FunctionAttributes

class aws_cdk.aws_lambda.FunctionAttributes(*, function_arn, architecture=None, role=None, same_environment=None, security_group=None, security_group_id=None, skip_permissions=None)

Bases: object

Represents a Lambda function defined outside of this stack.

Parameters:
  • function_arn (str) – The ARN of the Lambda function. Format: arn::lambda:::function:

  • architecture (Optional[Architecture]) – The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64). Default: - Architecture.X86_64

  • role (Optional[IRole]) – The IAM execution role associated with this function. If the role is not specified, any role-related operations will no-op.

  • same_environment (Optional[bool]) – Setting this property informs the CDK that the imported function is in the same environment as the stack. This affects certain behaviours such as, whether this function’s permission can be modified. When not configured, the CDK attempts to auto-determine this. For environment agnostic stacks, i.e., stacks where the account is not specified with the env property, this is determined to be false. Set this to property ONLY IF the imported function is in the same account as the stack it’s imported in. Default: - depends: true, if the Stack is configured with an explicit env (account and region) and the account is the same as this function. For environment-agnostic stacks this will default to false.

  • security_group (Optional[ISecurityGroup]) – The security group of this Lambda, if in a VPC. This needs to be given in order to support allowing connections to this Lambda.

  • security_group_id (Optional[str]) – (deprecated) Id of the security group of this Lambda, if in a VPC. This needs to be given in order to support allowing connections to this Lambda.

  • skip_permissions (Optional[bool]) – Setting this property informs the CDK that the imported function ALREADY HAS the necessary permissions for what you are trying to do. When not configured, the CDK attempts to auto-determine whether or not additional permissions are necessary on the function when grant APIs are used. If the CDK tried to add permissions on an imported lambda, it will fail. Set this property ONLY IF you are committing to manage the imported function’s permissions outside of CDK. You are acknowledging that your CDK code alone will have insufficient permissions to access the imported function. Default: false

ExampleMetadata:

infused

Example:

fn = lambda_.Function.from_function_attributes(self, "Function",
    function_arn="arn:aws:lambda:us-east-1:123456789012:function:MyFn",
    # The following are optional properties for specific use cases and should be used with caution:

    # Use Case: imported function is in the same account as the stack. This tells the CDK that it
    # can modify the function's permissions.
    same_environment=True,

    # Use Case: imported function is in a different account and user commits to ensuring that the
    # imported function has the correct permissions outside the CDK.
    skip_permissions=True
)

Attributes

architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

Default:
  • Architecture.X86_64

function_arn

The ARN of the Lambda function.

Format: arn::lambda:::function:

role

The IAM execution role associated with this function.

If the role is not specified, any role-related operations will no-op.

same_environment

Setting this property informs the CDK that the imported function is in the same environment as the stack.

This affects certain behaviours such as, whether this function’s permission can be modified. When not configured, the CDK attempts to auto-determine this. For environment agnostic stacks, i.e., stacks where the account is not specified with the env property, this is determined to be false.

Set this to property ONLY IF the imported function is in the same account as the stack it’s imported in.

Default:

  • depends: true, if the Stack is configured with an explicit env (account and region) and the account is the same as this function.

For environment-agnostic stacks this will default to false.

security_group

The security group of this Lambda, if in a VPC.

This needs to be given in order to support allowing connections to this Lambda.

security_group_id

(deprecated) Id of the security group of this Lambda, if in a VPC.

This needs to be given in order to support allowing connections to this Lambda.

Deprecated:

use securityGroup instead

Stability:

deprecated

skip_permissions

Setting this property informs the CDK that the imported function ALREADY HAS the necessary permissions for what you are trying to do.

When not configured, the CDK attempts to auto-determine whether or not additional permissions are necessary on the function when grant APIs are used. If the CDK tried to add permissions on an imported lambda, it will fail.

Set this property ONLY IF you are committing to manage the imported function’s permissions outside of CDK. You are acknowledging that your CDK code alone will have insufficient permissions to access the imported function.

Default:

false