CfnFunction

class aws_cdk.aws_lambda.CfnFunction(scope, id, *, code, role, architectures=None, code_signing_config_arn=None, dead_letter_config=None, description=None, environment=None, ephemeral_storage=None, file_system_configs=None, function_name=None, handler=None, image_config=None, kms_key_arn=None, layers=None, logging_config=None, memory_size=None, package_type=None, recursive_loop=None, reserved_concurrent_executions=None, runtime=None, runtime_management_config=None, snap_start=None, tags=None, timeout=None, tracing_config=None, vpc_config=None)

Bases: CfnResource

The AWS::Lambda::Function resource creates a Lambda function.

To create a function, you need a deployment package and an execution role . The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing.

You set the package type to Image if the deployment package is a container image . For these functions, include the URI of the container image in the Amazon ECR registry in the `ImageUri property of the Code property <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-imageuri>`_ . You do not need to specify the handler and runtime properties.

You set the package type to Zip if the deployment package is a .zip file archive . For these functions, specify the Amazon S3 location of your .zip file in the Code property. Alternatively, for Node.js and Python functions, you can define your function inline in the `ZipFile property of the Code property <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile>`_ . In both cases, you must also specify the handler and runtime properties.

You can use code signing if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with UpdateFunctionCode , Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.

When you update a AWS::Lambda::Function resource, CloudFormation calls the UpdateFunctionConfiguration and UpdateFunctionCode Lambda APIs under the hood. Because these calls happen sequentially, and invocations can happen between these calls, your function may encounter errors in the time between the calls. For example, if you remove an environment variable, and the code that references that environment variable in the same CloudFormation update, you may see invocation errors related to a missing environment variable. To work around this, you can invoke your function against a version or alias by default, rather than the $LATEST version.

Note that you configure provisioned concurrency on a AWS::Lambda::Version or a AWS::Lambda::Alias .

For a complete introduction to Lambda functions, see What is Lambda? in the Lambda developer guide.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html

CloudformationResource:

AWS::Lambda::Function

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

cfn_function = lambda_.CfnFunction(self, "MyCfnFunction",
    code=lambda.CfnFunction.CodeProperty(
        image_uri="imageUri",
        s3_bucket="s3Bucket",
        s3_key="s3Key",
        s3_object_version="s3ObjectVersion",
        source_kms_key_arn="sourceKmsKeyArn",
        zip_file="zipFile"
    ),
    role="role",

    # the properties below are optional
    architectures=["architectures"],
    code_signing_config_arn="codeSigningConfigArn",
    dead_letter_config=lambda.CfnFunction.DeadLetterConfigProperty(
        target_arn="targetArn"
    ),
    description="description",
    environment=lambda.CfnFunction.EnvironmentProperty(
        variables={
            "variables_key": "variables"
        }
    ),
    ephemeral_storage=lambda.CfnFunction.EphemeralStorageProperty(
        size=123
    ),
    file_system_configs=[lambda.CfnFunction.FileSystemConfigProperty(
        arn="arn",
        local_mount_path="localMountPath"
    )],
    function_name="functionName",
    handler="handler",
    image_config=lambda.CfnFunction.ImageConfigProperty(
        command=["command"],
        entry_point=["entryPoint"],
        working_directory="workingDirectory"
    ),
    kms_key_arn="kmsKeyArn",
    layers=["layers"],
    logging_config=lambda.CfnFunction.LoggingConfigProperty(
        application_log_level="applicationLogLevel",
        log_format="logFormat",
        log_group="logGroup",
        system_log_level="systemLogLevel"
    ),
    memory_size=123,
    package_type="packageType",
    recursive_loop="recursiveLoop",
    reserved_concurrent_executions=123,
    runtime="runtime",
    runtime_management_config=lambda.CfnFunction.RuntimeManagementConfigProperty(
        update_runtime_on="updateRuntimeOn",

        # the properties below are optional
        runtime_version_arn="runtimeVersionArn"
    ),
    snap_start=lambda.CfnFunction.SnapStartProperty(
        apply_on="applyOn"
    ),
    tags=[CfnTag(
        key="key",
        value="value"
    )],
    timeout=123,
    tracing_config=lambda.CfnFunction.TracingConfigProperty(
        mode="mode"
    ),
    vpc_config=lambda.CfnFunction.VpcConfigProperty(
        ipv6_allowed_for_dual_stack=False,
        security_group_ids=["securityGroupIds"],
        subnet_ids=["subnetIds"]
    )
)
Parameters:
  • scope (Construct) – Scope in which this resource is defined.

  • id (str) – Construct identifier for this resource (unique in its scope).

  • code (Union[IResolvable, CodeProperty, Dict[str, Any]]) – The code for the function. You can define your function code in multiple ways:. - For .zip deployment packages, you can specify the Amazon S3 location of the .zip file in the S3Bucket , S3Key , and S3ObjectVersion properties. - For .zip deployment packages, you can alternatively define the function code inline in the ZipFile property. This method works only for Node.js and Python functions. - For container images, specify the URI of your container image in the Amazon ECR registry in the ImageUri property.

  • role (str) – The Amazon Resource Name (ARN) of the function’s execution role.

  • architectures (Optional[Sequence[str]]) – The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is x86_64 .

  • code_signing_config_arn (Optional[str]) – To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.

  • dead_letter_config (Union[IResolvable, DeadLetterConfigProperty, Dict[str, Any], None]) – A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see Dead-letter queues .

  • description (Optional[str]) – A description of the function.

  • environment (Union[IResolvable, EnvironmentProperty, Dict[str, Any], None]) – Environment variables that are accessible from function code during execution.

  • ephemeral_storage (Union[IResolvable, EphemeralStorageProperty, Dict[str, Any], None]) – The size of the function’s /tmp directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB.

  • file_system_configs (Union[IResolvable, Sequence[Union[IResolvable, FileSystemConfigProperty, Dict[str, Any]]], None]) – Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an AWS::EFS::MountTarget resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function. For more information about using the DependsOn attribute, see DependsOn Attribute .

  • function_name (Optional[str]) – The name of the Lambda function, up to 64 characters in length. If you don’t specify a name, AWS CloudFormation generates one. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

  • handler (Optional[str]) – The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see Lambda programming model .

  • image_config (Union[IResolvable, ImageConfigProperty, Dict[str, Any], None]) – Configuration values that override the container image Dockerfile settings. For more information, see Container image settings .

  • kms_key_arn (Optional[str]) – The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that’s used to encrypt your function’s environment variables . When Lambda SnapStart is activated, Lambda also uses this key is to encrypt your function’s snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it’s deployed. Note that this is not the same key that’s used to protect your container image in the Amazon Elastic Container Registry ( Amazon ECR ). If you don’t provide a customer managed key, Lambda uses a default service key.

  • layers (Optional[Sequence[str]]) – A list of function layers to add to the function’s execution environment. Specify each layer by its ARN, including the version.

  • logging_config (Union[IResolvable, LoggingConfigProperty, Dict[str, Any], None]) – The function’s Amazon CloudWatch Logs configuration settings.

  • memory_size (Union[int, float, None]) – The amount of memory available to the function at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase.

  • package_type (Optional[str]) – The type of deployment package. Set to Image for container image and set Zip for .zip file archive.

  • recursive_loop (Optional[str]) – The status of your function’s recursive loop detection configuration. When this value is set to Allow and Lambda detects your function being invoked as part of a recursive loop, it doesn’t take any action. When this value is set to Terminate and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you.

  • reserved_concurrent_executions (Union[int, float, None]) – The number of simultaneous executions to reserve for the function.

  • runtime (Optional[str]) – The identifier of the function’s runtime . Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you’re deploying a function using a container image. The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see Runtime use after deprecation . For a list of all currently supported runtimes, see Supported runtimes .

  • runtime_management_config (Union[IResolvable, RuntimeManagementConfigProperty, Dict[str, Any], None]) – Sets the runtime management configuration for a function’s version. For more information, see Runtime updates .

  • snap_start (Union[IResolvable, SnapStartProperty, Dict[str, Any], None]) – The function’s AWS Lambda SnapStart setting.

  • tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]]) – A list of tags to apply to the function. .. epigraph:: You must have the lambda:TagResource , lambda:UntagResource , and lambda:ListTags permissions for your IAM principal to manage the AWS CloudFormation stack. If you don’t have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.

  • timeout (Union[int, float, None]) – The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see Lambda execution environment .

  • tracing_config (Union[IResolvable, TracingConfigProperty, Dict[str, Any], None]) – Set Mode to Active to sample and trace a subset of incoming requests with X-Ray .

  • vpc_config (Union[IResolvable, VpcConfigProperty, Dict[str, Any], None]) – For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see Configuring a Lambda function to access resources in a VPC .

Methods

add_deletion_override(path)

Syntactic sugar for addOverride(path, undefined).

Parameters:

path (str) – The path of the value to delete.

Return type:

None

add_dependency(target)

Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.

Parameters:

target (CfnResource) –

Return type:

None

add_depends_on(target)

(deprecated) Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

Parameters:

target (CfnResource) –

Deprecated:

use addDependency

Stability:

deprecated

Return type:

None

add_metadata(key, value)

Add a value to the CloudFormation Resource Metadata.

Parameters:
  • key (str) –

  • value (Any) –

See:

Return type:

None

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

add_override(path, value)

Adds an override to the synthesized CloudFormation resource.

To add a property override, either use addPropertyOverride or prefix path with “Properties.” (i.e. Properties.TopicName).

If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.

To include a literal . in the property name, prefix with a \. In most programming languages you will need to write this as "\\." because the \ itself will need to be escaped.

For example:

cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"])
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")

would add the overrides Example:

"Properties": {
  "GlobalSecondaryIndexes": [
    {
      "Projection": {
        "NonKeyAttributes": [ "myattribute" ]
        ...
      }
      ...
    },
    {
      "ProjectionType": "INCLUDE"
      ...
    },
  ]
  ...
}

The value argument to addOverride will not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.

Parameters:
  • path (str) –

    • The path of the property, you can use dot notation to override values in complex types. Any intermediate keys will be created as needed.

  • value (Any) –

    • The value. Could be primitive or complex.

Return type:

None

add_property_deletion_override(property_path)

Adds an override that deletes the value of a property from the resource definition.

Parameters:

property_path (str) – The path to the property.

Return type:

None

add_property_override(property_path, value)

Adds an override to a resource property.

Syntactic sugar for addOverride("Properties.<...>", value).

Parameters:
  • property_path (str) – The path of the property.

  • value (Any) – The value.

Return type:

None

apply_removal_policy(policy=None, *, apply_to_update_replace_policy=None, default=None)

Sets the deletion policy of the resource based on the removal policy specified.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some cases, a snapshot can be taken of the resource prior to deletion (RemovalPolicy.SNAPSHOT). A list of resources that support this policy can be found in the following link:

Parameters:
  • policy (Optional[RemovalPolicy]) –

  • apply_to_update_replace_policy (Optional[bool]) – Apply the same deletion policy to the resource’s “UpdateReplacePolicy”. Default: true

  • default (Optional[RemovalPolicy]) – The default policy to apply in case the removal policy is not defined. Default: - Default value is resource specific. To determine the default value for a resource, please consult that specific resource’s documentation.

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options

Return type:

None

get_att(attribute_name, type_hint=None)

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility in case there is no generated attribute.

Parameters:
  • attribute_name (str) – The name of the attribute.

  • type_hint (Optional[ResolutionTypeHint]) –

Return type:

Reference

get_metadata(key)

Retrieve a value value from the CloudFormation Resource Metadata.

Parameters:

key (str) –

See:

Return type:

Any

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

inspect(inspector)

Examines the CloudFormation resource and discloses attributes.

Parameters:

inspector (TreeInspector) – tree inspector to collect and process attributes.

Return type:

None

obtain_dependencies()

Retrieves an array of resources this resource depends on.

This assembles dependencies on resources across stacks (including nested stacks) automatically.

Return type:

List[Union[Stack, CfnResource]]

obtain_resource_dependencies()

Get a shallow copy of dependencies between this resource and other resources in the same stack.

Return type:

List[CfnResource]

override_logical_id(new_logical_id)

Overrides the auto-generated logical ID with a specific ID.

Parameters:

new_logical_id (str) – The new logical ID to use for this stack element.

Return type:

None

remove_dependency(target)

Indicates that this resource no longer depends on another resource.

This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.

Parameters:

target (CfnResource) –

Return type:

None

replace_dependency(target, new_target)

Replaces one dependency with another.

Parameters:
Return type:

None

to_string()

Returns a string representation of this construct.

Return type:

str

Returns:

a string representation of this resource

Attributes

CFN_RESOURCE_TYPE_NAME = 'AWS::Lambda::Function'
architectures

The instruction set architecture that the function supports.

attr_arn

The Amazon Resource Name (ARN) of the function.

CloudformationAttribute:

Arn

attr_snap_start_response

//docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.

CloudformationAttribute:

SnapStartResponse

Type:

The function’s `SnapStart <https

attr_snap_start_response_apply_on

When set to PublishedVersions, Lambda creates a snapshot of the execution environment when you publish a function version.

CloudformationAttribute:

SnapStartResponse.ApplyOn

attr_snap_start_response_optimization_status

//docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html#versioning-versions-using>`_, this response element indicates whether SnapStart is activated for the specified function version.

CloudformationAttribute:

SnapStartResponse.OptimizationStatus

Type:

When you provide a `qualified Amazon Resource Name (ARN) <https

cfn_options

Options for this resource, such as condition, update policy etc.

cfn_resource_type

AWS resource type.

code

The code for the function.

You can define your function code in multiple ways:.

code_signing_config_arn

To enable code signing for this function, specify the ARN of a code-signing configuration.

creation_stack

return:

the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.

dead_letter_config

A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing.

description

A description of the function.

environment

Environment variables that are accessible from function code during execution.

ephemeral_storage

The size of the function’s /tmp directory in MB.

file_system_configs

Connection settings for an Amazon EFS file system.

function_name

The name of the Lambda function, up to 64 characters in length.

handler

The name of the method within your code that Lambda calls to run your function.

image_config

Configuration values that override the container image Dockerfile settings.

kms_key_arn

//docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html>`_ is activated, Lambda also uses this key is to encrypt your function’s snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it’s deployed. Note that this is not the same key that’s used to protect your container image in the Amazon Elastic Container Registry ( Amazon ECR ). If you don’t provide a customer managed key, Lambda uses a default service key.

Type:

The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that’s used to encrypt your function’s `environment variables <https

Type:

//docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption>`_ . When `Lambda SnapStart <https

layers

//docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html>`_ to add to the function’s execution environment. Specify each layer by its ARN, including the version.

Type:

A list of `function layers <https

logging_config

The function’s Amazon CloudWatch Logs configuration settings.

logical_id

The logical ID for this CloudFormation stack element.

The logical ID of the element is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Returns:

the logical ID as a stringified token. This value will only get resolved during synthesis.

memory_size

//docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console>`_ at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase.

Type:

The amount of `memory available to the function <https

node

The tree node.

package_type

The type of deployment package.

recursive_loop

The status of your function’s recursive loop detection configuration.

ref

Return a string that will be resolved to a CloudFormation { Ref } for this element.

If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through Lazy.any({ produce: resource.ref }).

reserved_concurrent_executions

The number of simultaneous executions to reserve for the function.

role

The Amazon Resource Name (ARN) of the function’s execution role.

runtime

//docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html>`_ . Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you’re deploying a function using a container image.

Type:

The identifier of the function’s `runtime <https

runtime_management_config

Sets the runtime management configuration for a function’s version.

snap_start

//docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.

Type:

The function’s `AWS Lambda SnapStart <https

stack

The stack in which this element is defined.

CfnElements must be defined within a stack scope (directly or indirectly).

tags

Tag Manager which manages the tags for this resource.

tags_raw

//docs.aws.amazon.com/lambda/latest/dg/tagging.html>`_ to apply to the function.

Type:

A list of `tags <https

timeout

The amount of time (in seconds) that Lambda allows a function to run before stopping it.

tracing_config

//docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ .

Type:

Set Mode to Active to sample and trace a subset of incoming requests with `X-Ray <https

vpc_config

For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC.

Static Methods

classmethod is_cfn_element(x)

Returns true if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of instanceof to allow stack elements from different versions of this library to be included in the same stack.

Parameters:

x (Any) –

Return type:

bool

Returns:

The construct as a stack element or undefined if it is not a stack element.

classmethod is_cfn_resource(x)

Check whether the given object is a CfnResource.

Parameters:

x (Any) –

Return type:

bool

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Construct.

CodeProperty

class CfnFunction.CodeProperty(*, image_uri=None, s3_bucket=None, s3_key=None, s3_object_version=None, source_kms_key_arn=None, zip_file=None)

Bases: object

The deployment package for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.

Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.

Parameters:
  • image_uri (Optional[str]) –

    URI of a container image in the Amazon ECR registry.

  • s3_bucket (Optional[str]) – An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account .

  • s3_key (Optional[str]) – The Amazon S3 key of the deployment package.

  • s3_object_version (Optional[str]) – For versioned objects, the version of the deployment package object to use.

  • source_kms_key_arn (Optional[str]) –

  • zip_file (Optional[str]) –

    (Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, AWS CloudFormation places it in a file named index and zips it to create a deployment package . This zip file cannot exceed 4MB. For the Handler property, the first part of the handler identifier must be index . For example, index.handler . For JSON, you must escape quotes and special characters such as newline ( \n ) with a backslash. If you specify a function that interacts with an AWS CloudFormation custom resource, you don’t have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module ( cfn-response ) that simplifies sending responses. See Using AWS Lambda with AWS CloudFormation for details.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

code_property = lambda.CfnFunction.CodeProperty(
    image_uri="imageUri",
    s3_bucket="s3Bucket",
    s3_key="s3Key",
    s3_object_version="s3ObjectVersion",
    source_kms_key_arn="sourceKmsKeyArn",
    zip_file="zipFile"
)

Attributes

image_uri

//docs.aws.amazon.com/lambda/latest/dg/lambda-images.html>`_ in the Amazon ECR registry.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-imageuri

Type:

URI of a `container image <https

s3_bucket

An Amazon S3 bucket in the same AWS Region as your function.

The bucket can be in a different AWS account .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3bucket

s3_key

The Amazon S3 key of the deployment package.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3key

s3_object_version

For versioned objects, the version of the deployment package object to use.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3objectversion

source_kms_key_arn

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-sourcekmskeyarn

Type:

see

zip_file

//docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_ . This zip file cannot exceed 4MB. For the Handler property, the first part of the handler identifier must be index . For example, index.handler .

For JSON, you must escape quotes and special characters such as newline ( \n ) with a backslash.

If you specify a function that interacts with an AWS CloudFormation custom resource, you don’t have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module ( cfn-response ) that simplifies sending responses. See Using AWS Lambda with AWS CloudFormation for details.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile

Type:

(Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, AWS CloudFormation places it in a file named index and zips it to create a `deployment package <https

DeadLetterConfigProperty

class CfnFunction.DeadLetterConfigProperty(*, target_arn=None)

Bases: object

The dead-letter queue for failed asynchronous invocations.

Parameters:

target_arn (Optional[str]) – The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-deadletterconfig.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

dead_letter_config_property = lambda.CfnFunction.DeadLetterConfigProperty(
    target_arn="targetArn"
)

Attributes

target_arn

The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-deadletterconfig.html#cfn-lambda-function-deadletterconfig-targetarn

EnvironmentProperty

class CfnFunction.EnvironmentProperty(*, variables=None)

Bases: object

A function’s environment variable settings.

You can use environment variables to adjust your function’s behavior without updating code. An environment variable is a pair of strings that are stored in a function’s version-specific configuration.

Parameters:

variables (Union[IResolvable, Mapping[str, str], None]) – Environment variable key-value pairs. For more information, see Using Lambda environment variables .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

environment_property = lambda.CfnFunction.EnvironmentProperty(
    variables={
        "variables_key": "variables"
    }
)

Attributes

variables

Environment variable key-value pairs.

For more information, see Using Lambda environment variables .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html#cfn-lambda-function-environment-variables

EphemeralStorageProperty

class CfnFunction.EphemeralStorageProperty(*, size)

Bases: object

The size of the function’s /tmp directory in MB.

The default value is 512, but it can be any whole number between 512 and 10,240 MB.

Parameters:

size (Union[int, float]) – The size of the function’s /tmp directory.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-ephemeralstorage.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

ephemeral_storage_property = lambda.CfnFunction.EphemeralStorageProperty(
    size=123
)

Attributes

size

The size of the function’s /tmp directory.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-ephemeralstorage.html#cfn-lambda-function-ephemeralstorage-size

FileSystemConfigProperty

class CfnFunction.FileSystemConfigProperty(*, arn, local_mount_path)

Bases: object

Details about the connection between a Lambda function and an Amazon EFS file system .

Parameters:
  • arn (str) – The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.

  • local_mount_path (str) – The path where the function can access the file system, starting with /mnt/ .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-filesystemconfig.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

file_system_config_property = lambda.CfnFunction.FileSystemConfigProperty(
    arn="arn",
    local_mount_path="localMountPath"
)

Attributes

arn

The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-filesystemconfig.html#cfn-lambda-function-filesystemconfig-arn

local_mount_path

The path where the function can access the file system, starting with /mnt/ .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-filesystemconfig.html#cfn-lambda-function-filesystemconfig-localmountpath

ImageConfigProperty

class CfnFunction.ImageConfigProperty(*, command=None, entry_point=None, working_directory=None)

Bases: object

Configuration values that override the container image Dockerfile settings.

For more information, see Container image settings .

Parameters:
  • command (Optional[Sequence[str]]) – Specifies parameters that you want to pass in with ENTRYPOINT. You can specify a maximum of 1,500 parameters in the list.

  • entry_point (Optional[Sequence[str]]) – Specifies the entry point to their application, which is typically the location of the runtime executable. You can specify a maximum of 1,500 string entries in the list.

  • working_directory (Optional[str]) – Specifies the working directory. The length of the directory string cannot exceed 1,000 characters.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-imageconfig.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

image_config_property = lambda.CfnFunction.ImageConfigProperty(
    command=["command"],
    entry_point=["entryPoint"],
    working_directory="workingDirectory"
)

Attributes

command

Specifies parameters that you want to pass in with ENTRYPOINT.

You can specify a maximum of 1,500 parameters in the list.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-imageconfig.html#cfn-lambda-function-imageconfig-command

entry_point

Specifies the entry point to their application, which is typically the location of the runtime executable.

You can specify a maximum of 1,500 string entries in the list.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-imageconfig.html#cfn-lambda-function-imageconfig-entrypoint

working_directory

Specifies the working directory.

The length of the directory string cannot exceed 1,000 characters.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-imageconfig.html#cfn-lambda-function-imageconfig-workingdirectory

LoggingConfigProperty

class CfnFunction.LoggingConfigProperty(*, application_log_level=None, log_format=None, log_group=None, system_log_level=None)

Bases: object

The function’s Amazon CloudWatch Logs configuration settings.

Parameters:
  • application_log_level (Optional[str]) – Set this property to filter the application logs for your function that Lambda sends to CloudWatch. Lambda only sends application logs at the selected level of detail and lower, where TRACE is the highest level and FATAL is the lowest.

  • log_format (Optional[str]) – The format in which Lambda sends your function’s application and system logs to CloudWatch. Select between plain text and structured JSON.

  • log_group (Optional[str]) – The name of the Amazon CloudWatch log group the function sends logs to. By default, Lambda functions send logs to a default log group named /aws/lambda/<function name> . To use a different log group, enter an existing log group or enter a new log group name.

  • system_log_level (Optional[str]) – Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the selected level of detail and lower, where DEBUG is the highest level and WARN is the lowest.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

logging_config_property = lambda.CfnFunction.LoggingConfigProperty(
    application_log_level="applicationLogLevel",
    log_format="logFormat",
    log_group="logGroup",
    system_log_level="systemLogLevel"
)

Attributes

application_log_level

Set this property to filter the application logs for your function that Lambda sends to CloudWatch.

Lambda only sends application logs at the selected level of detail and lower, where TRACE is the highest level and FATAL is the lowest.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html#cfn-lambda-function-loggingconfig-applicationloglevel

log_format

The format in which Lambda sends your function’s application and system logs to CloudWatch.

Select between plain text and structured JSON.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html#cfn-lambda-function-loggingconfig-logformat

log_group

The name of the Amazon CloudWatch log group the function sends logs to.

By default, Lambda functions send logs to a default log group named /aws/lambda/<function name> . To use a different log group, enter an existing log group or enter a new log group name.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html#cfn-lambda-function-loggingconfig-loggroup

system_log_level

Set this property to filter the system logs for your function that Lambda sends to CloudWatch.

Lambda only sends system logs at the selected level of detail and lower, where DEBUG is the highest level and WARN is the lowest.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html#cfn-lambda-function-loggingconfig-systemloglevel

RuntimeManagementConfigProperty

class CfnFunction.RuntimeManagementConfigProperty(*, update_runtime_on, runtime_version_arn=None)

Bases: object

Sets the runtime management configuration for a function’s version.

For more information, see Runtime updates .

Parameters:
  • update_runtime_on (str) – Specify the runtime update mode. - Auto (default) - Automatically update to the most recent and secure runtime version using a Two-phase runtime version rollout . This is the best choice for most customers to ensure they always benefit from runtime updates. - FunctionUpdate - Lambda updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date. - Manual - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see Roll back a runtime version . Valid Values : Auto | FunctionUpdate | Manual

  • runtime_version_arn (Optional[str]) – The ARN of the runtime version you want the function to use. .. epigraph:: This is only required if you’re using the Manual runtime update mode.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

runtime_management_config_property = lambda.CfnFunction.RuntimeManagementConfigProperty(
    update_runtime_on="updateRuntimeOn",

    # the properties below are optional
    runtime_version_arn="runtimeVersionArn"
)

Attributes

runtime_version_arn

The ARN of the runtime version you want the function to use.

This is only required if you’re using the Manual runtime update mode.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html#cfn-lambda-function-runtimemanagementconfig-runtimeversionarn

update_runtime_on

Specify the runtime update mode.

  • Auto (default) - Automatically update to the most recent and secure runtime version using a Two-phase runtime version rollout . This is the best choice for most customers to ensure they always benefit from runtime updates.

  • FunctionUpdate - Lambda updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date.

  • Manual - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see Roll back a runtime version .

Valid Values : Auto | FunctionUpdate | Manual

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html#cfn-lambda-function-runtimemanagementconfig-updateruntimeon

SnapStartProperty

class CfnFunction.SnapStartProperty(*, apply_on)

Bases: object

The function’s AWS Lambda SnapStart setting.

Parameters:

apply_on (str) – Set ApplyOn to PublishedVersions to create a snapshot of the initialized execution environment when you publish a function version.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

snap_start_property = lambda.CfnFunction.SnapStartProperty(
    apply_on="applyOn"
)

Attributes

apply_on

Set ApplyOn to PublishedVersions to create a snapshot of the initialized execution environment when you publish a function version.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html#cfn-lambda-function-snapstart-applyon

SnapStartResponseProperty

class CfnFunction.SnapStartResponseProperty(*, apply_on=None, optimization_status=None)

Bases: object

The function’s SnapStart setting.

Parameters:
  • apply_on (Optional[str]) – When set to PublishedVersions , Lambda creates a snapshot of the execution environment when you publish a function version.

  • optimization_status (Optional[str]) – When you provide a qualified Amazon Resource Name (ARN) , this response element indicates whether SnapStart is activated for the specified function version.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstartresponse.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

snap_start_response_property = lambda.CfnFunction.SnapStartResponseProperty(
    apply_on="applyOn",
    optimization_status="optimizationStatus"
)

Attributes

apply_on

When set to PublishedVersions , Lambda creates a snapshot of the execution environment when you publish a function version.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstartresponse.html#cfn-lambda-function-snapstartresponse-applyon

optimization_status

//docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html#versioning-versions-using>`_ , this response element indicates whether SnapStart is activated for the specified function version.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstartresponse.html#cfn-lambda-function-snapstartresponse-optimizationstatus

Type:

When you provide a `qualified Amazon Resource Name (ARN) <https

TracingConfigProperty

class CfnFunction.TracingConfigProperty(*, mode=None)

Bases: object

The function’s AWS X-Ray tracing configuration. To sample and record incoming requests, set Mode to Active .

Parameters:

mode (Optional[str]) – The tracing mode.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-tracingconfig.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

tracing_config_property = lambda.CfnFunction.TracingConfigProperty(
    mode="mode"
)

Attributes

mode

The tracing mode.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-tracingconfig.html#cfn-lambda-function-tracingconfig-mode

VpcConfigProperty

class CfnFunction.VpcConfigProperty(*, ipv6_allowed_for_dual_stack=None, security_group_ids=None, subnet_ids=None)

Bases: object

The VPC security groups and subnets that are attached to a Lambda function.

When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function’s VPC configuration. The function can only access resources and the internet through that VPC. For more information, see VPC Settings . .. epigraph:

When you delete a function, AWS CloudFormation monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before AWS CloudFormation can delete the VPC's resources.

To monitor network interfaces, AWS CloudFormation needs the ``ec2:DescribeNetworkInterfaces`` permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, AWS CloudFormation does not wait for network interfaces to be deleted.
Parameters:
  • ipv6_allowed_for_dual_stack (Union[bool, IResolvable, None]) – Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

  • security_group_ids (Optional[Sequence[str]]) – A list of VPC security group IDs.

  • subnet_ids (Optional[Sequence[str]]) – A list of VPC subnet IDs.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

vpc_config_property = lambda.CfnFunction.VpcConfigProperty(
    ipv6_allowed_for_dual_stack=False,
    security_group_ids=["securityGroupIds"],
    subnet_ids=["subnetIds"]
)

Attributes

ipv6_allowed_for_dual_stack

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html#cfn-lambda-function-vpcconfig-ipv6allowedfordualstack

security_group_ids

A list of VPC security group IDs.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html#cfn-lambda-function-vpcconfig-securitygroupids

subnet_ids

A list of VPC subnet IDs.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html#cfn-lambda-function-vpcconfig-subnetids