# AWS::Serverless::Function Creates an AWS Lambda function, an AWS Identity and Access Management (IAM) execution role, and event source mappings that trigger the function. The [AWS::Serverless::Function](#sam-resource-function) resource also supports the `Metadata` resource attribute, so you can instruct AWS SAM to build custom runtimes that your application requires. For more information about building custom runtimes, see [Building Lambda functions with custom runtimes in AWS SAM](building-custom-runtimes.md). **Note** When you deploy to AWS CloudFormation, AWS SAM transforms your AWS SAM resources into CloudFormation resources. For more information, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md). ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` Type: AWS::Serverless::Function Properties: [Architectures](#sam-function-architectures): List [AssumeRolePolicyDocument](#sam-function-assumerolepolicydocument): JSON [AutoPublishAlias](#sam-function-autopublishalias): String AutoPublishAliasAllProperties: Boolean [AutoPublishCodeSha256](#sam-function-autopublishcodesha256): String [CapacityProviderConfig](#sam-function-capacityproviderconfig): CapacityProviderConfig [CodeSigningConfigArn](#sam-function-codesigningconfigarn): String [CodeUri](#sam-function-codeuri): String | FunctionCode [DeadLetterQueue](#sam-function-deadletterqueue): Map | DeadLetterQueue [DeploymentPreference](#sam-function-deploymentpreference): DeploymentPreference [Description](#sam-function-description): String [DurableConfig](#sam-function-durableconfig): DurableConfig [Environment](#sam-function-environment): [Environment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html) [EphemeralStorage](#sam-function-ephemeralstorage): [EphemeralStorage](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-ephemeralstorage) [EventInvokeConfig](#sam-function-eventinvokeconfig): EventInvokeConfiguration [Events](#sam-function-events): EventSource [FileSystemConfigs](#sam-function-filesystemconfigs): List [FunctionName](#sam-function-functionname): String [FunctionScalingConfig](#sam-function-functionscalingconfig): FunctionScalingConfig [FunctionUrlConfig](#sam-function-functionurlconfig): FunctionUrlConfig [Handler](#sam-function-handler): String [ImageConfig](#sam-function-imageconfig): [ImageConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-imageconfig) [ImageUri](#sam-function-imageuri): String [InlineCode](#sam-function-inlinecode): String [KmsKeyArn](#sam-function-kmskeyarn): String [Layers](#sam-function-layers): List LoggingConfig: [LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html) [MemorySize](#sam-function-memorysize): Integer [PackageType](#sam-function-packagetype): String [PermissionsBoundary](#sam-function-permissionsboundary): String [Policies](#sam-function-policies): String | List | Map [PublishToLatestPublished](#sam-function-publishtolatestpublished): Boolean PropagateTags: Boolean [ProvisionedConcurrencyConfig](#sam-function-provisionedconcurrencyconfig): [ProvisionedConcurrencyConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-provisionedconcurrencyconfig) RecursiveLoop: String [ReservedConcurrentExecutions](#sam-function-reservedconcurrentexecutions): Integer [Role](#sam-function-role): String [RolePath](#sam-function-rolepath): String [Runtime](#sam-function-runtime): String RuntimeManagementConfig: [RuntimeManagementConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html) SnapStart: [SnapStart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html) [SourceKMSKeyArn](#sam-function-sourcekmskeyarn): String [Tags](#sam-function-tags): Map [TenancyConfig](#sam-function-tenancyconfig): TenancyConfig [Timeout](#sam-function-timeout): Integer [Tracing](#sam-function-tracing): String [VersionDescription](#sam-function-versiondescription): String [VersionDeletionPolicy](#sam-function-versiondeletionpolicy): String [VpcConfig](#sam-function-vpcconfig): [VpcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html) ``` ## Properties `Architectures` The instruction set architecture for the function. For more information about this property, see [Lambda instruction set architectures](https://docs.aws.amazon.com/lambda/latest/dg/foundation-arch.html) in the *AWS Lambda Developer Guide*. *Valid values*: One of `x86_64` or `arm64` *Type*: List *Required*: No *Default*: `x86_64` *CloudFormation compatibility*: This property is passed directly to the `[Architectures](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-architectures)` property of an `AWS::Lambda::Function` resource. `AssumeRolePolicyDocument` Adds an AssumeRolePolicyDocument for the default created `Role` for this function. If this property isn't specified, AWS SAM adds a default assume role for this function. *Type*: JSON *Required*: No *CloudFormation compatibility*: This property is similar to the `[AssumeRolePolicyDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument)` property of an `AWS::IAM::Role` resource. AWS SAM adds this property to the generated IAM role for this function. If a role's Amazon Resource Name (ARN) is provided for this function, this property does nothing. `AutoPublishAlias` The name of the Lambda alias. For more information about Lambda aliases, see [Lambda function aliases](https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html) in the *AWS Lambda Developer Guide*. For examples that use this property, see [Deploying serverless applications gradually with AWS SAM](automating-updates-to-serverless-apps.md). AWS SAM generates [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html) and [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html) resources when this property is set. For information about this scenario, see [AutoPublishAlias property is specified](sam-specification-generated-resources-function.md#sam-specification-generated-resources-function-autopublishalias). For general information about generated CloudFormation resources, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md). *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `AutoPublishAliasAllProperties` Specifies when a new [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html) is created. When `true`, a new Lambda version is created when any property in the Lambda function is modified. When `false`, a new Lambda version is created only when any of the following properties are modified: + `Environment`, `MemorySize`, or `SnapStart`. + Any change that results in an update to the `Code` property, such as `CodeDict`, `ImageUri`, or `InlineCode`. This property requires `AutoPublishAlias` to be defined. If `AutoPublishCodeSha256` is also specified, its behavior takes precedence over `AutoPublishAliasAllProperties: true`. *Type*: Boolean *Required*: No *Default value*: `false` *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `AutoPublishCodeSha256` When used, this string works with the `CodeUri` value to determine if a new Lambda version needs to be published. This property is often used to resolve the following deployment issue: A deployment package is stored in an Amazon S3 location and is replaced by a new deployment package with updated Lambda function code but the `CodeUri` property remains unchanged (as opposed to the new deployment package being uploaded to a new Amazon S3 location and the `CodeUri` being changed to the new location). This problem is marked by an AWS SAM template having the following characteristics: + The `DeploymentPreference` object is configured for gradual deployments (as described in [Deploying serverless applications gradually with AWS SAM](automating-updates-to-serverless-apps.md)) + The `AutoPublishAlias` property is set and doesn't change between deployments + The `CodeUri` property is set and doesn't change between deployments. In this scenario, updating `AutoPublishCodeSha256` results in a new Lambda version being created successfully. However, new function code deployed to Amazon S3 will not be recognized. To recognize new function code, consider using versioning in your Amazon S3 bucket. Specify the `Version` property for your Lambda function and configure your bucket to always use the latest deployment package. In this scenario, to trigger the gradual deployment successfully, you must provide a unique value for `AutoPublishCodeSha256`. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `CapacityProviderConfig` Configures the capacity provider to which published versions of the function will be attached. This enables the function to run on customer-owned EC2 instances managed by Lambda Managed Instances. *Type*: [CapacityProviderConfig](sam-property-function-capacityproviderconfig.md) *Required*: No *CloudFormation compatibility*: SAM flattens the property passed to the `[CapacityProviderConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-capacityproviderconfig)` property of an `AWS::Lambda::Function` resource and reconstructs the nested structure. `CodeSigningConfigArn` The ARN of the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html) resource, used to enable code signing for this function. For more information about code signing, see [Set up code signing for your AWS SAM application](authoring-codesigning.md). *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[CodeSigningConfigArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-codesigningconfigarn)` property of an `AWS::Lambda::Function` resource. `CodeUri` The code for the function. Accepted values include: + The function's Amazon S3 URI. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`. + The local path to the function. For example, `hello_world/`. + A [FunctionCode](sam-property-function-functioncode.md) object. If you provide a function's Amazon S3 URI or [FunctionCode](sam-property-function-functioncode.md) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html). If you provide a local file path, use the AWS SAM CLI to upload the local file at deployment. To learn more, see [How AWS SAM uploads local files at deployment](deploy-upload-local-files.md). If you use intrinsic functions in `CodeUri` property, AWS SAM will not be able to correctly parse the values. Consider using [AWS::LanguageExtensions transform](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-languageextensions.html) instead. *Type*: [ String \$1 [FunctionCode](sam-property-function-functioncode.md) ] *Required*: Conditional. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required. *CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource. The nested Amazon S3 properties are named differently. `DeadLetterQueue` Configures an Amazon Simple Notification Service (Amazon SNS) topic or Amazon Simple Queue Service (Amazon SQS) queue where Lambda sends events that it can't process. For more information about dead-letter queue functionality, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-dlq) in the *AWS Lambda Developer Guide*. If your Lambda function's event source is an Amazon SQS queue, configure a dead-letter queue for the source queue, not for the Lambda function. The dead-letter queue that you configure for a function is used for the function's [asynchronous invocation queue](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html), not for event source queues. *Type*: Map \$1 [DeadLetterQueue](sam-property-function-deadletterqueue.md) *Required*: No *CloudFormation compatibility*: This property is similar to the `[DeadLetterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-deadletterconfig.html)` property of an `AWS::Lambda::Function` resource. In CloudFormation the type is derived from the `TargetArn`, whereas in AWS SAM you must pass the type along with the `TargetArn`. `DeploymentPreference` The settings to enable gradual Lambda deployments. If a `DeploymentPreference` object is specified, AWS SAM creates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-application.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-application.html) called `ServerlessDeploymentApplication` (one per stack), an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-deploymentgroup.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-deploymentgroup.html) called `DeploymentGroup`, and an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html) called `CodeDeployServiceRole`. *Type*: [DeploymentPreference](sam-property-function-deploymentpreference.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. *See also*: For more information about this property, see [Deploying serverless applications gradually with AWS SAM](automating-updates-to-serverless-apps.md). `Description` A description of the function. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-description)` property of an `AWS::Lambda::Function` resource. `DurableConfig` Configuration for durable functions. Enables stateful execution with automatic checkpointing and replay capabilities. *Type*: [DurableConfig](sam-property-function-durableconfig.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Environment` The configuration for the runtime environment. *Type*: [Environment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Environment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html)` property of an `AWS::Lambda::Function` resource. `EphemeralStorage` An object that specifies the disk space, in MB, available to your Lambda function in `/tmp`. For more information about this property, see [Lambda execution environment](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html) in the *AWS Lambda Developer Guide*. *Type*: [EphemeralStorage](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-ephemeralstorage) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[EphemeralStorage](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-ephemeralstorage)` property of an `AWS::Lambda::Function` resource. `EventInvokeConfig` The object that describes event invoke configuration on a Lambda function. *Type*: [EventInvokeConfiguration](sam-property-function-eventinvokeconfiguration.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Events` Specifies the events that trigger this function. Events consist of a type and a set of properties that depend on the type. *Type*: [EventSource](sam-property-function-eventsource.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `FileSystemConfigs` List of [FileSystemConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-filesystemconfig.html) objects that specify the connection settings for an Amazon Elastic File System (Amazon EFS) file system or an Amazon S3 Files file system. You can attach either an Amazon EFS access point or an S3 Files access point, but not both. Each `FileSystemConfig` object contains an `Arn` (the access point ARN) and a `LocalMountPath` (the path where the file system is mounted in the function). For Amazon EFS, the ARN is an Amazon EFS access point ARN. For S3 Files, the ARN is an `AWS::S3Files::AccessPoint` ARN. If your template contains an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html) resource, you must also specify a `DependsOn` resource attribute to ensure that the mount target is created or updated before the function. Similarly, if your template contains an `AWS::S3Files::MountTarget` resource, you must specify a `DependsOn` attribute for the S3 Files mount target. *Type*: List *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FileSystemConfigs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-filesystemconfigs)` property of an `AWS::Lambda::Function` resource. `FunctionName` A name for the function. If you don't specify a name, a unique name is generated for you. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FunctionName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionname)` property of an `AWS::Lambda::Function` resource. `FunctionScalingConfig` Configures the scaling behavior for Lambda functions running on capacity providers. Defines the minimum and maximum number of execution environments. *Type*: [FunctionScalingConfig](sam-property-function-functionscalingconfig.md) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FunctionScalingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionscalingconfig)` property of an `AWS::Lambda::Function` resource. `FunctionUrlConfig` The object that describes a function URL. A function URL is an HTTPS endpoint that you can use to invoke your function. For more information, see [Function URLs](https://docs.aws.amazon.com/lambda/latest/dg/lambda-urls.html) in the *AWS Lambda Developer Guide*. *Type*: [FunctionUrlConfig](sam-property-function-functionurlconfig.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Handler` The function within your code that is called to begin execution. This property is only required if the `PackageType` property is set to `Zip`. *Type*: String *Required*: Conditional *CloudFormation compatibility*: This property is passed directly to the `[Handler](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-handler)` property of an `AWS::Lambda::Function` resource. `ImageConfig` The object used to configure Lambda container image settings. For more information, see [Using container images with Lambda](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) in the *AWS Lambda Developer Guide*. *Type*: [ImageConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-imageconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ImageConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-imageconfig)` property of an `AWS::Lambda::Function` resource. `ImageUri` The URI of the Amazon Elastic Container Registry (Amazon ECR) repository for the Lambda function's container image. This property only applies if the `PackageType` property is set to `Image`, otherwise it is ignored. For more information, see [Using container images with Lambda](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) in the *AWS Lambda Developer Guide*. If the `PackageType` property is set to `Image`, then either `ImageUri` is required, or you must build your application with necessary `Metadata` entries in the AWS SAM template file. For more information, see [Default build with AWS SAM](serverless-sam-cli-using-build.md). Building your application with necessary `Metadata` entries takes precedence over `ImageUri`, so if you specify both then `ImageUri` is ignored. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ImageUri](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-imageuri)` property of the `AWS::Lambda::Function` `Code` data type. `InlineCode` The Lambda function code that is written directly in the template. This property only applies if the `PackageType` property is set to `Zip`, otherwise it is ignored. If the `PackageType` property is set to `Zip` (default), then one of `CodeUri` or `InlineCode` is required. *Type*: String *Required*: Conditional *CloudFormation compatibility*: This property is passed directly to the `[ZipFile](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile)` property of the `AWS::Lambda::Function` `Code` data type. `KmsKeyArn` The ARN of an AWS Key Management Service (AWS KMS) key that Lambda uses to encrypt and decrypt your function's environment variables. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-kmskeyarn)` property of an `AWS::Lambda::Function` resource. `Layers` The list of `LayerVersion` ARNs that this function should use. The order specified here is the order in which they will be imported when running the Lambda function. The version is either a full ARN including the version or a reference to a LayerVersion resource. For example, a reference to a `LayerVersion` will be `!Ref MyLayer` while a full ARN including the version will be `arn:aws:lambda:region:account-id:layer:layer-name:version`. *Type*: List *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Layers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-layers)` property of an `AWS::Lambda::Function` resource. `LoggingConfig` The function's Amazon CloudWatch Logs configuration settings. *Type*: [LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-loggingconfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-loggingconfig) property of an `AWS::Lambda::Function` resource. `MemorySize` The size of the memory in MB allocated per invocation of the function. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MemorySize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-memorysize)` property of an `AWS::Lambda::Function` resource. `PackageType` The deployment package type of the Lambda function. For more information, see [Lambda deployment packages](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) in the *AWS Lambda Developer Guide*. **Notes**: 1. If this property is set to `Zip` (default), then either `CodeUri` or `InlineCode` applies, and `ImageUri` is ignored. 2. If this property is set to `Image`, then only `ImageUri` applies, and both `CodeUri` and `InlineCode` are ignored. The Amazon ECR repository required to store the function's container image can be auto created by the AWS SAM CLI. For more information, see [sam deploy](sam-cli-command-reference-sam-deploy.md). *Valid values*: `Zip` or `Image` *Type*: String *Required*: No *Default*: `Zip` *CloudFormation compatibility*: This property is passed directly to the `[PackageType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-packagetype)` property of an `AWS::Lambda::Function` resource. `PermissionsBoundary` The ARN of a permissions boundary to use for this function's execution role. This property works only if the role is generated for you. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[PermissionsBoundary](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary)` property of an `AWS::IAM::Role` resource. `Policies` Permission policies for this function. Policies will be appended to the function's default AWS Identity and Access Management (IAM) execution role. This property accepts a single value or list of values. Allowed values include: + [AWS SAM policy templates](serverless-policy-templates.md). + The ARN of an [AWS managed policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies) or [ customer managed policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#customer-managed-policies). + The name of an AWS managed policy from the following [ list](https://github.com/aws/serverless-application-model/blob/develop/samtranslator/internal/data/aws_managed_policies.json). + An [ inline IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#inline-policies) formatted in YAML as a map. If you set the `Role` property, this property is ignored. *Type*: String \$1 List \$1 Map *Required*: No *CloudFormation compatibility*: This property is similar to the `[Policies](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies)` property of an `AWS::IAM::Role` resource. `PublishToLatestPublished` Specifies whether to publish the latest function version when the function is updated. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[PublishToLatestPublished](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-publishtolatestpublished)` property of an `AWS::Lambda::Function` resource. `PropagateTags` Indicate whether or not to pass tags from the `Tags` property to your [AWS::Serverless::Function](sam-specification-generated-resources-function.md) generated resources. Specify `True` to propagate tags in your generated resources. *Type*: Boolean *Required*: No *Default*: `False` *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `ProvisionedConcurrencyConfig` The provisioned concurrency configuration of a function's alias. `ProvisionedConcurrencyConfig` can be specified only if the `AutoPublishAlias` is set. Otherwise, an error results. *Type*: [ProvisionedConcurrencyConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-provisionedconcurrencyconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ProvisionedConcurrencyConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-provisionedconcurrencyconfig)` property of an `AWS::Lambda::Alias` resource. `RecursiveLoop` The status of your function's recursive loop detection configuration. When this value is set to `Allow` and Lambda detects your function being invoked as part of a recursive loop, it doesn't take any action. When this value is set to `Terminate` and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[RecursiveLoop](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-recursiveloop)` property of the `AWS::Lambda::Function` resource. `ReservedConcurrentExecutions` The maximum number of concurrent executions that you want to reserve for the function. For more information about this property, see [Lambda Function Scaling](https://docs.aws.amazon.com/lambda/latest/dg/scaling.html) in the *AWS Lambda Developer Guide*. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ReservedConcurrentExecutions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-reservedconcurrentexecutions)` property of an `AWS::Lambda::Function` resource. `Role` The ARN of an IAM role to use as this function's execution role. *Type*: String *Required*: No *CloudFormation compatibility*: This property is similar to the `[Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-role)` property of an `AWS::Lambda::Function` resource. This is required in CloudFormation but not in AWS SAM. If a role isn't specified, one is created for you with a logical ID of `Role`. `RolePath` The path to the function's IAM execution role. Use this property when the role is generated for you. Do not use when the role is specified with the `Role` property. *Type*: String *Required*: Conditional *CloudFormation compatibility*: This property is passed directly to the `[Path](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path)` property of an `AWS::IAM::Role` resource. `Runtime` The identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). This property is only required if the `PackageType` property is set to `Zip`. If you specify the `provided` identifier for this property, you can use the `Metadata` resource attribute to instruct AWS SAM to build the custom runtime that this function requires. For more information about building custom runtimes, see [Building Lambda functions with custom runtimes in AWS SAM](building-custom-runtimes.md). *Type*: String *Required*: Conditional *CloudFormation compatibility*: This property is passed directly to the `[Runtime](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-runtime)` property of an `AWS::Lambda::Function` resource. `RuntimeManagementConfig` Configure runtime management options for your Lambda functions such as runtime environment updates, rollback behavior, and selecting a specific runtime version. To learn more, see [Lambda runtime updates](https://docs.aws.amazon.com//lambda/latest/dg/runtimes-update.html) in the *AWS Lambda Developer Guide*. *Type*: [RuntimeManagementConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ RuntimeManagementConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html)` property of an `AWS::Lambda::Function` resource. `SnapStart` Create a snapshot of any new Lambda function version. A snapshot is a cached state of your initialized function, including all of its dependencies. The function is initialized just once and the cached state is reused for all future invocations, improving application performance by reducing the number of times your function must be initialized. To learn more, see [Improving startup performance with Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) in the *AWS Lambda Developer Guide*. *Type*: [SnapStart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[SnapStart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html)` property of an `AWS::Lambda::Function` resource. `SourceKMSKeyArn` Represents a KMS key ARN that is used to encrypt the customer's ZIP function code. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[SourceKMSKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-sourcekmskeyarn)` property of an `AWS::Lambda::Function` `Code` data type. `Tags` A map (string to string) that specifies the tags added to this function. For details about valid keys and values for tags, see [Tag Key and Value Requirements](https://docs.aws.amazon.com/lambda/latest/dg/configuration-tags.html#configuration-tags-restrictions) in the *AWS Lambda Developer Guide*. When the stack is created, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function. *Type*: Map *Required*: No *CloudFormation compatibility*: This property is similar to the `[Tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tags)` property of an `AWS::Lambda::Function` resource. The `Tags` property in AWS SAM consists of key-value pairs (whereas in CloudFormation this property consists of a list of `Tag` objects). Also, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function. `TenancyConfig` Configuration for Lambda tenant isolation mode. Ensures execution environments are never shared between different tenant IDs, providing compute-level isolation for multi-tenant applications. *Type*: [TenancyConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-tenancyconfig.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[TenancyConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tenancyconfig)` property of an `AWS::Lambda::Function` resource. `Timeout` The maximum time in seconds that the function can run before it is stopped. *Type*: Integer *Required*: No *Default*: 3 *CloudFormation compatibility*: This property is passed directly to the `[Timeout](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-timeout)` property of an `AWS::Lambda::Function` resource. `Tracing` The string that specifies the function's X-Ray tracing mode. + `Active` – Activates X-Ray tracing for the function. + `Disabled` – Deactivates X-Ray for the function. + `PassThrough` – Activates X-Ray tracing for the function. Sampling decision is delegated to the downstream services. If specified as `Active` or `PassThrough` and the `Role` property is not set, AWS SAM adds the `arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess` policy to the Lambda execution role that it creates for you. For more information about X-Ray, see [Using AWS Lambda with AWS X-Ray](https://docs.aws.amazon.com/lambda/latest/dg/lambda-x-ray.html) in the *AWS Lambda Developer Guide*. *Valid values*: [`Active`\$1`Disabled`\$1`PassThrough`] *Type*: String *Required*: No *CloudFormation compatibility*: This property is similar to the `[TracingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tracingconfig)` property of an `AWS::Lambda::Function` resource. `VersionDescription` Specifies the `Description` field that is added on the new Lambda version resource. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html#cfn-lambda-version-description)` property of an `AWS::Lambda::Version` resource. `VersionDeletionPolicy` Specifies the deletion policy for the Lambda version resource that is created when `AutoPublishAlias` is set. This controls whether the version resource is retained or deleted when the stack is deleted. *Valid values*: `Delete`, `Retain`, or `Snapshot` *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. It sets the `DeletionPolicy` attribute on the generated `AWS::Lambda::Version` resource. `VpcConfig` The configuration that enables this function to access private resources within your virtual private cloud (VPC). *Type*: [VpcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[VpcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html)` property of an `AWS::Lambda::Function` resource. ## Return Values ### Ref When the logical ID of this resource is provided to the `Ref` intrinsic function, it returns the resource name of the underlying Lambda function. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) in the *AWS CloudFormation User Guide*. ### Fn::GetAtt `Fn::GetAtt` returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using `Fn::GetAtt`, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) in the *AWS CloudFormation User Guide*. `Arn` The ARN of the underlying Lambda function. ## Examples ### Simple function The following is a basic example of an [AWS::Serverless::Function](#sam-resource-function) resource of package type `Zip` (default) and function code in an Amazon S3 bucket. #### YAML ``` Type: AWS::Serverless::Function Properties: Handler: index.handler Runtime: python3.9 CodeUri: s3://bucket-name/key-name ``` ### Function properties example The following is an example of an [AWS::Serverless::Function](#sam-resource-function) of package type `Zip` (default) that uses `InlineCode`, `Layers`, `Tracing`, `Policies`, `Amazon EFS` file system, and an `Api` event source. #### YAML ``` Type: AWS::Serverless::Function DependsOn: MyMountTarget # This is needed if an AWS::EFS::MountTarget resource is declared for EFS Properties: Handler: index.handler Runtime: python3.9 InlineCode: | def handler(event, context): print("Hello, world!") ReservedConcurrentExecutions: 30 Layers: - Ref: MyLayer Tracing: Active Timeout: 120 FileSystemConfigs: - Arn: !Ref MyEfsFileSystem LocalMountPath: /mnt/EFS Policies: - AWSLambdaExecute - Version: '2012-10-17 ' Statement: - Effect: Allow Action: - s3:GetObject - s3:GetObjectACL Resource: 'arn:aws:s3:::sam-s3-demo-bucket/*' Events: ApiEvent: Type: Api Properties: Path: /path Method: get ``` ### ImageConfig example The following is an example of an `ImageConfig` for a Lambda function of package type `Image`. #### YAML ``` HelloWorldFunction: Type: AWS::Serverless::Function Properties: PackageType: Image ImageUri: account-id.dkr.ecr.region.amazonaws.com/ecr-repo-name:image-name ImageConfig: Command: - "app.lambda_handler" EntryPoint: - "entrypoint1" WorkingDirectory: "workDir" ``` ### RuntimeManagementConfig examples A Lambda function configured to update its runtime environment according to current behavior: ``` TestFunction Type: AWS::Serverless::Function Properties: ... Runtime: python3.9 RuntimeManagementConfig: UpdateRuntimeOn: Auto ``` A Lambda function configured to update its runtime environment when the function is updated: ``` TestFunction Type: AWS::Serverless::Function Properties: ... Runtime: python3.9 RuntimeManagementConfig: UpdateRuntimeOn: FunctionUpdate ``` A Lambda function configured to update its runtime environment manually: ``` TestFunction Type: AWS::Serverless::Function Properties: ... Runtime: python3.9 RuntimeManagementConfig: RuntimeVersionArn: arn:aws:lambda:us-east-1::runtime:4c459dd0104ee29ec65dcad056c0b3ddbe20d6db76b265ade7eda9a066859b1e UpdateRuntimeOn: Manual ``` ### SnapStart examples Example of a Lambda function with SnapStart turned on for future versions: ``` TestFunc Type: AWS::Serverless::Function Properties: ... SnapStart: ApplyOn: PublishedVersions ``` ### TenancyConfig examples Example of a Lambda function with tenant isolation mode turned on: ``` TestFunction Type: AWS::Serverless::Function Properties: ... TenancyConfig: TenantIsolationMode: PER_TENANT ``` ### S3 Files file system example The following example creates a Lambda function that mounts an Amazon S3 Files file system. The template creates an S3 bucket, an S3 Files file system backed by that bucket, a mount target in a VPC subnet, and an access point. The function mounts the access point at `/mnt/s3files` and can read and write files that sync to the S3 bucket. **Note** You can attach either an Amazon EFS file system or an S3 Files file system to a Lambda function, but not both at the same time. #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: Lambda function with S3 Files file system Resources: # VPC and networking MyVpc: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsSupport: true EnableDnsHostnames: true MySubnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref MyVpc CidrBlock: 10.0.1.0/24 AvailabilityZone: !Select [0, !GetAZs ''] MySecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Security group for Lambda and S3 Files VpcId: !Ref MyVpc SecurityGroupIngress: - IpProtocol: tcp FromPort: 2049 ToPort: 2049 CidrIp: 10.0.0.0/16 # S3 bucket for file storage MyS3Bucket: Type: AWS::S3::Bucket # IAM role for S3 Files to access the bucket S3FilesRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: elasticfilesystem.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: S3FilesBucketAccess PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - s3:GetObject - s3:PutObject - s3:DeleteObject - s3:ListBucket Resource: - !GetAtt MyS3Bucket.Arn - !Sub '${MyS3Bucket.Arn}/*' # S3 Files resources MyS3FilesFileSystem: Type: AWS::S3Files::FileSystem Properties: Bucket: !GetAtt MyS3Bucket.Arn RoleArn: !GetAtt S3FilesRole.Arn MyS3FilesMountTarget: Type: AWS::S3Files::MountTarget Properties: FileSystemId: !Ref MyS3FilesFileSystem SubnetId: !Ref MySubnet SecurityGroups: - !Ref MySecurityGroup MyS3FilesAccessPoint: Type: AWS::S3Files::AccessPoint Properties: FileSystemId: !Ref MyS3FilesFileSystem PosixUser: Uid: '1000' Gid: '1000' RootDirectory: Path: /lambda CreationInfo: OwnerUid: '1000' OwnerGid: '1000' Permissions: '750' # Lambda function with S3 Files mount MyFunction: Type: AWS::Serverless::Function DependsOn: MyS3FilesMountTarget Properties: Handler: index.handler Runtime: python3.12 Timeout: 120 VpcConfig: SecurityGroupIds: - !Ref MySecurityGroup SubnetIds: - !Ref MySubnet FileSystemConfigs: - Arn: !GetAtt MyS3FilesAccessPoint.AccessPointArn LocalMountPath: /mnt/s3files Policies: - Version: '2012-10-17' Statement: - Effect: Allow Action: - s3files:ClientMount - s3files:ClientWrite Resource: !GetAtt MyS3FilesAccessPoint.AccessPointArn InlineCode: | import os def handler(event, context): # Write a file to the S3 Files mount with open('/mnt/s3files/hello.txt', 'w') as f: f.write('Hello from Lambda!') # List files at the mount path files = os.listdir('/mnt/s3files') return {'files': files} ``` # DeadLetterQueue Specifies an SQS queue or SNS topic that AWS Lambda (Lambda) sends events to when it can't process them. For more information about dead letter queue functionality, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-dlq) in the *AWS Lambda Developer Guide*. SAM will automatically add appropriate permission to your Lambda function execution role to give Lambda service access to the resource. sqs:SendMessage will be added for SQS queues and sns:Publish for SNS topics. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [TargetArn](#sam-function-deadletterqueue-targetarn): String [Type](#sam-function-deadletterqueue-type): String ``` ## Properties `TargetArn` The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[TargetArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-deadletterconfig.html#cfn-lambda-function-deadletterconfig-targetarn)` property of the `AWS::Lambda::Function` `DeadLetterConfig` data type. `Type` The type of dead letter queue. *Valid values*: `SNS`, `SQS` *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### DeadLetterQueue Dead Letter Queue example for an SNS topic. #### YAML ``` DeadLetterQueue: Type: SNS TargetArn: arn:aws:sns:us-east-2:123456789012:my-topic ``` # DeploymentPreference Specifies the configurations to enable gradual Lambda deployments. For more information about configuring gradual Lambda deployments, see [Deploying serverless applications gradually with AWS SAM](automating-updates-to-serverless-apps.md). **Note** You must specify an `AutoPublishAlias` in your [AWS::Serverless::Function](sam-resource-function.md) to use a `DeploymentPreference` object, otherwise an error will result. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Alarms](#sam-function-deploymentpreference-alarms): List [Enabled](#sam-function-deploymentpreference-enabled): Boolean [Hooks](#sam-function-deploymentpreference-hooks): Hooks [PassthroughCondition](#sam-function-deploymentpreference-passthroughcondition): Boolean [Role](#sam-function-deploymentpreference-role): String [TriggerConfigurations](#sam-function-deploymentpreference-triggerconfigurations): List [Type](#sam-function-deploymentpreference-type): String ``` ## Properties `Alarms` A list of CloudWatch alarms that you want to be triggered by any errors raised by the deployment. This property accepts the `Fn::If` intrinsic function. See the Examples section at the bottom of this topic for an example template that uses `Fn::If`. *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Enabled` Whether this deployment preference is enabled. *Type*: Boolean *Required*: No *Default*: True *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Hooks` Validation Lambda functions that are run before and after traffic shifting. *Type*: [Hooks](sam-property-function-hooks.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `PassthroughCondition` If True, and if this deployment preference is enabled, the function's Condition will be passed through to the generated CodeDeploy resource. Generally, you should set this to True. Otherwise, the CodeDeploy resource would be created even if the function's Condition resolves to False. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Role` An IAM role ARN that CodeDeploy will use for traffic shifting. An IAM role will not be created if this is provided. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `TriggerConfigurations` A list of trigger configurations you want to associate with the deployment group. Used to notify an SNS topic on lifecycle events. *Type*: List *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[TriggerConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-deploymentgroup.html#cfn-codedeploy-deploymentgroup-triggerconfigurations)` property of an `AWS::CodeDeploy::DeploymentGroup` resource. `Type` There are two categories of deployment types at the moment: Linear and Canary. For more information about available deployment types see [Deploying serverless applications gradually with AWS SAM](automating-updates-to-serverless-apps.md). *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### DeploymentPreference with pre- and post-traffic hooks. Example deployment preference that contains pre- and post-traffic hooks. #### YAML ``` DeploymentPreference: Enabled: true Type: Canary10Percent10Minutes Alarms: - !Ref: AliasErrorMetricGreaterThanZeroAlarm - !Ref: LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: PreTraffic: !Ref: PreTrafficLambdaFunction PostTraffic: !Ref: PostTrafficLambdaFunction ``` ### DeploymentPreference with Fn::If intrinsic function Example deployment preference that uses `Fn::If` for configuring alarms. In this example, `Alarm1` will be configured if `MyCondition` is `true`, and `Alarm2` and `Alarm5` will be configured if `MyCondition` is `false`. #### YAML ``` DeploymentPreference: Enabled: true Type: Canary10Percent10Minutes Alarms: Fn::If: - MyCondition - - Alarm1 - - Alarm2 - Alarm5 ``` # Hooks Validation Lambda functions that are run before and after traffic shifting. **Note** The Lambda functions referenced in this property configure the `CodeDeployLambdaAliasUpdate` object of the resulting [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html) resource. For more information, see [CodeDeployLambdaAliasUpdate Policy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-codedeploylambdaaliasupdate) in the *AWS CloudFormation User Guide*. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [PostTraffic](#sam-function-hooks-posttraffic): String [PreTraffic](#sam-function-hooks-pretraffic): String ``` ## Properties `PostTraffic` Lambda function that is run after traffic shifting. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `PreTraffic` Lambda function that is run before traffic shifting. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### Hooks Example hook functions #### YAML ``` Hooks: PreTraffic: Ref: PreTrafficLambdaFunction PostTraffic: Ref: PostTrafficLambdaFunction ``` # DurableConfig Configures durable execution settings for AWS Lambda functions. Durable functions can run for up to one year and automatically checkpoint progress, enabling long-running workflows and fault-tolerant applications. For more information about durable functions, see [Lambda durable functions](https://docs.aws.amazon.com/lambda/latest/dg/durable-functions.html) in the *AWS Lambda Developer Guide*. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [ExecutionTimeout](#sam-function-durableconfig-executiontimeout): Integer [RetentionPeriodInDays](#sam-function-durableconfig-retentionperiodindays): Integer ``` ## Properties `ExecutionTimeout` The amount of time (in seconds) that Lambda allows a durable function to run before stopping it. The maximum is one 366-day year or 31,622,400 seconds. *Type*: Integer *Required*: Yes *Minimum*: 1 *Maximum*: 31622400 *CloudFormation compatibility*: This property is passed directly to the `[ExecutionTimeout](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-durableconfig.html#cfn-lambda-function-durableconfig-executiontimeout)` property of the `AWS::Lambda::Function` `DurableConfig` data type. `RetentionPeriodInDays` The number of days after a durable execution is closed that Lambda retains its history, from one to 90 days. The default is 14 days. *Type*: Integer *Required*: No *Default*: 14 *Minimum*: 1 *Maximum*: 90 *CloudFormation compatibility*: This property is passed directly to the `[RetentionPeriodInDays](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-durableconfig.html#cfn-lambda-function-durableconfig-retentionperiodindays)` property of the `AWS::Lambda::Function` `DurableConfig` data type. ## Examples ### DurableConfig Durable configuration example for a function with a 1-hour execution timeout and 7-day retention period. #### YAML ``` DurableConfig: ExecutionTimeout: 3600 RetentionPeriodInDays: 7 ``` # EventInvokeConfiguration Configuration options for [asynchronous](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html) Lambda Alias or Version invocations. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [DestinationConfig](#sam-function-eventinvokeconfiguration-destinationconfig): EventInvokeDestinationConfiguration [MaximumEventAgeInSeconds](#sam-function-eventinvokeconfiguration-maximumeventageinseconds): Integer [MaximumRetryAttempts](#sam-function-eventinvokeconfiguration-maximumretryattempts): Integer ``` ## Properties `DestinationConfig` A configuration object that specifies the destination of an event after Lambda processes it. *Type*: [EventInvokeDestinationConfiguration](sam-property-function-eventinvokedestinationconfiguration.md) *Required*: No *CloudFormation compatibility*: This property is similar to the `[DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-destinationconfig.html)` property of an `AWS::Lambda::EventInvokeConfig` resource. SAM requires an extra parameter, "Type", that does not exist in CloudFormation. `MaximumEventAgeInSeconds` The maximum age of a request that Lambda sends to a function for processing. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumEventAgeInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-maximumeventageinseconds)` property of an `AWS::Lambda::EventInvokeConfig` resource. `MaximumRetryAttempts` The maximum number of times to retry before the function returns an error. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumRetryAttempts](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-maximumretryattempts)` property of an `AWS::Lambda::EventInvokeConfig` resource. ## Examples ### MaximumEventAgeInSeconds MaximumEventAgeInSeconds example #### YAML ``` EventInvokeConfig: MaximumEventAgeInSeconds: 60 MaximumRetryAttempts: 2 DestinationConfig: OnSuccess: Type: SQS Destination: arn:aws:sqs:us-west-2:012345678901:my-queue OnFailure: Type: Lambda Destination: !GetAtt DestinationLambda.Arn ``` # EventInvokeDestinationConfiguration A configuration object that specifies the destination of an event after Lambda processes it. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [OnFailure](#sam-function-eventinvokedestinationconfiguration-onfailure): OnFailure [OnSuccess](#sam-function-eventinvokedestinationconfiguration-onsuccess): OnSuccess ``` ## Properties `OnFailure` A destination for events that failed processing. *Type*: [OnFailure](sam-property-function-onfailure.md) *Required*: No *CloudFormation compatibility*: This property is similar to the `[OnFailure](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-onfailure.html)` property of an `AWS::Lambda::EventInvokeConfig` resource. Requires `Type`, an additional SAM-only property. `OnSuccess` A destination for events that were processed successfully. *Type*: [OnSuccess](sam-property-function-onsuccess.md) *Required*: No *CloudFormation compatibility*: This property is similar to the `[OnSuccess](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-onsuccess)` property of an `AWS::Lambda::EventInvokeConfig` resource. Requires `Type`, an additional SAM-only property. ## Examples ### OnSuccess OnSuccess example #### YAML ``` EventInvokeConfig: DestinationConfig: OnSuccess: Type: SQS Destination: arn:aws:sqs:us-west-2:012345678901:my-queue OnFailure: Type: Lambda Destination: !GetAtt DestinationLambda.Arn ``` # OnFailure A destination for events that failed processing. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Destination](#sam-function-onfailure-destination): String [Type](#sam-function-onfailure-type): String ``` ## Properties `Destination` The Amazon Resource Name (ARN) of the destination resource. *Type*: String *Required*: Conditional *CloudFormation compatibility*: This property is similar to the `[OnFailure](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-onfailure.html)` property of an `AWS::Lambda::EventInvokeConfig` resource. SAM will add any necessary permissions to the auto-generated IAM Role associated with this function to access the resource referenced in this property. *Additional notes*: If the type is Lambda/EventBridge, Destination is required. `Type` Type of the resource referenced in the destination. Supported types are `SQS`, `SNS`, `S3`, `Lambda`, and `EventBridge`. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. *Additional notes*: If the type is SQS/SNS and the `Destination` property is left blank, then the SQS/SNS resource is auto generated by SAM. To reference the resource, use `.DestinationQueue` for SQS or `.DestinationTopic` for SNS. If the type is Lambda/EventBridge, `Destination` is required. ## Examples ### EventInvoke Configuration Example with SQS and Lambda destinations In this example no Destination is given for the SQS OnSuccess configuration, so SAM implicitly creates a SQS queue and adds any necessary permissions. Also for this example, a Destination for a Lambda resource declared in the template file is specified in the OnFailure configuration, so SAM adds the necessary permissions to this Lambda function to call the destination Lambda function. #### YAML ``` EventInvokeConfig: DestinationConfig: OnSuccess: Type: SQS OnFailure: Type: Lambda Destination: !GetAtt DestinationLambda.Arn # Arn of a Lambda function declared in the template file. ``` ### EventInvoke Configuration Example with SNS destination In this example a Destination is given for an SNS topic declared in the template file for the OnSuccess configuration. #### YAML ``` EventInvokeConfig: DestinationConfig: OnSuccess: Type: SNS Destination: Ref: DestinationSNS # Arn of an SNS topic declared in the tempate file ``` # OnSuccess A destination for events that were processed successfully. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Destination](#sam-function-onsuccess-destination): String [Type](#sam-function-onsuccess-type): String ``` ## Properties `Destination` The Amazon Resource Name (ARN) of the destination resource. *Type*: String *Required*: Conditional *CloudFormation compatibility*: This property is similar to the `[OnSuccess](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-onsuccess)` property of an `AWS::Lambda::EventInvokeConfig` resource. SAM will add any necessary permissions to the auto-generated IAM Role associated with this function to access the resource referenced in this property. *Additional notes*: If the type is Lambda/EventBridge, Destination is required. `Type` Type of the resource referenced in the destination. Supported types are `SQS`, `SNS`, `S3`, `Lambda`, and `EventBridge`. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. *Additional notes*: If the type is SQS/SNS and the `Destination` property is left blank, then the SQS/SNS resource is auto generated by SAM. To reference the resource, use `.DestinationQueue` for SQS or `.DestinationTopic` for SNS. If the type is Lambda/EventBridge, `Destination` is required. ## Examples ### EventInvoke Configuration Example with SQS and Lambda destinations In this example no Destination is given for the SQS OnSuccess configuration, so SAM implicitly creates a SQS queue and adds any necessary permissions. Also for this example, a Destination for a Lambda resource declared in the template file is specified in the OnFailure configuration, so SAM adds the necessary permissions to this Lambda function to call the destination Lambda function. #### YAML ``` EventInvokeConfig: DestinationConfig: OnSuccess: Type: SQS OnFailure: Type: Lambda Destination: !GetAtt DestinationLambda.Arn # Arn of a Lambda function declared in the template file. ``` ### EventInvoke Configuration Example with SNS destination In this example a Destination is given for an SNS topic declared in the template file for the OnSuccess configuration. #### YAML ``` EventInvokeConfig: DestinationConfig: OnSuccess: Type: SNS Destination: Ref: DestinationSNS # Arn of an SNS topic declared in the tempate file ``` # EventSource The object describing the source of events which trigger the function. Each event consists of a type and a set of properties that depend on that type. For more information about the properties of each event source, see the topic corresponding to that type. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Properties](#sam-function-eventsource-properties): AlexaSkill | Api | CloudWatchEvent | CloudWatchLogs | Cognito | DocumentDB | DynamoDB | EventBridgeRule | HttpApi | IoTRule | Kinesis | MQ | MSK | S3 | Schedule | ScheduleV2 | SelfManagedKafka | SNS | SQS [Type](#sam-function-eventsource-type): String ``` ## Properties `Properties` Object describing properties of this event mapping. The set of properties must conform to the defined Type. *Type*: [AlexaSkill](sam-property-function-alexaskill.md) \$1 [Api](sam-property-function-api.md) \$1 [CloudWatchEvent](sam-property-function-cloudwatchevent.md) \$1 [CloudWatchLogs](sam-property-function-cloudwatchlogs.md) \$1 [Cognito](sam-property-function-cognito.md) \$1 [DocumentDB](sam-property-function-documentdb.md) \$1 [DynamoDB](sam-property-function-dynamodb.md) \$1 [EventBridgeRule](sam-property-function-eventbridgerule.md) \$1 [HttpApi](sam-property-function-httpapi.md) \$1 [IoTRule](sam-property-function-iotrule.md) \$1 [Kinesis](sam-property-function-kinesis.md) \$1 [MQ](sam-property-function-mq.md) \$1 [MSK](sam-property-function-msk.md) \$1 [S3](sam-property-function-s3.md) \$1 [Schedule](sam-property-function-schedule.md) \$1 [ScheduleV2](sam-property-function-schedulev2.md) \$1 [SelfManagedKafka](sam-property-function-selfmanagedkafka.md) \$1 [SNS](sam-property-function-sns.md) \$1 [SQS](sam-property-function-sqs.md) *Required*: Yes *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Type` The event type. *Valid values*: `AlexaSkill`, `Api`, `CloudWatchEvent`, `CloudWatchLogs`, `Cognito`, `DocumentDB`, `DynamoDB`, `EventBridgeRule`, `HttpApi`, `IoTRule`, `Kinesis`, `MQ`, `MSK`, `S3`, `Schedule`, `ScheduleV2`, `SelfManagedKafka`, `SNS`, `SQS` *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### APIEvent Example of using an API event #### YAML ``` ApiEvent: Type: Api Properties: Method: get Path: /group/{user} RestApiId: Ref: MyApi ``` # AlexaSkill The object describing an `AlexaSkill` event source type. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [SkillId](#sam-function-alexaskill-skillid): String ``` ## Properties `SkillId` The Alexa Skill ID for your Alexa Skill. For more information about Skill ID see [Configure the trigger for a Lambda function](https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-an-aws-lambda-function.html#configuring-the-alexa-skills-kit-trigger) in the Alexa Skills Kit documentation. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### AlexaSkillTrigger Alexa Skill Event Example #### YAML ``` AlexaSkillEvent: Type: AlexaSkill ``` # Api The object describing an `Api` event source type. If an [AWS::Serverless::Api](sam-resource-api.md) resource is defined, the path and method values must correspond to an operation in the OpenAPI definition of the API. If no [AWS::Serverless::Api](sam-resource-api.md) is defined, the function input and output are a representation of the HTTP request and HTTP response. For example, using the JavaScript API, the status code and body of the response can be controlled by returning an object with the keys statusCode and body. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Auth](#sam-function-api-auth): ApiFunctionAuth [Method](#sam-function-api-method): String [Path](#sam-function-api-path): String [RequestModel](#sam-function-api-requestmodel): RequestModel [RequestParameters](#sam-function-api-requestparameters): List of [ String | RequestParameter ] [RestApiId](#sam-function-api-restapiid): String [ResponseTransferMode](#sam-function-api-responsetransfermode): String TimeoutInMillis: Integer ``` ## Properties `Auth` Auth configuration for this specific Api\$1Path\$1Method. Useful for overriding the API's `DefaultAuthorizer` setting auth config on an individual path when no `DefaultAuthorizer` is specified or overriding the default `ApiKeyRequired` setting. *Type*: [ApiFunctionAuth](sam-property-function-apifunctionauth.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Method` HTTP method for which this function is invoked. Options include `DELETE`, `GET`, `HEAD`, `OPTIONS`, `PATCH`, `POST`, `PUT`, and `ANY`. Refer to [Set up an HTTP method](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-settings-method-request.html#setup-method-add-http-method) in the *API Gateway Developer Guide* for details. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Path` Uri path for which this function is invoked. Must start with `/`. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `RequestModel` Request model to use for this specific Api\$1Path\$1Method. This should reference the name of a model specified in the `Models` section of an [AWS::Serverless::Api](sam-resource-api.md) resource. *Type*: [RequestModel](sam-property-function-requestmodel.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `RequestParameters` Request parameters configuration for this specific Api\$1Path\$1Method. All parameter names must start with `method.request` and must be limited to `method.request.header`, `method.request.querystring`, or `method.request.path`. A list can contain both parameter name strings and [RequestParameter](sam-property-function-requestparameter.md) objects. For strings, the `Required` and `Caching` properties will default to `false`. *Type*: List of [ String \$1 [RequestParameter](sam-property-function-requestparameter.md) ] *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `RestApiId` Identifier of a RestApi resource, which must contain an operation with the given path and method. Typically, this is set to reference an [AWS::Serverless::Api](sam-resource-api.md) resource defined in this template. If you don't define this property, AWS SAM creates a default [AWS::Serverless::Api](sam-resource-api.md) resource using a generated `OpenApi` document. That resource contains a union of all paths and methods defined by `Api` events in the same template that do not specify a `RestApiId`. This cannot reference an [AWS::Serverless::Api](sam-resource-api.md) resource defined in another template. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `ResponseTransferMode` The response transfer mode for the Lambda function integration. Set to `RESPONSE_STREAM` to enable Lambda response streaming through API Gateway, allowing the function to stream responses back to clients. When set to `RESPONSE_STREAM`, API Gateway uses the Lambda InvokeWithResponseStreaming API. *Type*: String *Required*: No *Valid values*: `BUFFERED` \$1 `RESPONSE_STREAM` *CloudFormation compatibility*: This property is passed directly to the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-method-integration.html#cfn-apigateway-method-integration-responsetransfermode](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-method-integration.html#cfn-apigateway-method-integration-responsetransfermode) property of an `AWS::ApiGateway::Method Integration`. `TimeoutInMillis` Custom timeout between 50 and 29,000 milliseconds. When you specify this property, AWS SAM modifies your OpenAPI definition. The OpenAPI definition must be specified inline using the `DefinitionBody` property. *Type*: Integer *Required*: No *Default*: 29,000 milliseconds or 29 seconds *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### Basic example #### YAML ``` Events: ApiEvent: Type: Api Properties: Path: /path Method: get RequestParameters: - method.request.header.Authorization - method.request.querystring.keyword: Required: true Caching: false ``` # ApiFunctionAuth Configures authorization at the event level, for a specific API, path, and method. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [ApiKeyRequired](#sam-function-apifunctionauth-apikeyrequired): Boolean [AuthorizationScopes](#sam-function-apifunctionauth-authorizationscopes): List [Authorizer](#sam-function-apifunctionauth-authorizer): String [InvokeRole](#sam-function-apifunctionauth-invokerole): String OverrideApiAuth: Boolean [ResourcePolicy](#sam-function-apifunctionauth-resourcepolicy): ResourcePolicyStatement ``` ## Properties `ApiKeyRequired` Requires an API key for this API, path, and method. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `AuthorizationScopes` The authorization scopes to apply to this API, path, and method. The scopes that you specify will override any scopes applied by the `DefaultAuthorizer` property if you have specified it. *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Authorizer` The `Authorizer` for a specific function. If you have a global authorizer specified for your `AWS::Serverless::Api` resource, you can override the authorizer by setting `Authorizer` to `NONE`. For an example, see [Override a global authorizer for your Amazon API Gateway REST API](#sam-property-function-apifunctionauth--examples--override). If you use the `DefinitionBody` property of an `AWS::Serverless::Api` resource to describe your API, you must use `OverrideApiAuth` with `Authorizer` to override your global authorizer. See `OverrideApiAuth` for more information. *Valid values*: `AWS_IAM`, `NONE`, or the logical ID for any authorizer defined in your AWS SAM template. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `InvokeRole` Specifies the `InvokeRole` to use for `AWS_IAM` authorization. *Type*: String *Required*: No *Default*: `CALLER_CREDENTIALS` *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. *Additional notes*: `CALLER_CREDENTIALS` maps to `arn:aws:iam:::/`, which uses the caller credentials to invoke the endpoint. `OverrideApiAuth` Specify as `true` to override the global authorizer configuration of your `AWS::Serverless::Api` resource. This property is only required if you specify a global authorizer and use the `DefinitionBody` property of an `AWS::Serverless::Api` resource to describe your API. When you specify `OverrideApiAuth` as `true`, AWS SAM will override your global authorizer with any values provided for `ApiKeyRequired`, `Authorizer`, or `ResourcePolicy`. Therefore, at least one of these properties must also be specified when using `OverrideApiAuth`. For an example, see [Override a global authorizer when DefinitionBody for AWS::Serverless::Api is specified](#sam-property-function-apifunctionauth--examples--override2). *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `ResourcePolicy` Configure Resource Policy for this path on an API. *Type*: [ResourcePolicyStatement](sam-property-function-resourcepolicystatement.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### Function-Auth The following example specifies authorization at the function level. #### YAML ``` Auth: ApiKeyRequired: true Authorizer: NONE ``` ### Override a global authorizer for your Amazon API Gateway REST API You can specify a global authorizer for your `AWS::Serverless::Api` resource. The following is an example that configures a global default authorizer: ``` AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 ... Resources: MyApiWithLambdaRequestAuth: Type: AWS::Serverless::Api Properties: ... Auth: Authorizers: MyLambdaRequestAuth: FunctionArn: !GetAtt MyAuthFn.Arn DefaultAuthorizer: MyLambdaRequestAuth ``` To override the default authorizer for your AWS Lambda function, you can specify `Authorizer` as `NONE`. The following is an example: ``` AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 ... Resources: ... MyFn: Type: AWS::Serverless::Function Properties: ... Events: LambdaRequest: Type: Api Properties: RestApiId: !Ref MyApiWithLambdaRequestAuth Method: GET Auth: Authorizer: NONE ``` ### Override a global authorizer when DefinitionBody for AWS::Serverless::Api is specified When using the `DefinitionBody` property to describe your `AWS::Serverless::Api` resource, the previous override method does not work. The following is an example of using the `DefinitionBody` property for an `AWS::Serverless::Api` resource: ``` AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 ... Resources: MyApiWithLambdaRequestAuth: Type: AWS::Serverless::Api Properties: ... DefinitionBody: swagger: 2.0 ... paths: /lambda-request: ... Auth: Authorizers: MyLambdaRequestAuth: FunctionArn: !GetAtt MyAuthFn.Arn DefaultAuthorizer: MyLambdaRequestAuth ``` To override the global authorizer, use the `OverrideApiAuth` property. The following is an example that uses `OverrideApiAuth` to override the global authorizer with the value provided for `Authorizer`: ``` AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 ... Resources: MyApiWithLambdaRequestAuth: Type: AWS::Serverless::Api Properties: ... DefinitionBody: swagger: 2-0 ... paths: /lambda-request: ... Auth: Authorizers: MyLambdaRequestAuth: FunctionArn: !GetAtt MyAuthFn.Arn DefaultAuthorizer: MyLambdaRequestAuth MyAuthFn: Type: AWS::Serverless::Function ... MyFn: Type: AWS::Serverless::Function Properties: ... Events: LambdaRequest: Type: Api Properties: RestApiId: !Ref MyApiWithLambdaRequestAuth Method: GET Auth: Authorizer: NONE OverrideApiAuth: true Path: /lambda-token ``` # ResourcePolicyStatement Configures a resource policy for all methods and paths of an API. For more information about resource policies, see [Controlling access to an API with API Gateway resource policies](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies.html) in the *API Gateway Developer Guide*. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [AwsAccountBlacklist](#sam-function-resourcepolicystatement-awsaccountblacklist): List [AwsAccountWhitelist](#sam-function-resourcepolicystatement-awsaccountwhitelist): List [CustomStatements](#sam-function-resourcepolicystatement-customstatements): List [IntrinsicVpcBlacklist](#sam-function-resourcepolicystatement-intrinsicvpcblacklist): List [IntrinsicVpcWhitelist](#sam-function-resourcepolicystatement-intrinsicvpcwhitelist): List [IntrinsicVpceBlacklist](#sam-function-resourcepolicystatement-intrinsicvpceblacklist): List [IntrinsicVpceWhitelist](#sam-function-resourcepolicystatement-intrinsicvpcewhitelist): List [IpRangeBlacklist](#sam-function-resourcepolicystatement-iprangeblacklist): List [IpRangeWhitelist](#sam-function-resourcepolicystatement-iprangewhitelist): List [SourceVpcBlacklist](#sam-function-resourcepolicystatement-sourcevpcblacklist): List [SourceVpcWhitelist](#sam-function-resourcepolicystatement-sourcevpcwhitelist): List ``` ## Properties `AwsAccountBlacklist` The AWS accounts to block. *Type*: List of String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `AwsAccountWhitelist` The AWS accounts to allow. For an example use of this property, see the Examples section at the bottom of this page. *Type*: List of String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `CustomStatements` A list of custom resource policy statements to apply to this API. For an example use of this property, see the Examples section at the bottom of this page. *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `IntrinsicVpcBlacklist` The list of virtual private clouds (VPCs) to block, where each VPC is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). For an example use of this property, see the Examples section at the bottom of this page. *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `IntrinsicVpcWhitelist` The list of VPCs to allow, where each VPC is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `IntrinsicVpceBlacklist` The list of VPC endpoints to block, where each VPC endpoint is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `IntrinsicVpceWhitelist` The list of VPC endpoints to allow, where each VPC endpoint is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). For an example use of this property, see the Examples section at the bottom of this page. *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `IpRangeBlacklist` The IP addresses or address ranges to block. For an example use of this property, see the Examples section at the bottom of this page. *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `IpRangeWhitelist` The IP addresses or address ranges to allow. *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `SourceVpcBlacklist` The source VPC or VPC endpoints to block. Source VPC names must start with `"vpc-"` and source VPC endpoint names must start with `"vpce-"`. For an example use of this property, see the Examples section at the bottom of this page. *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `SourceVpcWhitelist` The source VPC or VPC endpoints to allow. Source VPC names must start with `"vpc-"` and source VPC endpoint names must start with `"vpce-"`. *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### Resource Policy Example The following example blocks two IP addresses and a source VPC, and allows an AWS account. #### YAML ``` Auth: ResourcePolicy: CustomStatements: [{ "Effect": "Allow", "Principal": "*", "Action": "execute-api:Invoke", "Resource": "execute-api:/Prod/GET/pets", "Condition": { "IpAddress": { "aws:SourceIp": "1.2.3.4" } } }] IpRangeBlacklist: - "10.20.30.40" - "1.2.3.4" SourceVpcBlacklist: - "vpce-1a2b3c4d" AwsAccountWhitelist: - "111122223333" IntrinsicVpcBlacklist: - "{{resolve:ssm:SomeVPCReference:1}}" - !Ref MyVPC IntrinsicVpceWhitelist: - "{{resolve:ssm:SomeVPCEReference:1}}" - !Ref MyVPCE ``` # RequestModel Configures a Request Model for a specific Api\$1Path\$1Method. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Model](#sam-function-requestmodel-model): String [Required](#sam-function-requestmodel-required): Boolean [ValidateBody](#sam-function-requestmodel-validatebody): Boolean [ValidateParameters](#sam-function-requestmodel-validateparameters): Boolean ``` ## Properties `Model` Name of a model defined in the Models property of the [AWS::Serverless::Api](sam-resource-api.md). *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Required` Adds a `required` property in the parameters section of the OpenApi definition for the given API endpoint. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `ValidateBody` Specifies whether API Gateway uses the `Model` to validate the request body. For more information, see [Enable request validation in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-request-validation.html) in the *API Gateway Developer Guide*. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `ValidateParameters` Specifies whether API Gateway uses the `Model` to validate request path parameters, query strings, and headers. For more information, see [Enable request validation in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-request-validation.html) in the *API Gateway Developer Guide*. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### Request Model Request Model Example #### YAML ``` RequestModel: Model: User Required: true ValidateBody: true ValidateParameters: true ``` # RequestParameter Configure Request Parameter for a specific Api\$1Path\$1Method. Either `Required` or `Caching` property needs to be specified for request parameter ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Caching](#sam-function-requestparameter-caching): Boolean [Required](#sam-function-requestparameter-required): Boolean ``` ## Properties `Caching` Adds `cacheKeyParameters` section to the API Gateway OpenApi definition *Type*: Boolean *Required*: Conditional *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Required` This field specifies whether a parameter is required *Type*: Boolean *Required*: Conditional *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### Request Parameter Example of setting Request Parameters #### YAML ``` RequestParameters: - method.request.header.Authorization: Required: true Caching: true ``` # CloudWatchEvent The object describing a `CloudWatchEvent` event source type. AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html) resource when this event type is set. **Important Note**: [EventBridgeRule](sam-property-function-eventbridgerule.md) is the preferred event source type to use, instead of `CloudWatchEvent`. `EventBridgeRule` and `CloudWatchEvent` use the same underlying service, API, and CloudFormation resources. However, AWS SAM will add support for new features only to `EventBridgeRule`. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Enabled](#sam-function-cloudwatchevent-enabled): Boolean [EventBusName](#sam-function-cloudwatchevent-eventbusname): String [Input](#sam-function-cloudwatchevent-input): String [InputPath](#sam-function-cloudwatchevent-inputpath): String [Pattern](#sam-function-cloudwatchevent-pattern): [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern) [State](#sam-function-cloudwatchevent-state): String ``` ## Properties `Enabled` Indicates whether the rule is enabled. To disable the rule, set this property to `false`. Specify either the `Enabled` or `State` property, but not both. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is similar to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state)` property of an `AWS::Events::Rule` resource. If this property is set to `true` then AWS SAM passes `ENABLED`, otherwise it passes `DISABLED`. `EventBusName` The event bus to associate with this rule. If you omit this property, AWS SAM uses the default event bus. *Type*: String *Required*: No *Default*: Default event bus *CloudFormation compatibility*: This property is passed directly to the `[EventBusName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventbusname)` property of an `AWS::Events::Rule` resource. `Input` Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-input)` property of an `AWS::Events::Rule Target` resource. `InputPath` When you don't want to pass the entire matched event to the target, use the `InputPath` property to describe which part of the event to pass. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[InputPath](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-inputpath)` property of an `AWS::Events::Rule Target` resource. `Pattern` Describes which events are routed to the specified target. For more information, see [Events and Event Patterns in EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) in the *Amazon EventBridge User Guide*. *Type*: [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern) *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)` property of an `AWS::Events::Rule` resource. `State` The state of the rule. *Accepted values:* `DISABLED | ENABLED` Specify either the `Enabled` or `State` property, but not both. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state)` property of an `AWS::Events::Rule` resource. ## Examples ### CloudWatchEvent The following is an example of a `CloudWatchEvent` event source type. #### YAML ``` CWEvent: Type: CloudWatchEvent Properties: Enabled: false Input: '{"Key": "Value"}' Pattern: detail: state: - running ``` # CloudWatchLogs The object describing a `CloudWatchLogs` event source type. This event generates a [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html) resource and specifies a subscription filter and associates it with the specified log group. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [FilterPattern](#sam-function-cloudwatchlogs-filterpattern): String [LogGroupName](#sam-function-cloudwatchlogs-loggroupname): String ``` ## Properties `FilterPattern` The filtering expressions that restrict what gets delivered to the destination AWS resource. For more information about the filter pattern syntax, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html). *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[FilterPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html#cfn-cwl-subscriptionfilter-filterpattern)` property of an `AWS::Logs::SubscriptionFilter` resource. `LogGroupName` The log group to associate with the subscription filter. All log events that are uploaded to this log group are filtered and delivered to the specified AWS resource if the filter pattern matches the log events. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[LogGroupName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html#cfn-cwl-subscriptionfilter-loggroupname)` property of an `AWS::Logs::SubscriptionFilter` resource. ## Examples ### Cloudwatchlogs Subscription filter Cloudwatchlogs Subscription filter Example #### YAML ``` CWLog: Type: CloudWatchLogs Properties: LogGroupName: Ref: CloudWatchLambdaLogsGroup FilterPattern: My pattern ``` # Cognito The object describing a `Cognito` event source type. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Trigger](#sam-function-cognito-trigger): List [UserPool](#sam-function-cognito-userpool): String ``` ## Properties `Trigger` The Lambda trigger configuration information for the new user pool. *Type*: List *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[LambdaConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html)` property of an `AWS::Cognito::UserPool` resource. `UserPool` Reference to UserPool defined in the same template *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### Cognito Event Cognito Event Example #### YAML ``` CognitoUserPoolPreSignup: Type: Cognito Properties: UserPool: Ref: MyCognitoUserPool Trigger: PreSignUp ``` # DocumentDB The object describing a `DocumentDB` event source type. For more information, see [Using AWS Lambda with Amazon DocumentDB](https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html) in the *AWS Lambda Developer Guide*. ## Syntax To declare this entity in your AWS SAM template, use the following syntax. ### YAML ``` BatchSize: Integer Cluster: [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) CollectionName: String DatabaseName: String Enabled: Boolean FilterCriteria: [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) FullDocument: String KmsKeyArn: String MaximumBatchingWindowInSeconds: Integer SecretsManagerKmsKeyId: String SourceAccessConfigurations: List StartingPosition: String StartingPositionTimestamp: Double ``` ## Properties `BatchSize` The maximum number of items to retrieve in a single batch. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource. `Cluster` The Amazon Resource Name (ARN) of the Amazon DocumentDB cluster. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[ EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource. `CollectionName` The name of the collection to consume within the database. If you do not specify a collection, Lambda consumes all collections. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ CollectionName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-collectionname)` property of an `AWS::Lambda::EventSourceMapping` `DocumentDBEventSourceConfig` data type. `DatabaseName` The name of the database to consume within the Amazon DocumentDB cluster. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[ DatabaseName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-databasename)` property of an `AWS::Lambda::EventSourceMapping` `DocumentDBEventSourceConfig`data type. `Enabled` If `true`, the event source mapping is active. To pause polling and invocation, set to `false`. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource. `FilterCriteria` An object that defines the criteria that determines whether Lambda should process an event. For more information, see [ Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*. *Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource. `FullDocument` Determines what Amazon DocumentDB sends to your event stream during document update operations. If set to `UpdateLookup`, Amazon DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, Amazon DocumentDB sends only a partial document that contains the changes. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ FullDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-fulldocument)` property of an `AWS::Lambda::EventSourceMapping` `DocumentDBEventSourceConfig` data type. `KmsKeyArn` The Amazon Resource Name (ARN) of the key to encrypt information related to this event. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumBatchingWindowInSeconds` The maximum amount of time to gather records before invoking the function, in seconds. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. `SecretsManagerKmsKeyId` The AWS Key Management Service (AWS KMS) key ID of a customer managed key from AWS Secrets Manager. Required when you use a customer managed key from Secrets Manager with a Lambda execution role that doesn’t include the `kms:Decrypt` permission. The value of this property is a UUID. For example: `1abc23d4-567f-8ab9-cde0-1fab234c5d67`. *Type*: String *Required*: Conditional *CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent. `SourceAccessConfigurations` An array of the authentication protocol or virtual host. Specify this using the [ SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html) data type. For the `DocumentDB` event source type, the only valid configuration type is `BASIC_AUTH`. + `BASIC_AUTH` – The Secrets Manager secret that stores your broker credentials. For this type, the credential must be in the following format: `{"username": "your-username", "password": "your-password"}`. Only one object of type `BASIC_AUTH` is allowed. *Type*: List *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[ SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations)` property of an `AWS::Lambda::EventSourceMapping` resource. `StartingPosition` The position in a stream from which to start reading. + `AT_TIMESTAMP` – Specify a time from which to start reading records. + `LATEST` – Read only new records. + `TRIM_HORIZON` – Process all available records. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[ StartingPosition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition)` property of an `AWS::Lambda::EventSourceMapping` resource. `StartingPositionTimestamp` The time from which to start reading, in Unix time seconds. Define `StartingPositionTimestamp` when `StartingPosition` is specified as `AT_TIMESTAMP`. *Type*: Double *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ StartingPositionTimestamp](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp)` property of an `AWS::Lambda::EventSourceMapping` resource. ## Examples ### Amazon DocumentDB event source ``` AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 ... Resources: MyFunction: Type: AWS::Serverless::Function Properties: ... Events: MyDDBEvent: Type: DocumentDB Properties: Cluster: "arn:aws:rds:us-west-2:123456789012:cluster:docdb-2023-01-01" BatchSize: 10 MaximumBatchingWindowInSeconds: 5 DatabaseName: "db1" CollectionName: "collection1" FullDocument: "UpdateLookup" SourceAccessConfigurations: - Type: BASIC_AUTH URI: "arn:aws:secretsmanager:us-west-2:123456789012:secret:doc-db" ``` # DynamoDB The object describing a `DynamoDB` event source type. For more information, see [Using AWS Lambda with Amazon DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) in the *AWS Lambda Developer Guide*. AWS SAM generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [BatchSize](#sam-function-dynamodb-batchsize): Integer [BisectBatchOnFunctionError](#sam-function-dynamodb-bisectbatchonfunctionerror): Boolean [DestinationConfig](#sam-function-dynamodb-destinationconfig): [DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig) [Enabled](#sam-function-dynamodb-enabled): Boolean [FilterCriteria](#sam-function-dynamodb-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) [FunctionResponseTypes](#sam-function-dynamodb-functionresponsetypes): List KmsKeyArn: String [MaximumBatchingWindowInSeconds](#sam-function-dynamodb-maximumbatchingwindowinseconds): Integer [MaximumRecordAgeInSeconds](#sam-function-dynamodb-maximumrecordageinseconds): Integer [MaximumRetryAttempts](#sam-function-dynamodb-maximumretryattempts): Integer [MetricsConfig](#sam-function-dynamodb-metricsconfig): [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig) [ParallelizationFactor](#sam-function-dynamodb-parallelizationfactor): Integer [StartingPosition](#sam-function-dynamodb-startingposition): String StartingPositionTimestamp: Double [Stream](#sam-function-dynamodb-stream): String [TumblingWindowInSeconds](#sam-function-dynamodb-tumblingwindowinseconds): Integer ``` ## Properties `BatchSize` The maximum number of items to retrieve in a single batch. *Type*: Integer *Required*: No *Default*: 100 *CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource. *Minimum*: `1` *Maximum*: `1000` `BisectBatchOnFunctionError` If the function returns an error, split the batch in two and retry. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[BisectBatchOnFunctionError](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-bisectbatchonfunctionerror)` property of an `AWS::Lambda::EventSourceMapping` resource. `DestinationConfig` An Amazon Simple Queue Service (Amazon SQS) queue or Amazon Simple Notification Service (Amazon SNS) topic destination for discarded records. *Type*: [DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `Enabled` Disables the event source mapping to pause polling and invocation. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource. `FilterCriteria` A object that defines the criteria to determine whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*. *Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource. `FunctionResponseTypes` A list of the response types currently applied to the event source mapping. For more information, see [Reporting batch item failures](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-ddb-batchfailurereporting) in the *AWS Lambda Developer Guide*. *Valid values*: `ReportBatchItemFailures` *Type*: List *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FunctionResponseTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes)` property of an `AWS::Lambda::EventSourceMapping` resource. `KmsKeyArn` The Amazon Resource Name (ARN) of the key to encrypt information related to this event. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumBatchingWindowInSeconds` The maximum amount of time to gather records before invoking the function, in seconds. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumRecordAgeInSeconds` The maximum age of a record that Lambda sends to a function for processing. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumRecordAgeInSeconds](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumRetryAttempts` The maximum number of times to retry when the function returns an error. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumRetryAttempts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts)` property of an `AWS::Lambda::EventSourceMapping` resource. `MetricsConfig` An opt-in configuration to get enhanced metrics for event source mappings that capture each stage of processing. For an example, see [MetricsConfig event](#sam-property-function-dynamodb-example-metricsconfigevent). *Type*: [MetricsConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `ParallelizationFactor` The number of batches to process from each shard concurrently. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ParallelizationFactor](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-parallelizationfactor)` property of an `AWS::Lambda::EventSourceMapping` resource. `StartingPosition` The position in a stream from which to start reading. + `AT_TIMESTAMP` – Specify a time from which to start reading records. + `LATEST` – Read only new records. + `TRIM_HORIZON` – Process all available records. *Valid values*: `AT_TIMESTAMP` \$1 `LATEST` \$1 `TRIM_HORIZON` *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[StartingPosition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition)` property of an `AWS::Lambda::EventSourceMapping` resource. `StartingPositionTimestamp` The time from which to start reading, in Unix time seconds. Define `StartingPositionTimestamp` when `StartingPosition` is specified as `AT_TIMESTAMP`. *Type*: Double *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[StartingPositionTimestamp](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp)` property of an `AWS::Lambda::EventSourceMapping` resource. `Stream` The Amazon Resource Name (ARN) of the DynamoDB stream. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource. `TumblingWindowInSeconds` The duration, in seconds, of a processing window. The valid range is 1 to 900 (15 minutes). For more information, see [Tumbling windows](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#streams-tumbling) in the *AWS Lambda Developer Guide*. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[TumblingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-tumblingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. ## Examples ### MetricsConfig event The following is an example of a resource that uses the `MetricsConfig` property to capture each stage of processing for their event source mappings. ``` Resources: FilteredEventsFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/metricsConfig.zip Handler: index.handler Runtime: nodejs16.x Events: KinesisStream: Type: Kinesis Properties: Stream: !GetAtt KinesisStream.Arn StartingPosition: LATEST MetricsConfig: Metrics: - EventCount ``` ### DynamoDB event source for existing DynamoDB table DynamoDB event source for a DynamoDB table that already exists in an AWS account. #### YAML ``` Events: DDBEvent: Type: DynamoDB Properties: Stream: arn:aws:dynamodb:us-east-1:123456789012:table/TestTable/stream/2016-08-11T21:21:33.291 StartingPosition: TRIM_HORIZON BatchSize: 10 Enabled: false ``` ### DynamoDB Event for DynamoDB Table Declared in Template DynamoDB Event for a DynamoDB table that is declared in the same template file. #### YAML ``` Events: DDBEvent: Type: DynamoDB Properties: Stream: !GetAtt MyDynamoDBTable.StreamArn # This must be the name of a DynamoDB table declared in the same template file StartingPosition: TRIM_HORIZON BatchSize: 10 Enabled: false ``` # EventBridgeRule The object describing an `EventBridgeRule` event source type, which sets your serverless function as the target of an Amazon EventBridge rule. For more information, see [What Is Amazon EventBridge?](https://docs.aws.amazon.com/eventbridge/latest/userguide/what-is-amazon-eventbridge.html) in the *Amazon EventBridge User Guide*. AWS SAM generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html) resource when this event type is set. AWS SAM also creates an `AWS::Lambda::Permission` resource, which is needed so the `EventBridgeRule` can call Lambda. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [DeadLetterConfig](#sam-function-eventbridgerule-deadletterconfig): DeadLetterConfig [EventBusName](#sam-function-eventbridgerule-eventbusname): String [Input](#sam-function-eventbridgerule-input): String [InputPath](#sam-function-eventbridgerule-inputpath): String InputTransformer: [InputTransformer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-inputtransformer.html) [Pattern](#sam-function-eventbridgerule-pattern): [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern) [RetryPolicy](#sam-function-eventbridgerule-retrypolicy): [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy) RuleName: String State: String [Target](#sam-function-eventbridgerule-target): Target ``` ## Properties `DeadLetterConfig` Configure the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn't exist, or when EventBridge has insufficient permissions to invoke the Lambda function. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*. The [AWS::Serverless::Function](sam-resource-function.md) resource type has a similar data type, `DeadLetterQueue`, which handles failures that occur after successful invocation of the target Lambda function. Examples of these types of failures include Lambda throttling, or errors returned by the Lambda target function. For more information about the function `DeadLetterQueue` property, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) in the *AWS Lambda Developer Guide*. *Type*: [DeadLetterConfig](sam-property-function-deadletterconfig.md) *Required*: No *CloudFormation compatibility*: This property is similar to the `[DeadLetterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-deadletterconfig)` property of the `AWS::Events::Rule` `Target` data type. The AWS SAM version of this property includes additional subproperties, in case you want AWS SAM to create the dead-letter queue for you. `EventBusName` The event bus to associate with this rule. If you omit this property, AWS SAM uses the default event bus. *Type*: String *Required*: No *Default*: Default event bus *CloudFormation compatibility*: This property is passed directly to the `[EventBusName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventbusname)` property of an `AWS::Events::Rule` resource. `Input` Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-input)` property of an `AWS::Events::Rule Target` resource. `InputPath` When you don't want to pass the entire matched event to the target, use the `InputPath` property to describe which part of the event to pass. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[InputPath](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-inputpath)` property of an `AWS::Events::Rule Target` resource. `InputTransformer` Settings to enable you to provide custom input to a target based on certain event data. You can extract one or more key-value pairs from the event and then use that data to send customized input to the target. For more information, see [Amazon EventBridge input transformation](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-transform-target-input.html) in the *Amazon EventBridge User Guide*. *Type*: [InputTransformer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-inputtransformer) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[InputTransformer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-inputtransformer.html)` property of an `AWS::Events::Rule` `Target` data type. `Pattern` Describes which events are routed to the specified target. For more information, see [Amazon EventBridge events](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-events.html) and [EventBridge event patterns](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns.html) in the *Amazon EventBridge User Guide*. *Type*: [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern) *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)` property of an `AWS::Events::Rule` resource. `RetryPolicy` A `RetryPolicy` object that includes information about the retry policy settings. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*. *Type*: [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)` property of the `AWS::Events::Rule` `Target` data type. `RuleName` The name of the rule. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-name)` property of an `AWS::Events::Rule` resource. `State` The state of the rule. *Accepted values*: `DISABLED` \$1 `ENABLED` \$1 `ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS` *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state) ` property of an `AWS::Events::Rule` resource. `Target` The AWS resource that EventBridge invokes when a rule is triggered. You can use this property to specify the logical ID of the target. If this property is not specified, then AWS SAM generates the logical ID of the target. *Type*: [Target](sam-property-function-target.md) *Required*: No *CloudFormation compatibility*: This property is similar to the `[Targets](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-targets)` property of an `AWS::Events::Rule` resource. `Amazon EC2 RebootInstances API call` is an example of a target property. The AWS SAM version of this property only allows you to specify the logical ID of a single target. ## Examples ### EventBridgeRule The following is an example of an `EventBridgeRule` event source type. #### YAML ``` EBRule: Type: EventBridgeRule Properties: Input: '{"Key": "Value"}' Pattern: detail: state: - terminated RetryPolicy: MaximumRetryAttempts: 5 MaximumEventAgeInSeconds: 900 DeadLetterConfig: Type: SQS QueueLogicalId: EBRuleDLQ Target: Id: MyTarget ``` # DeadLetterConfig The object used to specify the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn’t exist, or insufficient permissions to invoke the Lambda function. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*. **Note** The [AWS::Serverless::Function](sam-resource-function.md) resource type has a similar data type, `DeadLetterQueue` which handles failures that occur after successful invocation of the target Lambda function. Examples of this type of failure include Lambda throttling, or errors returned by the Lambda target function. For more information about the function `DeadLetterQueue` property, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) in the *AWS Lambda Developer Guide*. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Arn](#sam-function-deadletterconfig-arn): String [QueueLogicalId](#sam-function-deadletterconfig-queuelogicalid): String [Type](#sam-function-deadletterconfig-type): String ``` ## Properties `Arn` The Amazon Resource Name (ARN) of the Amazon SQS queue specified as the target for the dead-letter queue. Specify either the `Type` property or `Arn` property, but not both. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Arn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-deadletterconfig.html#cfn-events-rule-deadletterconfig-arn)` property of the `AWS::Events::Rule` `DeadLetterConfig` data type. `QueueLogicalId` The custom name of the dead letter queue that AWS SAM creates if `Type` is specified. If the `Type` property is not set, this property is ignored. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Type` The type of the queue. When this property is set, AWS SAM automatically creates a dead-letter queue and attaches necessary [resource-based policy](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html#dlq-perms) to grant permission to rule resource to send events to the queue. Specify either the `Type` property or `Arn` property, but not both. *Valid values*: `SQS` *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### DeadLetterConfig DeadLetterConfig #### YAML ``` DeadLetterConfig: Type: SQS QueueLogicalId: MyDLQ ``` # Target Configures the AWS resource that EventBridge invokes when a rule is triggered. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Id](#sam-function-target-id): String ``` ## Properties `Id` The logical ID of the target. The value of `Id` can include alphanumeric characters, periods (`.`), hyphens (`-`), and underscores (`_`). *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[Id](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-id)` property of the `AWS::Events::Rule` `Target` data type. ## Examples ### Target #### YAML ``` EBRule: Type: EventBridgeRule Properties: Target: Id: MyTarget ``` # HttpApi The object describing an event source with type HttpApi. If an OpenApi definition for the specified path and method exists on the API, SAM will add the Lambda integration and security section (if applicable) for you. If no OpenApi definition for the specified path and method exists on the API, SAM will create this definition for you. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [ApiId](#sam-function-httpapi-apiid): String [Auth](#sam-function-httpapi-auth): HttpApiFunctionAuth [Method](#sam-function-httpapi-method): String [Path](#sam-function-httpapi-path): String [PayloadFormatVersion](#sam-function-httpapi-payloadformatversion): String [RouteSettings](#sam-function-httpapi-routesettings): [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings) [TimeoutInMillis](#sam-function-httpapi-timeoutinmillis): Integer ``` ## Properties `ApiId` Identifier of an [AWS::Serverless::HttpApi](sam-resource-httpapi.md) resource defined in this template. If not defined, a default [AWS::Serverless::HttpApi](sam-resource-httpapi.md) resource is created called `ServerlessHttpApi` using a generated OpenApi document containing a union of all paths and methods defined by Api events defined in this template that do not specify an `ApiId`. This cannot reference an [AWS::Serverless::HttpApi](sam-resource-httpapi.md) resource defined in another template. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Auth` Auth configuration for this specific Api\$1Path\$1Method. Useful for overriding the API's `DefaultAuthorizer` or setting auth config on an individual path when no `DefaultAuthorizer` is specified. *Type*: [HttpApiFunctionAuth](sam-property-function-httpapifunctionauth.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Method` HTTP method for which this function is invoked. If no `Path` and `Method` are specified, SAM will create a default API path that routes any request that doesn't map to a different endpoint to this Lambda function. Only one of these default paths can exist per API. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Path` Uri path for which this function is invoked. Must start with `/`. If no `Path` and `Method` are specified, SAM will create a default API path that routes any request that doesn't map to a different endpoint to this Lambda function. Only one of these default paths can exist per API. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `PayloadFormatVersion` Specifies the format of the payload sent to an integration. NOTE: PayloadFormatVersion requires SAM to modify your OpenAPI definition, so it only works with inline OpenApi defined in the `DefinitionBody` property. *Type*: String *Required*: No *Default*: 2.0 *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `RouteSettings` The per-route route settings for this HTTP API. For more information about route settings, see [AWS::ApiGatewayV2::Stage RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-stage-routesettings.html) in the *API Gateway Developer Guide*. Note: If RouteSettings are specified in both the HttpApi resource and event source, AWS SAM merges them with the event source properties taking precedence. *Type*: [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)` property of an `AWS::ApiGatewayV2::Stage` resource. `TimeoutInMillis` Custom timeout between 50 and 29,000 milliseconds. NOTE: TimeoutInMillis requires SAM to modify your OpenAPI definition, so it only works with inline OpenApi defined in the `DefinitionBody` property. *Type*: Integer *Required*: No *Default*: 5000 *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### Default HttpApi Event HttpApi Event that uses the default path. All unmapped paths and methods on this API will route to this endpoint. #### YAML ``` Events: HttpApiEvent: Type: HttpApi ``` ### HttpApi HttpApi Event that uses a specific path and method. #### YAML ``` Events: HttpApiEvent: Type: HttpApi Properties: Path: / Method: GET ``` ### HttpApi Authorization HttpApi Event that uses an Authorizer. #### YAML ``` Events: HttpApiEvent: Type: HttpApi Properties: Path: /authenticated Method: GET Auth: Authorizer: OpenIdAuth AuthorizationScopes: - scope1 - scope2 ``` # HttpApiFunctionAuth Configures authorization at the event level. Configure Auth for a specific API \$1 Path \$1 Method ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [AuthorizationScopes](#sam-function-httpapifunctionauth-authorizationscopes): List [Authorizer](#sam-function-httpapifunctionauth-authorizer): String ``` ## Properties `AuthorizationScopes` The authorization scopes to apply to this API, path, and method. Scopes listed here will override any scopes applied by the `DefaultAuthorizer` if one exists. *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Authorizer` The `Authorizer` for a specific Function. To use IAM authorization, specify `AWS_IAM` and specify `true` for `EnableIamAuthorizer` in the `Globals` section of your template. If you have specified a Global Authorizer on the API and want to make a specific Function public, override by setting `Authorizer` to `NONE`. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### Function-Auth Specifing Authorization at Function level #### YAML ``` Auth: Authorizer: OpenIdAuth AuthorizationScopes: - scope1 - scope2 ``` ### IAM authorization Specifies IAM authorization at the event level. To use `AWS_IAM` authorization at the event level, you must also specify `true` for `EnableIamAuthorizer` in the `Globals` section of your template. For more information, see [Globals section of the AWS SAM template](sam-specification-template-anatomy-globals.md). #### YAML ``` Globals: HttpApi: Auth: EnableIamAuthorizer: true Resources: HttpApiFunctionWithIamAuth: Type: AWS::Serverless::Function Properties: Events: ApiEvent: Type: HttpApi Properties: Path: /iam-auth Method: GET Auth: Authorizer: AWS_IAM Handler: index.handler InlineCode: | def handler(event, context): return {'body': 'HttpApiFunctionWithIamAuth', 'statusCode': 200} Runtime: python3.9 ``` # IoTRule The object describing an `IoTRule` event source type. Creates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-topicrule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-topicrule.html) resource to declare an AWS IoT rule. For more information see [CloudFormation documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-topicrule.html) ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [AwsIotSqlVersion](#sam-function-iotrule-awsiotsqlversion): String [Sql](#sam-function-iotrule-sql): String ``` ## Properties `AwsIotSqlVersion` The version of the SQL rules engine to use when evaluating the rule. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[AwsIotSqlVersion](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-topicrule-topicrulepayload.html#cfn-iot-topicrule-topicrulepayload-awsiotsqlversion)` property of an `AWS::IoT::TopicRule TopicRulePayload` resource. `Sql` The SQL statement used to query the topic. For more information, see [AWS IoT SQL Reference](https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html#aws-iot-sql-reference) in the *AWS IoT Developer Guide*. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[Sql](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-topicrule-topicrulepayload.html#cfn-iot-topicrule-topicrulepayload-sql)` property of an `AWS::IoT::TopicRule TopicRulePayload` resource. ## Examples ### IOT Rule IOT Rule Example #### YAML ``` IoTRule: Type: IoTRule Properties: Sql: SELECT * FROM 'topic/test' ``` # Kinesis The object describing a `Kinesis` event source type. For more information, see [Using AWS Lambda with Amazon Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) in the *AWS Lambda Developer Guide*. AWS SAM generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [BatchSize](#sam-function-kinesis-batchsize): Integer [BisectBatchOnFunctionError](#sam-function-kinesis-bisectbatchonfunctionerror): Boolean [DestinationConfig](#sam-function-kinesis-destinationconfig): [DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig) [Enabled](#sam-function-kinesis-enabled): Boolean [FilterCriteria](#sam-function-kinesis-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) [FunctionResponseTypes](#sam-function-kinesis-functionresponsetypes): List KmsKeyArn: String [MaximumBatchingWindowInSeconds](#sam-function-kinesis-maximumbatchingwindowinseconds): Integer [MaximumRecordAgeInSeconds](#sam-function-kinesis-maximumrecordageinseconds): Integer [MaximumRetryAttempts](#sam-function-kinesis-maximumretryattempts): Integer [MetricsConfig](#sam-function-kinesis-metricsconfig): [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig) [ParallelizationFactor](#sam-function-kinesis-parallelizationfactor): Integer [StartingPosition](#sam-function-kinesis-startingposition): String StartingPositionTimestamp: Double [Stream](#sam-function-kinesis-stream): String [TumblingWindowInSeconds](#sam-function-kinesis-tumblingwindowinseconds): Integer ``` ## Properties `BatchSize` The maximum number of items to retrieve in a single batch. *Type*: Integer *Required*: No *Default*: 100 *CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource. *Minimum*: `1` *Maximum*: `10000` `BisectBatchOnFunctionError` If the function returns an error, split the batch in two and retry. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[BisectBatchOnFunctionError](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-bisectbatchonfunctionerror)` property of an `AWS::Lambda::EventSourceMapping` resource. `DestinationConfig` An Amazon Simple Queue Service (Amazon SQS) queue or Amazon Simple Notification Service (Amazon SNS) topic destination for discarded records. *Type*: [DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `Enabled` Disables the event source mapping to pause polling and invocation. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource. `FilterCriteria` A object that defines the criteria to determine whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*. *Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource. `FunctionResponseTypes` A list of the response types currently applied to the event source mapping. For more information, see [Reporting batch item failures](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-batchfailurereporting) in the *AWS Lambda Developer Guide*. *Valid values*: `ReportBatchItemFailures` *Type*: List *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FunctionResponseTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes)` property of an `AWS::Lambda::EventSourceMapping` resource. `KmsKeyArn` The Amazon Resource Name (ARN) of the key to encrypt information related to this event. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumBatchingWindowInSeconds` The maximum amount of time to gather records before invoking the function, in seconds. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumRecordAgeInSeconds` The maximum age of a record that Lambda sends to a function for processing. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumRecordAgeInSeconds](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumRetryAttempts` The maximum number of times to retry when the function returns an error. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumRetryAttempts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts)` property of an `AWS::Lambda::EventSourceMapping` resource. `MetricsConfig` An opt-in configuration to get enhanced metrics for event source mappings that capture each stage of processing. For an example, see [MetricsConfig event](sam-property-function-dynamodb.md#sam-property-function-dynamodb-example-metricsconfigevent). *Type*: [MetricsConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `ParallelizationFactor` The number of batches to process from each shard concurrently. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ParallelizationFactor](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-parallelizationfactor)` property of an `AWS::Lambda::EventSourceMapping` resource. `StartingPosition` The position in a stream from which to start reading. + `AT_TIMESTAMP` – Specify a time from which to start reading records. + `LATEST` – Read only new records. + `TRIM_HORIZON` – Process all available records. *Valid values*: `AT_TIMESTAMP` \$1 `LATEST` \$1 `TRIM_HORIZON` *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[StartingPosition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition)` property of an `AWS::Lambda::EventSourceMapping` resource. `StartingPositionTimestamp` The time from which to start reading, in Unix time seconds. Define `StartingPositionTimestamp` when `StartingPosition` is specified as `AT_TIMESTAMP`. *Type*: Double *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[StartingPositionTimestamp](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp)` property of an `AWS::Lambda::EventSourceMapping` resource. `Stream` The Amazon Resource Name (ARN) of the data stream or a stream consumer. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource. `TumblingWindowInSeconds` The duration, in seconds, of a processing window. The valid range is 1 to 900 (15 minutes). For more information, see [Tumbling windows](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#streams-tumbling) in the *AWS Lambda Developer Guide*. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[TumblingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-tumblingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. ## Examples ### MetricsConfig event The following is an example of a resource that uses the `MetricsConfig` property to capture each stage of processing for their event source mappings. ``` Resources: FilteredEventsFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/metricsConfig.zip Handler: index.handler Runtime: nodejs16.x Events: KinesisStream: Type: Kinesis Properties: Stream: !GetAtt KinesisStream.Arn StartingPosition: LATEST MetricsConfig: Metrics: - EventCount ``` ### Kinesis event source The following is an example of a Kinesis event source. #### YAML ``` Events: KinesisEvent: Type: Kinesis Properties: Stream: arn:aws:kinesis:us-east-1:123456789012:stream/my-stream StartingPosition: TRIM_HORIZON BatchSize: 10 Enabled: false FilterCriteria: Filters: - Pattern: '{"key": ["val1", "val2"]}' ``` # MQ The object describing an `MQ` event source type. For more information, see [Using Lambda with Amazon MQ](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html) in the *AWS Lambda Developer Guide*. AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set. **Note** To have an Amazon MQ queue in a virtual private cloud (VPC) that connects to a Lambda function in a public network, your function's execution role must include the following permissions: `ec2:CreateNetworkInterface` `ec2:DeleteNetworkInterface` `ec2:DescribeNetworkInterfaces` `ec2:DescribeSecurityGroups` `ec2:DescribeSubnets` `ec2:DescribeVpcs` For more information, see [Execution role permissions](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#events-mq-permissions) in the *AWS Lambda Developer Guide*. ## Syntax To declare this entity in your AWS SAM template, use the following syntax. ### YAML ``` [BatchSize](#sam-function-mq-batchsize): Integer [Broker](#sam-function-mq-broker): String DynamicPolicyName: Boolean [Enabled](#sam-function-mq-enabled): Boolean [FilterCriteria](#sam-function-mq-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) KmsKeyArn: String [MaximumBatchingWindowInSeconds](#sam-function-mq-maximumbatchingwindowinseconds): Integer [Queues](#sam-function-mq-queues): List [SecretsManagerKmsKeyId](#sam-function-mq-secretsmanagerkmskeyid): String [SourceAccessConfigurations](#sam-function-mq-sourceaccessconfigurations): List ``` ## Properties `BatchSize` The maximum number of items to retrieve in a single batch. *Type*: Integer *Required*: No *Default*: 100 *CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource. *Minimum*: `1` *Maximum*: `10000` `Broker` The Amazon Resource Name (ARN) of the Amazon MQ broker. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource. `DynamicPolicyName` By default, the AWS Identity and Access Management (IAM) policy name is `SamAutoGeneratedAMQPolicy` for backward compatibility. Specify `true` to use an auto-generated name for your IAM policy. This name will include the Amazon MQ event source logical ID. When using more than one Amazon MQ event source, specify `true` to avoid duplicate IAM policy names. *Type*: Boolean *Required*: No *Default*: `false` *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Enabled` If `true`, the event source mapping is active. To pause polling and invocation, set to `false`. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource. `FilterCriteria` A object that defines the criteria that determines whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*. *Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource. `KmsKeyArn` The Amazon Resource Name (ARN) of the key to encrypt information related to this event. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumBatchingWindowInSeconds` The maximum amount of time to gather records before invoking the function, in seconds. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. `Queues` The name of the Amazon MQ broker destination queue to consume. *Type*: List *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[Queues](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-queues)` property of an `AWS::Lambda::EventSourceMapping` resource. `SecretsManagerKmsKeyId` The AWS Key Management Service (AWS KMS) key ID of a customer managed key from AWS Secrets Manager. Required when you use a customer managed key from Secrets Manager with a Lambda execution role that doesn't included the `kms:Decrypt` permission. The value of this property is a UUID. For example: `1abc23d4-567f-8ab9-cde0-1fab234c5d67`. *Type*: String *Required*: Conditional *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `SourceAccessConfigurations` An array of the authentication protocol or vitual host. Specify this using the [SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html) data type. For the `MQ` event source type, the only valid configuration types are `BASIC_AUTH` and `VIRTUAL_HOST`. + **`BASIC_AUTH`** – The Secrets Manager secret that stores your broker credentials. For this type, the credential must be in the following format: `{"username": "your-username", "password": "your-password"}`. Only one object of type `BASIC_AUTH` is allowed. + **`VIRTUAL_HOST`** – The name of the virtual host in your RabbitMQ broker. Lambda will use this Rabbit MQ's host as the event source. Only one object of type `VIRTUAL_HOST` is allowed. *Type*: List *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations)` property of an `AWS::Lambda::EventSourceMapping` resource. ## Examples ### Amazon MQ event source The following is an example of an `MQ` event source type for an Amazon MQ broker. #### YAML ``` Events: MQEvent: Type: MQ Properties: Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 Queues: List of queues SourceAccessConfigurations: - Type: BASIC_AUTH URI: arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName BatchSize: 200 Enabled: true ``` # MSK The object describing an `MSK` event source type. For more information, see [Using AWS Lambda with Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html) in the *AWS Lambda Developer Guide*. AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set. To use Schema Registry, you need to define specific IAM role permissions for your function. See [Complete setup with IAM roles](#sam-property-function-msk-example-complete) for an example of the required configuration. ## Syntax To declare this entity in your AWS SAM template, use the following syntax. ### YAML ``` [BatchSize](#sam-function-msk-batchsize): Integer [BisectBatchOnFunctionError](#sam-function-msk-bisectbatchonfunctionerror): Boolean [ConsumerGroupId](#sam-function-msk-consumergroupid): String DestinationConfig: [DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html) [Enabled](#sam-function-msk-enabled): Boolean [FilterCriteria](#sam-function-msk-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) [FunctionResponseTypes](#sam-function-msk-functionresponsetypes): List KmsKeyArn: String [MaximumBatchingWindowInSeconds](#sam-function-msk-maximumbatchingwindowinseconds): Integer [MaximumRecordAgeInSeconds](#sam-function-msk-maximumrecordageinseconds): Integer [MaximumRetryAttempts](#sam-function-msk-maximumretryattempts): Integer [LoggingConfig](#sam-function-msk-loggingconfig): [LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-loggingconfig.html) [MetricsConfig](#sam-function-msk-metricsconfig): [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig.html) [ProvisionedPollerConfig](#sam-function-msk-provisionedpollerconfig): [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig) [SchemaRegistryConfig](#sam-function-msk-schemaregistryconfig): [SchemaRegistryConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-schemaregistryconfig.html) SourceAccessConfigurations: [SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations) [StartingPosition](#sam-function-msk-startingposition): String StartingPositionTimestamp: Double [Stream](#sam-function-msk-stream): String [Topics](#sam-function-msk-topics): List ``` ## Properties `BatchSize` The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB). *Default*: 100 *Valid Range*: Minimum value of 1. Maximum value of 10,000. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource. `BisectBatchOnFunctionError` If the function returns an error, split the batch in two and retry. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[BisectBatchOnFunctionError](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-bisectbatchonfunctionerror)` property of an `AWS::Lambda::EventSourceMapping` resource. `ConsumerGroupId` A string that configures how events will be read from Kafka topics. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[AmazonManagedKafkaConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html)` property of an `AWS::Lambda::EventSourceMapping` resource. `DestinationConfig` A configuration object that specifies the destination of an event after Lambda processes it. Use this property to specify the destination of failed invocations from the Amazon MSK event source. *Type*: [DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html)` property of an `AWS::Lambda::EventSourceMapping` resource. `Enabled` Disables the event source mapping to pause polling and invocation. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource. `FilterCriteria` A object that defines the criteria that determines whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*. *Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource. `FunctionResponseTypes` A list of the response types currently applied to the event source mapping. For more information, see [Reporting batch item failures](https://docs.aws.amazon.com/lambda/latest/dg/kafka-retry-configurations.html) in the *AWS Lambda Developer Guide*. *Valid values*: `ReportBatchItemFailures` *Type*: List *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FunctionResponseTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes)` property of an `AWS::Lambda::EventSourceMapping` resource. `KmsKeyArn` The Amazon Resource Name (ARN) of the key to encrypt information related to this event. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumBatchingWindowInSeconds` The maximum amount of time to gather records before invoking the function, in seconds. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumRecordAgeInSeconds` The maximum age of a record that Lambda sends to a function for processing. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumRecordAgeInSeconds](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumRetryAttempts` The maximum number of times to retry when the function returns an error. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumRetryAttempts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts)` property of an `AWS::Lambda::EventSourceMapping` resource. `LoggingConfig` A configuration object that specifies the logging configuration for the event source mapping. *Type*: [LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-loggingconfig.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-loggingconfig.html)` property of an `AWS::Lambda::EventSourceMapping` resource. `MetricsConfig` A configuration object that specifies the metrics configuration for the event source mapping. *Type*: [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig.html)` property of an `AWS::Lambda::EventSourceMapping` resource. `ProvisionedPollerConfig` Configuration to increase the amount of pollers used to compute event source mappings. This configuration allows for a minimum of 1 poller and a maximum of 2000 pollers. For an example, refer to [ProvisionedPollerConfig example](#sam-property-function-msk-example-provisionedpollerconfig). *Type*: [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `SchemaRegistryConfig` Configuration for using a schema registry with the Kafka event source. This feature requires `ProvisionedPollerConfig` to be configured. *Type*: SchemaRegistryConfig *Required*: No *CloudFormation compatibility:* This property is passed directly to the `[AmazonManagedKafkaEventSourceConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `SourceAccessConfigurations` An array of the authentication protocol, VPC components, or virtual host to secure and define your event source. *Valid values*: `CLIENT_CERTIFICATE_TLS_AUTH` *Type*: List of [SourceAccessConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html) *Required*: No *CloudFormation compatibility:* This propertyrty is part of the [AmazonManagedKafkaEventSourceConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig) property of an `AWS::Lambda::EventSourceMapping` resource. `StartingPosition` The position in a stream from which to start reading. + `AT_TIMESTAMP` – Specify a time from which to start reading records. + `LATEST` – Read only new records. + `TRIM_HORIZON` – Process all available records. *Valid values*: `AT_TIMESTAMP` \$1 `LATEST` \$1 `TRIM_HORIZON` *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[StartingPosition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition)` property of an `AWS::Lambda::EventSourceMapping` resource. `StartingPositionTimestamp` The time from which to start reading, in Unix time seconds. Define `StartingPositionTimestamp` when `StartingPosition` is specified as `AT_TIMESTAMP`. *Type*: Double *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[StartingPositionTimestamp](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp)` property of an `AWS::Lambda::EventSourceMapping` resource. `Stream` The Amazon Resource Name (ARN) of the data stream or a stream consumer. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource. `Topics` The name of the Kafka topic. *Type*: List *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[Topics](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-topics)` property of an `AWS::Lambda::EventSourceMapping` resource. ## Examples ### Complete setup with IAM roles The following example shows a complete setup including the required IAM role configuration for using Schema Registry: ``` Parameters: PreCreatedSubnetOne: Type: String PreCreatedSubnetTwo: Type: String MskClusterName4: Type: String Resources: MyLambdaExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17 ' Statement: - Action: [sts:AssumeRole] Effect: Allow Principal: Service: [lambda.amazonaws.com] Policies: - PolicyName: KafkaClusterPermissions PolicyDocument: Statement: - Action: [kafka:DescribeClusterV2, kafka:GetBootstrapBrokers] Effect: Allow Resource: 'arn:aws:kafka:us-east-1:123456789012:cluster/*' - PolicyName: KafkaAuthPolicy PolicyDocument: Statement: - Action: [secretsmanager:GetSecretValue, kms:Decrypt] Effect: "Allow" Resource: ['arn:aws:secretsmanager:us-west-2:123456789012:secret:kafkaSecret-******', 'arn:aws:kms:us-west-2:123456789012:key/keyId'] - PolicyName: ENIPolicy PolicyDocument: Statement: - Action: [ec2:CreateNetworkInterface, ec2:DescribeNetworkInterfaces, ec2:DescribeVpcs, ec2:DeleteNetworkInterface, ec2:DescribeSubnets, ec2:DescribeSecurityGroups] Effect: Allow Resource: '*' - PolicyName: SchemaRegistryPolicy PolicyDocument: Statement: - Action: [glue:GetRegistry] Effect: Allow Resource: 'arn:aws:glue:{region}:{account-id}:registry/{registry-name}' - PolicyName: SchemaVersionsPolicy PolicyDocument: Statement: - Action: [glue:GetSchemaVersions] Effect: Allow Resource: '*' ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Tags: - {Value: SAM, Key: lambda:createdBy} MyMskCluster: Type: AWS::MSK::Cluster Properties: BrokerNodeGroupInfo: ClientSubnets: - Ref: PreCreatedSubnetOne - Ref: PreCreatedSubnetTwo InstanceType: kafka.t3.small StorageInfo: EBSStorageInfo: VolumeSize: 1 ClusterName: Ref: MskClusterName4 KafkaVersion: 3.8.x NumberOfBrokerNodes: 2 MyMskStreamProcessor: Type: AWS::Serverless::Function Properties: Runtime: nodejs18.x Handler: index.handler CodeUri: ${codeuri} Role: Fn::GetAtt: [MyLambdaExecutionRole, Arn] Events: MyMskEvent: Type: MSK Properties: StartingPosition: LATEST Stream: Ref: MyMskCluster SourceAccessConfigurations: - Type: SASL_SCRAM_512_AUTH URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c Topics: - SchemaRegistryTestTopic ProvisionedPollerConfig: MinimumPollers: 1 SchemaRegistryConfig: AccessConfigs: - Type: BASIC_AUTH URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c SchemaValidationConfigs: - Attribute: KEY EventRecordFormat: JSON SchemaRegistryURI: !Sub arn:${AWS::Partition}:glue:us-west-2:123456789012:registry/myregistry ``` ### ProvisionedPollerConfig example ``` ProvisionedPollerConfig: MinimumPollers: 1 MaximumPollers: 200 ``` ### Amazon MSK Example for Existing Cluster The following is an example of an `MSK` event source type for an Amazon MSK cluster that already exists in an AWS account. #### YAML ``` Events: MSKEvent: Type: MSK Properties: StartingPosition: LATEST Stream: arn:aws:kafka:us-east-1:012345678012:cluster/exampleClusterName/abcdefab-1234-abcd-5678-cdef0123ab01-2 Topics: - MyTopic ``` ### Amazon MSK Example for Cluster Declared in Same Template The following is an example of an `MSK` event source type for an Amazon MSK cluster that is declared in the same template file. #### YAML ``` Events: MSKEvent: Type: MSK Properties: StartingPosition: LATEST Stream: Ref: MyMskCluster # This must be the name of an MSK cluster declared in the same template file Topics: - MyTopic ``` #### MSK Event Source with Schema Registry The following is an example of an `MSK` event source type configured with a schema registry. ``` Events: MSKEvent: Type: MSK Properties: StartingPosition: LATEST Stream: Ref: MyMskCluster Topics: - SchemaRegistryTestTopic ProvisionedPollerConfig: MinimumPollers: 1 SchemaRegistryConfig: SchemaRegistryURI: !Sub arn:${AWS::Partition}:glue:us-west-2:123456789012:registry/myregistry EventRecordFormat: JSON SchemaValidationConfigs: - Attribute: KEY - Attribute: VALUE ``` #### MSK Event Source with Confluent Schema Registry The following is an example of an `MSK` event source type configured with a Confluent Schema Registry. ``` Events: MSKEvent: Type: MSK Properties: StartingPosition: LATEST Stream: Ref: MyMskCluster Topics: - SchemaRegistryTestTopic ProvisionedPollerConfig: MinimumPollers: 1 SchemaRegistryConfig: SchemaRegistryURI: https://my-schema-registry.confluent.cloud AccessConfigs: - Type: BASIC_AUTH URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-secret EventRecordFormat: JSON SchemaValidationConfigs: - Attribute: KEY - Attribute: VALUE ``` # S3 The object describing an `S3` event source type. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Bucket](#sam-function-s3-bucket): String [Events](#sam-function-s3-events): String | List [Filter](#sam-function-s3-filter): [NotificationFilter](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter.html) ``` ## Properties `Bucket` S3 bucket name. This bucket must exist in the same template. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is similar to the `[BucketName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-name)` property of an `AWS::S3::Bucket` resource. This is a required field in SAM. This field only accepts a reference to the S3 bucket created in this template `Events` The Amazon S3 bucket event for which to invoke the Lambda function. See [Amazon S3 supported event types](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#supported-notification-event-types) for a list of valid values. *Type*: String \$1 List *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[Event](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html#cfn-s3-bucket-notificationconfig-lambdaconfig-event)` property of the `AWS::S3::Bucket` `LambdaConfiguration` data type. `Filter` The filtering rules that determine which Amazon S3 objects invoke the Lambda function. For information about Amazon S3 key name filtering, see [Configuring Amazon S3 Event Notifications](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon Simple Storage Service User Guide*. *Type*: [NotificationFilter](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Filter](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter.html)` property of the `AWS::S3::Bucket` `LambdaConfiguration` data type. ## Examples ### S3-Event Example of an S3 Event. #### YAML ``` Events: S3Event: Type: S3 Properties: Bucket: Ref: ImagesBucket # This must be the name of an S3 bucket declared in the same template file Events: s3:ObjectCreated:* Filter: S3Key: Rules: - Name: prefix # or "suffix" Value: value # The value to search for in the S3 object key names ``` # Schedule The object describing a `Schedule` event source type, which sets your serverless function as the target of an Amazon EventBridge rule that triggers on a schedule. For more information, see [What Is Amazon EventBridge?](https://docs.aws.amazon.com/eventbridge/latest/userguide/what-is-amazon-eventbridge.html) in the *Amazon EventBridge User Guide*. AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html) resource when this event type is set. **Note** EventBridge now offers a new scheduling capability, [Amazon EventBridge Scheduler](https://docs.aws.amazon.com/scheduler/latest/UserGuide/what-is-scheduler.html). Amazon EventBridge Scheduler is a serverless scheduler that allows you to create, run, and manage tasks from one central, managed service. EventBridge Scheduler is highly customizable, and offers improved scalability over EventBridge scheduled rules, with a wider set of target API operations and AWS services. We recommend that you use EventBridge Scheduler to invoke targets on a schedule. To define this event source type in your AWS SAM templates, see [ScheduleV2](sam-property-function-schedulev2.md). ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [DeadLetterConfig](#sam-function-schedule-deadletterconfig): DeadLetterConfig [Description](#sam-function-schedule-description): String [Enabled](#sam-function-schedule-enabled): Boolean [Input](#sam-function-schedule-input): String [Name](#sam-function-schedule-name): String [RetryPolicy](#sam-function-schedule-retrypolicy): [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy) [Schedule](#sam-function-schedule-schedule): String [State](#sam-function-schedule-state): String ``` ## Properties `DeadLetterConfig` Configure the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn't exist, or when EventBridge has insufficient permissions to invoke the Lambda function. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*. The [AWS::Serverless::Function](sam-resource-function.md) resource type has a similar data type, `DeadLetterQueue`, which handles failures that occur after successful invocation of the target Lambda function. Examples of these types of failures include Lambda throttling, or errors returned by the Lambda target function. For more information about the function `DeadLetterQueue` property, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) in the *AWS Lambda Developer Guide*. *Type*: [DeadLetterConfig](sam-property-function-scheduledeadletterconfig.md) *Required*: No *CloudFormation compatibility*: This property is similar to the `[DeadLetterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-deadletterconfig)` property of the `AWS::Events::Rule` `Target` data type. The AWS SAM version of this property includes additional subproperties, in case you want AWS SAM to create the dead-letter queue for you. `Description` A description of the rule. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-description)` property of an `AWS::Events::Rule` resource. `Enabled` Indicates whether the rule is enabled. To disable the rule, set this property to `false`. Specify either the `Enabled` or `State` property, but not both. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is similar to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state)` property of an `AWS::Events::Rule` resource. If this property is set to `true` then AWS SAM passes `ENABLED`, otherwise it passes `DISABLED`. `Input` Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-input)` property of an `AWS::Events::Rule Target` resource. `Name` The name of the rule. If you don't specify a name, CloudFormation generates a unique physical ID and uses that ID for the rule name. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-name)` property of an `AWS::Events::Rule` resource. `RetryPolicy` A `RetryPolicy` object that includes information about the retry policy settings. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*. *Type*: [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)` property of the `AWS::Events::Rule` `Target` data type. `Schedule` The scheduling expression that determines when and how often the rule runs. For more information, see [Schedule Expressions for Rules](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule-schedule.html). *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[ScheduleExpression](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-scheduleexpression)` property of an `AWS::Events::Rule` resource. `State` The state of the rule. *Accepted values:* `DISABLED | ENABLED` Specify either the `Enabled` or `State` property, but not both. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state)` property of an `AWS::Events::Rule` resource. ## Examples ### CloudWatch Schedule Event CloudWatch Schedule Event Example #### YAML ``` CWSchedule: Type: Schedule Properties: Schedule: 'rate(1 minute)' Name: TestSchedule Description: test schedule Enabled: false ``` # DeadLetterConfig The object used to specify the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn’t exist, or insufficient permissions to invoke the Lambda function. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*. **Note** The [AWS::Serverless::Function](sam-resource-function.md) resource type has a similar data type, `DeadLetterQueue` which handles failures that occur after successful invocation of the target Lambda function. Examples of this type of failure include Lambda throttling, or errors returned by the Lambda target function. For more information about the function `DeadLetterQueue` property, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) in the *AWS Lambda Developer Guide*. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Arn](#sam-function-scheduledeadletterconfig-arn): String [QueueLogicalId](#sam-function-scheduledeadletterconfig-queuelogicalid): String [Type](#sam-function-scheduledeadletterconfig-type): String ``` ## Properties `Arn` The Amazon Resource Name (ARN) of the Amazon SQS queue specified as the target for the dead-letter queue. Specify either the `Type` property or `Arn` property, but not both. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Arn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-deadletterconfig.html#cfn-events-rule-deadletterconfig-arn)` property of the `AWS::Events::Rule` `DeadLetterConfig` data type. `QueueLogicalId` The custom name of the dead letter queue that AWS SAM creates if `Type` is specified. If the `Type` property is not set, this property is ignored. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Type` The type of the queue. When this property is set, AWS SAM automatically creates a dead-letter queue and attaches necessary [resource-based policy](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html#dlq-perms) to grant permission to rule resource to send events to the queue. Specify either the `Type` property or `Arn` property, but not both. *Valid values*: `SQS` *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### DeadLetterConfig DeadLetterConfig #### YAML ``` DeadLetterConfig: Type: SQS QueueLogicalId: MyDLQ ``` # ScheduleV2 The object describing a `ScheduleV2` event source type, which sets your serverless function as the target of an Amazon EventBridge Scheduler event that triggers on a schedule. For more information, see [What is Amazon EventBridge Scheduler?](https://docs.aws.amazon.com/scheduler/latest/UserGuide/what-is-scheduler.html) in the *EventBridge Scheduler User Guide*. AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html) resource when this event type is set. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [DeadLetterConfig](#sam-function-schedulev2-deadletterconfig): DeadLetterConfig [Description](#sam-function-schedulev2-description): String [EndDate](#sam-function-schedulev2-enddate): String [FlexibleTimeWindow](#sam-function-schedulev2-flexibletimewindow): FlexibleTimeWindow [GroupName](#sam-function-schedulev2-groupname): String [Input](#sam-function-schedulev2-input): String [KmsKeyArn](#sam-function-schedulev2-kmskeyarn): String [Name](#sam-function-schedulev2-name): String OmitName: Boolean [PermissionsBoundary](#sam-function-schedulev2-permissionsboundary): String [RetryPolicy](#sam-function-schedulev2-retrypolicy): RetryPolicy [RoleArn](#sam-function-schedulev2-rolearn): String [ScheduleExpression](#sam-function-schedulev2-schedule): String [ScheduleExpressionTimezone](#sam-function-schedulev2-scheduleexpressiontimezone): String [StartDate](#sam-function-schedulev2-startdate): String [State](#sam-function-schedulev2-state): String ``` ## Properties `DeadLetterConfig` Configure the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn't exist, or when EventBridge has insufficient permissions to invoke the Lambda function. For more information, see [Configuring a dead-letter queue for EventBridge Scheduler](https://docs.aws.amazon.com/scheduler/latest/UserGuide/configuring-schedule-dlq.html) in the *EventBridge Scheduler User Guide*. The [AWS::Serverless::Function](sam-resource-function.md) resource type has a similar data type, `DeadLetterQueue`, which handles failures that occur after successful invocation of the target Lambda function. Examples of these types of failures include Lambda throttling, or errors returned by the Lambda target function. For more information about the function `DeadLetterQueue` property, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) in the *AWS Lambda Developer Guide*. *Type*: [DeadLetterConfig](sam-property-function-scheduledeadletterconfig.md) *Required*: No *CloudFormation compatibility*: This property is similar to the `[DeadLetterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-deadletterconfig)` property of the `AWS::Scheduler::Schedule` `Target` data type. The AWS SAM version of this property includes additional subproperties, in case you want AWS SAM to create the dead-letter queue for you. `Description` A description of the schedule. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-description)` property of an `AWS::Scheduler::Schedule` resource. `EndDate` The date, in UTC, before which the schedule can invoke its target. Depending on the schedule's recurrence expression, invocations might stop on, or before, the **EndDate** you specify. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[EndDate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-enddate)` property of an `AWS::Scheduler::Schedule` resource. `FlexibleTimeWindow` Allows configuration of a window within which a schedule can be invoked. *Type*: [FlexibleTimeWindow](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-flexibletimewindow) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FlexibleTimeWindow](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-flexibletimewindow)` property of an `AWS::Scheduler::Schedule` resource. `GroupName` The name of the schedule group to associate with this schedule. If not defined, the default group is used. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[GroupName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-groupname)` property of an `AWS::Scheduler::Schedule` resource. `Input` Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-input)` property of an `AWS::Scheduler::Schedule Target` resource. `KmsKeyArn` The ARN for a KMS Key that will be used to encrypt customer data. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-kmskeyarn)` property of an `AWS::Scheduler::Schedule` resource. `Name` The name of the schedule. If you don't specify a name, AWS SAM generates a name in the format `Function-Logical-IDEvent-Source-Name` and uses that ID for the schedule name. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-name)` property of an `AWS::Scheduler::Schedule` resource. `OmitName` By default, AWS SAM generates and uses a schedule name in the format of *

*. Set this property to `true` to have CloudFormation generate a unique physical ID and use that for the schedule name instead. *Type*: Boolean *Required*: No *Default*: `false` *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `PermissionsBoundary` The ARN of the policy used to set the permissions boundary for the role. If `PermissionsBoundary` is defined, AWS SAM will apply the same boundaries to the scheduler schedule's target IAM role. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[PermissionsBoundary](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary)` property of an `AWS::IAM::Role` resource. `RetryPolicy` A **RetryPolicy** object that includes information about the retry policy settings. *Type*: [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-retrypolicy) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-retrypolicy)` property of the `AWS::Scheduler::Schedule` `Target` data type. `RoleArn` The ARN of the IAM role that EventBridge Scheduler will use for the target when the schedule is invoked. *Type*: [RoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-rolearn) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[RoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-rolearn)` property of the `AWS::Scheduler::Schedule` `Target` data type. `ScheduleExpression` The scheduling expression that determines when and how often the scheduler schedule event runs. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[ScheduleExpression](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-scheduleexpression)` property of an `AWS::Scheduler::Schedule` resource. `ScheduleExpressionTimezone` The timezone in which the scheduling expression is evaluated. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ScheduleExpressionTimezone](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-scheduleexpressiontimezone)` property of an `AWS::Scheduler::Schedule` resource. `StartDate` The date, in UTC, after which the schedule can begin invoking a target. Depending on the schedule's recurrence expression, invocations might occur on, or after, the **StartDate** you specify. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[StartDate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-startdate)` property of an `AWS::Scheduler::Schedule` resource. `State` The state of the Scheduler schedule. *Accepted values:* `DISABLED | ENABLED` *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-state)` property of an `AWS::Scheduler::Schedule` resource. ## Examples ### Basic example of defining a ScheduleV2 resource ``` Resources: Function: Properties: ... Events: ScheduleEvent: Type: ScheduleV2 Properties: ScheduleExpression: "rate(1 minute)" ComplexScheduleEvent: Type: ScheduleV2 Properties: ScheduleExpression: rate(1 minute) FlexibleTimeWindow: Mode: FLEXIBLE MaximumWindowInMinutes: 5 StartDate: '2022-12-28T12:00:00.000Z' EndDate: '2023-01-28T12:00:00.000Z' ScheduleExpressionTimezone: UTC RetryPolicy: MaximumRetryAttempts: 5 MaximumEventAgeInSeconds: 300 DeadLetterConfig: Type: SQS ``` **Note** The generated physical ID of ScheduleV2 does not include stack name. # SelfManagedKafka The object describing a `SelfManagedKafka` event source type. For more information, see [Using AWS Lambda with self-managed Apache Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html) in the *AWS Lambda Developer Guide*. AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set. To use Schema Registry, you need to define specific IAM role permissions for your function. See [Complete setup with IAM roles](sam-property-function-msk.md#sam-property-function-msk-example-complete) for an example of the required configuration. ## Syntax To declare this entity in your AWS SAM template, use the following syntax. ### YAML ``` [BatchSize](#sam-function-selfmanagedkafka-batchsize): Integer [BisectBatchOnFunctionError](#sam-function-selfmanagedkafka-bisectbatchonfunctionerror): Boolean [ConsumerGroupId](#sam-function-selfmanagedkafka-consumergroupid): String DestinationConfig: [DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html) [Enabled](#sam-function-selfmanagedkafka-enabled): Boolean [FilterCriteria](#sam-function-selfmanagedkafka-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) [KafkaBootstrapServers](#sam-function-selfmanagedkafka-kafkabootstrapservers): List [FunctionResponseTypes](#sam-function-selfmanagedkafka-functionresponsetypes): List KmsKeyArn: String [LoggingConfig](#sam-function-selfmanagedkafka-loggingconfig): LoggingConfig [MaximumRecordAgeInSeconds](#sam-function-selfmanagedkafka-maximumrecordageinseconds): Integer [MaximumRetryAttempts](#sam-function-selfmanagedkafka-maximumretryattempts): Integer [MetricsConfig](#sam-function-selfmanagedkafka-metricsconfig): MetricsConfig [ProvisionedPollerConfig](#sam-function-selfmanagedkafka-provisionedpollerconfig): [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig) [SchemaRegistryConfig](#sam-function-selfmanagedkafka-schemaregistryconfig): [SchemaRegistryConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-schemaregistryconfig.html) [SourceAccessConfigurations](#sam-function-selfmanagedkafka-sourceaccessconfigurations): [SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations) StartingPosition: String StartingPositionTimestamp: Double [Topics](#sam-function-selfmanagedkafka-topics): List ``` ## Properties `BatchSize` The maximum number of records in each batch that Lambda pulls from your stream and sends to your function. *Type*: Integer *Required*: No *Default*: 100 *CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource. *Minimum*: `1` *Maximum*: `10000` `BisectBatchOnFunctionError` If the function returns an error, split the batch in two and retry. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[BisectBatchOnFunctionError](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-bisectbatchonfunctionerror)` property of an `AWS::Lambda::EventSourceMapping` resource. `ConsumerGroupId` A string that configures how events will be read from Kafka topics. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[SelfManagedKafkaEventSourceConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `DestinationConfig` A configuration object that specifies the destination of an event after Lambda processes it. Use this property to specify the destination of failed invocations from the self-managed Kafka event source. *Type*: [DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `Enabled` Disables the event source mapping to pause polling and invocation. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource. `FilterCriteria` A object that defines the criteria to determine whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*. *Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-filtercriteria)` property of an `AWS::Lambda::EventSourceMapping` resource. `KafkaBootstrapServers` The list of bootstrap servers for your Kafka brokers. Include the port, for example `broker.example.com:xxxx` *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `FunctionResponseTypes` A list of the response types currently applied to the event source mapping. For more information, see [Reporting batch item failures](https://docs.aws.amazon.com/lambda/latest/dg/kafka-retry-configurations.html) in the *AWS Lambda Developer Guide*. *Valid values*: `ReportBatchItemFailures` *Type*: List *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FunctionResponseTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes)` property of an `AWS::Lambda::EventSourceMapping` resource. `KmsKeyArn` The Amazon Resource Name (ARN) of the key to encrypt information related to this event. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource. `LoggingConfig` The logging configuration for your event source. *Type*: [LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-loggingconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-loggingconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumRecordAgeInSeconds` The maximum age of a record that Lambda sends to a function for processing. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumRecordAgeInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. `MetricsConfig` The metrics configuration for your event source. *Type*: [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-metricsconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumRetryAttempts` The maximum number of times to retry when the function returns an error. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumRetryAttempts](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts)` property of an `AWS::Lambda::EventSourceMapping` resource. `ProvisionedPollerConfig` Configuration to increase the amount of pollers used to compute event source mappings. This configuration allows for a minumum of 1 poller and a maximum of 2000 pollers. For an example, refer to [ProvisionedPollerConfig example](#sam-property-function-selfmanagedkafka-example-provisionedpollerconfig) *Type*: [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-provisionedpollerconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `SchemaRegistryConfig` Configuration for using a schema registry with the self-managed Kafka event source. This feature requires `ProvisionedPollerConfig` to be configured. *Type*: [SchemaRegistryConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-schemaregistryconfig) *Required*: No *CloudFormation compatibility:* This property is passed directly to the `[SelfManagedKafkaEventSourceConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `SourceAccessConfigurations` An array of the authentication protocol, VPC components, or virtual host to secure and define your event source. *Valid values*: `BASIC_AUTH | CLIENT_CERTIFICATE_TLS_AUTH | SASL_SCRAM_256_AUTH | SASL_SCRAM_512_AUTH | SERVER_ROOT_CA_CERTIFICATE` *Type*: List of [SourceAccessConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration) *Required*: Yes *CloudFormation compatibility:* This property is part of the `[SelfManagedKafkaEventSourceConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `StartingPosition` The position in a stream from which to start reading. + `AT_TIMESTAMP` – Specify a time from which to start reading records. + `LATEST` – Read only new records. + `TRIM_HORIZON` – Process all available records. *Valid values*: `AT_TIMESTAMP` \$1 `LATEST` \$1 `TRIM_HORIZON` *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[StartingPosition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition)` property of an `AWS::Lambda::EventSourceMapping` resource. `StartingPositionTimestamp` The time from which to start reading, in Unix time seconds. Define `StartingPositionTimestamp` when `StartingPosition` is specified as `AT_TIMESTAMP`. *Type*: Double *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[StartingPositionTimestamp](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp)` property of an `AWS::Lambda::EventSourceMapping` resource. `Topics` The name of the Kafka topic. *Type*: List *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[Topics](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-topics)` property of an `AWS::Lambda::EventSourceMapping` resource. ## Examples ### Complete setup with IAM roles The following example shows a complete setup including the required IAM role configuration for using Schema Registry: ``` Parameters: PreCreatedSubnetOne: Type: String PreCreatedSubnetTwo: Type: String Resources: MyLambdaExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17 ' Statement: - Action: [sts:AssumeRole] Effect: Allow Principal: Service: [lambda.amazonaws.com] Policies: - PolicyName: KafkaAuthPolicy PolicyDocument: Statement: - Action: [secretsmanager:GetSecretValue, kms:Decrypt] Effect: "Allow" Resource: ['arn:aws:secretsmanager:us-west-2:123456789012:secret:kafkaSecret-******', 'arn:aws:kms:us-west-2:123456789012:key/keyId'] - PolicyName: ENIPolicy PolicyDocument: Statement: - Action: [ec2:CreateNetworkInterface, ec2:DescribeNetworkInterfaces, ec2:DescribeVpcs, ec2:DeleteNetworkInterface, ec2:DescribeSubnets, ec2:DescribeSecurityGroups] Effect: Allow Resource: '*' - PolicyName: SchemaRegistryPolicy PolicyDocument: Statement: - Action: [glue:GetRegistry] Effect: Allow Resource: 'arn:aws:glue:{region}:{account-id}:registry/{registry-name}' - PolicyName: SchemaVersionsPolicy PolicyDocument: Statement: - Action: [glue:GetSchemaVersions] Effect: Allow Resource: '*' ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Tags: - {Value: SAM, Key: lambda:createdBy} MyKafkaProcessor: Type: AWS::Serverless::Function Properties: Runtime: nodejs18.x Handler: index.handler CodeUri: ${codeuri} Role: Fn::GetAtt: [MyLambdaExecutionRole, Arn] Events: SelfManagedKafkaEvent: Type: SelfManagedKafka Properties: KafkaBootstrapServers: - my-kafka-broker-1:9092 - my-kafka-broker-2:9092 Topics: - SchemaRegistryTestTopic StartingPosition: LATEST SourceAccessConfigurations: - Type: VPC_SUBNET URI: subnet:subnet-12345678 - Type: VPC_SECURITY_GROUP URI: security_group:sg-12345678 - Type: BASIC_AUTH URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c ProvisionedPollerConfig: MinimumPollers: 1 SchemaRegistryConfig: AccessConfigs: - Type: BASIC_AUTH URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c SchemaValidationConfigs: - Attribute: KEY EventRecordFormat: JSON SchemaRegistryURI: !Sub arn:${AWS::Partition}:glue:us-west-2:123456789012:registry/myregistry ``` ### ProvisionedPollerConfig example ``` ProvisionedPollerConfig: MinimumPollers: 1 MaximumPollers: 200 ``` ### Self-managed Kafka event source The following is an example of a `SelfManagedKafka` event source type. #### YAML ``` Events: SelfManagedKafkaEvent: Type: SelfManagedKafka Properties: BatchSize: 1000 Enabled: true KafkaBootstrapServers: - abc.xyz.com:xxxx SourceAccessConfigurations: - Type: BASIC_AUTH URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c Topics: - MyKafkaTopic ``` ### Self-managed Kafka Event Source with AWS Glue Schema Registry The following is an example of a `SelfManagedKafka` event source type configured with AWS Glue Schema Registry. ``` Events: SelfManagedKafkaEvent: Type: SelfManagedKafka Properties: KafkaBootstrapServers: - abc.xyz.com:9092 Topics: - SchemaRegistryTestTopic StartingPosition: LATEST ProvisionedPollerConfig: MinimumPollers: 1 SchemaRegistryConfig: SchemaRegistryURI: !Sub arn:${AWS::Partition}:glue:us-west-2:123456789012:registry/myregistry EventRecordFormat: JSON SchemaValidationConfigs: - Attribute: KEY - Attribute: VALUE SourceAccessConfigurations: - Type: VPC_SUBNET URI: subnet:subnet-12345678 - Type: VPC_SECURITY_GROUP URI: security_group:sg-12345678 ``` ### Self-managed Kafka Event Source with Confluent Schema Registry The following is an example of a `SelfManagedKafka` event source type configured with Confluent Schema Registry. ``` Events: SelfManagedKafkaEvent: Type: SelfManagedKafka Properties: KafkaBootstrapServers: - abc.xyz.com:9092 Topics: - SchemaRegistryTestTopic StartingPosition: LATEST ProvisionedPollerConfig: MinimumPollers: 1 SchemaRegistryConfig: SchemaRegistryURI: https://my-schema-registry.confluent.cloud AccessConfigs: - Type: BASIC_AUTH URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-secret EventRecordFormat: JSON SchemaValidationConfigs: - Attribute: KEY - Attribute: VALUE SourceAccessConfigurations: - Type: VPC_SUBNET URI: subnet:subnet-12345678 - Type: VPC_SECURITY_GROUP URI: security_group:sg-12345678 - Type: BASIC_AUTH URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:kafka-secret ``` # SNS The object describing an `SNS` event source type. SAM generates [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html) resource when this event type is set ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [FilterPolicy](#sam-function-sns-filterpolicy): [SnsFilterPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy) FilterPolicyScope: String RedrivePolicy: Json [Region](#sam-function-sns-region): String [SqsSubscription](#sam-function-sns-sqssubscription): Boolean | SqsSubscriptionObject [Topic](#sam-function-sns-topic): String ``` ## Properties `FilterPolicy` The filter policy JSON assigned to the subscription. For more information, see [GetSubscriptionAttributes](https://docs.aws.amazon.com/sns/latest/api/API_GetSubscriptionAttributes.html) in the Amazon Simple Notification Service API Reference. *Type*: [SnsFilterPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FilterPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy)` property of an `AWS::SNS::Subscription` resource. `FilterPolicyScope` This attribute lets you choose the filtering scope by using one of the following string value types: + `MessageAttributes` – The filter is applied on the message attributes. + `MessageBody` – The filter is applied on the message body. *Type*: String *Required*: No *Default*: `MessageAttributes` *CloudFormation compatibility*: This property is passed directly to the ` [ FilterPolicyScope](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicyscope)` property of an `AWS::SNS::Subscription` resource. `RedrivePolicy` When specified, sends undeliverable messages to the specified Amazon SQS dead-letter queue. Messages that can't be delivered due to client errors (for example, when the subscribed endpoint is unreachable) or server errors (for example, when the service that powers the subscribed endpoint becomes unavailable) are held in the dead-letter queue for further analysis or reprocessing. For more information about the redrive policy and dead-letter queues, see [ Amazon SQS dead-letter queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) in the *Amazon Simple Queue Service Developer Guide*. *Type*: Json *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ RedrivePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-redrivepolicy)` property of an `AWS::SNS::Subscription` resource. `Region` For cross-region subscriptions, the region in which the topic resides. If no region is specified, CloudFormation uses the region of the caller as the default. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Region](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-region)` property of an `AWS::SNS::Subscription` resource. `SqsSubscription` Set this property to true, or specify `SqsSubscriptionObject` to enable batching SNS topic notifications in an SQS queue. Setting this property to `true` creates a new SQS queue, whereas specifying a `SqsSubscriptionObject` uses an existing SQS queue. *Type*: Boolean \$1 [SqsSubscriptionObject](sam-property-function-sqssubscriptionobject.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Topic` The ARN of the topic to subscribe to. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[TopicArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#topicarn)` property of an `AWS::SNS::Subscription` resource. ## Examples ### SNS Event Source Example SNS Event Source Example #### YAML ``` Events: SNSEvent: Type: SNS Properties: Topic: arn:aws:sns:us-east-1:123456789012:my_topic SqsSubscription: true FilterPolicy: store: - example_corp price_usd: - numeric: - ">=" - 100 ``` # SqsSubscriptionObject Specify an existing SQS queue option to SNS event ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [BatchSize](#sam-function-sqssubscriptionobject-batchsize): String [Enabled](#sam-function-sqssubscriptionobject-enabled): Boolean [QueueArn](#sam-function-sqssubscriptionobject-queuearn): String [QueuePolicyLogicalId](#sam-function-sqssubscriptionobject-queuepolicylogicalid): String [QueueUrl](#sam-function-sqssubscriptionobject-queueurl): String ``` ## Properties `BatchSize` The maximum number of items to retrieve in a single batch for the SQS queue. *Type*: String *Required*: No *Default*: 10 *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Enabled` Disables the SQS event source mapping to pause polling and invocation. *Type*: Boolean *Required*: No *Default*: True *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `QueueArn` Specify an existing SQS queue arn. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `QueuePolicyLogicalId` Give a custom logicalId name for the [AWS::SQS::QueuePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-policy.html) resource. *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `QueueUrl` Specify the queue URL associated with the `QueueArn` property. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### Existing SQS for SNS event Example to add existing SQS queue for subscibing to an SNS topic. #### YAML ``` QueuePolicyLogicalId: CustomQueuePolicyLogicalId QueueArn: Fn::GetAtt: MyCustomQueue.Arn QueueUrl: Ref: MyCustomQueue BatchSize: 5 ``` # SQS The object describing an `SQS` event source type. For more information, see [Using AWS Lambda with Amazon SQS](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html) in the *AWS Lambda Developer Guide*. SAM generates [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [BatchSize](#sam-function-sqs-batchsize): Integer [Enabled](#sam-function-sqs-enabled): Boolean [FilterCriteria](#sam-function-sqs-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) [FunctionResponseTypes](#sam-function-sqs-functionresponsetypes): List KmsKeyArn: String [MaximumBatchingWindowInSeconds](#sam-function-sqs-maximumbatchingwindowinseconds): Integer [MetricsConfig](#sam-function-sqs-metricsconfig): [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig) [ProvisionedPollerConfig](#sam-function-sqs-provisionedpollerconfig): [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig) [Queue](#sam-function-sqs-queue): String ScalingConfig: [ScalingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-scalingconfig.html) ``` ## Properties `BatchSize` The maximum number of items to retrieve in a single batch. *Type*: Integer *Required*: No *Default*: 10 *CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource. *Minimum*: `1` *Maximum*: `10000` `Enabled` Disables the event source mapping to pause polling and invocation. *Type*: Boolean *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource. `FilterCriteria` A object that defines the criteria to determine whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*. *Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource. `FunctionResponseTypes` A list of the response types currently applied to the event source mapping. For more information, see [ Reporting batch item failures](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#services-sqs-batchfailurereporting) in the *AWS Lambda Developer Guide*. *Valid values*: `ReportBatchItemFailures` *Type*: List *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[FunctionResponseTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes)` property of an `AWS::Lambda::EventSourceMapping` resource. `KmsKeyArn` The Amazon Resource Name (ARN) of the key to encrypt information related to this event. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource. `MaximumBatchingWindowInSeconds` The maximum amount of time, in seconds, to gather records before invoking the function. *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource. `MetricsConfig` An opt-in configuration to get enhanced metrics for event source mappings that capture each stage of processing. For an example, see [MetricsConfig event](sam-property-function-dynamodb.md#sam-property-function-dynamodb-example-metricsconfigevent). *Type*: [MetricsConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `ProvisionedPollerConfig` Configuration to increase the amount of pollers used to compute event source mappings. This configuration allows for a minimum of 2 pollers and a maximum of 2000 pollers. For an example, refer to [ProvisionedPollerConfig example](#sam-property-function-sqs-example-provisionedpollerconfig). *Type*: [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig)` property of an `AWS::Lambda::EventSourceMapping` resource. `Queue` The ARN of the queue. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource. `ScalingConfig` Scaling configuration of SQS pollers to control the invoke rate and set maximum concurrent invokes. *Type*: `[ScalingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-scalingconfig.html)` *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ ScalingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-scalingconfig.html)` property of an `AWS::Lambda::EventSourceMapping` resource. ## Examples ### MetricsConfig event The following is an example of a resource that uses the `MetricsConfig` property to capture each stage of processing for their event source mappings. ``` Resources: FilteredEventsFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/metricsConfig.zip Handler: index.handler Runtime: nodejs16.x Events: KinesisStream: Type: Kinesis Properties: Stream: !GetAtt KinesisStream.Arn StartingPosition: LATEST MetricsConfig: Metrics: - EventCount ``` ### Basic SQS event ``` Events: SQSEvent: Type: SQS Properties: Queue: arn:aws:sqs:us-west-2:012345678901:my-queue BatchSize: 10 Enabled: false FilterCriteria: Filters: - Pattern: '{"key": ["val1", "val2"]}' ``` ### Configure partial batch reporting for your SQS queue ``` Events: SQSEvent: Type: SQS Properties: Enabled: true FunctionResponseTypes: - ReportBatchItemFailures Queue: !GetAtt MySqsQueue.Arn BatchSize: 10 ``` ### Lambda function with an SQS event that has scaling configured ``` MyFunction: Type: AWS::Serverless::Function Properties: ... Events: MySQSEvent: Type: SQS Properties: ... ScalingConfig: MaximumConcurrency: 10 ``` ### ProvisionedPollerConfig example ``` MyFunction: Type: AWS::Serverless::Function Properties: Handler: index.handler Runtime: nodejs18.x Timeout: 30 Events: SQSEvent: Type: SQS Properties: Queue: !GetAtt MyQueue.Arn BatchSize: 10 Enabled: True ProvisionedPollerConfig: MaximumPollers: 300 MinimumPollers: 10 ``` # FunctionCode The [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/deployment-package-v2.html) for a Lambda function. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Bucket](#sam-function-functioncode-bucket): String [Key](#sam-function-functioncode-key): String [Version](#sam-function-functioncode-version): String ``` ## Properties `Bucket` An Amazon S3 bucket in the same AWS Region as your function. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[S3Bucket](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3bucket)` property of the `AWS::Lambda::Function` `Code` data type. `Key` The Amazon S3 key of the deployment package. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[S3Key](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3key)` property of the `AWS::Lambda::Function` `Code` data type. `Version` For versioned objects, the version of the deployment package object to use. *Type*: String *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[S3ObjectVersion](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3objectversion)` property of the `AWS::Lambda::Function` `Code` data type. ## Examples ### FunctionCode `CodeUri`: Function Code example #### YAML ``` CodeUri: Bucket: sam-s3-demo-bucket-name Key: mykey-name Version: 121212 ``` # FunctionUrlConfig Creates an AWS Lambda function URL with the specified configuration parameters. A Lambda function URL is an HTTPS endpoint that you can use to invoke your function. By default, the function URL that you create uses the `$LATEST` version of your Lambda function. If you specify an `AutoPublishAlias` for your Lambda function, the endpoint connects to the specified function alias. For more information, see [Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/lambda-urls.html) in the *AWS Lambda Developer Guide*. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [AuthType](#sam-function-functionurlconfig-authtype): String [Cors](#sam-function-functionurlconfig-cors): [Cors](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html) [InvokeMode](#sam-function-functionurlconfig-invokemode): String ``` ## Properties `AuthType` The type of authorization for your function URL. To use AWS Identity and Access Management (IAM) to authorize requests, set to `AWS_IAM`. For open access, set to `NONE`. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is passed directly to the `[AuthType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-authtype)` property of an `AWS::Lambda::Url` resource. `Cors` The cross-origin resource sharing (CORS) settings for your function URL. *Type*: [Cors](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html) *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[Cors](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html)` property of an `AWS::Lambda::Url` resource. `InvokeMode` The mode that your function URL will be invoked. To have your function return the response after invocation completes, set to `BUFFERED`. To have your function stream the response, set to `RESPONSE_STREAM`. The default value is `BUFFERED`. *Valid values*: `BUFFERED` or `RESPONSE_STREAM` *Type*: String *Required*: No *AWS CloudFormation compatibility*: This property is passed directly to the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-invokemode](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-invokemode) property of an `AWS::Lambda::Url` resource. ## Examples ### Function URL The following example creates a Lambda function with a function URL. The function URL uses IAM authorization. #### YAML ``` HelloWorldFunction: Type: AWS::Serverless::Function Properties: CodeUri: hello_world/ Handler: index.handler Runtime: nodejs20.x FunctionUrlConfig: AuthType: AWS_IAM InvokeMode: RESPONSE_STREAM Outputs: MyFunctionUrlEndpoint: Description: "My Lambda Function URL Endpoint" Value: Fn::GetAtt: HelloWorldFunctionUrl.FunctionUrl ``` # CapacityProviderConfig Configures the capacity provider to which published versions of the function will be attached. This enables the function to run on customer-owned EC2 instances managed by Lambda. **Note** This configuration determines the compute type of a function and needs to be specified during the first function deployment. It can't be added or removed after the function resource has been created. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Arn](#sam-function-capacityproviderconfig-arn): String [ExecutionEnvironmentMemoryGiBPerVCpu](#sam-function-capacityproviderconfig-executionenvironmentmemorygibpervcpu): Float [PerExecutionEnvironmentMaxConcurrency](#sam-function-capacityproviderconfig-perexecutionenvironmentmaxconcurrency): Integer ``` ## Properties `Arn` The ARN of the capacity provider to use for this function. *Type*: String *Required*: Yes *CloudFormation compatibility*: This property is unique to SAM. `ExecutionEnvironmentMemoryGiBPerVCpu` The ratio of memory (in GiB) to vCPU for each execution environment. The memory ratio per CPU can't exceed function's total memory of 2048MB. The supported memory-to-CPU ratios are 2GB, 4GB, or 8GB per CPU. *Type*: Float *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[ExecutionEnvironmentMemoryGiBPerVCpu](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-lambdamanagedinstancescapacityproviderconfig)` property of an `AWS::Lambda::Function` resource. `PerExecutionEnvironmentMaxConcurrency` The maximum number of concurrent executions per execution environment (sandbox). *Type*: Integer *Required*: No *CloudFormation compatibility*: This property is passed directly to the `[PerExecutionEnvironmentMaxConcurrency](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-lambdamanagedinstancescapacityproviderconfig)` property of an `AWS::Lambda::Function` resource. ## Examples ### Capacity provider configuration The following example shows a capacity provider configuration that references a capacity provider resource. ``` CapacityProviderConfig: Arn: !GetAtt MyCapacityProvider.Arn ExecutionEnvironmentMemoryGiBPerVCpu: 4.0 PerExecutionEnvironmentMaxConcurrency: 100 ``` # FunctionScalingConfig Configures the scaling behavior for Lambda function versions, controlling the number of execution environments (sandboxes) that can be created. This configuration applies to both \$1LATEST.PUBLISHED and numeric function versions. ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [MinExecutionEnvironments](#sam-function-functionscalingconfig-minexecutionenvironments): Integer [MaxExecutionEnvironments](#sam-function-functionscalingconfig-maxexecutionenvironments): Integer ``` ## Properties `MinExecutionEnvironments` The minimum number of execution environments to maintain for the function version. *Type*: Integer *Required*: No *Default*: `3` *Minimum*: `0` *CloudFormation compatibility*: This property is passed directly to the `[MinExecutionEnvironments](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionscalingconfig-minexecutionenvironments)` property of an `AWS::Lambda::Function` resource. `MaxExecutionEnvironments` The maximum number of execution environments that can be created for the function version. *Type*: Integer *Required*: No *Default*: `3` *Minimum*: `0` *CloudFormation compatibility*: This property is passed directly to the `[MaxExecutionEnvironments](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionscalingconfig-maxexecutionenvironments)` property of an `AWS::Lambda::Function` resource. ## Examples ### Function scaling configuration The following example shows a function scaling configuration with minimum and maximum execution environments. ``` FunctionScalingConfig: MinExecutionEnvironments: 5 MaxExecutionEnvironments: 100 ```