws.com’ service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are “service-role/AWSLambdaBasicExecutionRole” and “service-role/AWSLambdaVPCAccessExecutionRole”.

Default

  • A unique role will be generated for this lambda function.

Both supplied and generated roles can always be changed by calling addToRolePolicy.

Return type

Optional[IRole]

runtime

(experimental) The runtime environment.

Only runtimes of the Python family are supported.

Default

lambda.Runtime.PYTHON_3_7

Stability

experimental

Return type

Optional[Runtime]

security_group

(deprecated) What security group to associate with the Lambda’s network interfaces. This property is being deprecated, consider using securityGroups instead.

Only used if ‘vpc’ is supplied.

Use securityGroups property instead. Function constructor will throw an error if both are specified.

Default

  • If the function is placed within a VPC and a security group is

not specified, either by this or securityGroups prop, a dedicated security group will be created for this function.

Deprecated
  • This property is deprecated, use securityGroups instead

Stability

deprecated

Return type

Optional[ISecurityGroup]

security_groups

The list of security groups to associate with the Lambda’s network interfaces.

Only used if ‘vpc’ is supplied.

Default

  • If the function is placed within a VPC and a security group is

not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

Return type

Optional[List[ISecurityGroup]]

timeout

The function execution time (in seconds) after which Lambda terminates the function.

Because the execution time affects cost, set this value based on the function’s expected execution time.

Default

Duration.seconds(3)

Return type

Optional[Duration]

tracing

Enable AWS X-Ray Tracing for Lambda Function.

Default

Tracing.Disabled

Return type

Optional[Tracing]

vpc

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC.

Default
  • Function is not placed within a VPC.

Return type

Optional[IVpc]

vpc_subnets

Where to place the network interfaces within the VPC.

Only used if ‘vpc’ is supplied. Note: internet access for Lambdas requires a NAT gateway, so picking Public subnets is not allowed.

Default
  • the Vpc default strategy if not specified

Return type

Optional[SubnetSelection]