ProviderProps

class aws_cdk.custom_resources.ProviderProps(*, on_event_handler, is_complete_handler=None, log_group=None, log_retention=None, provider_function_env_encryption=None, provider_function_name=None, query_interval=None, role=None, security_groups=None, total_timeout=None, vpc=None, vpc_subnets=None)

Bases: object

Initialization properties for the Provider construct.

Parameters:

  • on_event_handler (IFunction) – The AWS Lambda function to invoke for all resource lifecycle operations (CREATE/UPDATE/DELETE). This function is responsible to begin the requested resource operation (CREATE/UPDATE/DELETE) and return any additional properties to add to the event, which will later be passed to isComplete. The PhysicalResourceId property must be included in the response.

  • is_complete_handler (Optional[IFunction]) – The AWS Lambda function to invoke in order to determine if the operation is complete. This function will be called immediately after onEvent and then periodically based on the configured query interval as long as it returns false. If the function still returns false and the alloted timeout has passed, the operation will fail. Default: - provider is synchronous. This means that the onEvent handler is expected to finish all lifecycle operations within the initial invocation.

  • log_group (Optional[ILogGroup]) – The Log Group used for logging of events emitted by the custom resource’s lambda function. Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first. Default: - a default log group created by AWS Lambda

  • log_retention (Optional[RetentionDays]) – The number of days framework log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn’t remove the log retention policy. To remove the retention policy, set the value to INFINITE. This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it. Default: logs.RetentionDays.INFINITE

  • provider_function_env_encryption (Optional[IKey]) – AWS KMS key used to encrypt provider lambda’s environment variables. Default: - AWS Lambda creates and uses an AWS managed customer master key (CMK)

  • provider_function_name (Optional[str]) – Provider Lambda name. The provider lambda function name. Default: - CloudFormation default name from unique physical ID

  • query_interval (Optional[Duration]) – Time between calls to the isComplete handler which determines if the resource has been stabilized. The first isComplete will be called immediately after handler and then every queryInterval seconds, and until timeout has been reached or until isComplete returns true. Default: Duration.seconds(5)

  • role (Optional[IRole]) – AWS Lambda execution role. The role that will be assumed by the AWS Lambda. Must be assumable by the ‘lambda.amazonaws.com’ service principal. Default: - A default role will be created.

  • security_groups (Optional[Sequence[ISecurityGroup]]) – Security groups to attach to the provider functions. Only used if ‘vpc’ is supplied Default: - If vpc is not supplied, no security groups are attached. Otherwise, a dedicated security group is created for each function.

  • total_timeout (Optional[Duration]) – Total timeout for the entire operation. The maximum timeout is 1 hour (yes, it can exceed the AWS Lambda 15 minutes) Default: Duration.minutes(30)

  • vpc (Optional[IVpc]) – The vpc to provision the lambda functions in. Default: - functions are not provisioned inside a vpc.

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – Which subnets from the VPC to place the lambda functions in. Only used if ‘vpc’ is supplied. Note: internet access for Lambdas requires a NAT gateway, so picking Public subnets is not allowed. Default: - the Vpc default strategy if not specified

ExampleMetadata:

infused

Example:

# on_event: lambda.Function
# is_complete: lambda.Function
# my_role: iam.Role

my_provider = cr.Provider(self, "MyProvider",
    on_event_handler=on_event,
    is_complete_handler=is_complete,
    log_group=logs.LogGroup(self, "MyProviderLogs",
        retention=logs.RetentionDays.ONE_DAY
    ),
    role=my_role,
    provider_function_name="the-lambda-name"
)

Attributes

is_complete_handler

The AWS Lambda function to invoke in order to determine if the operation is complete.

This function will be called immediately after onEvent and then periodically based on the configured query interval as long as it returns false. If the function still returns false and the alloted timeout has passed, the operation will fail.

Default:

  • provider is synchronous. This means that the onEvent handler

is expected to finish all lifecycle operations within the initial invocation.

log_group

The Log Group used for logging of events emitted by the custom resource’s lambda function.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

Default:

  • a default log group created by AWS Lambda

log_retention

The number of days framework log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn’t remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

Default:

logs.RetentionDays.INFINITE

on_event_handler

The AWS Lambda function to invoke for all resource lifecycle operations (CREATE/UPDATE/DELETE).

This function is responsible to begin the requested resource operation (CREATE/UPDATE/DELETE) and return any additional properties to add to the event, which will later be passed to isComplete. The PhysicalResourceId property must be included in the response.

provider_function_env_encryption

AWS KMS key used to encrypt provider lambda’s environment variables.

Default:

  • AWS Lambda creates and uses an AWS managed customer master key (CMK)

provider_function_name

Provider Lambda name.

The provider lambda function name.

Default:

  • CloudFormation default name from unique physical ID

query_interval

Time between calls to the isComplete handler which determines if the resource has been stabilized.

The first isComplete will be called immediately after handler and then every queryInterval seconds, and until timeout has been reached or until isComplete returns true.

Default:

Duration.seconds(5)

role

AWS Lambda execution role.

The role that will be assumed by the AWS Lambda. Must be assumable by the ‘lambda.amazonaws.com’ service principal.

Default:

  • A default role will be created.

security_groups

Security groups to attach to the provider functions.

Only used if ‘vpc’ is supplied

Default:

  • If vpc is not supplied, no security groups are attached. Otherwise, a dedicated security

group is created for each function.

total_timeout

Total timeout for the entire operation.

The maximum timeout is 1 hour (yes, it can exceed the AWS Lambda 15 minutes)

Default:

Duration.minutes(30)

vpc

The vpc to provision the lambda functions in.

Default:

  • functions are not provisioned inside a vpc.

vpc_subnets

Which subnets from the VPC to place the lambda functions in.

Only used if ‘vpc’ is supplied. Note: internet access for Lambdas requires a NAT gateway, so picking Public subnets is not allowed.

Default:

  • the Vpc default strategy if not specified