Class FunctionProps
Inherited Members
Namespace: Amazon.CDK.AWS.Lambda
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class FunctionProps : IFunctionProps, IFunctionOptions, IEventInvokeConfigOptionsSyntax (vb)
Public Class FunctionProps Implements IFunctionProps, IFunctionOptions, IEventInvokeConfigOptionsRemarks
ExampleMetadata: fixture=default infused
Examples
// Create or reference an existing L1 CfnApplicationInferenceProfile
var cfnProfile = new CfnApplicationInferenceProfile(this, "CfnProfile", new CfnApplicationInferenceProfileProps {
InferenceProfileName = "my-cfn-profile",
ModelSource = new InferenceProfileModelSourceProperty {
CopyFrom = BedrockFoundationModel.ANTHROPIC_CLAUDE_3_5_SONNET_V1_0.InvokableArn
},
Description = "Profile created via L1 construct"
});
// Import the L1 construct as an L2 ApplicationInferenceProfile
var importedFromCfn = ApplicationInferenceProfile.FromCfnApplicationInferenceProfile(cfnProfile);
// Grant permissions to use the imported profile
var lambdaFunction = new Function(this, "MyFunction", new FunctionProps {
Runtime = Runtime.PYTHON_3_11,
Handler = "index.handler",
Code = Code.FromInline("def handler(event, context): return \"Hello\"")
});
importedFromCfn.GrantProfileUsage(lambdaFunction);Synopsis
Constructors
| FunctionProps() |
Properties
| AdotInstrumentation | Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation. |
| AllowAllIpv6Outbound | Whether to allow the Lambda to send all ipv6 network traffic. |
| AllowAllOutbound | Whether to allow the Lambda to send all network traffic (except ipv6). |
| AllowPublicSubnet | Lambda Functions in a public subnet can NOT access the internet. |
| ApplicationLogLevel | (deprecated) Sets the application log level for the function. |
| ApplicationLogLevelV2 | Sets the application log level for the function. |
| Architecture | The system architectures compatible with this lambda function. |
| Code | The source code of your Lambda function. |
| CodeSigningConfig | Code signing config associated with this function. |
| CurrentVersionOptions | Options for the |
| DeadLetterQueue | The SQS queue to use if DLQ is enabled. |
| DeadLetterQueueEnabled | Enabled DLQ. |
| DeadLetterTopic | The SNS topic to use as a DLQ. |
| Description | A description of the function. |
| DurableConfig | The durable configuration for the function. |
| Environment | Key-value pairs that Lambda caches and makes available for your Lambda functions. |
| EnvironmentEncryption | The AWS KMS key that's used to encrypt your function's environment variables. |
| EphemeralStorageSize | The size of the function’s /tmp directory in MiB. |
| Events | Event sources for this function. |
| Filesystem | The filesystem configuration for the lambda function. |
| FunctionName | A name for the function. |
| Handler | The name of the method within your code that Lambda calls to execute your function. |
| InitialPolicy | Initial policy statements to add to the created Lambda Role. |
| InsightsVersion | Specify the version of CloudWatch Lambda insights to use for monitoring. |
| Ipv6AllowedForDualStack | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. |
| Layers | A list of layers to add to the function's execution environment. |
| LogFormat | (deprecated) Sets the logFormat for the function. |
| LogGroup | The log group the function sends logs to. |
| LogRemovalPolicy | (deprecated) Determine the removal policy of the log group that is auto-created by this construct. |
| LogRetention | (deprecated) The number of days log events are kept in CloudWatch Logs. |
| LogRetentionRetryOptions | When log retention is specified, a custom resource attempts to create the CloudWatch log group. |
| LogRetentionRole | The IAM role for the Lambda function associated with the custom resource that sets the retention policy. |
| LoggingFormat | Sets the loggingFormat for the function. |
| MaxEventAge | The maximum age of a request that Lambda sends to a function for processing. |
| MemorySize | The amount of memory, in MB, that is allocated to your Lambda function. |
| OnFailure | The destination for failed invocations. |
| OnSuccess | The destination for successful invocations. |
| ParamsAndSecrets | Specify the configuration of Parameters and Secrets Extension. |
| Profiling | Enable profiling. |
| ProfilingGroup | Profiling Group. |
| RecursiveLoop | Sets the Recursive Loop Protection for Lambda Function. |
| ReservedConcurrentExecutions | The maximum of concurrent executions you want to reserve for the function. |
| RetryAttempts | The maximum number of times to retry when the function returns an error. |
| Role | Lambda execution role. |
| Runtime | The runtime environment for the Lambda function that you are uploading. |
| RuntimeManagementMode | Sets the runtime management configuration for a function's version. |
| SecurityGroups | The list of security groups to associate with the Lambda's network interfaces. |
| SnapStart | Enable SnapStart for Lambda Function. |
| SystemLogLevel | (deprecated) Sets the system log level for the function. |
| SystemLogLevelV2 | Sets the system log level for the function. |
| TenancyConfig | The tenancy configuration for the function. |
| Timeout | The function execution time (in seconds) after which Lambda terminates the function. |
| Tracing | Enable AWS X-Ray Tracing for Lambda Function. |
| Vpc | VPC network to place Lambda network interfaces. |
| VpcSubnets | Where to place the network interfaces within the VPC. |
Constructors
FunctionProps()
public FunctionProps()Remarks
ExampleMetadata: fixture=default infused
Examples
// Create or reference an existing L1 CfnApplicationInferenceProfile
var cfnProfile = new CfnApplicationInferenceProfile(this, "CfnProfile", new CfnApplicationInferenceProfileProps {
InferenceProfileName = "my-cfn-profile",
ModelSource = new InferenceProfileModelSourceProperty {
CopyFrom = BedrockFoundationModel.ANTHROPIC_CLAUDE_3_5_SONNET_V1_0.InvokableArn
},
Description = "Profile created via L1 construct"
});
// Import the L1 construct as an L2 ApplicationInferenceProfile
var importedFromCfn = ApplicationInferenceProfile.FromCfnApplicationInferenceProfile(cfnProfile);
// Grant permissions to use the imported profile
var lambdaFunction = new Function(this, "MyFunction", new FunctionProps {
Runtime = Runtime.PYTHON_3_11,
Handler = "index.handler",
Code = Code.FromInline("def handler(event, context): return \"Hello\"")
});
importedFromCfn.GrantProfileUsage(lambdaFunction);Properties
AdotInstrumentation
Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
public IAdotInstrumentationConfig? AdotInstrumentation { get; set; }Property Value
Remarks
Default: - No ADOT instrumentation
AllowAllIpv6Outbound
Whether to allow the Lambda to send all ipv6 network traffic.
public bool? AllowAllIpv6Outbound { get; set; }Property Value
bool?
Remarks
If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.
Do not specify this property if the securityGroups or securityGroup property is set.
Instead, configure allowAllIpv6Outbound directly on the security group.
Default: false
AllowAllOutbound
Whether to allow the Lambda to send all network traffic (except ipv6).
public bool? AllowAllOutbound { get; set; }Property Value
bool?
Remarks
If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets.
Do not specify this property if the securityGroups or securityGroup property is set.
Instead, configure allowAllOutbound directly on the security group.
Default: true
AllowPublicSubnet
Lambda Functions in a public subnet can NOT access the internet.
public bool? AllowPublicSubnet { get; set; }Property Value
bool?
Remarks
Use this property to acknowledge this limitation and still place the function in a public subnet.
Default: false
ApplicationLogLevel
(deprecated) Sets the application log level for the function.
[Obsolete("Use `applicationLogLevelV2` as a property instead.")]
public string? ApplicationLogLevel { get; set; }Property Value
Remarks
Default: "INFO"
Stability: Deprecated
ApplicationLogLevelV2
Sets the application log level for the function.
public ApplicationLogLevel? ApplicationLogLevelV2 { get; set; }Property Value
Remarks
Default: ApplicationLogLevel.INFO
Architecture
The system architectures compatible with this lambda function.
public Architecture? Architecture { get; set; }Property Value
Remarks
Default: Architecture.X86_64
Code
The source code of your Lambda function.
public Code Code { get; set; }Property Value
Remarks
You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text.
CodeSigningConfig
Code signing config associated with this function.
public ICodeSigningConfigRef? CodeSigningConfig { get; set; }Property Value
Remarks
Default: - Not Sign the Code
CurrentVersionOptions
Options for the lambda.Version resource automatically created by the fn.currentVersion method.
public IVersionOptions? CurrentVersionOptions { get; set; }Property Value
Remarks
Default: - default options as described in VersionOptions
DeadLetterQueue
The SQS queue to use if DLQ is enabled.
public IQueue? DeadLetterQueue { get; set; }Property Value
Remarks
If SNS topic is desired, specify deadLetterTopic property instead.
Default: - SQS queue with 14 day retention period if deadLetterQueueEnabled is true
DeadLetterQueueEnabled
Enabled DLQ.
public bool? DeadLetterQueueEnabled { get; set; }Property Value
bool?
Remarks
If deadLetterQueue is undefined,
an SQS queue with default options will be defined for your Function.
Default: - false unless deadLetterQueue is set, which implies DLQ is enabled.
DeadLetterTopic
The SNS topic to use as a DLQ.
public ITopic? DeadLetterTopic { get; set; }Property Value
Remarks
Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created
rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.
Default: - no SNS topic
Description
A description of the function.
public string? Description { get; set; }Property Value
Remarks
Default: - No description.
DurableConfig
The durable configuration for the function.
public IDurableConfig? DurableConfig { get; set; }Property Value
Remarks
If durability is added to an existing function, a resource replacement will be triggered. See the 'durableConfig' section in the module README for more details.
Default: - No durable configuration
Environment
Key-value pairs that Lambda caches and makes available for your Lambda functions.
public IDictionary<string, string>? Environment { get; set; }Property Value
Remarks
Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code.
Default: - No environment variables.
EnvironmentEncryption
The AWS KMS key that's used to encrypt your function's environment variables.
public IKeyRef? EnvironmentEncryption { get; set; }Property Value
Remarks
Default: - AWS Lambda creates and uses an AWS managed customer master key (CMK).
EphemeralStorageSize
The size of the function’s /tmp directory in MiB.
public Size? EphemeralStorageSize { get; set; }Property Value
Remarks
Default: 512 MiB
Events
Event sources for this function.
public IEventSource[]? Events { get; set; }Property Value
Remarks
You can also add event sources using addEventSource.
Default: - No event sources.
Filesystem
The filesystem configuration for the lambda function.
public FileSystem? Filesystem { get; set; }Property Value
Remarks
Default: - will not mount any filesystem
FunctionName
A name for the function.
public string? FunctionName { get; set; }Property Value
Remarks
Default: - AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.
Handler
The name of the method within your code that Lambda calls to execute your function.
public string Handler { get; set; }Property Value
Remarks
The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html.
Use Handler.FROM_IMAGE when defining a function from a Docker image.
NOTE: If you specify your source code as inline text by specifying the ZipFile property within the Code property, specify index.function_name as the handler.
InitialPolicy
Initial policy statements to add to the created Lambda Role.
public PolicyStatement[]? InitialPolicy { get; set; }Property Value
Remarks
You can call addToRolePolicy to the created lambda to add statements post creation.
Default: - No policy statements are added to the created Lambda role.
InsightsVersion
Specify the version of CloudWatch Lambda insights to use for monitoring.
public LambdaInsightsVersion? InsightsVersion { get; set; }Property Value
Remarks
Default: - No Lambda Insights
Ipv6AllowedForDualStack
Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
public bool? Ipv6AllowedForDualStack { get; set; }Property Value
bool?
Remarks
Only used if 'vpc' is supplied.
Default: false
Layers
A list of layers to add to the function's execution environment.
public ILayerVersion[]? Layers { get; set; }Property Value
Remarks
You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions.
Default: - No layers.
LogFormat
(deprecated) Sets the logFormat for the function.
[Obsolete("Use `loggingFormat` as a property instead.")]
public string? LogFormat { get; set; }Property Value
Remarks
Default: "Text"
Stability: Deprecated
LogGroup
The log group the function sends logs to.
public ILogGroupRef? LogGroup { get; set; }Property Value
Remarks
By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.
Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.
Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.
Default: /aws/lambda/${this.functionName} - default log group created by Lambda
LogRemovalPolicy
(deprecated) Determine the removal policy of the log group that is auto-created by this construct.
[Obsolete("use `logGroup` instead")]
public RemovalPolicy? LogRemovalPolicy { get; set; }Property Value
Remarks
Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.
Default: RemovalPolicy.Retain
Stability: Deprecated
LogRetention
(deprecated) The number of days log events are kept in CloudWatch Logs.
[Obsolete("use `logGroup` instead")]
public RetentionDays? LogRetention { get; set; }Property Value
Remarks
When updating
this property, unsetting it doesn't remove the log retention policy. To
remove the retention policy, set the value to INFINITE.
This is a legacy API and we strongly recommend you move away from it if you can.
Instead create a fully customizable log group with logs.LogGroup and use the logGroup property
to instruct the Lambda function to send logs to it.
Migrating from logRetention to logGroup will cause the name of the log group to change.
Users and code and referencing the name verbatim will have to adjust.
In AWS CDK code, you can access the log group name directly from the LogGroup construct:
using Amazon.CDK.AWS.Logs;
LogGroup myLogGroup;
myLogGroup.LogGroupName;Default: logs.RetentionDays.INFINITE
Stability: Deprecated
LogRetentionRetryOptions
When log retention is specified, a custom resource attempts to create the CloudWatch log group.
public ILogRetentionRetryOptions? LogRetentionRetryOptions { get; set; }Property Value
Remarks
These options control the retry policy when interacting with CloudWatch APIs.
This is a legacy API and we strongly recommend you migrate to logGroup if you can.
logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.
Default: - Default AWS SDK retry options.
LogRetentionRole
The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
public IRole? LogRetentionRole { get; set; }Property Value
Remarks
This is a legacy API and we strongly recommend you migrate to logGroup if you can.
logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.
Default: - A new role is created.
LoggingFormat
Sets the loggingFormat for the function.
public LoggingFormat? LoggingFormat { get; set; }Property Value
Remarks
Default: LoggingFormat.TEXT
MaxEventAge
The maximum age of a request that Lambda sends to a function for processing.
public Duration? MaxEventAge { get; set; }Property Value
Remarks
Minimum: 60 seconds Maximum: 6 hours
Default: Duration.hours(6)
MemorySize
The amount of memory, in MB, that is allocated to your Lambda function.
public double? MemorySize { get; set; }Property Value
Remarks
Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide.
Default: 128
OnFailure
The destination for failed invocations.
public IDestination? OnFailure { get; set; }Property Value
Remarks
Default: - no destination
OnSuccess
The destination for successful invocations.
public IDestination? OnSuccess { get; set; }Property Value
Remarks
Default: - no destination
ParamsAndSecrets
Specify the configuration of Parameters and Secrets Extension.
public ParamsAndSecretsLayerVersion? ParamsAndSecrets { get; set; }Property Value
Remarks
Default: - No Parameters and Secrets Extension
See: https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html
Profiling
Enable profiling.
public bool? Profiling { get; set; }Property Value
bool?
Remarks
Default: - No profiling.
See: https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html
ProfilingGroup
Profiling Group.
public IProfilingGroup? ProfilingGroup { get; set; }Property Value
Remarks
Default: - A new profiling group will be created if profiling is set.
See: https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html
RecursiveLoop
Sets the Recursive Loop Protection for Lambda Function.
public RecursiveLoop? RecursiveLoop { get; set; }Property Value
Remarks
It lets Lambda detect and terminate unintended recursive loops.
Default: RecursiveLoop.Terminate
ReservedConcurrentExecutions
The maximum of concurrent executions you want to reserve for the function.
public double? ReservedConcurrentExecutions { get; set; }Property Value
Remarks
Default: - No specific limit - account limit.
See: https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html
RetryAttempts
The maximum number of times to retry when the function returns an error.
public double? RetryAttempts { get; set; }Property Value
Remarks
Minimum: 0 Maximum: 2
Default: 2
Role
Lambda execution role.
public IRole? Role { get; set; }Property Value
Remarks
This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.
The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.
The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".
Default: - A unique role will be generated for this lambda function.
Both supplied and generated roles can always be changed by calling addToRolePolicy.
Runtime
The runtime environment for the Lambda function that you are uploading.
public Runtime Runtime { get; set; }Property Value
Remarks
For valid values, see the Runtime property in the AWS Lambda Developer Guide.
Use Runtime.FROM_IMAGE when defining a function from a Docker image.
RuntimeManagementMode
Sets the runtime management configuration for a function's version.
public RuntimeManagementMode? RuntimeManagementMode { get; set; }Property Value
Remarks
Default: Auto
SecurityGroups
The list of security groups to associate with the Lambda's network interfaces.
public ISecurityGroup[]? SecurityGroups { get; set; }Property Value
Remarks
Only used if 'vpc' is supplied.
Default: - If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.
SnapStart
Enable SnapStart for Lambda Function.
public SnapStartConf? SnapStart { get; set; }Property Value
Remarks
SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime
Default: - No snapstart
SystemLogLevel
(deprecated) Sets the system log level for the function.
[Obsolete("Use `systemLogLevelV2` as a property instead.")]
public string? SystemLogLevel { get; set; }Property Value
Remarks
Default: "INFO"
Stability: Deprecated
SystemLogLevelV2
Sets the system log level for the function.
public SystemLogLevel? SystemLogLevelV2 { get; set; }Property Value
Remarks
Default: SystemLogLevel.INFO
TenancyConfig
The tenancy configuration for the function.
public TenancyConfig? TenancyConfig { get; set; }Property Value
Remarks
Default: - Tenant isolation is not enabled
Timeout
The function execution time (in seconds) after which Lambda terminates the function.
public Duration? Timeout { get; set; }Property Value
Remarks
Because the execution time affects cost, set this value based on the function's expected execution time.
Default: Duration.seconds(3)
Tracing
Enable AWS X-Ray Tracing for Lambda Function.
public Tracing? Tracing { get; set; }Property Value
Remarks
Default: Tracing.Disabled
Vpc
VPC network to place Lambda network interfaces.
public IVpc? Vpc { get; set; }Property Value
Remarks
Specify this if the Lambda function needs to access resources in a VPC.
This is required when vpcSubnets is specified.
Default: - Function is not placed within a VPC.
VpcSubnets
Where to place the network interfaces within the VPC.
public ISubnetSelection? VpcSubnets { get; set; }Property Value
Remarks
This requires vpc to be specified in order for interfaces to actually be
placed in the subnets. If vpc is not specify, this will raise an error.
Note: Internet access for Lambda Functions requires a NAT Gateway, so picking
public subnets is not allowed (unless allowPublicSubnet is set to true).
Default: - the Vpc default strategy if not specified