Package software.amazon.awscdk.services.lambda

Class CfnFunction

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.lambda.CfnFunction
All Implemented Interfaces:
IEnvironmentAware, IInspectable, ITaggable, IFunctionRef, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.118.0 (build 02eec31)", date="2025-11-04T09:27:44.327Z") @Stability(Stable) public class CfnFunction extends CfnResource implements IInspectable, IFunctionRef, ITaggable
The AWS::Lambda::Function resource creates a Lambda function.

To create a function, you need a deployment package and an execution role . The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing.

You set the package type to Image if the deployment package is a container image . For these functions, include the URI of the container image in the Amazon ECR registry in the ImageUri property of the Code property . You do not need to specify the handler and runtime properties.

You set the package type to Zip if the deployment package is a .zip file archive . For these functions, specify the Amazon S3 location of your .zip file in the Code property. Alternatively, for Node.js and Python functions, you can define your function inline in the ZipFile property of the Code property . In both cases, you must also specify the handler and runtime properties.

You can use code signing if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with UpdateFunctionCode , Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.

When you update a AWS::Lambda::Function resource, CloudFormation calls the UpdateFunctionConfiguration and UpdateFunctionCode Lambda APIs under the hood. Because these calls happen sequentially, and invocations can happen between these calls, your function may encounter errors in the time between the calls. For example, if you remove an environment variable, and the code that references that environment variable in the same CloudFormation update, you may see invocation errors related to a missing environment variable. To work around this, you can invoke your function against a version or alias by default, rather than the $LATEST version.

Note that you configure provisioned concurrency on a AWS::Lambda::Version or a AWS::Lambda::Alias .

For a complete introduction to Lambda functions, see What is Lambda? in the Lambda developer guide.

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.lambda.*;
 CfnFunction cfnFunction = CfnFunction.Builder.create(this, "MyCfnFunction")
         .code(CodeProperty.builder()
                 .imageUri("imageUri")
                 .s3Bucket("s3Bucket")
                 .s3Key("s3Key")
                 .s3ObjectVersion("s3ObjectVersion")
                 .sourceKmsKeyArn("sourceKmsKeyArn")
                 .zipFile("zipFile")
                 .build())
         .role("role")
         // the properties below are optional
         .architectures(List.of("architectures"))
         .codeSigningConfigArn("codeSigningConfigArn")
         .deadLetterConfig(DeadLetterConfigProperty.builder()
                 .targetArn("targetArn")
                 .build())
         .description("description")
         .environment(EnvironmentProperty.builder()
                 .variables(Map.of(
                         "variablesKey", "variables"))
                 .build())
         .ephemeralStorage(EphemeralStorageProperty.builder()
                 .size(123)
                 .build())
         .fileSystemConfigs(List.of(FileSystemConfigProperty.builder()
                 .arn("arn")
                 .localMountPath("localMountPath")
                 .build()))
         .functionName("functionName")
         .handler("handler")
         .imageConfig(ImageConfigProperty.builder()
                 .command(List.of("command"))
                 .entryPoint(List.of("entryPoint"))
                 .workingDirectory("workingDirectory")
                 .build())
         .kmsKeyArn("kmsKeyArn")
         .layers(List.of("layers"))
         .loggingConfig(LoggingConfigProperty.builder()
                 .applicationLogLevel("applicationLogLevel")
                 .logFormat("logFormat")
                 .logGroup("logGroup")
                 .systemLogLevel("systemLogLevel")
                 .build())
         .memorySize(123)
         .packageType("packageType")
         .recursiveLoop("recursiveLoop")
         .reservedConcurrentExecutions(123)
         .runtime("runtime")
         .runtimeManagementConfig(RuntimeManagementConfigProperty.builder()
                 .updateRuntimeOn("updateRuntimeOn")
                 // the properties below are optional
                 .runtimeVersionArn("runtimeVersionArn")
                 .build())
         .snapStart(SnapStartProperty.builder()
                 .applyOn("applyOn")
                 .build())
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .timeout(123)
         .tracingConfig(TracingConfigProperty.builder()
                 .mode("mode")
                 .build())
         .vpcConfig(VpcConfigProperty.builder()
                 .ipv6AllowedForDualStack(false)
                 .securityGroupIds(List.of("securityGroupIds"))
                 .subnetIds(List.of("subnetIds"))
                 .build())
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnFunction

      protected CfnFunction(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnFunction

      protected CfnFunction(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnFunction

      @Stability(Stable) public CfnFunction(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnFunctionProps props)
      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties. This parameter is required.

  • Method Details

    • fromFunctionArn

      @Stability(Stable) @NotNull public static IFunctionRef fromFunctionArn(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String arn)
      Creates a new IFunctionRef from an ARN.

      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      arn - This parameter is required.

    • fromFunctionName

      @Stability(Stable) @NotNull public static IFunctionRef fromFunctionName(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String functionName)
      Creates a new IFunctionRef from a functionName.

      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      functionName - This parameter is required.

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrArn

      @Stability(Stable) @NotNull public String getAttrArn()
      The Amazon Resource Name (ARN) of the function.

    • getAttrSnapStartResponse

      @Stability(Stable) @NotNull public IResolvable getAttrSnapStartResponse()
      The function's SnapStart setting.

    • getAttrSnapStartResponseApplyOn

      @Stability(Stable) @NotNull public String getAttrSnapStartResponseApplyOn()
      When set to PublishedVersions, Lambda creates a snapshot of the execution environment when you publish a function version.

    • getAttrSnapStartResponseOptimizationStatus

      @Stability(Stable) @NotNull public String getAttrSnapStartResponseOptimizationStatus()
      When you provide a qualified Amazon Resource Name (ARN), this response element indicates whether SnapStart is activated for the specified function version.

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getFunctionRef

      @Stability(Stable) @NotNull public FunctionReference getFunctionRef()
      A reference to a Function resource.
      Specified by:
      getFunctionRef in interface IFunctionRef

    • getTags

      @Stability(Stable) @NotNull public TagManager getTags()
      Tag Manager which manages the tags for this resource.
      Specified by:
      getTags in interface ITaggable

    • getCode

      @Stability(Stable) @NotNull public Object getCode()
      The code for the function.

      You can define your function code in multiple ways:.

      Returns union: either IResolvable or CfnFunction.CodeProperty

    • setCode

      @Stability(Stable) public void setCode(@NotNull IResolvable value)
      The code for the function.

      You can define your function code in multiple ways:.

    • setCode

      @Stability(Stable) public void setCode(@NotNull CfnFunction.CodeProperty value)
      The code for the function.

      You can define your function code in multiple ways:.

    • getRole

      @Stability(Stable) @NotNull public String getRole()
      The Amazon Resource Name (ARN) of the function's execution role.

    • setRole

      @Stability(Stable) public void setRole(@NotNull String value)
      The Amazon Resource Name (ARN) of the function's execution role.

    • getArchitectures

      @Stability(Stable) @Nullable public List<String> getArchitectures()
      The instruction set architecture that the function supports.

    • setArchitectures

      @Stability(Stable) public void setArchitectures(@Nullable List<String> value)
      The instruction set architecture that the function supports.

    • getCodeSigningConfigArn

      @Stability(Stable) @Nullable public String getCodeSigningConfigArn()
      To enable code signing for this function, specify the ARN of a code-signing configuration.

    • setCodeSigningConfigArn

      @Stability(Stable) public void setCodeSigningConfigArn(@Nullable String value)
      To enable code signing for this function, specify the ARN of a code-signing configuration.

    • getDeadLetterConfig

      @Stability(Stable) @Nullable public Object getDeadLetterConfig()
      A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing.

      Returns union: either IResolvable or CfnFunction.DeadLetterConfigProperty

    • setDeadLetterConfig

      @Stability(Stable) public void setDeadLetterConfig(@Nullable IResolvable value)
      A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing.

    • setDeadLetterConfig

      @Stability(Stable) public void setDeadLetterConfig(@Nullable CfnFunction.DeadLetterConfigProperty value)
      A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing.

    • getDescription

      @Stability(Stable) @Nullable public String getDescription()
      A description of the function.

    • setDescription

      @Stability(Stable) public void setDescription(@Nullable String value)
      A description of the function.

    • getEnvironment

      @Stability(Stable) @Nullable public Object getEnvironment()
      Environment variables that are accessible from function code during execution.

      Returns union: either IResolvable or CfnFunction.EnvironmentProperty

    • setEnvironment

      @Stability(Stable) public void setEnvironment(@Nullable IResolvable value)
      Environment variables that are accessible from function code during execution.

    • setEnvironment

      @Stability(Stable) public void setEnvironment(@Nullable CfnFunction.EnvironmentProperty value)
      Environment variables that are accessible from function code during execution.

    • getEphemeralStorage

      @Stability(Stable) @Nullable public Object getEphemeralStorage()
      The size of the function's /tmp directory in MB.

      Returns union: either IResolvable or CfnFunction.EphemeralStorageProperty

    • setEphemeralStorage

      @Stability(Stable) public void setEphemeralStorage(@Nullable IResolvable value)
      The size of the function's /tmp directory in MB.

    • setEphemeralStorage

      @Stability(Stable) public void setEphemeralStorage(@Nullable CfnFunction.EphemeralStorageProperty value)
      The size of the function's /tmp directory in MB.

    • getFileSystemConfigs

      @Stability(Stable) @Nullable public Object getFileSystemConfigs()
      Connection settings for an Amazon EFS file system.

      Returns union: either IResolvable or Listinvalid input: '<'either IResolvable or CfnFunction.FileSystemConfigProperty>

    • setFileSystemConfigs

      @Stability(Stable) public void setFileSystemConfigs(@Nullable IResolvable value)
      Connection settings for an Amazon EFS file system.

    • setFileSystemConfigs

      @Stability(Stable) public void setFileSystemConfigs(@Nullable List<Object> value)
      Connection settings for an Amazon EFS file system.

    • getFunctionName

      @Stability(Stable) @Nullable public String getFunctionName()
      The name of the Lambda function, up to 64 characters in length.

    • setFunctionName

      @Stability(Stable) public void setFunctionName(@Nullable String value)
      The name of the Lambda function, up to 64 characters in length.

    • getHandler

      @Stability(Stable) @Nullable public String getHandler()
      The name of the method within your code that Lambda calls to run your function.

    • setHandler

      @Stability(Stable) public void setHandler(@Nullable String value)
      The name of the method within your code that Lambda calls to run your function.

    • getImageConfig

      @Stability(Stable) @Nullable public Object getImageConfig()
      Configuration values that override the container image Dockerfile settings.

      Returns union: either IResolvable or CfnFunction.ImageConfigProperty

    • setImageConfig

      @Stability(Stable) public void setImageConfig(@Nullable IResolvable value)
      Configuration values that override the container image Dockerfile settings.

    • setImageConfig

      @Stability(Stable) public void setImageConfig(@Nullable CfnFunction.ImageConfigProperty value)
      Configuration values that override the container image Dockerfile settings.

    • getKmsKeyArn

      @Stability(Stable) @Nullable public String getKmsKeyArn()
      The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt the following resources:.

    • setKmsKeyArn

      @Stability(Stable) public void setKmsKeyArn(@Nullable String value)
      The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt the following resources:.

    • getLayers

      @Stability(Stable) @Nullable public List<String> getLayers()
      A list of function layers to add to the function's execution environment. Specify each layer by its ARN, including the version.

    • setLayers

      @Stability(Stable) public void setLayers(@Nullable List<String> value)
      A list of function layers to add to the function's execution environment. Specify each layer by its ARN, including the version.

    • getLoggingConfig

      @Stability(Stable) @Nullable public Object getLoggingConfig()
      The function's Amazon CloudWatch Logs configuration settings.

      Returns union: either IResolvable or CfnFunction.LoggingConfigProperty

    • setLoggingConfig

      @Stability(Stable) public void setLoggingConfig(@Nullable IResolvable value)
      The function's Amazon CloudWatch Logs configuration settings.

    • setLoggingConfig

      @Stability(Stable) public void setLoggingConfig(@Nullable CfnFunction.LoggingConfigProperty value)
      The function's Amazon CloudWatch Logs configuration settings.

    • getMemorySize

      @Stability(Stable) @Nullable public Number getMemorySize()
      The amount of memory available to the function at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase.

    • setMemorySize

      @Stability(Stable) public void setMemorySize(@Nullable Number value)
      The amount of memory available to the function at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase.

    • getPackageType

      @Stability(Stable) @Nullable public String getPackageType()
      The type of deployment package.

    • setPackageType

      @Stability(Stable) public void setPackageType(@Nullable String value)
      The type of deployment package.

    • getRecursiveLoop

      @Stability(Stable) @Nullable public String getRecursiveLoop()
      The status of your function's recursive loop detection configuration.

    • setRecursiveLoop

      @Stability(Stable) public void setRecursiveLoop(@Nullable String value)
      The status of your function's recursive loop detection configuration.

    • getReservedConcurrentExecutions

      @Stability(Stable) @Nullable public Number getReservedConcurrentExecutions()
      The number of simultaneous executions to reserve for the function.

    • setReservedConcurrentExecutions

      @Stability(Stable) public void setReservedConcurrentExecutions(@Nullable Number value)
      The number of simultaneous executions to reserve for the function.

    • getRuntime

      @Stability(Stable) @Nullable public String getRuntime()
      The identifier of the function's runtime . Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image.

    • setRuntime

      @Stability(Stable) public void setRuntime(@Nullable String value)
      The identifier of the function's runtime . Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image.

    • getRuntimeManagementConfig

      @Stability(Stable) @Nullable public Object getRuntimeManagementConfig()
      Sets the runtime management configuration for a function's version.

      Returns union: either IResolvable or CfnFunction.RuntimeManagementConfigProperty

    • setRuntimeManagementConfig

      @Stability(Stable) public void setRuntimeManagementConfig(@Nullable IResolvable value)
      Sets the runtime management configuration for a function's version.

    • setRuntimeManagementConfig

      @Stability(Stable) public void setRuntimeManagementConfig(@Nullable CfnFunction.RuntimeManagementConfigProperty value)
      Sets the runtime management configuration for a function's version.

    • getSnapStart

      @Stability(Stable) @Nullable public Object getSnapStart()
      The function's AWS Lambda SnapStart setting.

      Returns union: either IResolvable or CfnFunction.SnapStartProperty

    • setSnapStart

      @Stability(Stable) public void setSnapStart(@Nullable IResolvable value)
      The function's AWS Lambda SnapStart setting.

    • setSnapStart

      @Stability(Stable) public void setSnapStart(@Nullable CfnFunction.SnapStartProperty value)
      The function's AWS Lambda SnapStart setting.

    • getTagsRaw

      @Stability(Stable) @Nullable public List<CfnTag> getTagsRaw()
      A list of tags to apply to the function.

    • setTagsRaw

      @Stability(Stable) public void setTagsRaw(@Nullable List<CfnTag> value)
      A list of tags to apply to the function.

    • getTimeout

      @Stability(Stable) @Nullable public Number getTimeout()
      The amount of time (in seconds) that Lambda allows a function to run before stopping it.

    • setTimeout

      @Stability(Stable) public void setTimeout(@Nullable Number value)
      The amount of time (in seconds) that Lambda allows a function to run before stopping it.

    • getTracingConfig

      @Stability(Stable) @Nullable public Object getTracingConfig()
      Set Mode to Active to sample and trace a subset of incoming requests with X-Ray .

      Returns union: either IResolvable or CfnFunction.TracingConfigProperty

    • setTracingConfig

      @Stability(Stable) public void setTracingConfig(@Nullable IResolvable value)
      Set Mode to Active to sample and trace a subset of incoming requests with X-Ray .

    • setTracingConfig

      @Stability(Stable) public void setTracingConfig(@Nullable CfnFunction.TracingConfigProperty value)
      Set Mode to Active to sample and trace a subset of incoming requests with X-Ray .

    • getVpcConfig

      @Stability(Stable) @Nullable public Object getVpcConfig()
      For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC.

      Returns union: either IResolvable or CfnFunction.VpcConfigProperty

    • setVpcConfig

      @Stability(Stable) public void setVpcConfig(@Nullable IResolvable value)
      For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC.

    • setVpcConfig

      @Stability(Stable) public void setVpcConfig(@Nullable CfnFunction.VpcConfigProperty value)
      For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC.