FunctionAttributes¶
-
class
aws_cdk.aws_lambda.
FunctionAttributes
(*, function_arn, architecture=None, role=None, same_environment=None, security_group=None, security_group_id=None, skip_permissions=None)¶ Bases:
object
Represents a Lambda function defined outside of this stack.
- Parameters
function_arn (
str
) – The ARN of the Lambda function. Format: arn::lambda:::function:architecture (
Optional
[Architecture
]) – The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64). Default: - Architecture.X86_64role (
Optional
[IRole
]) – The IAM execution role associated with this function. If the role is not specified, any role-related operations will no-op.same_environment (
Optional
[bool
]) – Setting this property informs the CDK that the imported function is in the same environment as the stack. This affects certain behaviours such as, whether this function’s permission can be modified. When not configured, the CDK attempts to auto-determine this. For environment agnostic stacks, i.e., stacks where the account is not specified with theenv
property, this is determined to be false. Set this to property ONLY IF the imported function is in the same account as the stack it’s imported in. Default: - depends: true, if the Stack is configured with an explicitenv
(account and region) and the account is the same as this function. For environment-agnostic stacks this will default tofalse
.security_group (
Optional
[ISecurityGroup
]) – The security group of this Lambda, if in a VPC. This needs to be given in order to support allowing connections to this Lambda.security_group_id (
Optional
[str
]) – (deprecated) Id of the security group of this Lambda, if in a VPC. This needs to be given in order to support allowing connections to this Lambda.skip_permissions (
Optional
[bool
]) – Setting this property informs the CDK that the imported function ALREADY HAS the necessary permissions for what you are trying to do. When not configured, the CDK attempts to auto-determine whether or not additional permissions are necessary on the function when grant APIs are used. If the CDK tried to add permissions on an imported lambda, it will fail. Set this property ONLY IF you are committing to manage the imported function’s permissions outside of CDK. You are acknowledging that your CDK code alone will have insufficient permissions to access the imported function. Default: false
- ExampleMetadata
infused
Example:
fn = lambda_.Function.from_function_attributes(self, "Function", function_arn="arn:aws:lambda:us-east-1:123456789012:function:MyFn", # The following are optional properties for specific use cases and should be used with caution: # Use Case: imported function is in the same account as the stack. This tells the CDK that it # can modify the function's permissions. same_environment=True, # Use Case: imported function is in a different account and user commits to ensuring that the # imported function has the correct permissions outside the CDK. skip_permissions=True )
Attributes
-
architecture
¶ The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
- Default
Architecture.X86_64
- Return type
Optional
[Architecture
]
-
function_arn
¶ The ARN of the Lambda function.
Format: arn::lambda:::function:
- Return type
str
-
role
¶ The IAM execution role associated with this function.
If the role is not specified, any role-related operations will no-op.
- Return type
Optional
[IRole
]
-
same_environment
¶ Setting this property informs the CDK that the imported function is in the same environment as the stack.
This affects certain behaviours such as, whether this function’s permission can be modified. When not configured, the CDK attempts to auto-determine this. For environment agnostic stacks, i.e., stacks where the account is not specified with the
env
property, this is determined to be false.Set this to property ONLY IF the imported function is in the same account as the stack it’s imported in.
- Default
depends: true, if the Stack is configured with an explicit
env
(account and region) and the account is the same as this function.
For environment-agnostic stacks this will default to
false
.- Return type
Optional
[bool
]
-
security_group
¶ The security group of this Lambda, if in a VPC.
This needs to be given in order to support allowing connections to this Lambda.
- Return type
Optional
[ISecurityGroup
]
-
security_group_id
¶ (deprecated) Id of the security group of this Lambda, if in a VPC.
This needs to be given in order to support allowing connections to this Lambda.
- Deprecated
use
securityGroup
instead- Stability
deprecated
- Return type
Optional
[str
]
-
skip_permissions
¶ Setting this property informs the CDK that the imported function ALREADY HAS the necessary permissions for what you are trying to do.
When not configured, the CDK attempts to auto-determine whether or not additional permissions are necessary on the function when grant APIs are used. If the CDK tried to add permissions on an imported lambda, it will fail.
Set this property ONLY IF you are committing to manage the imported function’s permissions outside of CDK. You are acknowledging that your CDK code alone will have insufficient permissions to access the imported function.
- Default
false
- Return type
Optional
[bool
]