CfnFunctionProps

class aws_cdk.aws_lambda.CfnFunctionProps(*, code, role, architectures=None, code_signing_config_arn=None, dead_letter_config=None, description=None, environment=None, ephemeral_storage=None, file_system_configs=None, function_name=None, handler=None, image_config=None, kms_key_arn=None, layers=None, logging_config=None, memory_size=None, package_type=None, recursive_loop=None, reserved_concurrent_executions=None, runtime=None, runtime_management_config=None, snap_start=None, tags=None, timeout=None, tracing_config=None, vpc_config=None)

Bases: object

Properties for defining a CfnFunction.

Parameters:
  • code (Union[IResolvable, CodeProperty, Dict[str, Any]]) – The code for the function. You can define your function code in multiple ways:. - For .zip deployment packages, you can specify the Amazon S3 location of the .zip file in the S3Bucket , S3Key , and S3ObjectVersion properties. - For .zip deployment packages, you can alternatively define the function code inline in the ZipFile property. This method works only for Node.js and Python functions. - For container images, specify the URI of your container image in the Amazon ECR registry in the ImageUri property.

  • role (str) – The Amazon Resource Name (ARN) of the function’s execution role.

  • architectures (Optional[Sequence[str]]) – The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is x86_64 .

  • code_signing_config_arn (Optional[str]) – To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.

  • dead_letter_config (Union[IResolvable, DeadLetterConfigProperty, Dict[str, Any], None]) – A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see Dead-letter queues .

  • description (Optional[str]) – A description of the function.

  • environment (Union[IResolvable, EnvironmentProperty, Dict[str, Any], None]) – Environment variables that are accessible from function code during execution.

  • ephemeral_storage (Union[IResolvable, EphemeralStorageProperty, Dict[str, Any], None]) – The size of the function’s /tmp directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB.

  • file_system_configs (Union[IResolvable, Sequence[Union[IResolvable, FileSystemConfigProperty, Dict[str, Any]]], None]) – Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an AWS::EFS::MountTarget resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function. For more information about using the DependsOn attribute, see DependsOn Attribute .

  • function_name (Optional[str]) – The name of the Lambda function, up to 64 characters in length. If you don’t specify a name, AWS CloudFormation generates one. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

  • handler (Optional[str]) – The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see Lambda programming model .

  • image_config (Union[IResolvable, ImageConfigProperty, Dict[str, Any], None]) – Configuration values that override the container image Dockerfile settings. For more information, see Container image settings .

  • kms_key_arn (Optional[str]) – The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that’s used to encrypt the following resources:. - The function’s environment variables . - The function’s Lambda SnapStart snapshots. - When used with SourceKMSKeyArn , the unzipped version of the .zip deployment package that’s used for function invocations. For more information, see Specifying a customer managed key for Lambda . - The optimized version of the container image that’s used for function invocations. Note that this is not the same key that’s used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). For more information, see Function lifecycle . If you don’t provide a customer managed key, Lambda uses an AWS owned key or an AWS managed key .

  • layers (Optional[Sequence[str]]) – A list of function layers to add to the function’s execution environment. Specify each layer by its ARN, including the version.

  • logging_config (Union[IResolvable, LoggingConfigProperty, Dict[str, Any], None]) – The function’s Amazon CloudWatch Logs configuration settings.

  • memory_size (Union[int, float, None]) – The amount of memory available to the function at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase.

  • package_type (Optional[str]) – The type of deployment package. Set to Image for container image and set Zip for .zip file archive.

  • recursive_loop (Optional[str]) – The status of your function’s recursive loop detection configuration. When this value is set to Allow and Lambda detects your function being invoked as part of a recursive loop, it doesn’t take any action. When this value is set to Terminate and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you.

  • reserved_concurrent_executions (Union[int, float, None]) – The number of simultaneous executions to reserve for the function.

  • runtime (Optional[str]) – The identifier of the function’s runtime . Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you’re deploying a function using a container image. The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see Runtime use after deprecation . For a list of all currently supported runtimes, see Supported runtimes .

  • runtime_management_config (Union[IResolvable, RuntimeManagementConfigProperty, Dict[str, Any], None]) – Sets the runtime management configuration for a function’s version. For more information, see Runtime updates .

  • snap_start (Union[IResolvable, SnapStartProperty, Dict[str, Any], None]) – The function’s AWS Lambda SnapStart setting.

  • tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]]) – A list of tags to apply to the function. .. epigraph:: You must have the lambda:TagResource , lambda:UntagResource , and lambda:ListTags permissions for your IAM principal to manage the AWS CloudFormation stack. If you don’t have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.

  • timeout (Union[int, float, None]) – The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see Lambda execution environment .

  • tracing_config (Union[IResolvable, TracingConfigProperty, Dict[str, Any], None]) – Set Mode to Active to sample and trace a subset of incoming requests with X-Ray .

  • vpc_config (Union[IResolvable, VpcConfigProperty, Dict[str, Any], None]) – For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see Configuring a Lambda function to access resources in a VPC .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_lambda as lambda_

cfn_function_props = lambda.CfnFunctionProps(
    code=lambda.CfnFunction.CodeProperty(
        image_uri="imageUri",
        s3_bucket="s3Bucket",
        s3_key="s3Key",
        s3_object_version="s3ObjectVersion",
        source_kms_key_arn="sourceKmsKeyArn",
        zip_file="zipFile"
    ),
    role="role",

    # the properties below are optional
    architectures=["architectures"],
    code_signing_config_arn="codeSigningConfigArn",
    dead_letter_config=lambda.CfnFunction.DeadLetterConfigProperty(
        target_arn="targetArn"
    ),
    description="description",
    environment=lambda.CfnFunction.EnvironmentProperty(
        variables={
            "variables_key": "variables"
        }
    ),
    ephemeral_storage=lambda.CfnFunction.EphemeralStorageProperty(
        size=123
    ),
    file_system_configs=[lambda.CfnFunction.FileSystemConfigProperty(
        arn="arn",
        local_mount_path="localMountPath"
    )],
    function_name="functionName",
    handler="handler",
    image_config=lambda.CfnFunction.ImageConfigProperty(
        command=["command"],
        entry_point=["entryPoint"],
        working_directory="workingDirectory"
    ),
    kms_key_arn="kmsKeyArn",
    layers=["layers"],
    logging_config=lambda.CfnFunction.LoggingConfigProperty(
        application_log_level="applicationLogLevel",
        log_format="logFormat",
        log_group="logGroup",
        system_log_level="systemLogLevel"
    ),
    memory_size=123,
    package_type="packageType",
    recursive_loop="recursiveLoop",
    reserved_concurrent_executions=123,
    runtime="runtime",
    runtime_management_config=lambda.CfnFunction.RuntimeManagementConfigProperty(
        update_runtime_on="updateRuntimeOn",

        # the properties below are optional
        runtime_version_arn="runtimeVersionArn"
    ),
    snap_start=lambda.CfnFunction.SnapStartProperty(
        apply_on="applyOn"
    ),
    tags=[CfnTag(
        key="key",
        value="value"
    )],
    timeout=123,
    tracing_config=lambda.CfnFunction.TracingConfigProperty(
        mode="mode"
    ),
    vpc_config=lambda.CfnFunction.VpcConfigProperty(
        ipv6_allowed_for_dual_stack=False,
        security_group_ids=["securityGroupIds"],
        subnet_ids=["subnetIds"]
    )
)

Attributes

architectures

The instruction set architecture that the function supports.

Enter a string array with one of the valid values (arm64 or x86_64). The default value is x86_64 .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-architectures

code

.

  • For .zip deployment packages, you can specify the Amazon S3 location of the .zip file in the S3Bucket , S3Key , and S3ObjectVersion properties.

  • For .zip deployment packages, you can alternatively define the function code inline in the ZipFile property. This method works only for Node.js and Python functions.

  • For container images, specify the URI of your container image in the Amazon ECR registry in the ImageUri property.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code

Type:

The code for the function. You can define your function code in multiple ways

code_signing_config_arn

To enable code signing for this function, specify the ARN of a code-signing configuration.

A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-codesigningconfigarn

dead_letter_config

A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing.

For more information, see Dead-letter queues .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-deadletterconfig

description

A description of the function.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-description

environment

Environment variables that are accessible from function code during execution.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-environment

ephemeral_storage

The size of the function’s /tmp directory in MB.

The default value is 512, but it can be any whole number between 512 and 10,240 MB.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-ephemeralstorage

file_system_configs

Connection settings for an Amazon EFS file system.

To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an AWS::EFS::MountTarget resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function.

For more information about using the DependsOn attribute, see DependsOn Attribute .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-filesystemconfigs

function_name

The name of the Lambda function, up to 64 characters in length.

If you don’t specify a name, AWS CloudFormation generates one.

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionname

handler

The name of the method within your code that Lambda calls to run your function.

Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see Lambda programming model .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-handler

image_config

Configuration values that override the container image Dockerfile settings.

For more information, see Container image settings .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-imageconfig

kms_key_arn

.

  • The function’s environment variables .

  • The function’s Lambda SnapStart snapshots.

  • When used with SourceKMSKeyArn , the unzipped version of the .zip deployment package that’s used for function invocations. For more information, see Specifying a customer managed key for Lambda .

  • The optimized version of the container image that’s used for function invocations. Note that this is not the same key that’s used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). For more information, see Function lifecycle .

If you don’t provide a customer managed key, Lambda uses an AWS owned key or an AWS managed key .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-kmskeyarn

Type:

The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that’s used to encrypt the following resources

layers

//docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html>`_ to add to the function’s execution environment. Specify each layer by its ARN, including the version.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-layers

Type:

A list of `function layers <https

logging_config

The function’s Amazon CloudWatch Logs configuration settings.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-loggingconfig

memory_size

//docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console>`_ at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-memorysize

Type:

The amount of `memory available to the function <https

package_type

The type of deployment package.

Set to Image for container image and set Zip for .zip file archive.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-packagetype

recursive_loop

The status of your function’s recursive loop detection configuration.

When this value is set to Allow and Lambda detects your function being invoked as part of a recursive loop, it doesn’t take any action.

When this value is set to Terminate and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-recursiveloop

reserved_concurrent_executions

The number of simultaneous executions to reserve for the function.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-reservedconcurrentexecutions

role

The Amazon Resource Name (ARN) of the function’s execution role.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-role

runtime

//docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html>`_ . Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you’re deploying a function using a container image.

The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see Runtime use after deprecation .

For a list of all currently supported runtimes, see Supported runtimes .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-runtime

Type:

The identifier of the function’s `runtime <https

runtime_management_config

Sets the runtime management configuration for a function’s version.

For more information, see Runtime updates .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-runtimemanagementconfig

snap_start

//docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-snapstart

Type:

The function’s `AWS Lambda SnapStart <https

tags

//docs.aws.amazon.com/lambda/latest/dg/tagging.html>`_ to apply to the function.

You must have the lambda:TagResource , lambda:UntagResource , and lambda:ListTags permissions for your IAM principal to manage the AWS CloudFormation stack. If you don’t have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tags

Type:

A list of `tags <https

timeout

The amount of time (in seconds) that Lambda allows a function to run before stopping it.

The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see Lambda execution environment .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-timeout

tracing_config

//docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tracingconfig

Type:

Set Mode to Active to sample and trace a subset of incoming requests with `X-Ray <https

vpc_config

For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC.

When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see Configuring a Lambda function to access resources in a VPC .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-vpcconfig