AWS CloudFormation resources generated when AWS::Serverless::Function is specified

When an AWS::Serverless::Function is specified, AWS Serverless Application Model (AWS SAM) always creates an AWS::Lambda::Function base AWS CloudFormation resource.

AWS::Lambda::Function

LogicalId: <function‑LogicalId>

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

In addition to this AWS CloudFormation resource, when AWS::Serverless::Function is specified, AWS SAM also generates AWS CloudFormation resources for the following scenarios.

Core function properties

The following scenarios generate AWS CloudFormation resources based on core function properties:

Role property is not specified

When the Role property of an AWS::Serverless::Function is not specified, AWS SAM generates an AWS::IAM::Role AWS CloudFormation resource.

AWS::IAM::Role

LogicalId: <function‑LogicalId>Role

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

AutoPublishAlias property is specified

When the AutoPublishAlias property of an AWS::Serverless::Function is specified, AWS SAM generates the following AWS CloudFormation resources: AWS::Lambda::Alias and AWS::Lambda::Version.

AWS::Lambda::Alias

LogicalId: <function‑LogicalId>Alias<alias‑name>

<alias‑name> is the string that AutoPublishAlias is set to. For example, if you set AutoPublishAlias to live, the LogicalId is: MyFunctionAliaslive.

Referenceable property: <function‑LogicalId>.Alias

AWS::Lambda::Version

LogicalId: <function‑LogicalId>Version<sha>

<sha> is a unique hash value that is generated when the stack is created. For example, MyFunctionVersion926eeb5ff1.

Referenceable property: <function‑LogicalId>.Version

For additional information on the AutoPublishAlias property, see the Properties section of AWS::Serverless::Function.

DeploymentPreference property is specified

When the DeploymentPreference property of an AWS::Serverless::Function is specified, AWS SAM generates the following resources AWS CloudFormation resources: AWS::CodeDeploy::Application and AWS::CodeDeploy::DeploymentGroup. In addition, if the Role property of the DeploymentPreference object is not specified, AWS SAM also generates an AWS::IAM::Role AWS CloudFormation resource.

AWS::CodeDeploy::Application

LogicalId: ServerlessDeploymentApplication

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

AWS::CodeDeploy::DeploymentGroup

LogicalId: <function‑LogicalId>DeploymentGroup

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

AWS::IAM::Role

LogicalId: CodeDeployServiceRole

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

FunctionUrlConfig property is specified

When the FunctionUrlConfig property is specified, AWS SAM generates different AWS CloudFormation resources based on the AuthType.

When AuthType: NONE is specified, AWS SAM generates the following AWS CloudFormation resources:

AWS::Lambda::Permission (Invoke Access)

LogicalId: <function‑LogicalId>URLInvokeAllowPublicAccess

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

AWS::Lambda::Permission (Public Access)

LogicalId: <function‑LogicalId>UrlPublicPermissions

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

AWS::Lambda::Url

LogicalId: <function‑LogicalId>Url

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

When AuthType: AWS_IAM is specified, AWS SAM generates only:

AWS::Lambda::Url

LogicalId: <function‑LogicalId>Url

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

For additional information on the FunctionUrlConfig property, see FunctionUrlConfig.

Event sources

The following scenarios generate AWS CloudFormation resources based on event sources:

An Api event source is specified

When the Event property of an AWS::Serverless::Function is set to Api, but the RestApiId property is not specified, AWS SAM generates the AWS::ApiGateway::RestApi AWS CloudFormation resource.

AWS::ApiGateway::RestApi

LogicalId: ServerlessRestApi

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

An HttpApi event source is specified

When the Event property of an AWS::Serverless::Function is set to HttpApi, but the ApiId property is not specified, AWS SAM generates the AWS::ApiGatewayV2::Api AWS CloudFormation resource.

AWS::ApiGatewayV2::Api

LogicalId: ServerlessHttpApi

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

A streaming event source is specified

When the Event property of an AWS::Serverless::Function is set to one of the streaming types, AWS SAM generates the AWS::Lambda::EventSourceMapping AWS CloudFormation resource. This applies to the following types: DynamoDB, Kinesis, MQ, MSK, and SQS.

AWS::Lambda::EventSourceMapping

LogicalId: <function‑LogicalId><event‑LogicalId>

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

An event bridge (or event bus) event source is specified

When the Event property of an AWS::Serverless::Function is set to one of the event bridge (or event bus) types, AWS SAM generates the AWS::Events::Rule AWS CloudFormation resource. This applies to the following types: EventBridgeRule, Schedule, and CloudWatchEvents.

AWS::Events::Rule

LogicalId: <function‑LogicalId><event‑LogicalId>

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

An IotRule event source is specified

When the Event property of an AWS::Serverless::Function is set to IoTRule, AWS SAM generates the AWS::IoT::TopicRule AWS CloudFormation resource.

AWS::IoT::TopicRule

LogicalId: <function‑LogicalId><event‑LogicalId>

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

Event configuration

The following scenarios generate AWS CloudFormation resources based on event configuration:

OnSuccess (or OnFailure) property is specified for Amazon SNS events

When the OnSuccess (or OnFailure) property of the DestinationConfig property of the EventInvokeConfig property of an AWS::Serverless::Function is specified, and the destination type is SNS but the destination ARN is not specified, AWS SAM generates the following AWS CloudFormation resources: AWS::Lambda::EventInvokeConfig and AWS::SNS::Topic.

AWS::Lambda::EventInvokeConfig

LogicalId: <function‑LogicalId>EventInvokeConfig

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

AWS::SNS::Topic

LogicalId: <function‑LogicalId>OnSuccessTopic (or <function‑LogicalId>OnFailureTopic)

Referenceable property: <function‑LogicalId>.DestinationTopic

If both OnSuccess and OnFailure are specified for an Amazon SNS event, to distinguish between the generated resources, you must use the LogicalId.

OnSuccess (or OnFailure) property is specified for Amazon SQS events

When the OnSuccess (or OnFailure) property of the DestinationConfig property of the EventInvokeConfig property of an AWS::Serverless::Function is specified, and the destination type is SQS but the destination ARN is not specified, AWS SAM generates the following AWS CloudFormation resources: AWS::Lambda::EventInvokeConfig and AWS::SQS::Queue.

AWS::Lambda::EventInvokeConfig

LogicalId: <function‑LogicalId>EventInvokeConfig

Referenceable property: N/A (you must use the LogicalId to reference this AWS CloudFormation resource)

AWS::SQS::Queue

LogicalId: <function‑LogicalId>OnSuccessQueue (or <function‑LogicalId>OnFailureQueue)

Referenceable property: <function‑LogicalId>.DestinationQueue

If both OnSuccess and OnFailure are specified for an Amazon SQS event, to distinguish between the generated resources, you must use the LogicalId.