Table Of Contents


User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . lambda ]



Creates a Lambda function. To create a function, you need a deployment package and an execution role . The deployment package contains your function code. The execution role grants the function permission to use AWS services such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing.

A function has an unpublished version, and can have published versions and aliases. A published version is a snapshot of your function code and configuration that can not be changed. An alias is a named resource that maps to a version, and can be changed to map to a different version. Use the Publish parameter to create version 1 of your function from its initial configuration.

The other parameters let you configure version-specific and function-level settings. You can modify version-specific settings later with UpdateFunctionConfiguration . Function-level settings apply to both the unpublished and published versions of the function and include tags ( TagResource ) and per-function concurrency limits ( PutFunctionConcurrency ).

If another account or a AWS service invokes your function, use AddPermission to grant permission by creating a resource-based IAM policy. You can grant permissions at the function level, on a version, or on an alias.

To invoke your function directly, use Invoke . To invoke your function in response to events in other AWS services, create an event source mapping ( CreateEventSourceMapping ), or configure a function trigger in the other service. For more information, see Invoking Functions .

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.


--function-name <value>
--runtime <value>
--role <value>
--handler <value>
[--code <value>]
[--description <value>]
[--timeout <value>]
[--memory-size <value>]
[--publish | --no-publish]
[--vpc-config <value>]
[--dead-letter-config <value>]
[--environment <value>]
[--kms-key-arn <value>]
[--tracing-config <value>]
[--tags <value>]
[--layers <value>]
[--zip-file <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]


--function-name (string)

The name of the Lambda function.

Name formats
  • Function name - my-function .
  • Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function .
  • Partial ARN - 123456789012:function:my-function .

The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.

--runtime (string)

The identifier of the function's runtime .

Possible values:

  • nodejs
  • nodejs4.3
  • nodejs6.10
  • nodejs8.10
  • java8
  • python2.7
  • python3.6
  • python3.7
  • dotnetcore1.0
  • dotnetcore2.0
  • dotnetcore2.1
  • nodejs4.3-edge
  • go1.x
  • ruby2.5
  • provided

--role (string)

The Amazon Resource Name (ARN) of the function's execution role.

--handler (string)

The name of the method within your code that Lambda calls to execute your function. The format includes the filename and can also include namespaces and other qualifiers, depending on the runtime. For more information, see Programming Model .

--code (structure)

The code for the function.

Shorthand Syntax:


JSON Syntax:

  "S3Bucket": "string",
  "S3Key": "string",
  "S3ObjectVersion": "string"

--description (string)

A description of the function.

--timeout (integer)

The amount of time that Lambda allows a function to run before terminating it. The default is 3 seconds. The maximum allowed value is 900 seconds.

--memory-size (integer)

The amount of memory that your function has access to. Increasing the function's memory also increases it's CPU allocation. The default value is 128 MB. The value must be a multiple of 64 MB.

--publish | --no-publish (boolean)

Set to true to publish the first version of the function during creation.

--vpc-config (structure)

For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can only access resources and the internet through that VPC. For more information, see VPC Settings .

Shorthand Syntax:


JSON Syntax:

  "SubnetIds": ["string", ...],
  "SecurityGroupIds": ["string", ...]

--dead-letter-config (structure)

A dead letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see Dead Letter Queues .

Shorthand Syntax:


JSON Syntax:

  "TargetArn": "string"

--environment (structure)

Environment variables that are accessible from function code during execution.

Shorthand Syntax:


JSON Syntax:

  "Variables": {"string": "string"

--kms-key-arn (string)

The ARN of the AWS Key Management Service key used to encrypt your function's environment variables. If not provided, AWS Lambda uses a default service key.

--tracing-config (structure)

Set Mode to Active to sample and trace a subset of incoming requests with AWS X-Ray.

Shorthand Syntax:


JSON Syntax:

  "Mode": "Active"|"PassThrough"

--tags (map)

A list of tags to apply to the function.

Shorthand Syntax:


JSON Syntax:

{"string": "string"

--layers (list)

A list of function layers to add to the function's execution environment. Specify each layer by ARN, including the version.


"string" "string" ...

--zip-file (blob)

The path to the zip file of the code you are uploading. Example: fileb://

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.


FunctionName -> (string)

The name of the function.

FunctionArn -> (string)

The function's Amazon Resource Name (ARN).

Runtime -> (string)

The runtime environment for the Lambda function.

Role -> (string)

The function's execution role.

Handler -> (string)

The function Lambda calls to begin executing your function.

CodeSize -> (long)

The size of the function's deployment package in bytes.

Description -> (string)

The function's description.

Timeout -> (integer)

The amount of time that Lambda allows a function to run before terminating it.

MemorySize -> (integer)

The memory allocated to the function

LastModified -> (string)

The date and time that the function was last updated, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).

CodeSha256 -> (string)

The SHA256 hash of the function's deployment package.

Version -> (string)

The version of the Lambda function.

VpcConfig -> (structure)

The function's networking configuration.

SubnetIds -> (list)

A list of VPC subnet IDs.


SecurityGroupIds -> (list)

A list of VPC security groups IDs.


VpcId -> (string)

The ID of the VPC.

DeadLetterConfig -> (structure)

The function's dead letter queue.

TargetArn -> (string)

The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.

Environment -> (structure)

The function's environment variables.

Variables -> (map)

Environment variable key-value pairs.

key -> (string)

value -> (string)

Error -> (structure)

Error messages for environment variables that could not be applied.

ErrorCode -> (string)

The error code.

Message -> (string)

The error message.

KMSKeyArn -> (string)

The KMS key used to encrypt the function's environment variables. Only returned if you've configured a customer managed CMK.

TracingConfig -> (structure)

The function's AWS X-Ray tracing configuration.

Mode -> (string)

The tracing mode.

MasterArn -> (string)

For Lambda@Edge functions, the ARN of the master function.

RevisionId -> (string)

Represents the latest updated revision of the function or alias.

Layers -> (list)

The function's layers


An AWS Lambda layer .

Arn -> (string)

The Amazon Resource Name (ARN) of the function layer.

CodeSize -> (long)

The size of the layer archive in bytes.