IFunction
- class aws_cdk.aws_lambda.IFunction(*args, **kwargs)
Bases:
IResource
,IConnectable
,IGrantable
,Protocol
Methods
- add_event_source(source)
Adds an event source to this function.
Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.
The following example adds an SQS Queue as an event source:
import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources'; myFunction.addEventSource(new SqsEventSource(myQueue));
- Parameters:
source (
IEventSource
) –- Return type:
None
- add_event_source_mapping(id, *, batch_size=None, bisect_batch_on_error=None, enabled=None, event_source_arn=None, filter_encryption=None, filters=None, kafka_bootstrap_servers=None, kafka_consumer_group_id=None, kafka_topic=None, max_batching_window=None, max_concurrency=None, max_record_age=None, metrics_config=None, on_failure=None, parallelization_factor=None, provisioned_poller_config=None, report_batch_item_failures=None, retry_attempts=None, source_access_configurations=None, starting_position=None, starting_position_timestamp=None, support_s3_on_failure_destination=None, tumbling_window=None)
Adds an event source that maps to this AWS Lambda function.
- Parameters:
id (
str
) – construct ID.batch_size (
Union
[int
,float
,None
]) – The largest number of records that AWS Lambda will retrieve from your event source at the time of invoking your function. Your function receives an event with all the retrieved records. Valid Range: Minimum value of 1. Maximum value of 10000. Default: - Amazon Kinesis, Amazon DynamoDB, and Amazon MSK is 100 records. The default for Amazon SQS is 10 messages. For standard SQS queues, the maximum is 10,000. For FIFO SQS queues, the maximum is 10.bisect_batch_on_error (
Optional
[bool
]) – If the function returns an error, split the batch in two and retry. Default: falseenabled (
Optional
[bool
]) – Set to false to disable the event source upon creation. Default: trueevent_source_arn (
Optional
[str
]) – The Amazon Resource Name (ARN) of the event source. Any record added to this stream can invoke the Lambda function. Default: - not set if using a self managed Kafka cluster, throws an error otherwisefilter_encryption (
Optional
[IKey
]) – Add Customer managed KMS key to encrypt Filter Criteria. Default: - nonefilters (
Optional
[Sequence
[Mapping
[str
,Any
]]]) – Add filter criteria to Event Source. Default: - nonekafka_bootstrap_servers (
Optional
[Sequence
[str
]]) – A list of host and port pairs that are the addresses of the Kafka brokers in a self managed “bootstrap” Kafka cluster that a Kafka client connects to initially to bootstrap itself. They are in the formatabc.example.com:9096
. Default: - nonekafka_consumer_group_id (
Optional
[str
]) – The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. The value must have a lenght between 1 and 200 and full the pattern ‘[a-zA-Z0-9-/:_+=.@-]’. For more information, see Customizable consumer group ID. Default: - nonekafka_topic (
Optional
[str
]) – The name of the Kafka topic. Default: - no topicmax_batching_window (
Optional
[Duration
]) – The maximum amount of time to gather records before invoking the function. Maximum of Duration.minutes(5) Default: Duration.seconds(0)max_concurrency (
Union
[int
,float
,None
]) – The maximum concurrency setting limits the number of concurrent instances of the function that an Amazon SQS event source can invoke. Default: - No specific limit.max_record_age (
Optional
[Duration
]) – The maximum age of a record that Lambda sends to a function for processing. Valid Range: - Minimum value of 60 seconds - Maximum value of 7 days Default: - infinite or until the record expires.metrics_config (
Union
[MetricsConfig
,Dict
[str
,Any
],None
]) – Configuration for enhanced monitoring metrics collection When specified, enables collection of additional metrics for the stream event source. Default: - Enhanced monitoring is disabledon_failure (
Optional
[IEventSourceDlq
]) – An Amazon SQS queue or Amazon SNS topic destination for discarded records. Default: discarded records are ignoredparallelization_factor (
Union
[int
,float
,None
]) – The number of batches to process from each shard concurrently. Valid Range: - Minimum value of 1 - Maximum value of 10 Default: 1provisioned_poller_config (
Union
[ProvisionedPollerConfig
,Dict
[str
,Any
],None
]) – Configuration for provisioned pollers that read from the event source. When specified, allows control over the minimum and maximum number of pollers that can be provisioned to process events from the source. Default: - no provisioned pollersreport_batch_item_failures (
Optional
[bool
]) – Allow functions to return partially successful responses for a batch of records. Default: falseretry_attempts (
Union
[int
,float
,None
]) – The maximum number of times to retry when the function returns an error. Set toundefined
if you want lambda to keep retrying infinitely or until the record expires. Valid Range: - Minimum value of 0 - Maximum value of 10000 Default: - infinite or until the record expires.source_access_configurations (
Optional
[Sequence
[Union
[SourceAccessConfiguration
,Dict
[str
,Any
]]]]) – Specific settings like the authentication protocol or the VPC components to secure access to your event source. Default: - nonestarting_position (
Optional
[StartingPosition
]) – The position in the DynamoDB, Kinesis or MSK stream where AWS Lambda should start reading. Default: - no starting positionstarting_position_timestamp (
Union
[int
,float
,None
]) – The time from which to start reading, in Unix time seconds. Default: - no timestampsupport_s3_on_failure_destination (
Optional
[bool
]) – Check if support S3 onfailure destination(ODF). Currently only MSK and self managed kafka event support S3 ODF Default: falsetumbling_window (
Optional
[Duration
]) – The size of the tumbling windows to group records sent to DynamoDB or Kinesis. Default: - None
- Return type:
- add_function_url(*, auth_type=None, cors=None, invoke_mode=None)
Adds a url to this lambda function.
- Parameters:
auth_type (
Optional
[FunctionUrlAuthType
]) – The type of authentication that your function URL uses. Default: FunctionUrlAuthType.AWS_IAMcors (
Union
[FunctionUrlCorsOptions
,Dict
[str
,Any
],None
]) – The cross-origin resource sharing (CORS) settings for your function URL. Default: - No CORS configuration.invoke_mode (
Optional
[InvokeMode
]) – The type of invocation mode that your Lambda function uses. Default: InvokeMode.BUFFERED
- Return type:
- add_permission(id, *, principal, action=None, event_source_token=None, function_url_auth_type=None, organization_id=None, scope=None, source_account=None, source_arn=None)
Adds a permission to the Lambda resource policy.
- Parameters:
id (
str
) – The id for the permission construct.principal (
IPrincipal
) – The entity for which you are granting permission to invoke the Lambda function. This entity can be any of the following: - a valid AWS service principal, such ass3.amazonaws.com
orsns.amazonaws.com
- an AWS account ID for cross-account permissions. For example, you might want to allow a custom application in another AWS account to push events to Lambda by invoking your function. - an AWS organization principal to grant permissions to an entire organization. The principal can be an AccountPrincipal, an ArnPrincipal, a ServicePrincipal, or an OrganizationPrincipal.action (
Optional
[str
]) – The Lambda actions that you want to allow in this statement. For example, you can specify lambda:CreateFunction to specify a certain action, or use a wildcard (lambda:*
) to grant permission to all Lambda actions. For a list of actions, see Actions and Condition Context Keys for AWS Lambda in the IAM User Guide. Default: ‘lambda:InvokeFunction’event_source_token (
Optional
[str
]) – A unique token that must be supplied by the principal invoking the function. Default: - The caller would not need to present a token.function_url_auth_type (
Optional
[FunctionUrlAuthType
]) – The authType for the function URL that you are granting permissions for. Default: - No functionUrlAuthTypeorganization_id (
Optional
[str
]) – The organization you want to grant permissions to. Use this ONLY if you need to grant permissions to a subset of the organization. If you want to grant permissions to the entire organization, sending the organization principal through theprincipal
property will suffice. You can use this property to ensure that all source principals are owned by a specific organization. Default: - No organizationIdscope (
Optional
[Construct
]) – The scope to which the permission constructs be attached. The default is the Lambda function construct itself, but this would need to be different in cases such as cross-stack references where the Permissions would need to sit closer to the consumer of this permission (i.e., the caller). Default: - The instance of lambda.IFunctionsource_account (
Optional
[str
]) – The AWS account ID (without hyphens) of the source owner. For example, if you specify an S3 bucket in the SourceArn property, this value is the bucket owner’s account ID. You can use this property to ensure that all source principals are owned by a specific account.source_arn (
Optional
[str
]) – The ARN of a resource that is invoking your function. When granting Amazon Simple Storage Service (Amazon S3) permission to invoke your function, specify this property with the bucket ARN as its value. This ensures that events generated only from the specified bucket, not just any bucket from any AWS account that creates a mapping to your function, can invoke the function.
- See:
Permission for details.
- Return type:
None
- add_to_role_policy(statement)
Adds a statement to the IAM role assumed by the instance.
- Parameters:
statement (
PolicyStatement
) –- Return type:
None
- apply_removal_policy(policy)
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY
), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN
).- Parameters:
policy (
RemovalPolicy
) –- Return type:
None
- configure_async_invoke(*, max_event_age=None, on_failure=None, on_success=None, retry_attempts=None)
Configures options for asynchronous invocation.
- Parameters:
max_event_age (
Optional
[Duration
]) – The maximum age of a request that Lambda sends to a function for processing. Minimum: 60 seconds Maximum: 6 hours Default: Duration.hours(6)on_failure (
Optional
[IDestination
]) – The destination for failed invocations. Default: - no destinationon_success (
Optional
[IDestination
]) – The destination for successful invocations. Default: - no destinationretry_attempts (
Union
[int
,float
,None
]) – The maximum number of times to retry when the function returns an error. Minimum: 0 Maximum: 2 Default: 2
- Return type:
None
- grant_invoke(identity)
Grant the given identity permissions to invoke this Lambda.
- Parameters:
identity (
IGrantable
) –- Return type:
- grant_invoke_composite_principal(composite_principal)
Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
- Parameters:
composite_principal (
CompositePrincipal
) –- Return type:
List
[Grant
]
- grant_invoke_latest_version(identity)
Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
- Parameters:
identity (
IGrantable
) –- Return type:
- grant_invoke_url(identity)
Grant the given identity permissions to invoke this Lambda Function URL.
- Parameters:
identity (
IGrantable
) –- Return type:
- grant_invoke_version(identity, version)
Grant the given identity permissions to invoke the given version of this Lambda.
- Parameters:
identity (
IGrantable
) –version (
IVersion
) –
- Return type:
- metric(metric_name, *, account=None, color=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)
Return the given named metric for this Lambda Return the given named metric for this Function.
- Parameters:
metric_name (
str
) –account (
Optional
[str
]) – Account which this metric comes from. Default: - Deployment account.color (
Optional
[str
]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. TheColor
class has a set of standard colors that can be used here. Default: - Automatic colordimensions_map (
Optional
[Mapping
[str
,str
]]) – Dimensions of the metric. Default: - No dimensions.label (
Optional
[str
]) – Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No labelperiod (
Optional
[Duration
]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)region (
Optional
[str
]) – Region which this metric comes from. Default: - Deployment region.statistic (
Optional
[str
]) – What function to use for aggregating. Use theaws_cloudwatch.Stats
helper class to construct valid input strings. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” - “tmNN.NN” | “tm(NN.NN%:NN.NN%)” - “iqm” - “wmNN.NN” | “wm(NN.NN%:NN.NN%)” - “tcNN.NN” | “tc(NN.NN%:NN.NN%)” - “tsNN.NN” | “ts(NN.NN%:NN.NN%)” Default: Averageunit (
Optional
[Unit
]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream
- Return type:
- metric_duration(*, account=None, color=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)
Metric for the Duration of this Lambda How long execution of this Lambda takes.
Average over 5 minutes
- Parameters:
account (
Optional
[str
]) – Account which this metric comes from. Default: - Deployment account.color (
Optional
[str
]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. TheColor
class has a set of standard colors that can be used here. Default: - Automatic colordimensions_map (
Optional
[Mapping
[str
,str
]]) – Dimensions of the metric. Default: - No dimensions.label (
Optional
[str
]) –Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (
Optional
[Duration
]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)region (
Optional
[str
]) – Region which this metric comes from. Default: - Deployment region.statistic (
Optional
[str
]) – What function to use for aggregating. Use theaws_cloudwatch.Stats
helper class to construct valid input strings. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” - “tmNN.NN” | “tm(NN.NN%:NN.NN%)” - “iqm” - “wmNN.NN” | “wm(NN.NN%:NN.NN%)” - “tcNN.NN” | “tc(NN.NN%:NN.NN%)” - “tsNN.NN” | “ts(NN.NN%:NN.NN%)” Default: Averageunit (
Optional
[Unit
]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream
- Default:
average over 5 minutes
- Return type:
- metric_errors(*, account=None, color=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)
How many invocations of this Lambda fail.
Sum over 5 minutes
- Parameters:
account (
Optional
[str
]) – Account which this metric comes from. Default: - Deployment account.color (
Optional
[str
]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. TheColor
class has a set of standard colors that can be used here. Default: - Automatic colordimensions_map (
Optional
[Mapping
[str
,str
]]) – Dimensions of the metric. Default: - No dimensions.label (
Optional
[str
]) –Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (
Optional
[Duration
]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)region (
Optional
[str
]) – Region which this metric comes from. Default: - Deployment region.statistic (
Optional
[str
]) – What function to use for aggregating. Use theaws_cloudwatch.Stats
helper class to construct valid input strings. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” - “tmNN.NN” | “tm(NN.NN%:NN.NN%)” - “iqm” - “wmNN.NN” | “wm(NN.NN%:NN.NN%)” - “tcNN.NN” | “tc(NN.NN%:NN.NN%)” - “tsNN.NN” | “ts(NN.NN%:NN.NN%)” Default: Averageunit (
Optional
[Unit
]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream
- Return type:
- metric_invocations(*, account=None, color=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)
Metric for the number of invocations of this Lambda How often this Lambda is invoked.
Sum over 5 minutes
- Parameters:
account (
Optional
[str
]) – Account which this metric comes from. Default: - Deployment account.color (
Optional
[str
]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. TheColor
class has a set of standard colors that can be used here. Default: - Automatic colordimensions_map (
Optional
[Mapping
[str
,str
]]) – Dimensions of the metric. Default: - No dimensions.label (
Optional
[str
]) –Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (
Optional
[Duration
]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)region (
Optional
[str
]) – Region which this metric comes from. Default: - Deployment region.statistic (
Optional
[str
]) – What function to use for aggregating. Use theaws_cloudwatch.Stats
helper class to construct valid input strings. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” - “tmNN.NN” | “tm(NN.NN%:NN.NN%)” - “iqm” - “wmNN.NN” | “wm(NN.NN%:NN.NN%)” - “tcNN.NN” | “tc(NN.NN%:NN.NN%)” - “tsNN.NN” | “ts(NN.NN%:NN.NN%)” Default: Averageunit (
Optional
[Unit
]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream
- Default:
sum over 5 minutes
- Return type:
- metric_throttles(*, account=None, color=None, dimensions_map=None, label=None, period=None, region=None, statistic=None, unit=None)
Metric for the number of throttled invocations of this Lambda How often this Lambda is throttled.
Sum over 5 minutes
- Parameters:
account (
Optional
[str
]) – Account which this metric comes from. Default: - Deployment account.color (
Optional
[str
]) – The hex color code, prefixed with ‘#’ (e.g. ‘#00ff00’), to use when this metric is rendered on a graph. TheColor
class has a set of standard colors that can be used here. Default: - Automatic colordimensions_map (
Optional
[Mapping
[str
,str
]]) – Dimensions of the metric. Default: - No dimensions.label (
Optional
[str
]) –Label for this metric when added to a Graph in a Dashboard. You can use dynamic labels to show summary information about the entire displayed time series in the legend. For example, if you use:: [max: ${MAX}] MyMetric As the metric label, the maximum value in the visible range will be shown next to the time series name in the graph’s legend. Default: - No label
period (
Optional
[Duration
]) – The period over which the specified statistic is applied. Default: Duration.minutes(5)region (
Optional
[str
]) – Region which this metric comes from. Default: - Deployment region.statistic (
Optional
[str
]) – What function to use for aggregating. Use theaws_cloudwatch.Stats
helper class to construct valid input strings. Can be one of the following: - “Minimum” | “min” - “Maximum” | “max” - “Average” | “avg” - “Sum” | “sum” - “SampleCount | “n” - “pNN.NN” - “tmNN.NN” | “tm(NN.NN%:NN.NN%)” - “iqm” - “wmNN.NN” | “wm(NN.NN%:NN.NN%)” - “tcNN.NN” | “tc(NN.NN%:NN.NN%)” - “tsNN.NN” | “ts(NN.NN%:NN.NN%)” Default: Averageunit (
Optional
[Unit
]) – Unit used to filter the metric stream. Only refer to datums emitted to the metric stream with the given unit and ignore all others. Only useful when datums are being emitted to the same metric stream under different units. The default is to use all matric datums in the stream, regardless of unit, which is recommended in nearly all cases. CloudWatch does not honor this property for graphs. Default: - All metric datums in the given metric stream
- Default:
sum over 5 minutes
- Return type:
Attributes
- architecture
The system architectures compatible with this lambda function.
- connections
The network connections associated with this resource.
- env
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
- function_arn
The ARN of the function.
- Attribute:
true
- function_name
The name of the function.
- Attribute:
true
- grant_principal
The principal to grant permissions to.
- is_bound_to_vpc
Whether or not this Lambda function was bound to a VPC.
If this is is
false
, trying to access theconnections
object will fail.
- latest_version
The
$LATEST
version of this function.Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.
To obtain a reference to an explicit version which references the current function configuration, use
lambdaFunction.currentVersion
instead.
- node
The tree node.
- permissions_node
The construct node where permissions are attached.
- resource_arns_for_grant_invoke
The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
This property is for cdk modules to consume only. You should not need to use this property. Instead, use grantInvoke() directly.
- role
The IAM role associated with this function.
- stack
The stack in which this resource is defined.