class Function (construct)
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.Lambda.Function |
Go | github.com/aws/aws-cdk-go/awscdk/v2/awslambda#Function |
Java | software.amazon.awscdk.services.lambda.Function |
Python | aws_cdk.aws_lambda.Function |
TypeScript (source) | aws-cdk-lib » aws_lambda » Function |
Implements
IConstruct
, IDependable
, IResource
, IFunction
, IConnectable
, IGrantable
, IClient
Deploys a file from inside the construct library as a function.
The supplied file is subject to the 4096 bytes limit of being embedded in a CloudFormation template.
The construct includes an associated role with the lambda.
This construct does not yet reproduce all features from the underlying resource library.
Example
import * as signer from 'aws-cdk-lib/aws-signer';
const signingProfile = new signer.SigningProfile(this, 'SigningProfile', {
platform: signer.Platform.AWS_LAMBDA_SHA384_ECDSA,
});
const codeSigningConfig = new lambda.CodeSigningConfig(this, 'CodeSigningConfig', {
signingProfiles: [signingProfile],
});
new lambda.Function(this, 'Function', {
codeSigningConfig,
runtime: lambda.Runtime.NODEJS_18_X,
handler: 'index.handler',
code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')),
});
Initializer
new Function(scope: Construct, id: string, props: FunctionProps)
Parameters
- scope
Construct
- id
string
- props
Function
Props
Construct Props
Name | Type | Description |
---|---|---|
code | Code | The source code of your Lambda function. |
handler | string | The name of the method within your code that Lambda calls to execute your function. |
runtime | Runtime | The runtime environment for the Lambda function that you are uploading. |
adot | Adot | Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation. |
allow | boolean | Whether to allow the Lambda to send all ipv6 network traffic. |
allow | boolean | Whether to allow the Lambda to send all network traffic (except ipv6). |
allow | boolean | Lambda Functions in a public subnet can NOT access the internet. |
application | string | Sets the application log level for the function. |
application | Application | Sets the application log level for the function. |
architecture? | Architecture | The system architectures compatible with this lambda function. |
code | ICode | Code signing config associated with this function. |
current | Version | Options for the lambda.Version resource automatically created by the fn.currentVersion method. |
dead | IQueue | The SQS queue to use if DLQ is enabled. |
dead | boolean | Enabled DLQ. |
dead | ITopic | The SNS topic to use as a DLQ. |
description? | string | A description of the function. |
environment? | { [string]: string } | Key-value pairs that Lambda caches and makes available for your Lambda functions. |
environment | IKey | The AWS KMS key that's used to encrypt your function's environment variables. |
ephemeral | Size | The size of the function’s /tmp directory in MiB. |
events? | IEvent [] | Event sources for this function. |
filesystem? | File | The filesystem configuration for the lambda function. |
function | string | A name for the function. |
initial | Policy [] | Initial policy statements to add to the created Lambda Role. |
insights | Lambda | Specify the version of CloudWatch Lambda insights to use for monitoring. |
ipv6 | boolean | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. |
layers? | ILayer [] | A list of layers to add to the function's execution environment. |
log | string | Sets the logFormat for the function. |
log | ILog | The log group the function sends logs to. |
log | Retention | The number of days log events are kept in CloudWatch Logs. |
log | Log | When log retention is specified, a custom resource attempts to create the CloudWatch log group. |
log | IRole | The IAM role for the Lambda function associated with the custom resource that sets the retention policy. |
logging | Logging | Sets the loggingFormat for the function. |
max | Duration | The maximum age of a request that Lambda sends to a function for processing. |
memory | number | The amount of memory, in MB, that is allocated to your Lambda function. |
on | IDestination | The destination for failed invocations. |
on | IDestination | The destination for successful invocations. |
params | Params | Specify the configuration of Parameters and Secrets Extension. |
profiling? | boolean | Enable profiling. |
profiling | IProfiling | Profiling Group. |
recursive | Recursive | Sets the Recursive Loop Protection for Lambda Function. |
reserved | number | The maximum of concurrent executions you want to reserve for the function. |
retry | number | The maximum number of times to retry when the function returns an error. |
role? | IRole | Lambda execution role. |
runtime | Runtime | Sets the runtime management configuration for a function's version. |
security | ISecurity [] | The list of security groups to associate with the Lambda's network interfaces. |
snap | Snap | Enable SnapStart for Lambda Function. |
system | string | Sets the system log level for the function. |
system | System | Sets the system log level for the function. |
timeout? | Duration | The function execution time (in seconds) after which Lambda terminates the function. |
tracing? | Tracing | Enable AWS X-Ray Tracing for Lambda Function. |
vpc? | IVpc | VPC network to place Lambda network interfaces. |
vpc | Subnet | Where to place the network interfaces within the VPC. |
code
Type:
Code
The source code of your Lambda function.
You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text.
handler
Type:
string
The name of the method within your code that Lambda calls to execute your function.
The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html.
Use Handler.FROM_IMAGE
when defining a function from a Docker image.
NOTE: If you specify your source code as inline text by specifying the ZipFile property within the Code property, specify index.function_name as the handler.
runtime
Type:
Runtime
The runtime environment for the Lambda function that you are uploading.
For valid values, see the Runtime property in the AWS Lambda Developer Guide.
Use Runtime.FROM_IMAGE
when defining a function from a Docker image.
adotInstrumentation?
Type:
Adot
(optional, default: No ADOT instrumentation)
Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
See also: https://aws-otel.github.io/docs/getting-started/lambda
allowAllIpv6Outbound?
Type:
boolean
(optional, default: false)
Whether to allow the Lambda to send all ipv6 network traffic.
If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.
Do not specify this property if the securityGroups
or securityGroup
property is set.
Instead, configure allowAllIpv6Outbound
directly on the security group.
allowAllOutbound?
Type:
boolean
(optional, default: true)
Whether to allow the Lambda to send all network traffic (except ipv6).
If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets.
Do not specify this property if the securityGroups
or securityGroup
property is set.
Instead, configure allowAllOutbound
directly on the security group.
allowPublicSubnet?
Type:
boolean
(optional, default: false)
Lambda Functions in a public subnet can NOT access the internet.
Use this property to acknowledge this limitation and still place the function in a public subnet.
applicationLogLevel?
⚠️ Deprecated: Use applicationLogLevelV2
as a property instead.
Type:
string
(optional, default: "INFO")
Sets the application log level for the function.
applicationLogLevelV2?
Type:
Application
(optional, default: ApplicationLogLevel.INFO)
Sets the application log level for the function.
architecture?
Type:
Architecture
(optional, default: Architecture.X86_64)
The system architectures compatible with this lambda function.
codeSigningConfig?
Type:
ICode
(optional, default: Not Sign the Code)
Code signing config associated with this function.
currentVersionOptions?
Type:
Version
(optional, default: default options as described in VersionOptions
)
Options for the lambda.Version
resource automatically created by the fn.currentVersion
method.
deadLetterQueue?
Type:
IQueue
(optional, default: SQS queue with 14 day retention period if deadLetterQueueEnabled
is true
)
The SQS queue to use if DLQ is enabled.
If SNS topic is desired, specify deadLetterTopic
property instead.
deadLetterQueueEnabled?
Type:
boolean
(optional, default: false unless deadLetterQueue
is set, which implies DLQ is enabled.)
Enabled DLQ.
If deadLetterQueue
is undefined,
an SQS queue with default options will be defined for your Function.
deadLetterTopic?
Type:
ITopic
(optional, default: no SNS topic)
The SNS topic to use as a DLQ.
Note that if deadLetterQueueEnabled
is set to true
, an SQS queue will be created
rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.
description?
Type:
string
(optional, default: No description.)
A description of the function.
environment?
Type:
{ [string]: string }
(optional, default: No environment variables.)
Key-value pairs that Lambda caches and makes available for your Lambda functions.
Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code.
environmentEncryption?
Type:
IKey
(optional, default: AWS Lambda creates and uses an AWS managed customer master key (CMK).)
The AWS KMS key that's used to encrypt your function's environment variables.
ephemeralStorageSize?
Type:
Size
(optional, default: 512 MiB)
The size of the function’s /tmp directory in MiB.
events?
Type:
IEvent
[]
(optional, default: No event sources.)
Event sources for this function.
You can also add event sources using addEventSource
.
filesystem?
Type:
File
(optional, default: will not mount any filesystem)
The filesystem configuration for the lambda function.
functionName?
Type:
string
(optional, default: AWS CloudFormation generates a unique physical ID and uses that
ID for the function's name. For more information, see Name Type.)
A name for the function.
initialPolicy?
Type:
Policy
[]
(optional, default: No policy statements are added to the created Lambda role.)
Initial policy statements to add to the created Lambda Role.
You can call addToRolePolicy
to the created lambda to add statements post creation.
insightsVersion?
Type:
Lambda
(optional, default: No Lambda Insights)
Specify the version of CloudWatch Lambda insights to use for monitoring.
ipv6AllowedForDualStack?
Type:
boolean
(optional, default: false)
Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
Only used if 'vpc' is supplied.
layers?
Type:
ILayer
[]
(optional, default: No layers.)
A list of layers to add to the function's execution environment.
You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions.
logFormat?
⚠️ Deprecated: Use loggingFormat
as a property instead.
Type:
string
(optional, default: "Text")
Sets the logFormat for the function.
logGroup?
Type:
ILog
(optional, default: /aws/lambda/${this.functionName}
- default log group created by Lambda)
The log group the function sends logs to.
By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.
Use the logGroup
property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.
Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.
logRetention?
Type:
Retention
(optional, default: logs.RetentionDays.INFINITE)
The number of days log events are kept in CloudWatch Logs.
When updating
this property, unsetting it doesn't remove the log retention policy. To
remove the retention policy, set the value to INFINITE
.
This is a legacy API and we strongly recommend you move away from it if you can.
Instead create a fully customizable log group with logs.LogGroup
and use the logGroup
property
to instruct the Lambda function to send logs to it.
Migrating from logRetention
to logGroup
will cause the name of the log group to change.
Users and code and referencing the name verbatim will have to adjust.
In AWS CDK code, you can access the log group name directly from the LogGroup construct:
import * as logs from 'aws-cdk-lib/aws-logs';
declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;
logRetentionRetryOptions?
Type:
Log
(optional, default: Default AWS SDK retry options.)
When log retention is specified, a custom resource attempts to create the CloudWatch log group.
These options control the retry policy when interacting with CloudWatch APIs.
This is a legacy API and we strongly recommend you migrate to logGroup
if you can.
logGroup
allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.
logRetentionRole?
Type:
IRole
(optional, default: A new role is created.)
The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
This is a legacy API and we strongly recommend you migrate to logGroup
if you can.
logGroup
allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.
loggingFormat?
Type:
Logging
(optional, default: LoggingFormat.TEXT)
Sets the loggingFormat for the function.
maxEventAge?
Type:
Duration
(optional, default: Duration.hours(6))
The maximum age of a request that Lambda sends to a function for processing.
Minimum: 60 seconds Maximum: 6 hours
memorySize?
Type:
number
(optional, default: 128)
The amount of memory, in MB, that is allocated to your Lambda function.
Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide.
onFailure?
Type:
IDestination
(optional, default: no destination)
The destination for failed invocations.
onSuccess?
Type:
IDestination
(optional, default: no destination)
The destination for successful invocations.
paramsAndSecrets?
Type:
Params
(optional, default: No Parameters and Secrets Extension)
Specify the configuration of Parameters and Secrets Extension.
profiling?
Type:
boolean
(optional, default: No profiling.)
Enable profiling.
See also: https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html
profilingGroup?
Type:
IProfiling
(optional, default: A new profiling group will be created if profiling
is set.)
Profiling Group.
See also: https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html
recursiveLoop?
Type:
Recursive
(optional, default: RecursiveLoop.Terminate)
Sets the Recursive Loop Protection for Lambda Function.
It lets Lambda detect and terminate unintended recursive loops.
reservedConcurrentExecutions?
Type:
number
(optional, default: No specific limit - account limit.)
The maximum of concurrent executions you want to reserve for the function.
See also: https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html
retryAttempts?
Type:
number
(optional, default: 2)
The maximum number of times to retry when the function returns an error.
Minimum: 0 Maximum: 2
role?
Type:
IRole
(optional, default: A unique role will be generated for this lambda function.
Both supplied and generated roles can always be changed by calling addToRolePolicy
.)
Lambda execution role.
This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.
The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.
The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".
runtimeManagementMode?
Type:
Runtime
(optional, default: Auto)
Sets the runtime management configuration for a function's version.
securityGroups?
Type:
ISecurity
[]
(optional, default: If the function is placed within a VPC and a security group is
not specified, either by this or securityGroup prop, a dedicated security
group will be created for this function.)
The list of security groups to associate with the Lambda's network interfaces.
Only used if 'vpc' is supplied.
snapStart?
Type:
Snap
(optional, default: No snapstart)
Enable SnapStart for Lambda Function.
SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime
systemLogLevel?
⚠️ Deprecated: Use systemLogLevelV2
as a property instead.
Type:
string
(optional, default: "INFO")
Sets the system log level for the function.
systemLogLevelV2?
Type:
System
(optional, default: SystemLogLevel.INFO)
Sets the system log level for the function.
timeout?
Type:
Duration
(optional, default: Duration.seconds(3))
The function execution time (in seconds) after which Lambda terminates the function.
Because the execution time affects cost, set this value based on the function's expected execution time.
tracing?
Type:
Tracing
(optional, default: Tracing.Disabled)
Enable AWS X-Ray Tracing for Lambda Function.
vpc?
Type:
IVpc
(optional, default: Function is not placed within a VPC.)
VPC network to place Lambda network interfaces.
Specify this if the Lambda function needs to access resources in a VPC.
This is required when vpcSubnets
is specified.
vpcSubnets?
Type:
Subnet
(optional, default: the Vpc default strategy if not specified)
Where to place the network interfaces within the VPC.
This requires vpc
to be specified in order for interfaces to actually be
placed in the subnets. If vpc
is not specify, this will raise an error.
Note: Internet access for Lambda Functions requires a NAT Gateway, so picking
public subnets is not allowed (unless allowPublicSubnet
is set to true
).
Properties
Name | Type | Description |
---|---|---|
architecture | Architecture | The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64). |
can | boolean | Whether the addPermission() call adds any permissions. |
connections | Connections | Access the Connections object. |
current | Version | Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes. |
env | Resource | The environment this resource belongs to. |
function | string | ARN of this function. |
function | string | Name of this function. |
grant | IPrincipal | The principal this Lambda Function is running as. |
is | boolean | Whether or not this Lambda function was bound to a VPC. |
latest | IVersion | The $LATEST version of this function. |
log | ILog | The LogGroup where the Lambda function's logs are made available. |
node | Node | The tree node. |
permissions | Node | The construct node where permissions are attached. |
resource | string[] | The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke(). |
runtime | Runtime | The runtime configured for this lambda. |
stack | Stack | The stack in which this resource is defined. |
dead | IQueue | The DLQ (as queue) associated with this Lambda Function (this is an optional attribute). |
dead | ITopic | The DLQ (as topic) associated with this Lambda Function (this is an optional attribute). |
role? | IRole | Execution role associated with this function. |
timeout? | Duration | The timeout configured for this lambda. |
architecture
Type:
Architecture
The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
canCreatePermissions
Type:
boolean
Whether the addPermission() call adds any permissions.
True for new Lambdas, false for version $LATEST and imported Lambdas from different accounts.
connections
Type:
Connections
Access the Connections object.
Will fail if not a VPC-enabled Lambda Function
currentVersion
Type:
Version
Returns a lambda.Version
which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
You can specify options for this version using the currentVersionOptions
prop when initializing the lambda.Function
.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
functionArn
Type:
string
ARN of this function.
functionName
Type:
string
Name of this function.
grantPrincipal
Type:
IPrincipal
The principal this Lambda Function is running as.
isBoundToVpc
Type:
boolean
Whether or not this Lambda function was bound to a VPC.
If this is is false
, trying to access the connections
object will fail.
latestVersion
Type:
IVersion
The $LATEST
version of this function.
Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.
To obtain a reference to an explicit version which references the current
function configuration, use lambdaFunction.currentVersion
instead.
logGroup
Type:
ILog
The LogGroup where the Lambda function's logs are made available.
If either logRetention
is set or this property is called, a CloudFormation custom resource is added to the stack that
pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention
period (never expire, by default).
Further, if the log group already exists and the logRetention
is not set, the custom resource will reset the log retention
to never expire even if it was configured with a different value.
node
Type:
Node
The tree node.
permissionsNode
Type:
Node
The construct node where permissions are attached.
resourceArnsForGrantInvoke
Type:
string[]
The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
runtime
Type:
Runtime
The runtime configured for this lambda.
stack
Type:
Stack
The stack in which this resource is defined.
deadLetterQueue?
Type:
IQueue
(optional)
The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
deadLetterTopic?
Type:
ITopic
(optional)
The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
role?
Type:
IRole
(optional)
Execution role associated with this function.
timeout?
Type:
Duration
(optional)
The timeout configured for this lambda.
Methods
Name | Description |
---|---|
add | Defines an alias for this function. |
add | Adds an environment variable to this Lambda function. |
add | Adds an event source to this function. |
add | Adds an event source that maps to this AWS Lambda function. |
add | Adds a url to this lambda function. |
add | Adds one or more Lambda Layers to this Lambda function. |
add | Adds a permission to the Lambda resource policy. |
add | Adds a statement to the IAM role assumed by the instance. |
apply | Apply the given removal policy to this resource. |
configure | Configures options for asynchronous invocation. |
consider | A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function. |
grant | Grant the given identity permissions to invoke this Lambda. |
grant | Grant multiple principals the ability to invoke this Lambda via CompositePrincipal. |
grant | Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda. |
grant | Grant the given identity permissions to invoke this Lambda Function URL. |
grant | Grant the given identity permissions to invoke the given version of this Lambda. |
invalidate | Mix additional information into the hash of the Version object. |
metric(metricName, props?) | Return the given named metric for this Function. |
metric | How long execution of this Lambda takes. |
metric | How many invocations of this Lambda fail. |
metric | How often this Lambda is invoked. |
metric | How often this Lambda is throttled. |
to | Returns a string representation of this construct. |
static classify | Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource. |
static from | Import a lambda function into the CDK using its ARN. |
static from | Creates a Lambda function object which represents a function not defined within this stack. |
static from | Import a lambda function into the CDK using its name. |
static metric | Return the given named metric for this Lambda. |
static metric | Metric for the number of concurrent executions across all Lambdas. |
static metric | Metric for the Duration executing all Lambdas. |
static metric | Metric for the number of Errors executing all Lambdas. |
static metric | Metric for the number of invocations of all Lambdas. |
static metric | Metric for the number of throttled invocations of all Lambdas. |
static metric | Metric for the number of unreserved concurrent executions across all Lambdas. |
addAlias(aliasName, options?)
public addAlias(aliasName: string, options?: AliasOptions): Alias
Parameters
- aliasName
string
— The name of the alias. - options
Alias
— Alias options.Options
Returns
Defines an alias for this function.
The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.
declare const fn: lambda.Function;
fn.addAlias('Live');
// Is equivalent to
new lambda.Alias(this, 'AliasLive', {
aliasName: 'Live',
version: fn.currentVersion,
});
addEnvironment(key, value, options?)
public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function
Parameters
- key
string
— The environment variable key. - value
string
— The environment variable's value. - options
Environment
— Environment variable options.Options
Returns
Adds an environment variable to this Lambda function.
If this is a ref to a Lambda function, this operation results in a no-op.
addEventSource(source)
public addEventSource(source: IEventSource): void
Parameters
- source
IEvent
Source
Adds an event source to this function.
Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.
The following example adds an SQS Queue as an event source:
import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));
addEventSourceMapping(id, options)
public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping
Parameters
- id
string
- options
Event
Source Mapping Options
Returns
Adds an event source that maps to this AWS Lambda function.
addFunctionUrl(options?)
public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl
Parameters
- options
Function
Url Options
Returns
Adds a url to this lambda function.
addLayers(...layers)
public addLayers(...layers: ILayerVersion[]): void
Parameters
- layers
ILayer
— the layers to be added.Version
Adds one or more Lambda Layers to this Lambda function.
addPermission(id, permission)
public addPermission(id: string, permission: Permission): void
Parameters
- id
string
— The id for the permission construct. - permission
Permission
— The permission to grant to this Lambda function.
Adds a permission to the Lambda resource policy.
See also: [Permission for details.](Permission for details.)
addToRolePolicy(statement)
public addToRolePolicy(statement: PolicyStatement): void
Parameters
- statement
Policy
Statement
Adds a statement to the IAM role assumed by the instance.
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
Removal
Policy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY
), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN
).
configureAsyncInvoke(options)
public configureAsyncInvoke(options: EventInvokeConfigOptions): void
Parameters
- options
Event
Invoke Config Options
Configures options for asynchronous invocation.
considerWarningOnInvokeFunctionPermissions(scope, action)
public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void
Parameters
- scope
Construct
- action
string
A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction
are added to the unqualified function.
- function.currentVersion is invoked before or after the permission is created.
This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.
grantInvoke(grantee)
public grantInvoke(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant the given identity permissions to invoke this Lambda.
grantInvokeCompositePrincipal(compositePrincipal)
public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]
Parameters
- compositePrincipal
Composite
Principal
Returns
Grant
[]
Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
grantInvokeLatestVersion(grantee)
public grantInvokeLatestVersion(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
grantInvokeUrl(grantee)
public grantInvokeUrl(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant the given identity permissions to invoke this Lambda Function URL.
grantInvokeVersion(grantee, version)
public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant
Parameters
- grantee
IGrantable
- version
IVersion
Returns
Grant the given identity permissions to invoke the given version of this Lambda.
invalidateVersionBasedOn(x)
public invalidateVersionBasedOn(x: string): void
Parameters
- x
string
Mix additional information into the hash of the Version object.
The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).
However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.
This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.
This method may be called more than once.
metric(metricName, props?)
public metric(metricName: string, props?: MetricOptions): Metric
Parameters
- metricName
string
- props
Metric
Options
Returns
Return the given named metric for this Function.
metricDuration(props?)
public metricDuration(props?: MetricOptions): Metric
Parameters
- props
Metric
Options
Returns
How long execution of this Lambda takes.
Average over 5 minutes
metricErrors(props?)
public metricErrors(props?: MetricOptions): Metric
Parameters
- props
Metric
Options
Returns
How many invocations of this Lambda fail.
Sum over 5 minutes
metricInvocations(props?)
public metricInvocations(props?: MetricOptions): Metric
Parameters
- props
Metric
Options
Returns
How often this Lambda is invoked.
Sum over 5 minutes
metricThrottles(props?)
public metricThrottles(props?: MetricOptions): Metric
Parameters
- props
Metric
Options
Returns
How often this Lambda is throttled.
Sum over 5 minutes
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static classifyVersionProperty(propertyName, locked)
public static classifyVersionProperty(propertyName: string, locked: boolean): void
Parameters
- propertyName
string
— The property to classify. - locked
boolean
— whether the property should be associated to the version or not.
Record whether specific properties in the AWS::Lambda::Function
resource should also be associated to the Version resource.
See 'currentVersion' section in the module README for more details.
static fromFunctionArn(scope, id, functionArn)
public static fromFunctionArn(scope: Construct, id: string, functionArn: string): IFunction
Parameters
- scope
Construct
- id
string
- functionArn
string
Returns
Import a lambda function into the CDK using its ARN.
For Function.addPermissions()
to work on this imported lambda, make sure that is
in the same account and region as the stack you are importing it into.
static fromFunctionAttributes(scope, id, attrs)
public static fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes): IFunction
Parameters
- scope
Construct
— The parent construct. - id
string
— The name of the lambda construct. - attrs
Function
— the attributes of the function to import.Attributes
Returns
Creates a Lambda function object which represents a function not defined within this stack.
For Function.addPermissions()
to work on this imported lambda, set the sameEnvironment property to true
if this imported lambda is in the same account and region as the stack you are importing it into.
static fromFunctionName(scope, id, functionName)
public static fromFunctionName(scope: Construct, id: string, functionName: string): IFunction
Parameters
- scope
Construct
- id
string
- functionName
string
Returns
Import a lambda function into the CDK using its name.
static metricAll(metricName, props?)
public static metricAll(metricName: string, props?: MetricOptions): Metric
Parameters
- metricName
string
- props
Metric
Options
Returns
Return the given named metric for this Lambda.
static metricAllConcurrentExecutions(props?)
public static metricAllConcurrentExecutions(props?: MetricOptions): Metric
Parameters
- props
Metric
Options
Returns
Metric for the number of concurrent executions across all Lambdas.
static metricAllDuration(props?)
public static metricAllDuration(props?: MetricOptions): Metric
Parameters
- props
Metric
Options
Returns
Metric for the Duration executing all Lambdas.
static metricAllErrors(props?)
public static metricAllErrors(props?: MetricOptions): Metric
Parameters
- props
Metric
Options
Returns
Metric for the number of Errors executing all Lambdas.
static metricAllInvocations(props?)
public static metricAllInvocations(props?: MetricOptions): Metric
Parameters
- props
Metric
Options
Returns
Metric for the number of invocations of all Lambdas.
static metricAllThrottles(props?)
public static metricAllThrottles(props?: MetricOptions): Metric
Parameters
- props
Metric
Options
Returns
Metric for the number of throttled invocations of all Lambdas.
static metricAllUnreservedConcurrentExecutions(props?)
public static metricAllUnreservedConcurrentExecutions(props?: MetricOptions): Metric
Parameters
- props
Metric
Options
Returns
Metric for the number of unreserved concurrent executions across all Lambdas.