AssetCode
- class aws_cdk.aws_lambda.AssetCode(path, *, deploy_time=None, readers=None, source_kms_key=None, asset_hash=None, asset_hash_type=None, bundling=None, exclude=None, follow_symlinks=None, ignore_mode=None)
Bases:
Code
Lambda code from a local directory.
- ExampleMetadata:
infused
Example:
# Lambda function containing logic that evaluates compliance with the rule. eval_compliance_fn = lambda_.Function(self, "CustomFunction", code=lambda_.AssetCode.from_inline("exports.handler = (event) => console.log(event);"), handler="index.handler", runtime=lambda_.Runtime.NODEJS_18_X ) # A custom rule that runs on configuration changes of EC2 instances custom_rule = config.CustomRule(self, "Custom", configuration_changes=True, lambda_function=eval_compliance_fn, rule_scope=config.RuleScope.from_resource(config.ResourceType.EC2_INSTANCE) ) # A rule to detect stack drifts drift_rule = config.CloudFormationStackDriftDetectionCheck(self, "Drift") # Topic to which compliance notification events will be published compliance_topic = sns.Topic(self, "ComplianceTopic") # Send notification on compliance change events drift_rule.on_compliance_change("ComplianceChange", target=targets.SnsTopic(compliance_topic) )
- Parameters:
path (
str
) – The path to the asset file or directory.deploy_time (
Optional
[bool
]) – Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: falsereaders (
Optional
[Sequence
[IGrantable
]]) – A list of principals that should be able to read this asset from S3. You can useasset.grantRead(principal)
to grant read permissions later. Default: - No principals that can read file asset.source_kms_key (
Optional
[IKey
]) – The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.asset_hash (
Optional
[str
]) – Specify a custom hash for this asset. IfassetHashType
is set it must be set toAssetHashType.CUSTOM
. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based onassetHashType
asset_hash_type (
Optional
[AssetHashType
]) – Specifies the type of hash to calculate for this asset. IfassetHash
is configured, this option must beundefined
orAssetHashType.CUSTOM
. Default: - the default isAssetHashType.SOURCE
, but ifassetHash
is explicitly specified this value defaults toAssetHashType.CUSTOM
.bundling (
Union
[BundlingOptions
,Dict
[str
,Any
],None
]) – Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at/asset-input
. The Docker container is responsible for putting content at/asset-output
. The content at/asset-output
will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwiseexclude (
Optional
[Sequence
[str
]]) – File paths matching the patterns will be excluded. SeeignoreMode
to set the matching behavior. Has no effect on Assets bundled using thebundling
property. Default: - nothing is excludedfollow_symlinks (
Optional
[SymlinkFollowMode
]) – A strategy for how to handle symlinks. Default: SymlinkFollowMode.NEVERignore_mode (
Optional
[IgnoreMode
]) – The ignore behavior to use forexclude
patterns. Default: IgnoreMode.GLOB
Methods
- bind(scope)
Called when the lambda or layer is initialized to allow this object to bind to the stack, add resources and have fun.
- Parameters:
scope (
Construct
) –- Return type:
- bind_to_resource(resource, *, resource_property=None)
Called after the CFN function resource has been created to allow the code class to bind to it.
Specifically it’s required to allow assets to add metadata for tooling like SAM CLI to be able to find their origins.
- Parameters:
resource (
CfnResource
) –resource_property (
Optional
[str
]) – The name of the CloudFormation property to annotate with asset metadata. Default: Code
- Return type:
None
Attributes
- is_inline
Determines whether this Code is inline code or not.
- path
The path to the asset file or directory.
Static Methods
- classmethod from_asset(path, *, deploy_time=None, readers=None, source_kms_key=None, asset_hash=None, asset_hash_type=None, bundling=None, exclude=None, follow_symlinks=None, ignore_mode=None)
Loads the function code from a local disk path.
- Parameters:
path (
str
) – Either a directory with the Lambda code bundle or a .zip file.deploy_time (
Optional
[bool
]) – Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: falsereaders (
Optional
[Sequence
[IGrantable
]]) – A list of principals that should be able to read this asset from S3. You can useasset.grantRead(principal)
to grant read permissions later. Default: - No principals that can read file asset.source_kms_key (
Optional
[IKey
]) – The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.asset_hash (
Optional
[str
]) – Specify a custom hash for this asset. IfassetHashType
is set it must be set toAssetHashType.CUSTOM
. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based onassetHashType
asset_hash_type (
Optional
[AssetHashType
]) – Specifies the type of hash to calculate for this asset. IfassetHash
is configured, this option must beundefined
orAssetHashType.CUSTOM
. Default: - the default isAssetHashType.SOURCE
, but ifassetHash
is explicitly specified this value defaults toAssetHashType.CUSTOM
.bundling (
Union
[BundlingOptions
,Dict
[str
,Any
],None
]) – Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at/asset-input
. The Docker container is responsible for putting content at/asset-output
. The content at/asset-output
will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwiseexclude (
Optional
[Sequence
[str
]]) – File paths matching the patterns will be excluded. SeeignoreMode
to set the matching behavior. Has no effect on Assets bundled using thebundling
property. Default: - nothing is excludedfollow_symlinks (
Optional
[SymlinkFollowMode
]) – A strategy for how to handle symlinks. Default: SymlinkFollowMode.NEVERignore_mode (
Optional
[IgnoreMode
]) – The ignore behavior to use forexclude
patterns. Default: IgnoreMode.GLOB
- Return type:
- classmethod from_asset_image(directory, *, cmd=None, entrypoint=None, working_directory=None, asset_name=None, build_args=None, build_secrets=None, build_ssh=None, cache_disabled=None, cache_from=None, cache_to=None, file=None, invalidation=None, network_mode=None, outputs=None, platform=None, target=None, extra_hash=None, exclude=None, follow_symlinks=None, ignore_mode=None)
Create an ECR image from the specified asset and bind it as the Lambda code.
- Parameters:
directory (
str
) – the directory from which the asset must be created.cmd (
Optional
[Sequence
[str
]]) – Specify or override the CMD on the specified Docker image or Dockerfile. This needs to be in the ‘exec form’, viz.,[ 'executable', 'param1', 'param2' ]
. Default: - use the CMD specified in the docker image or Dockerfile.entrypoint (
Optional
[Sequence
[str
]]) – Specify or override the ENTRYPOINT on the specified Docker image or Dockerfile. An ENTRYPOINT allows you to configure a container that will run as an executable. This needs to be in the ‘exec form’, viz.,[ 'executable', 'param1', 'param2' ]
. Default: - use the ENTRYPOINT in the docker image or Dockerfile.working_directory (
Optional
[str
]) – Specify or override the WORKDIR on the specified Docker image or Dockerfile. A WORKDIR allows you to configure the working directory the container will use. Default: - use the WORKDIR in the docker image or Dockerfile.asset_name (
Optional
[str
]) – Unique identifier of the docker image asset and its potential revisions. Required if using AppScopedStagingSynthesizer. Default: - no asset namebuild_args (
Optional
[Mapping
[str
,str
]]) – Build args to pass to thedocker build
command. Since Docker build arguments are resolved before deployment, keys and values cannot refer to unresolved tokens (such aslambda.functionArn
orqueue.queueUrl
). Default: - no build args are passedbuild_secrets (
Optional
[Mapping
[str
,str
]]) – Build secrets. Docker BuildKit must be enabled to use build secrets. Default: - no build secretsbuild_ssh (
Optional
[str
]) – SSH agent socket or keys to pass to thedocker build
command. Docker BuildKit must be enabled to use the ssh flag Default: - no –ssh flagcache_disabled (
Optional
[bool
]) – Disable the cache and pass--no-cache
to thedocker build
command. Default: - cache is usedcache_from (
Optional
[Sequence
[Union
[DockerCacheOption
,Dict
[str
,Any
]]]]) – Cache from options to pass to thedocker build
command. Default: - no cache from options are passed to the build commandcache_to (
Union
[DockerCacheOption
,Dict
[str
,Any
],None
]) – Cache to options to pass to thedocker build
command. Default: - no cache to options are passed to the build commandfile (
Optional
[str
]) – Path to the Dockerfile (relative to the directory). Default: ‘Dockerfile’invalidation (
Union
[DockerImageAssetInvalidationOptions
,Dict
[str
,Any
],None
]) – Options to control which parameters are used to invalidate the asset hash. Default: - hash all parametersnetwork_mode (
Optional
[NetworkMode
]) – Networking mode for the RUN commands during build. Support docker API 1.25+. Default: - no networking mode specified (the default networking modeNetworkMode.DEFAULT
will be used)outputs (
Optional
[Sequence
[str
]]) – Outputs to pass to thedocker build
command. Default: - no outputs are passed to the build command (default outputs are used)platform (
Optional
[Platform
]) – Platform to build for. Requires Docker Buildx. Default: - no platform specified (the current machine architecture will be used)target (
Optional
[str
]) – Docker target to build to. Default: - no targetextra_hash (
Optional
[str
]) – Extra information to encode into the fingerprint (e.g. build instructions and other inputs). Default: - hash is only based on source contentexclude (
Optional
[Sequence
[str
]]) – File paths matching the patterns will be excluded. SeeignoreMode
to set the matching behavior. Has no effect on Assets bundled using thebundling
property. Default: - nothing is excludedfollow_symlinks (
Optional
[SymlinkFollowMode
]) – A strategy for how to handle symlinks. Default: SymlinkFollowMode.NEVERignore_mode (
Optional
[IgnoreMode
]) – The ignore behavior to use forexclude
patterns. Default: IgnoreMode.GLOB
- Return type:
- classmethod from_bucket(bucket, key, object_version=None)
Lambda handler code as an S3 object.
- classmethod from_bucket_v2(bucket, key, *, object_version=None, source_kms_key=None)
Lambda handler code as an S3 object.
- Parameters:
bucket (
IBucket
) – The S3 bucket.key (
str
) – The object key.object_version (
Optional
[str
]) – Optional S3 object version.source_kms_key (
Optional
[IKey
]) – The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
- Return type:
- classmethod from_cfn_parameters(*, bucket_name_param=None, object_key_param=None, source_kms_key=None)
Creates a new Lambda source defined using CloudFormation parameters.
- Parameters:
bucket_name_param (
Optional
[CfnParameter
]) – The CloudFormation parameter that represents the name of the S3 Bucket where the Lambda code will be located in. Must be of type ‘String’. Default: a new parameter will be createdobject_key_param (
Optional
[CfnParameter
]) – The CloudFormation parameter that represents the path inside the S3 Bucket where the Lambda code will be located at. Must be of type ‘String’. Default: a new parameter will be createdsource_kms_key (
Optional
[IKey
]) – The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
- Return type:
- Returns:
a new instance of
CfnParametersCode
- classmethod from_custom_command(output, command, *, command_options=None, deploy_time=None, readers=None, source_kms_key=None, asset_hash=None, asset_hash_type=None, bundling=None, exclude=None, follow_symlinks=None, ignore_mode=None)
Runs a command to build the code asset that will be used.
- Parameters:
output (
str
) – Where the output of the command will be directed, either a directory or a .zip file with the output Lambda code bundle * For example, if you use the command to run a build script (e.g., [ ‘node’, ‘bundle_code.js’ ]), and the build script generates a directory/my/lambda/code
containing code that should be ran in a Lambda function, then output should be set to/my/lambda/code
.command (
Sequence
[str
]) – The command which will be executed to generate the output, for example, [ ‘node’, ‘bundle_code.js’ ].command_options (
Optional
[Mapping
[str
,Any
]]) – options that are passed to the spawned process, which determine the characteristics of the spawned process. Default: : seechild_process.SpawnSyncOptions
(https://nodejs.org/api/child_process.html#child_processspawnsynccommand-args-options).deploy_time (
Optional
[bool
]) – Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: falsereaders (
Optional
[Sequence
[IGrantable
]]) – A list of principals that should be able to read this asset from S3. You can useasset.grantRead(principal)
to grant read permissions later. Default: - No principals that can read file asset.source_kms_key (
Optional
[IKey
]) – The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.asset_hash (
Optional
[str
]) – Specify a custom hash for this asset. IfassetHashType
is set it must be set toAssetHashType.CUSTOM
. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based onassetHashType
asset_hash_type (
Optional
[AssetHashType
]) – Specifies the type of hash to calculate for this asset. IfassetHash
is configured, this option must beundefined
orAssetHashType.CUSTOM
. Default: - the default isAssetHashType.SOURCE
, but ifassetHash
is explicitly specified this value defaults toAssetHashType.CUSTOM
.bundling (
Union
[BundlingOptions
,Dict
[str
,Any
],None
]) – Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at/asset-input
. The Docker container is responsible for putting content at/asset-output
. The content at/asset-output
will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwiseexclude (
Optional
[Sequence
[str
]]) – File paths matching the patterns will be excluded. SeeignoreMode
to set the matching behavior. Has no effect on Assets bundled using thebundling
property. Default: - nothing is excludedfollow_symlinks (
Optional
[SymlinkFollowMode
]) – A strategy for how to handle symlinks. Default: SymlinkFollowMode.NEVERignore_mode (
Optional
[IgnoreMode
]) – The ignore behavior to use forexclude
patterns. Default: IgnoreMode.GLOB
- Return type:
- classmethod from_docker_build(path, *, image_path=None, output_path=None, build_args=None, cache_disabled=None, cache_from=None, cache_to=None, file=None, platform=None, target_stage=None)
Loads the function code from an asset created by a Docker build.
By default, the asset is expected to be located at
/asset
in the image.- Parameters:
path (
str
) – The path to the directory containing the Docker file.image_path (
Optional
[str
]) – The path in the Docker image where the asset is located after the build operation. Default: /assetoutput_path (
Optional
[str
]) – The path on the local filesystem where the asset will be copied usingdocker cp
. Default: - a unique temporary directory in the system temp directorybuild_args (
Optional
[Mapping
[str
,str
]]) – Build args. Default: - no build argscache_disabled (
Optional
[bool
]) – Disable the cache and pass--no-cache
to thedocker build
command. Default: - cache is usedcache_from (
Optional
[Sequence
[Union
[DockerCacheOption
,Dict
[str
,Any
]]]]) – Cache from options to pass to thedocker build
command. Default: - no cache from args are passedcache_to (
Union
[DockerCacheOption
,Dict
[str
,Any
],None
]) – Cache to options to pass to thedocker build
command. Default: - no cache to args are passedfile (
Optional
[str
]) – Name of the Dockerfile, must relative to the docker build path. Default:Dockerfile
platform (
Optional
[str
]) – Set platform if server is multi-platform capable. Requires Docker Engine API v1.38+. Example value:linux/amd64
Default: - no platform specifiedtarget_stage (
Optional
[str
]) – Set build target for multi-stage container builds. Any stage defined afterwards will be ignored. Example value:build-env
Default: - Build all stages defined in the Dockerfile
- Return type:
- classmethod from_ecr_image(repository, *, cmd=None, entrypoint=None, tag=None, tag_or_digest=None, working_directory=None)
Use an existing ECR image as the Lambda code.
- Parameters:
repository (
IRepository
) – the ECR repository that the image is in.cmd (
Optional
[Sequence
[str
]]) – Specify or override the CMD on the specified Docker image or Dockerfile. This needs to be in the ‘exec form’, viz.,[ 'executable', 'param1', 'param2' ]
. Default: - use the CMD specified in the docker image or Dockerfile.entrypoint (
Optional
[Sequence
[str
]]) – Specify or override the ENTRYPOINT on the specified Docker image or Dockerfile. An ENTRYPOINT allows you to configure a container that will run as an executable. This needs to be in the ‘exec form’, viz.,[ 'executable', 'param1', 'param2' ]
. Default: - use the ENTRYPOINT in the docker image or Dockerfile.tag (
Optional
[str
]) – (deprecated) The image tag to use when pulling the image from ECR. Default: ‘latest’tag_or_digest (
Optional
[str
]) – The image tag or digest to use when pulling the image from ECR (digests must start withsha256:
). Default: ‘latest’working_directory (
Optional
[str
]) – Specify or override the WORKDIR on the specified Docker image or Dockerfile. A WORKDIR allows you to configure the working directory the container will use. Default: - use the WORKDIR in the docker image or Dockerfile.
- Return type:
- classmethod from_inline(code)
Inline code for Lambda handler.
- Parameters:
code (
str
) – The actual handler code (limited to 4KiB).- Return type:
- Returns:
LambdaInlineCode
with inline code.