Function

class aws_cdk.aws_lambda.Function(scope, id, *, code, handler, runtime, allow_all_outbound=None, allow_public_subnet=None, architecture=None, architectures=None, code_signing_config=None, current_version_options=None, dead_letter_queue=None, dead_letter_queue_enabled=None, dead_letter_topic=None, description=None, environment=None, environment_encryption=None, ephemeral_storage_size=None, events=None, filesystem=None, function_name=None, initial_policy=None, insights_version=None, layers=None, log_retention=None, log_retention_retry_options=None, log_retention_role=None, memory_size=None, profiling=None, profiling_group=None, reserved_concurrent_executions=None, role=None, security_group=None, security_groups=None, timeout=None, tracing=None, vpc=None, vpc_subnets=None, max_event_age=None, on_failure=None, on_success=None, retry_attempts=None)

Bases: FunctionBase

Deploys a file from inside the construct library as a function.

The supplied file is subject to the 4096 bytes limit of being embedded in a CloudFormation template.

The construct includes an associated role with the lambda.

This construct does not yet reproduce all features from the underlying resource library.

ExampleMetadata:: infused

Example:

import aws_cdk.aws_signer as signer


signing_profile = signer.SigningProfile(self, "SigningProfile",
    platform=signer.Platform.AWS_LAMBDA_SHA384_ECDSA
)

code_signing_config = lambda_.CodeSigningConfig(self, "CodeSigningConfig",
    signing_profiles=[signing_profile]
)

lambda_.Function(self, "Function",
    code_signing_config=code_signing_config,
    runtime=lambda_.Runtime.NODEJS_16_X,
    handler="index.handler",
    code=lambda_.Code.from_asset(path.join(__dirname, "lambda-handler"))
)

Parameters:

scope (Construct) –
id (str) –
code (Code) – The source code of your Lambda function. You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text.
handler (str) – The name of the method within your code that Lambda calls to execute your function. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-features.html#gettingstarted-features-programmingmodel. Use Handler.FROM_IMAGE when defining a function from a Docker image. NOTE: If you specify your source code as inline text by specifying the ZipFile property within the Code property, specify index.function_name as the handler.
runtime (Runtime) – The runtime environment for the Lambda function that you are uploading. For valid values, see the Runtime property in the AWS Lambda Developer Guide. Use Runtime.FROM_IMAGE when when defining a function from a Docker image.
allow_all_outbound (Optional[bool]) – Whether to allow the Lambda to send all network traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets. Default: true
allow_public_subnet (Optional[bool]) – Lambda Functions in a public subnet can NOT access the internet. Use this property to acknowledge this limitation and still place the function in a public subnet. Default: false
architecture (Optional[Architecture]) – The system architectures compatible with this lambda function. Default: Architecture.X86_64
architectures (Optional[Sequence[Architecture]]) – (deprecated) DEPRECATED. Default: [Architecture.X86_64]
code_signing_config (Optional[ICodeSigningConfig]) – Code signing config associated with this function. Default: - Not Sign the Code
current_version_options (Union[VersionOptions, Dict[str, Any], None]) – Options for the lambda.Version resource automatically created by the fn.currentVersion method. Default: - default options as described in VersionOptions
dead_letter_queue (Optional[IQueue]) – The SQS queue to use if DLQ is enabled. If SNS topic is desired, specify deadLetterTopic property instead. Default: - SQS queue with 14 day retention period if deadLetterQueueEnabled is true
dead_letter_queue_enabled (Optional[bool]) – Enabled DLQ. If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function. Default: - false unless deadLetterQueue is set, which implies DLQ is enabled.
dead_letter_topic (Optional[ITopic]) – The SNS topic to use as a DLQ. Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly. Default: - no SNS topic
description (Optional[str]) – A description of the function. Default: - No description.
environment (Optional[Mapping[str, str]]) – Key-value pairs that Lambda caches and makes available for your Lambda functions. Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code. Default: - No environment variables.
environment_encryption (Optional[IKey]) – The AWS KMS key that’s used to encrypt your function’s environment variables. Default: - AWS Lambda creates and uses an AWS managed customer master key (CMK).
ephemeral_storage_size (Optional[Size]) – The size of the function’s /tmp directory in MiB. Default: 512 MiB
events (Optional[Sequence[IEventSource]]) – Event sources for this function. You can also add event sources using addEventSource. Default: - No event sources.
filesystem (Optional[FileSystem]) – The filesystem configuration for the lambda function. Default: - will not mount any filesystem
function_name (Optional[str]) – A name for the function. Default: - AWS CloudFormation generates a unique physical ID and uses that ID for the function’s name. For more information, see Name Type.
initial_policy (Optional[Sequence[PolicyStatement]]) – Initial policy statements to add to the created Lambda Role. You can call addToRolePolicy to the created lambda to add statements post creation. Default: - No policy statements are added to the created Lambda role.
insights_version (Optional[LambdaInsightsVersion]) – Specify the version of CloudWatch Lambda insights to use for monitoring. Default: - No Lambda Insights
layers (Optional[Sequence[ILayerVersion]]) – A list of layers to add to the function’s execution environment. You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions. Default: - No layers.
log_retention (Optional[RetentionDays]) – The number of days log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn’t remove the log retention policy. To remove the retention policy, set the value to INFINITE. Default: logs.RetentionDays.INFINITE
log_retention_retry_options (Union[LogRetentionRetryOptions, Dict[str, Any], None]) – When log retention is specified, a custom resource attempts to create the CloudWatch log group. These options control the retry policy when interacting with CloudWatch APIs. Default: - Default AWS SDK retry options.
log_retention_role (Optional[IRole]) – The IAM role for the Lambda function associated with the custom resource that sets the retention policy. Default: - A new role is created.
memory_size (Union[int, float, None]) – The amount of memory, in MB, that is allocated to your Lambda function. Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide. Default: 128
profiling (Optional[bool]) – Enable profiling. Default: - No profiling.
profiling_group (Optional[IProfilingGroup]) – Profiling Group. Default: - A new profiling group will be created if profiling is set.
reserved_concurrent_executions (Union[int, float, None]) – The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
role (Optional[IRole]) – Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the ‘lambda.amazonaws.com’ service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are “service-role/AWSLambdaBasicExecutionRole” and “service-role/AWSLambdaVPCAccessExecutionRole”. Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.
security_group (Optional[ISecurityGroup]) – (deprecated) What security group to associate with the Lambda’s network interfaces. This property is being deprecated, consider using securityGroups instead. Only used if ‘vpc’ is supplied. Use securityGroups property instead. Function constructor will throw an error if both are specified. Default: - If the function is placed within a VPC and a security group is not specified, either by this or securityGroups prop, a dedicated security group will be created for this function.
security_groups (Optional[Sequence[ISecurityGroup]]) – The list of security groups to associate with the Lambda’s network interfaces. Only used if ‘vpc’ is supplied. Default: - If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.
timeout (Optional[Duration]) – The function execution time (in seconds) after which Lambda terminates the function. Because the execution time affects cost, set this value based on the function’s expected execution time. Default: Duration.seconds(3)
tracing (Optional[Tracing]) – Enable AWS X-Ray Tracing for Lambda Function. Default: Tracing.Disabled
vpc (Optional[IVpc]) – VPC network to place Lambda network interfaces. Specify this if the Lambda function needs to access resources in a VPC. Default: - Function is not placed within a VPC.
vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – Where to place the network interfaces within the VPC. Only used if ‘vpc’ is supplied. Note: internet access for Lambdas requires a NAT gateway, so picking Public subnets is not allowed. Default: - the Vpc default strategy if not specified
max_event_age (Optional[Duration]) – The maximum age of a request that Lambda sends to a function for processing. Minimum: 60 seconds Maximum: 6 hours Default: Duration.hours(6)
on_failure (Optional[IDestination]) – The destination for failed invocations. Default: - no destination
on_success (Optional[IDestination]) – The destination for successful invocations. Default: - no destination
retry_attempts (Union[int, float, None]) – The maximum number of times to retry when the function returns an error. Minimum: 0 Maximum: 2 Default: 2

Methods

add_alias(alias_name, *, additional_versions=None, description=None, provisioned_concurrent_executions=None, max_event_age=None, on_failure=None, on_success=None, retry_attempts=None)

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment:

# fn: lambda.Function


fn.add_alias("Live")

# Is equivalent to

lambda_.Alias(self, "AliasLive",
    alias_name="Live",
    version=fn.current_version
)

Parameters:

alias_name (str) – The name of the alias.
additional_versions (Optional[Sequence[Union[VersionWeight, Dict[str, Any]]]]) – Additional versions with individual weights this alias points to. Individual additional version weights specified here should add up to (less than) one. All remaining weight is routed to the default version. For example, the config is Example:: version: “1” additionalVersions: [{ version: “2”, weight: 0.05 }] Then 5% of traffic will be routed to function version 2, while the remaining 95% of traffic will be routed to function version 1. Default: No additional versions
description (Optional[str]) – Description for the alias. Default: No description
provisioned_concurrent_executions (Union[int, float, None]) – Specifies a provisioned concurrency configuration for a function’s alias. Default: No provisioned concurrency
max_event_age (Optional[Duration]) – The maximum age of a request that Lambda sends to a function for processing. Minimum: 60 seconds Maximum: 6 hours Default: Duration.hours(6)
on_failure (Optional[IDestination]) – The destination for failed invocations. Default: - no destination
on_success (Optional[IDestination]) – The destination for successful invocations. Default: - no destination
retry_attempts (Union[int, float, None]) – The maximum number of times to retry when the function returns an error. Minimum: 0 Maximum: 2 Default: 2

Return type:

Alias

add_environment(key, value, *, remove_in_edge=None)

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

Parameters:

key (str) – The environment variable key.
value (str) – The environment variable’s value.
remove_in_edge (Optional[bool]) – When used in Lambda@Edge via edgeArn() API, these environment variables will be removed. If not set, an error will be thrown. Default: false - using the function in Lambda

Return type:

Function

add_event_source(source)

Adds an event source to this function.

Event sources are implemented in the @aws-cdk/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from '@aws-cdk/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));

Parameters:

source (IEventSource) –

Return type:

None

add_event_source_mapping(id, *, batch_size=None, bisect_batch_on_error=None, enabled=None, event_source_arn=None, kafka_bootstrap_servers=None, kafka_topic=None, max_batching_window=None, max_record_age=None, on_failure=None, parallelization_factor=None, report_batch_item_failures=None, retry_attempts=None, source_access_configurations=None, starting_position=None, tumbling_window=None)

Adds an event source that maps to this AWS Lambda function.

Parameters:

id (str) –
batch_size (Union[int, float, None]) – The largest number of records that AWS Lambda will retrieve from your event source at the time of invoking your function. Your function receives an event with all the retrieved records. Valid Range: Minimum value of 1. Maximum value of 10000. Default: - Amazon Kinesis, Amazon DynamoDB, and Amazon MSK is 100 records. The default for Amazon SQS is 10 messages. For standard SQS queues, the maximum is 10,000. For FIFO SQS queues, the maximum is 10.
bisect_batch_on_error (Optional[bool]) – If the function returns an error, split the batch in two and retry. Default: false
enabled (Optional[bool]) – Set to false to disable the event source upon creation. Default: true
event_source_arn (Optional[str]) – The Amazon Resource Name (ARN) of the event source. Any record added to this stream can invoke the Lambda function. Default: - not set if using a self managed Kafka cluster, throws an error otherwise
kafka_bootstrap_servers (Optional[Sequence[str]]) – A list of host and port pairs that are the addresses of the Kafka brokers in a self managed “bootstrap” Kafka cluster that a Kafka client connects to initially to bootstrap itself. They are in the format abc.example.com:9096. Default: - none
kafka_topic (Optional[str]) – The name of the Kafka topic. Default: - no topic
max_batching_window (Optional[Duration]) – The maximum amount of time to gather records before invoking the function. Maximum of Duration.minutes(5) Default: Duration.seconds(0)
max_record_age (Optional[Duration]) – The maximum age of a record that Lambda sends to a function for processing. Valid Range: - Minimum value of 60 seconds - Maximum value of 7 days Default: - infinite or until the record expires.
on_failure (Optional[IEventSourceDlq]) – An Amazon SQS queue or Amazon SNS topic destination for discarded records. Default: discarded records are ignored
parallelization_factor (Union[int, float, None]) – The number of batches to process from each shard concurrently. Valid Range: - Minimum value of 1 - Maximum value of 10 Default: 1
report_batch_item_failures (Optional[bool]) – Allow functions to return partially successful responses for a batch of records. Default: false
retry_attempts (Union[int, float, None]) – The maximum number of times to retry when the function returns an error. Set to undefined if you want lambda to keep retrying infinitely or until the record expires. Valid Range: - Minimum value of 0 - Maximum value of 10000 Default: - infinite or until the record expires.
source_access_configurations (Optional[Sequence[Union[SourceAccessConfiguration, Dict[str, Any]]]]) – Specific settings like the authentication protocol or the VPC components to secure access to your event source. Default: - none
starting_position (Optional[StartingPosition]) – The position in the DynamoDB, Kinesis or MSK stream where AWS Lambda should start reading. Default: - Required for Amazon Kinesis, Amazon DynamoDB, and Amazon MSK Streams sources.
tumbling_window (Optional[Duration]) – The size of the tumbling windows to group records sent to DynamoDB or Kinesis. Default: - None

Return type:

EventSourceMapping

add_function_url(*, auth_type=None, cors=None)

Adds a url to this lambda function.

Parameters:

auth_type (Optional[FunctionUrlAuthType]) – The type of authentication that your function URL uses. Default: FunctionUrlAuthType.AWS_IAM
cors (Union[FunctionUrlCorsOptions, Dict[str, Any], None]) – The cross-origin resource sharing (CORS) settings for your function URL. Default: - No CORS configuration.

Return type:

FunctionUrl

add_layers(*layers)

Adds one or more Lambda Layers to this Lambda function.

Parameters:: layers (ILayerVersion) – the layers to be added.
Throws:: if there are already 5 layers on this function, or the layer is incompatible with this function’s runtime.
Return type:: None

add_permission(id, *, principal, action=None, event_source_token=None, function_url_auth_type=None, scope=None, source_account=None, source_arn=None)

Adds a permission to the Lambda resource policy.

Parameters:

id (str) – The id for the permission construct.
principal (IPrincipal) – The entity for which you are granting permission to invoke the Lambda function. This entity can be any valid AWS service principal, such as s3.amazonaws.com or sns.amazonaws.com, or, if you are granting cross-account permission, an AWS account ID. For example, you might want to allow a custom application in another AWS account to push events to Lambda by invoking your function. The principal can be either an AccountPrincipal or a ServicePrincipal.
action (Optional[str]) – The Lambda actions that you want to allow in this statement. For example, you can specify lambda:CreateFunction to specify a certain action, or use a wildcard (lambda:*) to grant permission to all Lambda actions. For a list of actions, see Actions and Condition Context Keys for AWS Lambda in the IAM User Guide. Default: ‘lambda:InvokeFunction’
event_source_token (Optional[str]) – A unique token that must be supplied by the principal invoking the function. Default: The caller would not need to present a token.
function_url_auth_type (Optional[FunctionUrlAuthType]) – The authType for the function URL that you are granting permissions for. Default: - No functionUrlAuthType
scope (Optional[Construct]) – The scope to which the permission constructs be attached. The default is the Lambda function construct itself, but this would need to be different in cases such as cross-stack references where the Permissions would need to sit closer to the consumer of this permission (i.e., the caller). Default: - The instance of lambda.IFunction
source_account (Optional[str]) – The AWS account ID (without hyphens) of the source owner. For example, if you specify an S3 bucket in the SourceArn property, this value is the bucket owner’s account ID. You can use this property to ensure that all source principals are owned by a specific account.
source_arn (Optional[str]) – The ARN of a resource that is invoking your function. When granting Amazon Simple Storage Service (Amazon S3) permission to invoke your function, specify this property with the bucket ARN as its value. This ensures that events generated only from the specified bucket, not just any bucket from any AWS account that creates a mapping to your function, can invoke the function.

See:

Permission for details.

Return type:

None

add_to_role_policy(statement)

Adds a statement to the IAM role assumed by the instance.

Parameters:

statement (PolicyStatement) –

Return type:

None

add_version(name, code_sha256=None, description=None, provisioned_executions=None, *, max_event_age=None, on_failure=None, on_success=None, retry_attempts=None)

(deprecated) Add a new version for this Lambda.

If you want to deploy through CloudFormation and use aliases, you need to add a new version (with a new name) to your Lambda every time you want to deploy an update. An alias can then refer to the newly created Version.

All versions should have distinct names, and you should not delete versions as long as your Alias needs to refer to them.

Parameters:

name (str) – A unique name for this version.
code_sha256 (Optional[str]) – The SHA-256 hash of the most recently deployed Lambda source code, or omit to skip validation.
description (Optional[str]) – A description for this version.
provisioned_executions (Union[int, float, None]) – A provisioned concurrency configuration for a function’s version.
max_event_age (Optional[Duration]) – The maximum age of a request that Lambda sends to a function for processing. Minimum: 60 seconds Maximum: 6 hours Default: Duration.hours(6)
on_failure (Optional[IDestination]) – The destination for failed invocations. Default: - no destination
on_success (Optional[IDestination]) – The destination for successful invocations. Default: - no destination
retry_attempts (Union[int, float, None]) – The maximum number of times to retry when the function returns an error. Minimum: 0 Maximum: 2 Default: 2

Return type:

Version

Returns:

A new Version object.

Deprecated:

This method will create an AWS::Lambda::Version resource which snapshots the AWS Lambda function at the time of its creation and it won’t get updated when the function changes. Instead, use this.currentVersion to obtain a reference to a version resource that gets automatically recreated when the function configuration (or code) changes.

Stability:: deprecated

apply_removal_policy(policy)

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:

policy (RemovalPolicy) –

Return type:

None

configure_async_invoke(*, max_event_age=None, on_failure=None, on_success=None, retry_attempts=None)

Configures options for asynchronous invocation.

Parameters:

max_event_age (Optional[Duration]) – The maximum age of a request that Lambda sends to a function for processing. Minimum: 60 seconds Maximum: 6 hours Default: Duration.hours(6)
on_failure (Optional[IDestination]) – The destination for failed invocations. Default: - no destination
on_success (Optional[IDestination]) – The destination for successful invocations. Default: - no destination
retry_attempts (Union[int, float, None]) – The maximum number of times to retry when the function returns an error. Minimum: 0 Maximum: 2 Default: 2

Return type:

None

consider_warning_on_invoke_function_permissions(scope, action)

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

Parameters:

scope (Construct) –
action (str) –

Return type:

None

grant_invoke(grantee)

Grant the given identity permissions to invoke this Lambda.

Parameters:

grantee (IGrantable) –

Return type:

Grant

grant_invoke_url(grantee)

Grant the given identity permissions to invoke this Lambda Function URL.

Parameters:

grantee (IGrantable) –

Return type:

Grant

metric(metric_name, *, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

Return the given named metric for this Function.

Parameters:

metric_name (str) –
account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) – Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Return type:

Metric

metric_duration(*, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

How long execution of this Lambda takes.

Average over 5 minutes

Parameters:

account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) –
Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Return type:

Metric

metric_errors(*, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

How many invocations of this Lambda fail.

Sum over 5 minutes

Parameters:

account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) –
Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Return type:

Metric

metric_invocations(*, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

How often this Lambda is invoked.

Sum over 5 minutes

Parameters:

account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) –
Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Return type:

Metric

metric_throttles(*, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

How often this Lambda is throttled.

Sum over 5 minutes

Parameters:

account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) –
Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Return type:

Metric

to_string()

Returns a string representation of this construct.

Return type:: str

Attributes

architecture: The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function

current_version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function’s configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

dead_letter_queue: The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

dead_letter_topic: The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

env

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

function_arn: ARN of this function.

function_name: Name of this function.

grant_principal: The principal this Lambda Function is running as.

is_bound_to_vpc

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.

latest_version

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

log_group

The LogGroup where the Lambda function’s logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn’t exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

node: The construct tree node associated with this construct.

permissions_node: The construct node where permissions are attached.

resource_arns_for_grant_invoke: The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().

role: Execution role associated with this function.

runtime: The runtime configured for this lambda.

stack: The stack in which this resource is defined.

timeout: The timeout configured for this lambda.

Static Methods

classmethod classify_version_property(property_name, locked)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See ‘currentVersion’ section in the module README for more details.

Parameters:

property_name (str) – The property to classify.
locked (bool) – whether the property should be associated to the version or not.

Return type:

None

classmethod from_function_arn(scope, id, function_arn)

Import a lambda function into the CDK using its ARN.

Parameters:

scope (Construct) –
id (str) –
function_arn (str) –

Return type:

IFunction

classmethod from_function_attributes(scope, id, *, function_arn, architecture=None, role=None, same_environment=None, security_group=None, security_group_id=None, skip_permissions=None)

Creates a Lambda function object which represents a function not defined within this stack.

Parameters:

scope (Construct) – The parent construct.
id (str) – The name of the lambda construct.
function_arn (str) – The ARN of the Lambda function. Format: arn::lambda:::function:
architecture (Optional[Architecture]) – The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64). Default: - Architecture.X86_64
role (Optional[IRole]) – The IAM execution role associated with this function. If the role is not specified, any role-related operations will no-op.
same_environment (Optional[bool]) – Setting this property informs the CDK that the imported function is in the same environment as the stack. This affects certain behaviours such as, whether this function’s permission can be modified. When not configured, the CDK attempts to auto-determine this. For environment agnostic stacks, i.e., stacks where the account is not specified with the env property, this is determined to be false. Set this to property ONLY IF the imported function is in the same account as the stack it’s imported in. Default: - depends: true, if the Stack is configured with an explicit env (account and region) and the account is the same as this function. For environment-agnostic stacks this will default to false.
security_group (Optional[ISecurityGroup]) – The security group of this Lambda, if in a VPC. This needs to be given in order to support allowing connections to this Lambda.
security_group_id (Optional[str]) – (deprecated) Id of the security group of this Lambda, if in a VPC. This needs to be given in order to support allowing connections to this Lambda.
skip_permissions (Optional[bool]) – Setting this property informs the CDK that the imported function ALREADY HAS the necessary permissions for what you are trying to do. When not configured, the CDK attempts to auto-determine whether or not additional permissions are necessary on the function when grant APIs are used. If the CDK tried to add permissions on an imported lambda, it will fail. Set this property ONLY IF you are committing to manage the imported function’s permissions outside of CDK. You are acknowledging that your CDK code alone will have insufficient permissions to access the imported function. Default: false

Return type:

IFunction

classmethod from_function_name(scope, id, function_name)

Import a lambda function into the CDK using its name.

Parameters:

scope (Construct) –
id (str) –
function_name (str) –

Return type:

IFunction

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters:

x (Any) –

Return type:

bool

classmethod is_resource(construct)

Check whether the given construct is a Resource.

Parameters:

construct (IConstruct) –

Return type:

bool

classmethod metric_all(metric_name, *, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

Return the given named metric for this Lambda.

Parameters:

metric_name (str) –
account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) –
Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Return type:

Metric

classmethod metric_all_concurrent_executions(*, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

Metric for the number of concurrent executions across all Lambdas.

Parameters:

account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) –
Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Default:

max over 5 minutes

Return type:

Metric

classmethod metric_all_duration(*, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

Metric for the Duration executing all Lambdas.

Parameters:

account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) –
Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Default:

average over 5 minutes

Return type:

Metric

classmethod metric_all_errors(*, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

Metric for the number of Errors executing all Lambdas.

Parameters:

account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) –
Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Default:

sum over 5 minutes

Return type:

Metric

classmethod metric_all_invocations(*, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

Metric for the number of invocations of all Lambdas.

Parameters:

account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) –
Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Default:

sum over 5 minutes

Return type:

Metric

classmethod metric_all_throttles(*, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

Metric for the number of throttled invocations of all Lambdas.

Parameters:

account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) –
Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Default:

sum over 5 minutes

Return type:

Metric

classmethod metric_all_unreserved_concurrent_executions(*, account=None, color=None, dimensions=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)

Metric for the number of unreserved concurrent executions across all Lambdas.

Parameters:

account (Optional[str]) – Account which this metric comes from. Default: - Deployment account.
color (Optional[str]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. The Color class has a set of standard colors that can be used here. Default: - Automatic color
dimensions (Optional[Mapping[str, Any]]) – (deprecated) Dimensions of the metric. Default: - No dimensions.
dimensions_map (Optional[Mapping[str, str]]) – Dimensions of the metric. Default: - No dimensions.
label (Optional[str]) –
Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (Optional[Duration]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)
region (Optional[str]) – Region which this metric comes from. Default: - Deployment region.
statistic (Optional[str]) – What function to use for aggregating. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” Default: Average
unit (Optional[Unit]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream

Default:

max over 5 minutes

Return type:

Metric