# AWS SAM template
<a name="sam-specification"></a>

After you run the **sam init** command and complete its subsequent workflow, AWS SAM creates your application project directory, which is your AWS SAM project. You define your serverless application by adding code to your AWS SAM project. While your AWS SAM project consists of a set of files and folders, the file you primarily work with is your AWS SAM template (named `template.yaml`). In this template, you write the code to express resources, event source mappings, and other properties that define your serverless application.

**Note**  
A key element of the AWS SAM template is the AWS SAM template specification. This specification provides the short-hand syntax that, when compared to CloudFormation, allows to you use fewer lines of code to to define the resources, event source mappings, permissions, APIs, and other properties of your serverless application.

This section provides details on how you use sections in the AWS SAM template to define resources types, resource properties, data types, resource attributes, intrinsic functions, and API Gateway extensions.

AWS SAM templates are an extension of CloudFormation templates, with unique syntax types that use shorthand syntax with fewer lines of code than CloudFormation. This speeds up your development when building a serverless application. For more information, refer to [AWS SAM resources and properties](sam-specification-resources-and-properties.md). For the full reference for CloudFormation templates, see [CloudFormation Template Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-reference.html) in the *AWS CloudFormation User Guide*.

When developing, you will often find it beneficial to break up your application code into separate files to better organize and manage your application. A basic example of this is using a separate file for your AWS Lambda function code rather than having this code in your AWS SAM template. Do this by organizing your Lambda function code in a subdirectory of your project and referencing its local path within your AWS Serverless Application Model (AWS SAM) template.

**Topics**
+ [

# AWS SAM template anatomy
](sam-specification-template-anatomy.md)
+ [

# AWS SAM resources and properties
](sam-specification-resources-and-properties.md)
+ [

# Generated CloudFormation resources for AWS SAM
](sam-specification-generated-resources.md)
+ [

# Resource attributes supported by AWS SAM
](sam-specification-resource-attributes.md)
+ [

# API Gateway extensions for AWS SAM
](sam-specification-api-gateway-extensions.md)
+ [

# Intrinsic functions for AWS SAM
](sam-specification-intrinsic-functions.md)

# AWS SAM template anatomy
<a name="sam-specification-template-anatomy"></a>

An AWS SAM template file closely follows the format of an CloudFormation template file, which is described in [Template anatomy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html) in the *AWS CloudFormation User Guide*. The primary differences between AWS SAM template files and CloudFormation template files are the following:
+ **Transform declaration.** The declaration `Transform: AWS::Serverless-2016-10-31` is required for AWS SAM template files. This declaration identifies an CloudFormation template file as an AWS SAM template file. For more information about transforms, see [Transform](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html) in the *AWS CloudFormation User Guide*.
+ **Globals section.** The `Globals` section is unique to AWS SAM. It defines properties that are common to all your serverless functions and APIs. All the `AWS::Serverless::Function`, `AWS::Serverless::Api`, `AWS::Serverless::CapacityProvider`, `AWS::Serverless::HttpApi`, `AWS::Serverless::SimpleTable`, and `AWS::Serverless::StateMachine` resources inherit the properties that are defined in the `Globals` section. For more information about this section, see [Globals section of the AWS SAM template](sam-specification-template-anatomy-globals.md).
+ **Resources section.** In AWS SAM templates the `Resources` section can contain a combination of CloudFormation resources and AWS SAM resources. For more information about CloudFormation resources, see [AWS resource and property types reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html) in the *AWS CloudFormation User Guide*. For more information about AWS SAM resources, see [AWS SAM resources and properties](sam-specification-resources-and-properties.md).

All other sections of an AWS SAM template file correspond to the CloudFormation template file section of the same name.

## YAML
<a name="template-anatomy-outline.yaml"></a>

The following example shows a YAML-formatted template fragment.

```
Transform: AWS::Serverless-2016-10-31

Globals:
  set of globals

Description:
  String

Metadata:
  template metadata

Parameters:
  set of parameters

Mappings:
  set of mappings

Conditions:
  set of conditions

Resources:
  set of resources

Outputs:
  set of outputs
```

## Template sections
<a name="template-anatomy-sections"></a>

AWS SAM templates can include several major sections. Only the `Transform` and `Resources` sections are required.

You can include template sections in any order. However, if using language extensions, you should add `AWS::LanguageExtensions` *before* the serverless transform (that is, before `AWS::Serverless-2016-10-31`) as shown in the following example:

```
Transform:
  - AWS::LanguageExtensions
  - AWS::Serverless-2016-10-31
```

As you build your template, it can be helpful to use the logical order that's shown in the following list. This is because the values in one section might refer to values from a previous section.

**[Transform (required)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html)**  
For AWS SAM templates, you must include this section with a value of `AWS::Serverless-2016-10-31`.  
Additional transforms are optional. For more information about transforms, see [Transform](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html) in the *AWS CloudFormation User Guide*.

**[Globals (optional)](sam-specification-template-anatomy-globals.md)**  
Properties that are common to all your serverless functions, APIs, and simple tables. All the `AWS::Serverless::Function`, `AWS::Serverless::Api`, `AWS::Serverless::CapacityProvider`, `AWS::Serverless::HttpApi`, `AWS::Serverless::SimpleTable`, and `AWS::Serverless::StateMachine` resources inherit the properties that are defined in the `Globals` section.  
This section is unique to AWS SAM. There isn't a corresponding section in CloudFormation templates.

**[Description (optional)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-description-structure.html)**  
A text string that describes the template.  
This section corresponds directly with the `Description` section of CloudFormation templates.

**[Metadata (optional)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html)**  
Objects that provide additional information about the template.  
This section corresponds directly with the `Metadata` section of CloudFormation templates.

**[Parameters (optional)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html)**  
Values to pass to your template at runtime (when you create or update a stack). You can refer to parameters from the `Resources` and `Outputs` sections of the template. Objects that are declared in the `Parameters` section cause the **sam deploy --guided** command to present additional prompts to the user.  
Values that are passed in using the `--parameter-overrides` parameter of the `sam deploy` command—and entries in the configuration file—take precedence over entries in the AWS SAM template file. For more information about the `sam deploy` command, see [sam deploy](sam-cli-command-reference-sam-deploy.md) in the AWS SAM CLI command reference. For more information about the configuration file, see [AWS SAM CLI configuration file](serverless-sam-cli-config.md).

**[Mappings (optional)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/mappings-section-structure.html)**  
A mapping of keys and associated values that you can use to specify conditional parameter values, similar to a lookup table. You can match a key to a corresponding value by using the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-findinmap.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-findinmap.html) intrinsic function in the `Resources` and `Outputs` sections.  
This section corresponds directly with the `Mappings` section of CloudFormation templates.

**[Conditions (optional)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/conditions-section-structure.html)**  
Conditions that control whether certain resources are created or whether certain resource properties are assigned a value during stack creation or update. For example, you could conditionally create a resource that depends on whether the stack is for a production or test environment.  
This section corresponds directly with the `Conditions` section of CloudFormation templates.

**[Resources (required)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html)**  
The stack resources and their properties, such as an Amazon Elastic Compute Cloud (Amazon EC2) instance or an Amazon Simple Storage Service (Amazon S3) bucket. You can refer to resources in the `Resources` and `Outputs` sections of the template.  
This section is similar to the `Resources` section of CloudFormation templates. In AWS SAM templates, this section can contain AWS SAM resources in addition to CloudFormation resources.

**[Outputs (optional)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html)**  
The values that are returned whenever you view your stack's properties. For example, you can declare an output for an S3 bucket name, and then call the `aws cloudformation describe-stacks` AWS Command Line Interface (AWS CLI) command to view the name.  
This section corresponds directly with the `Outputs` section of CloudFormation templates.

## Next steps
<a name="template-anatomy-next-steps"></a>

To download and deploy a sample serverless application that contains an AWS SAM template file, see [Getting started with AWS SAM](serverless-getting-started.md) and follow the instructions in [Tutorial: Deploy a Hello World application with AWS SAM](serverless-getting-started-hello-world.md).

# Globals section of the AWS SAM template
<a name="sam-specification-template-anatomy-globals"></a>

Sometimes resources that you declare in an AWS SAM template have common configurations. For example, you might have an application with multiple `AWS::Serverless::Function` resources that have identical `Runtime`, `Memory`, `VPCConfig`, `Environment`, and `Cors` configurations. Instead of duplicating this information in every resource, you can declare them once in the `Globals` section and let your resources inherit them.

The `Globals` section supports the following AWS SAM resource types:
+ `AWS::Serverless::Api`
+ `AWS::Serverless::CapacityProvider`
+ `AWS::Serverless::Function`
+ `AWS::Serverless::HttpApi`
+ `AWS::Serverless::SimpleTable`
+ `AWS::Serverless::StateMachine`

Example:

```
Globals:
  Function:
    Runtime: nodejs12.x
    Timeout: 180
    Handler: index.handler
    Environment:
      Variables:
        TABLE_NAME: data-table

Resources:
  HelloWorldFunction:
    Type: AWS::Serverless::Function
    Properties:
      Environment:
        Variables:
          MESSAGE: "Hello From SAM"

  ThumbnailFunction:
    Type: AWS::Serverless::Function
    Properties:
      Events:
        Thumbnail:
          Type: Api
          Properties:
            Path: /thumbnail
            Method: POST
```

In this example, both `HelloWorldFunction` and `ThumbnailFunction` use "nodejs12.x" for `Runtime`, "180" seconds for `Timeout`, and "index.handler" for `Handler`. `HelloWorldFunction` adds the MESSAGE environment variable, in addition to the inherited TABLE\$1NAME. `ThumbnailFunction` inherits all the `Globals` properties and adds an API event source.

## Supported resources and properties
<a name="sam-specification-template-anatomy-globals-supported-resources-and-properties"></a>

AWS SAM supports the following resources and properties.

```
Globals:
  Api:
    AccessLogSetting:
    Auth:
    BinaryMediaTypes:
    CacheClusterEnabled:
    CacheClusterSize:
    CanarySetting:
    Cors:
    DefinitionUri:
    Domain:
    EndpointConfiguration:
    GatewayResponses:
    MethodSettings:
    MinimumCompressionSize:
    Name:
    OpenApiVersion:
    PropagateTags:
    TracingEnabled:
    Variables:
  
  CapacityProvider:
    InstanceRequirements:
    KmsKeyArn:
    OperatorRole:
    PropagateTags:
    ScalingConfig:
    Tags:
    VpcConfig:
  
  Function:
    Architectures:
    AssumeRolePolicyDocument:
    AutoPublishAlias:
    AutoPublishAliasAllProperties:
    CapacityProviderConfig:
    CodeSigningConfigArn:
    CodeUri:
    DeadLetterQueue:
    DeploymentPreference:
    Description:
    DurableConfig:
    Environment:
    EphemeralStorage:
    EventInvokeConfig:
    FileSystemConfigs:
    FunctionScalingConfig:
    FunctionUrlConfig:
    Handler:
    KmsKeyArn:
    Layers:
    LoggingConfig:
    MemorySize:
    PermissionsBoundary:
    PropagateTags:
    ProvisionedConcurrencyConfig:
    PublishToLatestPublished:
    RecursiveLoop:
    ReservedConcurrentExecutions:
    RolePath:
    Runtime:
    RuntimeManagementConfig:
    SnapStart:
    SourceKMSKeyArn:
    Tags:
    TenancyConfig:
    Timeout:
    Tracing:
    VersionDeletionPolicy:
    VpcConfig:

  HttpApi:
    AccessLogSettings:
    Auth:
    PropagateTags:
    StageVariables:
    Tags:

  SimpleTable:
    SSESpecification:
    
  StateMachine:
    PropagateTags:
```

**Note**  
Any resources and properties that are not included in the previous list are not supported. Some reasons for not supporting them include: 1) They open potential security issues, or 2) They make the template hard to understand.

## Implicit APIs
<a name="sam-specification-template-anatomy-globals-implicit-apis"></a>

AWS SAM creates *implicit APIs* when you declare an API in the `Events` section. You can use `Globals` to override all properties of implicit APIs.

## Overridable properties
<a name="sam-specification-template-anatomy-globals-overrideable"></a>

Resources can override the properties that you declare in the `Globals` section. For example, you can add new variables to an environment variable map, or you can override globally declared variables. But the resource cannot remove a property that's specified in the `Globals` section.

More generally, the `Globals` section declares properties that all your resources share. Some resources can provide new values for globally declared properties, but they can't remove them. If some resources use a property but others don't, then you must not declare them in the `Globals` section.

The following sections describe how overriding works for different data types.

### Primitive data types are replaced
<a name="sam-specification-template-anatomy-globals-overrideable-primitives"></a>

Primitive data types include strings, numbers, Booleans, and so on.

The value specified in the `Resources` section replaces the value in the `Globals` section.

Example:

```
Globals:
  Function:
    Runtime: nodejs12.x

Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      Runtime: python3.9
```

The `Runtime` for `MyFunction` is set to `python3.9`.

### Maps are merged
<a name="sam-specification-template-anatomy-globals-overrideable-maps"></a>

Maps are also known as dictionaries or collections of key-value pairs.

Map entries in the `Resources` section are merged with global map entries. If there are duplicates, the `Resource` section entry overrides the `Globals` section entry.

Example:

```
Globals:
  Function:
    Environment:
      Variables:
        STAGE: Production
        TABLE_NAME: global-table

Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      Environment:
        Variables:
          TABLE_NAME: resource-table
          NEW_VAR: hello
```

The environment variables of `MyFunction` are set to the following:

```
{
  "STAGE": "Production",
  "TABLE_NAME": "resource-table",
  "NEW_VAR": "hello"
}
```

### Lists are additive
<a name="sam-specification-template-anatomy-globals-overrideable-lists"></a>

Lists are also known as arrays.

List entries in the `Globals` section are prepended to the list in the `Resources` section.

Example:

```
Globals:
  Function:
    VpcConfig:
      SecurityGroupIds:
        - sg-123
        - sg-456

Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      VpcConfig:
        SecurityGroupIds:
          - sg-first
```

The `SecurityGroupIds` for `MyFunction`'s `VpcConfig` are set to the following:

```
[ "sg-123", "sg-456", "sg-first" ]
```

# AWS SAM resources and properties
<a name="sam-specification-resources-and-properties"></a>

This section desribes the resource and property types that are specific to AWS SAM. You define these resources and properties using the AWS SAM shorthand syntax. AWS SAM also supports CloudFormation resource and property types. For reference information for all the AWS resource and property types CloudFormation and AWS SAM support, see [AWS resource and property types reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html) in the *AWS CloudFormation User Guide*.

**Topics**
+ [

# AWS::Serverless::Api
](sam-resource-api.md)
+ [

# AWS::Serverless::Application
](sam-resource-application.md)
+ [

# AWS::Serverless::CapacityProvider
](sam-resource-capacityprovider.md)
+ [

# AWS::Serverless::Connector
](sam-resource-connector.md)
+ [

# AWS::Serverless::Function
](sam-resource-function.md)
+ [

# AWS::Serverless::GraphQLApi
](sam-resource-graphqlapi.md)
+ [

# AWS::Serverless::HttpApi
](sam-resource-httpapi.md)
+ [

# AWS::Serverless::LayerVersion
](sam-resource-layerversion.md)
+ [

# AWS::Serverless::SimpleTable
](sam-resource-simpletable.md)
+ [

# AWS::Serverless::StateMachine
](sam-resource-statemachine.md)

# AWS::Serverless::Api
<a name="sam-resource-api"></a>

Creates a collection of Amazon API Gateway resources and methods that can be invoked through HTTPS endpoints.

An [AWS::Serverless::Api](#sam-resource-api) resource need not be explicitly added to a AWS Serverless Application Definition template. A resource of this type is implicitly created from the union of Api events defined on [AWS::Serverless::Function](sam-resource-function.md) resources defined in the template that do not refer to an [AWS::Serverless::Api](#sam-resource-api) resource.

An [AWS::Serverless::Api](#sam-resource-api) resource should be used to define and document the API using OpenApi, which provides more ability to configure the underlying Amazon API Gateway resources.

We recommend that you use CloudFormation hooks or IAM policies to verify that API Gateway resources have authorizers attached to them to control access to them.

For more information about using CloudFormation hooks, see [Registering hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/registering-hook-python.html) in the *CloudFormation CLI user guide* and the [apigw-enforce-authorizer](https://github.com/aws-cloudformation/aws-cloudformation-samples/tree/main/hooks/python-hooks/apigw-enforce-authorizer/) GitHub repository.

For more information about using IAM policies, see [Require that API routes have authorization](https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_id-based-policy-examples.html#security_iam_id-based-policy-examples-require-authorization) in the *API Gateway Developer Guide*.

**Note**  
When you deploy to AWS CloudFormation, AWS SAM transforms your AWS SAM resources into CloudFormation resources. For more information, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).

## Syntax
<a name="sam-resource-api-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-resource-api-syntax.yaml"></a>

```
Type: AWS::Serverless::Api
Properties:
  [AccessLogSetting](#sam-api-accesslogsetting): [AccessLogSetting](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-accesslogsetting)
  AlwaysDeploy: Boolean
  [ApiKeySourceType](#sam-api-apikeysourcetype): String
  [Auth](#sam-api-auth): ApiAuth
  [BinaryMediaTypes](#sam-api-binarymediatypes): List
  [CacheClusterEnabled](#sam-api-cacheclusterenabled): Boolean
  [CacheClusterSize](#sam-api-cacheclustersize): String
  [CanarySetting](#sam-api-canarysetting): [CanarySetting](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-canarysetting)
  [Cors](#sam-api-cors): String | CorsConfiguration
  [DefinitionBody](#sam-api-definitionbody): JSON
  [DefinitionUri](#sam-api-definitionuri): String | ApiDefinition
  [Description](#sam-api-description): String
  [DisableExecuteApiEndpoint](#sam-api-disableexecuteapiendpoint): Boolean
  [Domain](#sam-api-domain): DomainConfiguration
  [EndpointConfiguration](#sam-api-endpointconfiguration): EndpointConfiguration
  [FailOnWarnings](#sam-api-failonwarnings): Boolean
  [GatewayResponses](#sam-api-gatewayresponses): Map
  MergeDefinitions: Boolean
  [MethodSettings](#sam-api-methodsettings): MethodSettings
  [MinimumCompressionSize](#sam-api-minimumcompressionsize): Integer
  [Mode](#sam-api-mode): String
  [Models](#sam-api-models): Map
  [Name](#sam-api-name): String
  [OpenApiVersion](#sam-api-openapiversion): String
  PropagateTags: Boolean
  [Policy](#sam-api-policy): JSON
  [StageName](#sam-api-stagename): String
  [Tags](#sam-api-tags): Map
  [TracingEnabled](#sam-api-tracingenabled): Boolean
  [Variables](#sam-api-variables): Map
```

## Properties
<a name="sam-resource-api-properties"></a>

 `AccessLogSetting`   <a name="sam-api-accesslogsetting"></a>
Configures Access Log Setting for a stage.  
*Type*: [AccessLogSetting](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-accesslogsetting)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[AccessLogSetting](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-accesslogsetting)` property of an `AWS::ApiGateway::Stage` resource.

 `AlwaysDeploy`   <a name="sam-api-alwaysdeploy"></a>
Always deploys the API, even when no changes to the API have been detected.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ApiKeySourceType`   <a name="sam-api-apikeysourcetype"></a>
The source of the API key for metering requests according to a usage plan. Valid values are `HEADER` and `AUTHORIZER`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ApiKeySourceType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-apikeysourcetype)` property of an `AWS::ApiGateway::RestApi` resource.

 `Auth`   <a name="sam-api-auth"></a>
Configure authorization to control access to your API Gateway API.  
For more information about configuring access using AWS SAM see [Control API access with your AWS SAM template](serverless-controlling-access-to-apis.md). For an example showing how to override a global authorizer, see [Override a global authorizer for your Amazon API Gateway REST API](sam-property-function-apifunctionauth.md#sam-property-function-apifunctionauth--examples--override).  
*Type*: [ApiAuth](sam-property-api-apiauth.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `BinaryMediaTypes`   <a name="sam-api-binarymediatypes"></a>
List of MIME types that your API could return. Use this to enable binary support for APIs.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[BinaryMediaTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-binarymediatypes)` property of an `AWS::ApiGateway::RestApi` resource. The list of BinaryMediaTypes is added to both the CloudFormation resource and the OpenAPI document.

 `CacheClusterEnabled`   <a name="sam-api-cacheclusterenabled"></a>
Indicates whether caching is enabled for the stage. To cache responses, you must also set `CachingEnabled` to `true` under `MethodSettings`.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[CacheClusterEnabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-cacheclusterenabled)` property of an `AWS::ApiGateway::Stage` resource.

 `CacheClusterSize`   <a name="sam-api-cacheclustersize"></a>
The stage's cache cluster size.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[CacheClusterSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-cacheclustersize)` property of an `AWS::ApiGateway::Stage` resource.

 `CanarySetting`   <a name="sam-api-canarysetting"></a>
Configure a canary setting to a stage of a regular deployment.  
*Type*: [CanarySetting](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-canarysetting)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[CanarySetting](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-canarysetting)` property of an `AWS::ApiGateway::Stage` resource.

 `Cors`   <a name="sam-api-cors"></a>
Manage Cross-origin resource sharing (CORS) for all your API Gateway APIs. Specify the domain to allow as a string or specify a dictionary with additional Cors configuration.   
CORS requires AWS SAM to modify your OpenAPI definition. Create an inline OpenAPI definition in the `DefinitionBody` to turn on CORS.
For more information about CORS, see [Enable CORS for an API Gateway REST API Resource](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html) in the *API Gateway Developer Guide*.  
*Type*: String \$1 [CorsConfiguration](sam-property-api-corsconfiguration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `DefinitionBody`   <a name="sam-api-definitionbody"></a>
OpenAPI specification that describes your API. If neither `DefinitionUri` nor `DefinitionBody` are specified, SAM will generate a `DefinitionBody` for you based on your template configuration.  
To reference a local OpenAPI file that defines your API, use the `AWS::Include` transform. To learn more, see [How AWS SAM uploads local files](deploy-upload-local-files.md).  
*Type*: JSON  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Body](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-body)` property of an `AWS::ApiGateway::RestApi` resource. If certain properties are provided, content may be inserted or modified into the DefinitionBody before being passed to CloudFormation. Properties include `Auth`, `BinaryMediaTypes`, `Cors`, `GatewayResponses`, `Models`, and an `EventSource` of type Api for a corresponding `AWS::Serverless::Function`.

 `DefinitionUri`   <a name="sam-api-definitionuri"></a>
Amazon S3 Uri, local file path, or location object of the the OpenAPI document defining the API. The Amazon S3 object this property references must be a valid OpenAPI file. If neither `DefinitionUri` nor `DefinitionBody` are specified, SAM will generate a `DefinitionBody` for you based on your template configuration.  
If a local file path is provided, the template must go through the workflow that includes the `sam deploy` or `sam package` command, in order for the definition to be transformed properly.  
Intrinsic functions are not supported in external OpenApi files referenced by `DefinitionUri`. Use instead the `DefinitionBody` property with the [Include Transform](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html) to import an OpenApi definition into the template.  
*Type*: String \$1 [ApiDefinition](sam-property-api-apidefinition.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[BodyS3Location](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-bodys3location)` property of an `AWS::ApiGateway::RestApi` resource. The nested Amazon S3 properties are named differently.

 `Description`   <a name="sam-api-description"></a>
A description of the Api resource.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-description)` property of an `AWS::ApiGateway::RestApi` resource.

 `DisableExecuteApiEndpoint`   <a name="sam-api-disableexecuteapiendpoint"></a>
Specifies whether clients can invoke your API by using the default `execute-api` endpoint. By default, clients can invoke your API with the default `https://{api_id}.execute-api.{region}.amazonaws.com`. To require that clients use a custom domain name to invoke your API, specify `True`.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[ DisableExecuteApiEndpoint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-disableexecuteapiendpoint)` property of an `AWS::ApiGateway::RestApi` resource. It is passed directly to the `disableExecuteApiEndpoint` property of an `[ x-amazon-apigateway-endpoint-configuration](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html)` extension, which gets added to the ` [ Body](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-body)` property of an `AWS::ApiGateway::RestApi` resource.

 `Domain`   <a name="sam-api-domain"></a>
Configures a custom domain for this API Gateway API.  
*Type*: [DomainConfiguration](sam-property-api-domainconfiguration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `EndpointConfiguration`   <a name="sam-api-endpointconfiguration"></a>
The endpoint type of a REST API.  
*Type*: [EndpointConfiguration](sam-property-api-endpointconfiguration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[EndpointConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-endpointconfiguration)` property of an `AWS::ApiGateway::RestApi` resource. The nested configuration properties are named differently.

 `FailOnWarnings`   <a name="sam-api-failonwarnings"></a>
Specifies whether to roll back the API creation (`true`) or not (`false`) when a warning is encountered. The default value is `false`.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FailOnWarnings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-failonwarnings)` property of an `AWS::ApiGateway::RestApi` resource.

 `GatewayResponses`   <a name="sam-api-gatewayresponses"></a>
Configures Gateway Responses for an API. Gateway Responses are responses returned by API Gateway, either directly or through the use of Lambda Authorizers. For more information, see the documentation for the [Api Gateway OpenApi extension for Gateway Responses](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-gateway-responses.html).  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `MergeDefinitions`   <a name="sam-api-mergedefinitions"></a>
AWS SAM generates an OpenAPI specification from your API event source. Specify `true` to have AWS SAM merge this into the inline OpenAPI specification defined in your `AWS::Serverless::Api` resource. Specify `false` to not merge.  
`MergeDefinitions` requires the `DefinitionBody` property for `AWS::Serverless::Api` to be defined. `MergeDefinitions` is not compatible with the `DefinitionUri` property for `AWS::Serverless::Api`.  
*Default value*: `false`  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `MethodSettings`   <a name="sam-api-methodsettings"></a>
Configures all settings for API stage including Logging, Metrics, CacheTTL, Throttling.  
*Type*: List of [ MethodSetting](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-stage-methodsetting.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MethodSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-methodsettings)` property of an `AWS::ApiGateway::Stage` resource.

 `MinimumCompressionSize`   <a name="sam-api-minimumcompressionsize"></a>
Allow compression of response bodies based on client's Accept-Encoding header. Compression is triggered when response body size is greater than or equal to your configured threshold. The maximum body size threshold is 10 MB (10,485,760 Bytes). - The following compression types are supported: gzip, deflate, and identity.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MinimumCompressionSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-minimumcompressionsize)` property of an `AWS::ApiGateway::RestApi` resource.

 `Mode`   <a name="sam-api-mode"></a>
This property applies only when you use OpenAPI to define your REST API. The `Mode` determines how API Gateway handles resource updates. For more information, see [Mode](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-mode) property of the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html) resource type.  
*Valid values*: `overwrite` or `merge`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Mode](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-mode)` property of an `AWS::ApiGateway::RestApi` resource.

 `Models`   <a name="sam-api-models"></a>
The schemas to be used by your API methods. These schemas can be described using JSON or YAML. See the Examples section at the bottom of this page for example models.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Name`   <a name="sam-api-name"></a>
A name for the API Gateway RestApi resource  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-name)` property of an `AWS::ApiGateway::RestApi` resource.

 `OpenApiVersion`   <a name="sam-api-openapiversion"></a>
Version of OpenApi to use. This can either be `2.0` for the Swagger specification, or one of the OpenApi 3.0 versions, like `3.0.1`. For more information about OpenAPI, see the [OpenAPI Specification](https://swagger.io/specification/).  
 AWS SAM creates a stage called `Stage` by default. Setting this property to any valid value will prevent the creation of the stage `Stage`. 
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

`PropagateTags`  <a name="sam-api-propagatetags"></a>
Indicate whether or not to pass tags from the `Tags` property to your [AWS::Serverless::Api](sam-specification-generated-resources-api.md) generated resources. Specify `True` to propagate tags in your generated resources.  
*Type*: Boolean  
*Required*: No  
*Default*: `False`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

`Policy`  <a name="sam-api-policy"></a>
A policy document that contains the permissions for the API. To set the ARN for the policy, use the `!Join` intrinsic function with `""` as delimiter and values of `"execute-api:/"` and `"*"`.  
*Type*: JSON  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the [ Policy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-policy) property of an `AWS::ApiGateway::RestApi` resource.

 `StageName`   <a name="sam-api-stagename"></a>
The name of the stage, which API Gateway uses as the first path segment in the invoke Uniform Resource Identifier (URI).  
To reference the stage resource, use `<api-logical-id>.Stage`. For more information about referencing resources generated when an [AWS::Serverless::Api](#sam-resource-api) resource is specified, see [CloudFormation resources generated when AWS::Serverless::Api is specified](sam-specification-generated-resources-api.md). For general information about generated CloudFormation resources, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is similar to the `[StageName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-stagename)` property of an `AWS::ApiGateway::Stage` resource. It is required in SAM, but not required in API Gateway  
*Additional notes*: The Implicit API has a stage name of "Prod".

 `Tags`   <a name="sam-api-tags"></a>
A map (string to string) that specifies the tags to be added to this API Gateway stage. For details about valid keys and values for tags, see [Resource tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) in the *AWS CloudFormation User Guide*.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-tags)` property of an `AWS::ApiGateway::Stage` resource. The Tags property in SAM consists of Key:Value pairs; in CloudFormation it consists of a list of Tag objects.

 `TracingEnabled`   <a name="sam-api-tracingenabled"></a>
Indicates whether active tracing with X-Ray is enabled for the stage. For more information about X-Ray, see [Tracing user requests to REST APIs using X-Ray](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-xray.html) in the *API Gateway Developer Guide*.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[TracingEnabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-tracingenabled)` property of an `AWS::ApiGateway::Stage` resource.

 `Variables`   <a name="sam-api-variables"></a>
A map (string to string) that defines the stage variables, where the variable name is the key and the variable value is the value. Variable names are limited to alphanumeric characters. Values must match the following regular expression: `[A-Za-z0-9._~:/?#&=,-]+`.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Variables](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-variables)` property of an `AWS::ApiGateway::Stage` resource.

## Return Values
<a name="sam-resource-api-return-values"></a>

### Ref
<a name="sam-resource-api-return-values-ref"></a>

When the logical ID of this resource is provided to the `Ref` intrinsic function, it returns the ID of the underlying API Gateway API.

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) in the *AWS CloudFormation User Guide*. 

### Fn::GetAtt
<a name="sam-resource-api-return-values-fn--getatt"></a>

`Fn::GetAtt` returns a value for a specified attribute of this type. The following are the available attributes and sample return values. 

For more information about using `Fn::GetAtt`, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) in the *AWS CloudFormation User Guide*. 

`RootResourceId`  <a name="RootResourceId-fn::getatt"></a>
The root resource ID for a `RestApi` resource, such as `a0bc123d4e`.

## Examples
<a name="sam-resource-api--examples"></a>

### SimpleApiExample
<a name="sam-resource-api--examples--simpleapiexample"></a>

A Hello World AWS SAM template file that contains a Lambda Function with an API endpoint. This is a full AWS SAM template file for a working serverless application.

#### YAML
<a name="sam-resource-api--examples--simpleapiexample--yaml"></a>

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: AWS SAM template with a simple API definition
Resources:
  ApiGatewayApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
  ApiFunction: # Adds a GET method at the root resource via an Api event
    Type: AWS::Serverless::Function
    Properties:
      Events:
        ApiEvent:
          Type: Api
          Properties:
            Path: /
            Method: get
            RestApiId:
              Ref: ApiGatewayApi
      Runtime: python3.10
      Handler: index.handler
      InlineCode: |
        def handler(event, context):
            return {'body': 'Hello World!', 'statusCode': 200}
```

### ApiCorsExample
<a name="sam-resource-api--examples--apicorsexample"></a>

An AWS SAM template snippet with an API defined in an external Swagger file along with Lambda integrations and CORS configurations. This is just a portion of an AWS SAM template file showing an [AWS::Serverless::Api](#sam-resource-api) definition.

#### YAML
<a name="sam-resource-api--examples--apicorsexample--yaml"></a>

```
Resources:
  ApiGatewayApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      # Allows www.example.com to call these APIs
      # SAM will automatically add AllowMethods with a list of methods for this API
      Cors: "'www.example.com'"
      DefinitionBody: # Pull in an OpenApi definition from S3
        'Fn::Transform':
          Name: 'AWS::Include'
          # Replace "bucket" with your bucket name
          Parameters:
            Location: s3://bucket/swagger.yaml
```

### ApiCognitoAuthExample
<a name="sam-resource-api--examples--apicognitoauthexample"></a>

An AWS SAM template snippet with an API that uses Amazon Cognito to authorize requests against the API. This is just a portion of an AWS SAM template file showing an [AWS::Serverless::Api](#sam-resource-api) definition.

#### YAML
<a name="sam-resource-api--examples--apicognitoauthexample--yaml"></a>

```
Resources:
  ApiGatewayApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Cors: "'*'"
      Auth:
        DefaultAuthorizer: MyCognitoAuthorizer
        Authorizers:
          MyCognitoAuthorizer:
            UserPoolArn:
              Fn::GetAtt: [MyCognitoUserPool, Arn]
```

### ApiModelsExample
<a name="sam-resource-api--examples--apimodelsexample"></a>

An AWS SAM template snippet with an API that includes a Models schema. This is just a portion of an AWS SAM template file, showing an [AWS::Serverless::Api](#sam-resource-api) definition with two model schemas.

#### YAML
<a name="sam-resource-api--examples--apimodelsexample--yaml"></a>

```
Resources:
  ApiGatewayApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Models:
        User:
          type: object
          required:
            - username
            - employee_id
          properties:
            username:
              type: string
            employee_id:
              type: integer
            department:
              type: string
        Item:
          type: object
          properties:
            count:
              type: integer
            category:
              type: string
            price:
              type: integer
```

### Caching example
<a name="sam-resource-api--examples--caching-example"></a>

A Hello World AWS SAM template file that contains a Lambda Function with an API endpoint. The API has caching enabled for one resource and method. For more information about caching, see [Enabling API caching to enhance responsiveness](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html) in the *API Gateway Developer Guide*.

#### YAML
<a name="sam-resource-api--examples--caching-example--yaml"></a>

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: AWS SAM template with a simple API definition with caching turned on
Resources:
  ApiGatewayApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
      CacheClusterEnabled: true
      CacheClusterSize: '0.5'
      MethodSettings:
        - ResourcePath: /
          HttpMethod: GET
          CachingEnabled: true
          CacheTtlInSeconds: 300
      Tags:
        CacheMethods: All 

  ApiFunction: # Adds a GET method at the root resource via an Api event
    Type: AWS::Serverless::Function
    Properties:
      Events:
        ApiEvent:
          Type: Api
          Properties:
            Path: /
            Method: get
            RestApiId:
              Ref: ApiGatewayApi
      Runtime: python3.10
      Handler: index.handler
      InlineCode: |
        def handler(event, context):
            return {'body': 'Hello World!', 'statusCode': 200}
```

### Custom domain with a private API example
<a name="sam-resource-api--examples--custom-domain-example"></a>

A Hello World AWS SAM template file that contains a Lambda function with an API endpoint mapped to a private domain. The template creates a domain access association between a VPC endpoint and the private domain. For more information, see [Custom domain names for private APIs in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html).

#### YAML
<a name="sam-resource-api--examples--custom-domain-example--yaml"></a>

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: AWS SAM template configured with a custom domain using a private API

Parameters:
    DomainName:
      Type: String
      Default: mydomain.example.com
    CertificateArn:
      Type: String
    HostedZoneId:
      Type: String
    VpcEndpointId:
      Type: String
    VpcEndpointDomainName:
      Type: String
    VpcEndpointHostedZoneId:
      Type: String

Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      InlineCode: |
        def handler(event, context):
            return {'body': 'Hello World!', 'statusCode': 200}
      Handler: index.handler
      Runtime: python3.13
      Events:
        Fetch:
          Type: Api
          Properties:
            RestApiId:
              Ref: MyApi
            Method: Get
            Path: /get
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      EndpointConfiguration:
        Type: PRIVATE
        VPCEndpointIds:
        - !Ref VpcEndpointId
      Policy:
        Version: '2012-10-17		 	 	 '
        Statement:
        - Effect: Allow
          Principal: '*'
          Action: execute-api:Invoke
          Resource: execute-api:/*
        - Effect: Deny
          Principal: '*'
          Action: execute-api:Invoke
          Resource: execute-api:/*
          Condition:
            StringNotEquals:
              aws:SourceVpce: !Ref VpcEndpointId
      Domain:
        DomainName: !Ref DomainName
        CertificateArn: !Ref CertificateArn
        EndpointConfiguration: PRIVATE
        BasePath:
        - /
        Route53:
          HostedZoneId: !Ref HostedZoneId
          VpcEndpointDomainName: !Ref VpcEndpointDomainName
          VpcEndpointHostedZoneId: !Ref VpcEndpointHostedZoneId
        AccessAssociation:
          VpcEndpointId: !Ref VpcEndpointId
        Policy:
          Version: '2012-10-17		 	 	 '
          Statement:
          - Effect: Allow
            Principal: '*'
            Action: execute-api:Invoke
            Resource: execute-api:/*
          - Effect: Deny
            Principal: '*'
            Action: execute-api:Invoke
            Resource: execute-api:/*
            Condition:
              StringNotEquals:
                aws:SourceVpce: !Ref VpcEndpointId
```

# ApiAuth
<a name="sam-property-api-apiauth"></a>

Configure authorization to control access to your API Gateway API.

For more information and examples for configuring access using AWS SAM see [Control API access with your AWS SAM template](serverless-controlling-access-to-apis.md).

## Syntax
<a name="sam-property-api-apiauth-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-apiauth-syntax.yaml"></a>

```
  AddApiKeyRequiredToCorsPreflight: Boolean
  [AddDefaultAuthorizerToCorsPreflight](#sam-api-apiauth-adddefaultauthorizertocorspreflight): Boolean
  [ApiKeyRequired](#sam-api-apiauth-apikeyrequired): Boolean
  [Authorizers](#sam-api-apiauth-authorizers): CognitoAuthorizer | LambdaTokenAuthorizer | LambdaRequestAuthorizer | AWS_IAM
  [DefaultAuthorizer](#sam-api-apiauth-defaultauthorizer): String
  [InvokeRole](#sam-api-apiauth-invokerole): String
  [ResourcePolicy](#sam-api-apiauth-resourcepolicy): ResourcePolicyStatement
  [UsagePlan](#sam-api-apiauth-usageplan): ApiUsagePlan
```

**Note**  
The `Authorizers` property includes `AWS_IAM`, but there is no extra configuration needed for `AWS_IAM`. For an example, see [AWS IAM](#sam-property-api-apiauth--examples--aws_iam).

## Properties
<a name="sam-property-api-apiauth-properties"></a>

 `AddApiKeyRequiredToCorsPreflight`   <a name="sam-api-apiauth-addapikeyrequiredtocorspreflight"></a>
If the `ApiKeyRequired` and `Cors` properties are set, then setting `AddApiKeyRequiredToCorsPreflight` will cause the API key to be added to the `Options` property.  
*Type*: Boolean  
*Required*: No  
*Default*: `True`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AddDefaultAuthorizerToCorsPreflight`   <a name="sam-api-apiauth-adddefaultauthorizertocorspreflight"></a>
If the `DefaultAuthorizer` and `Cors` properties are set, then setting `AddDefaultAuthorizerToCorsPreflight` will cause the default authorizer to be added to the `Options` property in the OpenAPI section.  
*Type*: Boolean  
*Required*: No  
*Default*: True  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ApiKeyRequired`   <a name="sam-api-apiauth-apikeyrequired"></a>
If set to true then an API key is required for all API events. For more information about API keys see [Create and Use Usage Plans with API Keys](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html) in the *API Gateway Developer Guide*.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Authorizers`   <a name="sam-api-apiauth-authorizers"></a>
The authorizer used to control access to your API Gateway API.  
For more information, see [Control API access with your AWS SAM template](serverless-controlling-access-to-apis.md).  
*Type*: [CognitoAuthorizer](sam-property-api-cognitoauthorizer.md) \$1 [LambdaTokenAuthorizer](sam-property-api-lambdatokenauthorizer.md) \$1 [LambdaRequestAuthorizer](sam-property-api-lambdarequestauthorizer.md) \$1 AWS\$1IAM  
*Required*: No  
*Default*: None  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.  
*Additional notes*: SAM adds the Authorizers to the OpenApi definition of an Api.

 `DefaultAuthorizer`   <a name="sam-api-apiauth-defaultauthorizer"></a>
Specify a default authorizer for an API Gateway API, which will be used for authorizing API calls by default.  
If the Api EventSource for the function associated with this API is configured to use IAM Permissions, then this property must be set to `AWS_IAM`, otherwise an error will result.
*Type*: String  
*Required*: No  
*Default*: None  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `InvokeRole`   <a name="sam-api-apiauth-invokerole"></a>
Sets integration credentials for all resources and methods to this value.  
`CALLER_CREDENTIALS` maps to `arn:aws:iam:::<user>/`, which uses the caller credentials to invoke the endpoint.  
*Valid values*: `CALLER_CREDENTIALS`, `NONE`, `IAMRoleArn`  
*Type*: String  
*Required*: No  
*Default*: `CALLER_CREDENTIALS`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ResourcePolicy`   <a name="sam-api-apiauth-resourcepolicy"></a>
Configure Resource Policy for all methods and paths on an API.  
*Type*: [ResourcePolicyStatement](sam-property-api-resourcepolicystatement.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.  
*Additional notes*: This setting can also be defined on individual `AWS::Serverless::Function` using the [ApiFunctionAuth](sam-property-function-apifunctionauth.md). This is required for APIs with `EndpointConfiguration: PRIVATE`.

 `UsagePlan`   <a name="sam-api-apiauth-usageplan"></a>
Configures a usage plan associated with this API. For more information about usage plans see [Create and Use Usage Plans with API Keys](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html) in the *API Gateway Developer Guide*.  
This AWS SAM property generates three additional CloudFormation resources when this property is set: an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html), an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplankey.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplankey.html), and an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html). For information about this scenario, see [UsagePlan property is specified](sam-specification-generated-resources-api.md#sam-specification-generated-resources-api-usage-plan). For general information about generated CloudFormation resources, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).  
*Type*: [ApiUsagePlan](sam-property-api-apiusageplan.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-api-apiauth--examples"></a>

### CognitoAuth
<a name="sam-property-api-apiauth--examples--cognitoauth"></a>

Cognito Auth example

#### YAML
<a name="sam-property-api-apiauth--examples--cognitoauth--yaml"></a>

```
Auth:
  Authorizers:
    MyCognitoAuth:
     UserPoolArn:
       Fn::GetAtt:
         - MyUserPool
         - Arn
     AuthType: "COGNITO_USER_POOLS"
  DefaultAuthorizer: MyCognitoAuth
  InvokeRole: CALLER_CREDENTIALS
  AddDefaultAuthorizerToCorsPreflight: false
  ApiKeyRequired: false
  ResourcePolicy:
    CustomStatements: [{
      "Effect": "Allow",
      "Principal": "*",
      "Action": "execute-api:Invoke",
      "Resource": "execute-api:/Prod/GET/pets",
      "Condition": {
          "IpAddress": {
              "aws:SourceIp": "1.2.3.4"
          }
        }
    }]
    IpRangeDenylist:
      - "10.20.30.40"
```

### AWS IAM
<a name="sam-property-api-apiauth--examples--aws_iam"></a>

AWS IAM example

#### YAML
<a name="sam-property-api-apiauth--examples--cognitoauth--yaml"></a>

```
Auth:
  Authorizers: AWS_IAM
```

# ApiUsagePlan
<a name="sam-property-api-apiusageplan"></a>

Configures a usage plan for an API Gateway API. For more information about usage plans, see [Create and Use Usage Plans with API Keys](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-api-apiusageplan-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-apiusageplan-syntax.yaml"></a>

```
  [CreateUsagePlan](#sam-api-apiusageplan-createusageplan): String
  [Description](#sam-api-apiusageplan-description): String
  [Quota](#sam-api-apiusageplan-quota): [QuotaSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html#cfn-apigateway-usageplan-quota)
  [Tags](#sam-api-apiusageplan-tags): List
  [Throttle](#sam-api-apiusageplan-throttle): [ThrottleSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html#cfn-apigateway-usageplan-throttle)
  [UsagePlanName](#sam-api-apiusageplan-usageplanname): String
```

## Properties
<a name="sam-property-api-apiusageplan-properties"></a>

 `CreateUsagePlan`   <a name="sam-api-apiusageplan-createusageplan"></a>
Determines how this usage plan is configured. Valid values are `PER_API`, `SHARED`, and `NONE`.  
`PER_API` creates [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html), [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html), and [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplankey.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplankey.html) resources that are specific to this API. These resources have logical IDs of `<api-logical-id>UsagePlan`, `<api-logical-id>ApiKey`, and `<api-logical-id>UsagePlanKey`, respectively.  
`SHARED` creates [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html), [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-apikey.html), and [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplankey.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplankey.html) resources that are shared across any API that also has `CreateUsagePlan: SHARED` in the same AWS SAM template. These resources have logical IDs of `ServerlessUsagePlan`, `ServerlessApiKey`, and `ServerlessUsagePlanKey`, respectively. If you use this option, we recommend that you add additional configuration for this usage plan on only one API resource to avoid conflicting definitions and an uncertain state.  
`NONE` disables the creation or association of a usage plan with this API. This is only necessary if `SHARED` or `PER_API` is specified in the [Globals section of the AWS SAM template](sam-specification-template-anatomy-globals.md).  
*Valid values*: `PER_API`, `SHARED`, and `NONE`  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Description`   <a name="sam-api-apiusageplan-description"></a>
A description of the usage plan.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html#cfn-apigateway-usageplan-description)` property of an `AWS::ApiGateway::UsagePlan` resource.

 `Quota`   <a name="sam-api-apiusageplan-quota"></a>
Configures the number of requests that users can make within a given interval.  
*Type*: [QuotaSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html#cfn-apigateway-usageplan-quota)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Quota](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html#cfn-apigateway-usageplan-quota)` property of an `AWS::ApiGateway::UsagePlan` resource.

 `Tags`   <a name="sam-api-apiusageplan-tags"></a>
An array of arbitrary tags (key-value pairs) to associate with the usage plan.  
This property uses the [CloudFormation Tag Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html#cfn-apigateway-usageplan-tags)` property of an `AWS::ApiGateway::UsagePlan` resource.

 `Throttle`   <a name="sam-api-apiusageplan-throttle"></a>
Configures the overall request rate (average requests per second) and burst capacity.  
*Type*: [ThrottleSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html#cfn-apigateway-usageplan-throttle)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Throttle](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html#cfn-apigateway-usageplan-throttle)` property of an `AWS::ApiGateway::UsagePlan` resource.

 `UsagePlanName`   <a name="sam-api-apiusageplan-usageplanname"></a>
A name for the usage plan.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[UsagePlanName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-usageplan.html#cfn-apigateway-usageplan-usageplanname)` property of an `AWS::ApiGateway::UsagePlan` resource.

## Examples
<a name="sam-property-api-apiusageplan--examples"></a>

### UsagePlan
<a name="sam-property-api-apiusageplan--examples--usageplan"></a>

The following is a usage plan example.

#### YAML
<a name="sam-property-api-apiusageplan--examples--usageplan--yaml"></a>

```
Auth:
  UsagePlan:
    CreateUsagePlan: PER_API
    Description: Usage plan for this API
    Quota:
      Limit: 500
      Period: MONTH
    Throttle:
      BurstLimit: 100
      RateLimit: 50
    Tags:
      - Key: TagName
        Value: TagValue
```

# CognitoAuthorizer
<a name="sam-property-api-cognitoauthorizer"></a>

Define a Amazon Cognito User Pool authorizer.

For more information and examples, see [Control API access with your AWS SAM template](serverless-controlling-access-to-apis.md).

## Syntax
<a name="sam-property-api-cognitoauthorizer-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-cognitoauthorizer-syntax.yaml"></a>

```
  [AuthorizationScopes](#sam-api-cognitoauthorizer-authorizationscopes): List
  [Identity](#sam-api-cognitoauthorizer-identity): CognitoAuthorizationIdentity
  [UserPoolArn](#sam-api-cognitoauthorizer-userpoolarn): String
```

## Properties
<a name="sam-property-api-cognitoauthorizer-properties"></a>

 `AuthorizationScopes`   <a name="sam-api-cognitoauthorizer-authorizationscopes"></a>
List of authorization scopes for this authorizer.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Identity`   <a name="sam-api-cognitoauthorizer-identity"></a>
This property can be used to specify an `IdentitySource` in an incoming request for an authorizer.  
*Type*: [CognitoAuthorizationIdentity](sam-property-api-cognitoauthorizationidentity.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `UserPoolArn`   <a name="sam-api-cognitoauthorizer-userpoolarn"></a>
Can refer to a user pool/specify a userpool arn to which you want to add this cognito authorizer  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-api-cognitoauthorizer--examples"></a>

### CognitoAuth
<a name="sam-property-api-cognitoauthorizer--examples--cognitoauth"></a>

Cognito Auth Example

#### YAML
<a name="sam-property-api-cognitoauthorizer--examples--cognitoauth--yaml"></a>

```
Auth:
  Authorizers:
    MyCognitoAuth:
      AuthorizationScopes:
        - scope1
        - scope2
      UserPoolArn:
        Fn::GetAtt:
          - MyCognitoUserPool
          - Arn
      Identity:
        Header: MyAuthorizationHeader
        ValidationExpression: myauthvalidationexpression
```

# CognitoAuthorizationIdentity
<a name="sam-property-api-cognitoauthorizationidentity"></a>

This property can be used to specify an IdentitySource in an incoming request for an authorizer. For more information about IdentitySource see the [ApiGateway Authorizer OpenApi extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-authorizer.html).

## Syntax
<a name="sam-property-api-cognitoauthorizationidentity-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-cognitoauthorizationidentity-syntax.yaml"></a>

```
  [Header](#sam-api-cognitoauthorizationidentity-header): String
  [ReauthorizeEvery](#sam-api-cognitoauthorizationidentity-reauthorizeevery): Integer
  [ValidationExpression](#sam-api-cognitoauthorizationidentity-validationexpression): String
```

## Properties
<a name="sam-property-api-cognitoauthorizationidentity-properties"></a>

 `Header`   <a name="sam-api-cognitoauthorizationidentity-header"></a>
Specify the header name for Authorization in the OpenApi definition.  
*Type*: String  
*Required*: No  
*Default*: Authorization  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ReauthorizeEvery`   <a name="sam-api-cognitoauthorizationidentity-reauthorizeevery"></a>
The time-to-live (TTL) period, in seconds, that specifies how long API Gateway caches authorizer results. If you specify a value greater than 0, API Gateway caches the authorizer responses. By default, API Gateway sets this property to 300. The maximum value is 3600, or 1 hour.  
*Type*: Integer  
*Required*: No  
*Default*: 300  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ValidationExpression`   <a name="sam-api-cognitoauthorizationidentity-validationexpression"></a>
Specify a validation expression for validating the incoming Identity  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-api-cognitoauthorizationidentity--examples"></a>

### CognitoAuthIdentity
<a name="sam-property-api-cognitoauthorizationidentity--examples--cognitoauthidentity"></a>

#### YAML
<a name="sam-property-api-cognitoauthorizationidentity--examples--cognitoauthidentity--yaml"></a>

```
Identity:
  Header: MyCustomAuthHeader
  ValidationExpression: Bearer.*
  ReauthorizeEvery: 30
```

# LambdaRequestAuthorizer
<a name="sam-property-api-lambdarequestauthorizer"></a>

Configure a Lambda Authorizer to control access to your API with a Lambda function.

For more information and examples, see [Control API access with your AWS SAM template](serverless-controlling-access-to-apis.md).

## Syntax
<a name="sam-property-api-lambdarequestauthorizer-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-lambdarequestauthorizer-syntax.yaml"></a>

```
DisableFunctionDefaultPermissions: Boolean
[FunctionArn](#sam-api-lambdarequestauthorizer-functionarn): String
[FunctionInvokeRole](#sam-api-lambdarequestauthorizer-functioninvokerole): String
[FunctionPayloadType](#sam-api-lambdarequestauthorizer-functionpayloadtype): String
[Identity](#sam-api-lambdarequestauthorizer-identity): LambdaRequestAuthorizationIdentity
```

## Properties
<a name="sam-property-api-lambdarequestauthorizer-properties"></a>

 `DisableFunctionDefaultPermissions`   <a name="sam-api-lambdarequestauthorizer-disablefunctiondefaultpermissions"></a>
Specify `true` to prevent AWS SAM from automatically creating an `AWS::Lambda::Permissions` resource to provision permissions between your `AWS::Serverless::Api` resource and authorizer Lambda function.  
*Default value*: `false`  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FunctionArn`   <a name="sam-api-lambdarequestauthorizer-functionarn"></a>
Specify the function ARN of the Lambda function which provides authorization for the API.  
AWS SAM will automatically create an `AWS::Lambda::Permissions` resource when `FunctionArn` is specified for `AWS::Serverless::Api`. The `AWS::Lambda::Permissions` resource provisions permissions between your API and authorizer Lambda function.
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FunctionInvokeRole`   <a name="sam-api-lambdarequestauthorizer-functioninvokerole"></a>
Adds authorizer credentials to the OpenApi definition of the Lambda authorizer.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FunctionPayloadType`   <a name="sam-api-lambdarequestauthorizer-functionpayloadtype"></a>
This property can be used to define the type of Lambda Authorizer for an API.  
*Valid values*: `TOKEN` or `REQUEST`  
*Type*: String  
*Required*: No  
*Default*: `TOKEN`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Identity`   <a name="sam-api-lambdarequestauthorizer-identity"></a>
This property can be used to specify an `IdentitySource` in an incoming request for an authorizer. This property is only required if the `FunctionPayloadType` property is set to `REQUEST`.  
*Type*: [LambdaRequestAuthorizationIdentity](sam-property-api-lambdarequestauthorizationidentity.md)  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-api-lambdarequestauthorizer--examples"></a>

### LambdaRequestAuth
<a name="sam-property-api-lambdarequestauthorizer--examples--lambdarequestauth"></a>

#### YAML
<a name="sam-property-api-lambdarequestauthorizer--examples--lambdarequestauth--yaml"></a>

```
Authorizers:
  MyLambdaRequestAuth:
    FunctionPayloadType: REQUEST
    FunctionArn:
      Fn::GetAtt:
        - MyAuthFunction
        - Arn
    FunctionInvokeRole:
      Fn::GetAtt:
        - LambdaAuthInvokeRole
        - Arn
    Identity:
      Headers:
        - Authorization1
```

# LambdaRequestAuthorizationIdentity
<a name="sam-property-api-lambdarequestauthorizationidentity"></a>

This property can be used to specify an IdentitySource in an incoming request for an authorizer. For more information about IdentitySource see the [ApiGateway Authorizer OpenApi extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-authorizer.html).

## Syntax
<a name="sam-property-api-lambdarequestauthorizationidentity-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-lambdarequestauthorizationidentity-syntax.yaml"></a>

```
  [Context](#sam-api-lambdarequestauthorizationidentity-context): List
  [Headers](#sam-api-lambdarequestauthorizationidentity-headers): List
  [QueryStrings](#sam-api-lambdarequestauthorizationidentity-querystrings): List
  [ReauthorizeEvery](#sam-api-lambdarequestauthorizationidentity-reauthorizeevery): Integer
  [StageVariables](#sam-api-lambdarequestauthorizationidentity-stagevariables): List
```

## Properties
<a name="sam-property-api-lambdarequestauthorizationidentity-properties"></a>

 `Context`   <a name="sam-api-lambdarequestauthorizationidentity-context"></a>
Converts the given context strings to the mapping expressions of format `context.contextString`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Headers`   <a name="sam-api-lambdarequestauthorizationidentity-headers"></a>
Converts the headers to comma-separated string of mapping expressions of format `method.request.header.name`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `QueryStrings`   <a name="sam-api-lambdarequestauthorizationidentity-querystrings"></a>
Converts the given query strings to comma-separated string of mapping expressions of format `method.request.querystring.queryString`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ReauthorizeEvery`   <a name="sam-api-lambdarequestauthorizationidentity-reauthorizeevery"></a>
The time-to-live (TTL) period, in seconds, that specifies how long API Gateway caches authorizer results. If you specify a value greater than 0, API Gateway caches the authorizer responses. By default, API Gateway sets this property to 300. The maximum value is 3600, or 1 hour.  
*Type*: Integer  
*Required*: No  
*Default*: 300  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `StageVariables`   <a name="sam-api-lambdarequestauthorizationidentity-stagevariables"></a>
Converts the given stage variables to comma-separated string of mapping expressions of format `stageVariables.stageVariable`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-api-lambdarequestauthorizationidentity--examples"></a>

### LambdaRequestIdentity
<a name="sam-property-api-lambdarequestauthorizationidentity--examples--lambdarequestidentity"></a>

#### YAML
<a name="sam-property-api-lambdarequestauthorizationidentity--examples--lambdarequestidentity--yaml"></a>

```
Identity:
  QueryStrings:
    - auth
  Headers:
    - Authorization
  StageVariables:
    - VARIABLE
  Context:
    - authcontext
  ReauthorizeEvery: 100
```

# LambdaTokenAuthorizer
<a name="sam-property-api-lambdatokenauthorizer"></a>

Configure a Lambda Authorizer to control access to your API with a Lambda function.

For more information and examples, see [Control API access with your AWS SAM template](serverless-controlling-access-to-apis.md).

## Syntax
<a name="sam-property-api-lambdatokenauthorizer-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-lambdatokenauthorizer-syntax.yaml"></a>

```
DisableFunctionDefaultPermissions: Boolean
[FunctionArn](#sam-api-lambdatokenauthorizer-functionarn): String
[FunctionInvokeRole](#sam-api-lambdatokenauthorizer-functioninvokerole): String
[FunctionPayloadType](#sam-api-lambdatokenauthorizer-functionpayloadtype): String
[Identity](#sam-api-lambdatokenauthorizer-identity): LambdaTokenAuthorizationIdentity
```

## Properties
<a name="sam-property-api-lambdatokenauthorizer-properties"></a>

 `DisableFunctionDefaultPermissions`   <a name="sam-api-lambdatokenauthorizer-disablefunctiondefaultpermissions"></a>
Specify `true` to prevent AWS SAM from automatically creating an `AWS::Lambda::Permissions` resource to provision permissions between your `AWS::Serverless::Api` resource and authorizer Lambda function.  
*Default value*: `false`  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FunctionArn`   <a name="sam-api-lambdatokenauthorizer-functionarn"></a>
Specify the function ARN of the Lambda function which provides authorization for the API.  
AWS SAM will automatically create an `AWS::Lambda::Permissions` resource when `FunctionArn` is specified for `AWS::Serverless::Api`. The `AWS::Lambda::Permissions` resource provisions permissions between your API and authorizer Lambda function.
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FunctionInvokeRole`   <a name="sam-api-lambdatokenauthorizer-functioninvokerole"></a>
Adds authorizer credentials to the OpenApi definition of the Lambda authorizer.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FunctionPayloadType`   <a name="sam-api-lambdatokenauthorizer-functionpayloadtype"></a>
This property can be used to define the type of Lambda Authorizer for an Api.  
*Valid values*: `TOKEN` or `REQUEST`  
*Type*: String  
*Required*: No  
*Default*: `TOKEN`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Identity`   <a name="sam-api-lambdatokenauthorizer-identity"></a>
This property can be used to specify an `IdentitySource` in an incoming request for an authorizer. This property is only required if the `FunctionPayloadType` property is set to `REQUEST`.  
*Type*: [LambdaTokenAuthorizationIdentity](sam-property-api-lambdatokenauthorizationidentity.md)  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-api-lambdatokenauthorizer--examples"></a>

### LambdaTokenAuth
<a name="sam-property-api-lambdatokenauthorizer--examples--lambdatokenauth"></a>

#### YAML
<a name="sam-property-api-lambdatokenauthorizer--examples--lambdatokenauth--yaml"></a>

```
Authorizers:
  MyLambdaTokenAuth:
    FunctionArn:
      Fn::GetAtt:
        - MyAuthFunction
        - Arn
    Identity:
      Header: MyCustomAuthHeader # OPTIONAL; Default: 'Authorization'
      ValidationExpression: mycustomauthexpression # OPTIONAL
      ReauthorizeEvery: 20 # OPTIONAL; Service Default: 300
```

### BasicLambdaTokenAuth
<a name="sam-property-api-lambdatokenauthorizer--examples--basiclambdatokenauth"></a>

#### YAML
<a name="sam-property-api-lambdatokenauthorizer--examples--basiclambdatokenauth--yaml"></a>

```
Authorizers:
  MyLambdaTokenAuth:
    FunctionArn:
      Fn::GetAtt:
        - MyAuthFunction
        - Arn
```

# LambdaTokenAuthorizationIdentity
<a name="sam-property-api-lambdatokenauthorizationidentity"></a>

This property can be used to specify an IdentitySource in an incoming request for an authorizer. For more information about IdentitySource see the [ApiGateway Authorizer OpenApi extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-authorizer.html).

## Syntax
<a name="sam-property-api-lambdatokenauthorizationidentity-syntax"></a>

 To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. 

### YAML
<a name="sam-property-api-lambdatokenauthorizationidentity-syntax.yaml"></a>

```
  [Header](#sam-api-lambdatokenauthorizationidentity-header): String
  [ReauthorizeEvery](#sam-api-lambdatokenauthorizationidentity-reauthorizeevery): Integer
  [ValidationExpression](#sam-api-lambdatokenauthorizationidentity-validationexpression): String
```

## Properties
<a name="sam-property-api-lambdatokenauthorizationidentity-properties"></a>

 `Header`   <a name="sam-api-lambdatokenauthorizationidentity-header"></a>
Specify the header name for Authorization in the OpenApi definition.  
*Type*: String  
*Required*: No  
*Default*: Authorization  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ReauthorizeEvery`   <a name="sam-api-lambdatokenauthorizationidentity-reauthorizeevery"></a>
The time-to-live (TTL) period, in seconds, that specifies how long API Gateway caches authorizer results. If you specify a value greater than 0, API Gateway caches the authorizer responses. By default, API Gateway sets this property to 300. The maximum value is 3600, or 1 hour.  
*Type*: Integer  
*Required*: No  
*Default*: 300  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ValidationExpression`   <a name="sam-api-lambdatokenauthorizationidentity-validationexpression"></a>
Specify a validation expression for validating the incoming Identity.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-api-lambdatokenauthorizationidentity--examples"></a>

### LambdaTokenIdentity
<a name="sam-property-api-lambdatokenauthorizationidentity--examples--lambdatokenidentity"></a>

#### YAML
<a name="sam-property-api-lambdatokenauthorizationidentity--examples--lambdatokenidentity--yaml"></a>

```
Identity:
  Header: MyCustomAuthHeader
  ValidationExpression: Bearer.*
  ReauthorizeEvery: 30
```

# ResourcePolicyStatement
<a name="sam-property-api-resourcepolicystatement"></a>

Configures a resource policy for all methods and paths of an API. For more information about resource policies, see [Controlling access to an API with API Gateway resource policies](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies.html) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-api-resourcepolicystatement-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-resourcepolicystatement-syntax.yaml"></a>

```
  [AwsAccountBlacklist](#sam-api-resourcepolicystatement-awsaccountblacklist): List
  [AwsAccountWhitelist](#sam-api-resourcepolicystatement-awsaccountwhitelist): List
  [CustomStatements](#sam-api-resourcepolicystatement-customstatements): List
  [IntrinsicVpcBlacklist](#sam-api-resourcepolicystatement-intrinsicvpcblacklist): List
  [IntrinsicVpcWhitelist](#sam-api-resourcepolicystatement-intrinsicvpcwhitelist): List
  [IntrinsicVpceBlacklist](#sam-api-resourcepolicystatement-intrinsicvpceblacklist): List
  [IntrinsicVpceWhitelist](#sam-api-resourcepolicystatement-intrinsicvpcewhitelist): List
  [IpRangeBlacklist](#sam-api-resourcepolicystatement-iprangeblacklist): List
  [IpRangeWhitelist](#sam-api-resourcepolicystatement-iprangewhitelist): List
  [SourceVpcBlacklist](#sam-api-resourcepolicystatement-sourcevpcblacklist): List
  [SourceVpcWhitelist](#sam-api-resourcepolicystatement-sourcevpcwhitelist): List
```

## Properties
<a name="sam-property-api-resourcepolicystatement-properties"></a>

 `AwsAccountBlacklist`   <a name="sam-api-resourcepolicystatement-awsaccountblacklist"></a>
The AWS accounts to block.  
*Type*: List of String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AwsAccountWhitelist`   <a name="sam-api-resourcepolicystatement-awsaccountwhitelist"></a>
The AWS accounts to allow. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List of String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `CustomStatements`   <a name="sam-api-resourcepolicystatement-customstatements"></a>
A list of custom resource policy statements to apply to this API. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpcBlacklist`   <a name="sam-api-resourcepolicystatement-intrinsicvpcblacklist"></a>
The list of virtual private clouds (VPCs) to block, where each VPC is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpcWhitelist`   <a name="sam-api-resourcepolicystatement-intrinsicvpcwhitelist"></a>
The list of VPCs to allow, where each VPC is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html).  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpceBlacklist`   <a name="sam-api-resourcepolicystatement-intrinsicvpceblacklist"></a>
The list of VPC endpoints to block, where each VPC endpoint is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html).  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpceWhitelist`   <a name="sam-api-resourcepolicystatement-intrinsicvpcewhitelist"></a>
The list of VPC endpoints to allow, where each VPC endpoint is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IpRangeBlacklist`   <a name="sam-api-resourcepolicystatement-iprangeblacklist"></a>
The IP addresses or address ranges to block. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IpRangeWhitelist`   <a name="sam-api-resourcepolicystatement-iprangewhitelist"></a>
The IP addresses or address ranges to allow.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SourceVpcBlacklist`   <a name="sam-api-resourcepolicystatement-sourcevpcblacklist"></a>
The source VPC or VPC endpoints to block. Source VPC names must start with `"vpc-"` and source VPC endpoint names must start with `"vpce-"`. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SourceVpcWhitelist`   <a name="sam-api-resourcepolicystatement-sourcevpcwhitelist"></a>
The source VPC or VPC endpoints to allow. Source VPC names must start with `"vpc-"` and source VPC endpoint names must start with `"vpce-"`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-api-resourcepolicystatement--examples"></a>

### Resource Policy Example
<a name="sam-property-api-resourcepolicystatement--examples--resource-policy-example"></a>

The following example blocks two IP addresses and a source VPC, and allows an AWS account.

#### YAML
<a name="sam-property-api-resourcepolicystatement--examples--resource-policy-example--yaml"></a>

```
Auth:
  ResourcePolicy:
    CustomStatements: [{
                         "Effect": "Allow",
                         "Principal": "*",
                         "Action": "execute-api:Invoke",
                         "Resource": "execute-api:/Prod/GET/pets",
                         "Condition": {
                           "IpAddress": {
                             "aws:SourceIp": "1.2.3.4"
                           }
                         }
                       }]
    IpRangeBlacklist:
      - "10.20.30.40"
      - "1.2.3.4"
    SourceVpcBlacklist:
      - "vpce-1a2b3c4d"
    AwsAccountWhitelist:
      - "111122223333"
    IntrinsicVpcBlacklist:
      - "{{resolve:ssm:SomeVPCReference:1}}" 
      - !Ref MyVPC
    IntrinsicVpceWhitelist:
      - "{{resolve:ssm:SomeVPCEReference:1}}" 
      - !Ref MyVPCE
```

# ApiDefinition
<a name="sam-property-api-apidefinition"></a>

An OpenAPI document defining the API.

## Syntax
<a name="sam-property-api-apidefinition-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-apidefinition-syntax.yaml"></a>

```
  [Bucket](#sam-api-apidefinition-bucket): String
  [Key](#sam-api-apidefinition-key): String
  [Version](#sam-api-apidefinition-version): String
```

## Properties
<a name="sam-property-api-apidefinition-properties"></a>

 `Bucket`   <a name="sam-api-apidefinition-bucket"></a>
The name of the Amazon S3 bucket where the OpenAPI file is stored.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Bucket](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-s3location.html#cfn-apigateway-restapi-s3location-bucket)` property of the `AWS::ApiGateway::RestApi` `S3Location` data type.

 `Key`   <a name="sam-api-apidefinition-key"></a>
The Amazon S3 key of the OpenAPI file.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Key](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-s3location.html#cfn-apigateway-restapi-s3location-key)` property of the `AWS::ApiGateway::RestApi` `S3Location` data type.

 `Version`   <a name="sam-api-apidefinition-version"></a>
For versioned objects, the version of the OpenAPI file.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Version](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-s3location.html#cfn-apigateway-restapi-s3location-version)` property of the `AWS::ApiGateway::RestApi` `S3Location` data type.

## Examples
<a name="sam-property-api-apidefinition--examples"></a>

### Definition Uri example
<a name="sam-property-api-apidefinition--examples--definition-uri-example"></a>

API Definition example

#### YAML
<a name="sam-property-api-apidefinition--examples--definition-uri-example--yaml"></a>

```
DefinitionUri:
  Bucket: amzn-s3-demo-bucket-name
  Key: mykey-name
  Version: 121212
```

# CorsConfiguration
<a name="sam-property-api-corsconfiguration"></a>

Manage cross-origin resource sharing (CORS) for your API Gateway APIs. Specify the domain to allow as a string or specify a dictionary with additional Cors configuration.

**Note**  
CORS requires AWS SAM to modify your OpenAPI definition. Create an inline OpenAPI definition in the `DefinitionBody` to turn on CORS. If the `CorsConfiguration` is set in the OpenAPI definition and also at the property level, AWS SAM merges them. The property level takes precedence over the OpenAPI definition.

For more information about CORS, see [Enable CORS for an API Gateway REST API Resource](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-api-corsconfiguration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-corsconfiguration-syntax.yaml"></a>

```
  [AllowCredentials](#sam-api-corsconfiguration-allowcredentials): Boolean
  [AllowHeaders](#sam-api-corsconfiguration-allowheaders): String
  [AllowMethods](#sam-api-corsconfiguration-allowmethods): String
  [AllowOrigin](#sam-api-corsconfiguration-alloworigin): String
  [MaxAge](#sam-api-corsconfiguration-maxage): String
```

## Properties
<a name="sam-property-api-corsconfiguration-properties"></a>

 `AllowCredentials`   <a name="sam-api-corsconfiguration-allowcredentials"></a>
Boolean indicating whether request is allowed to contain credentials.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AllowHeaders`   <a name="sam-api-corsconfiguration-allowheaders"></a>
String of headers to allow.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AllowMethods`   <a name="sam-api-corsconfiguration-allowmethods"></a>
String containing the HTTP methods to allow.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AllowOrigin`   <a name="sam-api-corsconfiguration-alloworigin"></a>
String of origin to allow. This can be a comma-separated list in string format.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `MaxAge`   <a name="sam-api-corsconfiguration-maxage"></a>
String containing the number of seconds to cache CORS Preflight request.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-api-corsconfiguration--examples"></a>

### CorsConfiguration
<a name="sam-property-api-corsconfiguration--examples--corsconfiguration"></a>

CORS Configuration example. This is just a portion of an AWS SAM template file showing an [AWS::Serverless::Api](sam-resource-api.md) definition with CORS configured and a [AWS::Serverless::Function](sam-resource-function.md). If you use a Lambda proxy integration or a HTTP proxy integration, your backend must return the `Access-Control-Allow-Origin`, `Access-Control-Allow-Methods`, and `Access-Control-Allow-Headers` headers.

#### YAML
<a name="sam-property-api-corsconfiguration--examples--corsconfiguration--yaml"></a>

```
Resources:
  ApiGatewayApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Cors:
        AllowMethods: "'POST, GET'"
        AllowHeaders: "'X-Forwarded-For'"
        AllowOrigin: "'https://example.com'"
        MaxAge: "'600'"
        AllowCredentials: true
  ApiFunction: # Adds a GET method at the root resource via an Api event
    Type: AWS::Serverless::Function
    Properties:
      Events:
        ApiEvent:
          Type: Api
          Properties:
            Path: /
            Method: get
            RestApiId:
              Ref: ApiGatewayApi
      Runtime: python3.10
      Handler: index.handler
      InlineCode: |
        import json
        def handler(event, context):
          return {
          'statusCode': 200,
          'headers': {
            'Access-Control-Allow-Headers': 'Content-Type',
            'Access-Control-Allow-Origin': 'https://example.com',
            'Access-Control-Allow-Methods': 'POST, GET'
            },
          'body': json.dumps('Hello from Lambda!')
          }
```

# DomainConfiguration
<a name="sam-property-api-domainconfiguration"></a>

Configures a custom domain for an API.

## Syntax
<a name="sam-property-api-domainconfiguration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-domainconfiguration-syntax.yaml"></a>

```
  [AccessAssociation](#sam-api-domainconfiguration-domainaccessassociation): DomainAccessAssociation
  [BasePath](#sam-api-domainconfiguration-basepath): List
  [CertificateArn](#sam-api-domainconfiguration-certificatearn): String
  [DomainName](#sam-api-domainconfiguration-domainname): String
  [EndpointConfiguration](#sam-api-domainconfiguration-endpointconfiguration): String
  [MutualTlsAuthentication](#sam-api-domainconfiguration-mutualtlsauthentication): [MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-mutualtlsauthentication)
  [NormalizeBasePath](#sam-api-domainconfiguration-normalizebasepath): Boolean
  [OwnershipVerificationCertificateArn](#sam-api-domainconfiguration-ownershipverificationcertificatearn): String
  [Policy: ](#sam-api-domainconfiguration-policy)Json
  [Route53](#sam-api-domainconfiguration-route53): Route53Configuration
  [SecurityPolicy](#sam-api-domainconfiguration-securitypolicy): String
```

## Properties
<a name="sam-property-api-domainconfiguration-properties"></a>

 `AccessAssociation`   <a name="sam-api-domainconfiguration-domainaccessassociation"></a>
The configuration required to generate ` AWS::ApiGateway::DomainNameAccessAssociation` resource.  
AWS SAM generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnameaccessassociation.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnameaccessassociation.html) resource when this property is set. For information about generated CloudFormation resources, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).  
*Type*: [DomainAccessAssociation](sam-property-api-domainaccessassociation.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `BasePath`   <a name="sam-api-domainconfiguration-basepath"></a>
A list of the basepaths to configure with the Amazon API Gateway domain name.  
*Type*: List  
*Required*: No  
*Default*: /  
*CloudFormation compatibility*: This property is similar to the `[BasePath](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-basepathmapping.html#cfn-apigateway-basepathmapping-basepath)` property of an `AWS::ApiGateway::BasePathMapping` resource. AWS SAM creates multiple `AWS::ApiGateway::BasePathMapping` resources, one per `BasePath` specified in this property.

 `CertificateArn`   <a name="sam-api-domainconfiguration-certificatearn"></a>
The Amazon Resource Name (ARN) of an AWS managed certificate this domain name's endpoint. AWS Certificate Manager is the only supported source.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is similar to the `[CertificateArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-certificatearn)` property of an `AWS::ApiGateway::DomainName` resource. If `EndpointConfiguration` is set to `REGIONAL` (the default value), `CertificateArn` maps to [RegionalCertificateArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-regionalcertificatearn) in `AWS::ApiGateway::DomainName`. If the `EndpointConfiguration` is set to `EDGE`, `CertificateArn` maps to [CertificateArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-certificatearn) in `AWS::ApiGateway::DomainName`. If `EndpointConfiguration` is set to `PRIVATE`, this property is passed to the [AWS::ApiGateway::DomainNameV2](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnamev2) resource.  
*Additional notes*: For an `EDGE` endpoint, you must create the certificate in the `us-east-1` AWS Region.

 `DomainName`   <a name="sam-api-domainconfiguration-domainname"></a>
The custom domain name for your API Gateway API. Uppercase letters are not supported.  
AWS SAM generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html) resource when this property is set. For information about this scenario, see [DomainName property is specified](sam-specification-generated-resources-api.md#sam-specification-generated-resources-api-domain-name). For information about generated CloudFormation resources, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-domainname)` property of an `AWS::ApiGateway::DomainName` resource, or to [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnamev2](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnamev2) when EndpointConfiguration is set to `PRIVATE`.

 `EndpointConfiguration`   <a name="sam-api-domainconfiguration-endpointconfiguration"></a>
Defines the type of API Gateway endpoint to map to the custom domain. The value of this property determines how the `CertificateArn` property is mapped in CloudFormation.  
*Valid values*: `EDGE`, `REGIONAL`, or `PRIVATE`  
*Type*: String  
*Required*: No  
*Default*: `REGIONAL`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `MutualTlsAuthentication`   <a name="sam-api-domainconfiguration-mutualtlsauthentication"></a>
The mutual Transport Layer Security (TLS) authentication configuration for a custom domain name.  
*Type*: [MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-mutualtlsauthentication)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-mutualtlsauthentication)` property of an `AWS::ApiGateway::DomainName` resource.

 `NormalizeBasePath`   <a name="sam-api-domainconfiguration-normalizebasepath"></a>
Indicates whether non-alphanumeric characters are allowed in basepaths defined by the `BasePath` property. When set to `True`, non-alphanumeric characters are removed from basepaths.  
Use `NormalizeBasePath` with the `BasePath` property.  
*Type*: Boolean  
*Required*: No  
*Default*: True  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `OwnershipVerificationCertificateArn`   <a name="sam-api-domainconfiguration-ownershipverificationcertificatearn"></a>
The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Required only when you configure mutual TLS and you specify an ACM imported or private CA certificate ARN for the `CertificateArn`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[OwnershipVerificationCertificateArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-ownershipverificationcertificatearn)` property of an `AWS::ApiGateway::DomainName` resource.

 `Policy`   <a name="sam-api-domainconfiguration-policy"></a>
The IAM policy to attach to the API Gateway domain name. Only applicable when `EndpointConfiguration` is set to `PRIVATE`.  
*Type*: Json  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `Policy` property of an `AWS::ApiGateway::DomainNameV2` resource when `EndpointConfiguration` is set to `PRIVATE`. For examples of valid policy documents, see [AWS::ApiGateway::DomainNameV2](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnamev2).

 `Route53`   <a name="sam-api-domainconfiguration-route53"></a>
Defines an Amazon Route 53 configuration.  
*Type*: [Route53Configuration](sam-property-api-route53configuration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SecurityPolicy`   <a name="sam-api-domainconfiguration-securitypolicy"></a>
The TLS version plus cipher suite for this domain name.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[SecurityPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html#cfn-apigateway-domainname-securitypolicy)` property of an `AWS::ApiGateway::DomainName` resource, or to [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnamev2](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnamev2) when `EndpointConfiguration` is set to `PRIVATE`. For `PRIVATE` endpoints, only TLS\$11\$12 is supported.

## Examples
<a name="sam-property-api-domainconfiguration--examples"></a>

### DomainName
<a name="sam-property-api-domainconfiguration--examples--domainname"></a>

DomainName example

#### YAML
<a name="sam-property-api-domainconfiguration--examples--domainname--yaml"></a>

```
Domain:
  DomainName: www.example.com
  CertificateArn: arn-example
  EndpointConfiguration: EDGE
  Route53:
    HostedZoneId: Z1PA6795UKMFR9
  BasePath:
    - foo
    - bar
```

# DomainAccessAssociation
<a name="sam-property-api-domainaccessassociation"></a>

Configures a domain access association between an access association source and a private custom domain name. The only supported access association source is a VPC endpoint ID. For more information, see [Custom domain names for private APIs in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html).

## Syntax
<a name="sam-property-api-domainaccessassociation-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-domainaccessassociation-syntax.yaml"></a>

```
 VpcEndpointId: String
```

## Properties
<a name="sam-property-api-domainaccessassociation-properties"></a>

 `VpcEndpointId`   <a name="sam-api-domainaccessassociation-vpcendpointid"></a>
The endpoint ID of the VPC interface endpoint associated with the API Gateway VPC service.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ AccessAssociationSource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnameaccessassociation.html#cfn-apigateway-domainnameaccessassociation-accessassociationsource)` property of an `AWS::ApiGateway::DomainNameAccessAssociation` resource.

# Route53Configuration
<a name="sam-property-api-route53configuration"></a>

Configures the Route53 record sets for an API.

## Syntax
<a name="sam-property-api-route53configuration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-route53configuration-syntax.yaml"></a>

```
  [DistributionDomainName](#sam-api-route53configuration-distributiondomainname): String
  [EvaluateTargetHealth](#sam-api-route53configuration-evaluatetargethealth): Boolean
  [HostedZoneId](#sam-api-route53configuration-hostedzoneid): String
  [HostedZoneName](#sam-api-route53configuration-hostedzonename): String
  [IpV6](#sam-api-route53configuration-ipv6): Boolean
  Region: String
  SetIdentifier: String
  VpcEndpointDomainName: String
  VpcEndpointHostedZoneId: String
```

## Properties
<a name="sam-property-api-route53configuration-properties"></a>

 `DistributionDomainName`   <a name="sam-api-route53configuration-distributiondomainname"></a>
Configures a custom distribution of the API custom domain name.  
*Type*: String  
*Required*: No  
*Default*: Use the API Gateway distribution.  
*CloudFormation compatibility*: This property is passed directly to the `[DNSName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget-1.html#cfn-route53-aliastarget-dnshostname)` property of an `AWS::Route53::RecordSetGroup AliasTarget` resource.  
*Additional notes*: The domain name of a [CloudFront distribution](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html).

 `EvaluateTargetHealth`   <a name="sam-api-route53configuration-evaluatetargethealth"></a>
When EvaluateTargetHealth is true, an alias record inherits the health of the referenced AWS resource, such as an Elastic Load Balancing load balancer or another record in the hosted zone.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[EvaluateTargetHealth](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget.html#cfn-route53-aliastarget-evaluatetargethealth)` property of an `AWS::Route53::RecordSetGroup AliasTarget` resource.  
*Additional notes*: You can't set EvaluateTargetHealth to true when the alias target is a CloudFront distribution.

 `HostedZoneId`   <a name="sam-api-route53configuration-hostedzoneid"></a>
The ID of the hosted zone that you want to create records in.  
Specify either `HostedZoneName` or `HostedZoneId`, but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[HostedZoneId](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-hostedzoneid)` property of an `AWS::Route53::RecordSetGroup RecordSet` resource.

 `HostedZoneName`   <a name="sam-api-route53configuration-hostedzonename"></a>
The name of the hosted zone that you want to create records in.  
Specify either `HostedZoneName` or `HostedZoneId`, but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[HostedZoneName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-hostedzonename)` property of an `AWS::Route53::RecordSetGroup RecordSet` resource.

 `IpV6`   <a name="sam-api-route53configuration-ipv6"></a>
When this property is set, AWS SAM creates a `AWS::Route53::RecordSet` resource and sets [Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset.html#cfn-route53-recordset-type) to `AAAA` for the provided HostedZone.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

`Region`  <a name="sam-api-route53configuration-region"></a>
*Latency-based resource record sets only:* The Amazon EC2 Region where you created the resource that this resource record set refers to. The resource typically is an AWS resource, such as an EC2 instance or an ELB load balancer, and is referred to by an IP address or a DNS domain name, depending on the record type.  
When Amazon Route 53 receives a DNS query for a domain name and type for which you have created latency resource record sets, Route 53 selects the latency resource record set that has the lowest latency between the end user and the associated Amazon EC2 Region. Route 53 then returns the value that is associated with the selected resource record set.  
Note the following:  
+ You can only specify one `ResourceRecord` per latency resource record set.
+ You can only create one latency resource record set for each Amazon EC2 Region.
+ You aren't required to create latency resource record sets for all Amazon EC2 Regions. Route 53 will choose the region with the best latency from among the regions that you create latency resource record sets for.
+ You can't create non-latency resource record sets that have the same values for the `Name` and `Type` elements as latency resource record sets.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ Region](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-region)` property of an `AWS::Route53::RecordSetGroup` `RecordSet` data type.

`SetIdentifier`  <a name="sam-api-route53configuration-setidentifier"></a>
*Resource record sets that have a routing policy other than simple:* An identifier that differentiates among multiple resource record sets that have the same combination of name and type, such as multiple weighted resource record sets named acme.example.com that have a type of A. In a group of resource record sets that have the same name and type, the value of `SetIdentifier` must be unique for each resource record set.  
For information about routing policies, see [Choosing a routing policy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) in the *Amazon Route 53 Developer Guide*.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ SetIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-setidentifier)` property of an `AWS::Route53::RecordSetGroup` `RecordSet` data type.

`VpcEndpointDomainName`  <a name="sam-api-route53configuration-vpcendpointdomainname"></a>
A DNS name of the VPC interface endpoint associated with the API Gateway VPC service. This property is required only for private domains.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[DNSName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-aliastarget.html)` property of an `AWS::Route53::RecordSet` `AliasTarget` field.

`VpcEndpointHostedZoneId`  <a name="sam-api-route53configuration-vpcendpointhostedzoneid"></a>
The hosted zone ID of the VPC interface endpoint associated with the API Gateway VPC service. This property is required only for private domains.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[HostedZoneId](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-aliastarget.html)` property of an `AWS::Route53::RecordSet` `AliasTarget` field.

## Examples
<a name="sam-property-api-route53configuration--examples"></a>

### Basic example
<a name="sam-property-api-route53configuration--examples--route-53-configuration-example"></a>

In this example, we configure a custom domain and Route 53 record sets for our API.

#### YAML
<a name="sam-property-api-route53configuration--examples--route-53-configuration-example--yaml"></a>

```
Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Domain:
        DomainName: www.example.com
        CertificateArn: arn:aws:acm:us-east-1:123456789012:certificate/abcdef12-3456-7890-abcd-ef1234567890
        EndpointConfiguration: REGIONAL
        Route53:
          HostedZoneId: ABCDEFGHIJKLMNOP
```

# EndpointConfiguration
<a name="sam-property-api-endpointconfiguration"></a>

The endpoint type of a REST API.

## Syntax
<a name="sam-property-api-endpointconfiguration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-api-endpointconfiguration-syntax.yaml"></a>

```
  [IpAddressType](#sam-api-endpointconfiguration-ipaddresstype): String
  [Type](#sam-api-endpointconfiguration-type): String
  [VPCEndpointIds](#sam-api-endpointconfiguration-vpcendpointids): List
```

## Properties
<a name="sam-property-api-endpointconfiguration-properties"></a>

 `IpAddressType`   <a name="sam-api-endpointconfiguration-ipaddresstype"></a>
The IP address types that can invoke an API (RestApi).  
*Valid values*: `ipv4` or `dualstack`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[IpAddressType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-endpointconfiguration.html#cfn-apigateway-restapi-endpointconfiguration-ipaddresstype)` property of the `AWS::ApiGateway::RestApi` `EndpointConfiguration` data type.

 `Type`   <a name="sam-api-endpointconfiguration-type"></a>
The endpoint type of a REST API.  
*Valid values*: `EDGE` or `REGIONAL` or `PRIVATE`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Types](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-endpointconfiguration.html#cfn-apigateway-restapi-endpointconfiguration-types)` property of the `AWS::ApiGateway::RestApi` `EndpointConfiguration` data type.

 `VPCEndpointIds`   <a name="sam-api-endpointconfiguration-vpcendpointids"></a>
A list of VPC endpoint IDs of a REST API against which to create Route53 aliases.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[VpcEndpointIds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-endpointconfiguration.html#cfn-apigateway-restapi-endpointconfiguration-vpcendpointids)` property of the `AWS::ApiGateway::RestApi` `EndpointConfiguration` data type.

## Examples
<a name="sam-property-api-endpointconfiguration--examples"></a>

### EndpointConfiguration
<a name="sam-property-api-endpointconfiguration--examples--endpointconfiguration"></a>

Endpoint Configuration example

#### YAML
<a name="sam-property-api-endpointconfiguration--examples--endpointconfiguration--yaml"></a>

```
EndpointConfiguration:
  Type: PRIVATE
  VPCEndpointIds:
    - vpce-123a123a
    - vpce-321a321a
```

# AWS::Serverless::Application
<a name="sam-resource-application"></a>

Embeds a serverless application from the [AWS Serverless Application Repository](https://serverlessrepo.aws.amazon.com/applications) or from an Amazon S3 bucket as a nested application. Nested applications are deployed as nested [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stack.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stack.html) resources, which can contain multiple other resources including other [AWS::Serverless::Application](#sam-resource-application) resources.

**Note**  
When you deploy to AWS CloudFormation, AWS SAM transforms your AWS SAM resources into CloudFormation resources. For more information, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).

## Syntax
<a name="sam-resource-application-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-resource-application-syntax.yaml"></a>

```
Type: AWS::Serverless::Application
Properties:
  [Location](#sam-application-location): String | ApplicationLocationObject
  [NotificationARNs](#sam-application-notificationarns): List
  [Parameters](#sam-application-parameters): Map
  [Tags](#sam-application-tags): Map
  [TimeoutInMinutes](#sam-application-timeoutinminutes): Integer
```

## Properties
<a name="sam-resource-application-properties"></a>

 `Location`   <a name="sam-application-location"></a>
Template URL, file path, or location object of a nested application.  
If a template URL is provided, it must follow the format specified in the [CloudFormation TemplateUrl documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html#cfn-cloudformation-stack-templateurl) and contain a valid CloudFormation or SAM template. An [ApplicationLocationObject](sam-property-application-applicationlocationobject.md) can be used to specify an application that has been published to the [AWS Serverless Application Repository](https://docs.aws.amazon.com/serverlessrepo/latest/devguide/what-is-serverlessrepo.html).  
If a local file path is provided, the template must go through the workflow that includes the `sam deploy` or `sam package` command, in order for the application to be transformed properly.  
*Type*: String \$1 [ApplicationLocationObject](sam-property-application-applicationlocationobject.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is similar to the `[TemplateURL](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html#cfn-cloudformation-stack-templateurl)` property of an `AWS::CloudFormation::Stack` resource. The CloudFormation version does not take an [ApplicationLocationObject](sam-property-application-applicationlocationobject.md) to retrieve an application from the AWS Serverless Application Repository.

 `NotificationARNs`   <a name="sam-application-notificationarns"></a>
A list of existing Amazon SNS topics where notifications about stack events are sent.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[NotificationARNs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html#cfn-cloudformation-stack-notificationarns)` property of an `AWS::CloudFormation::Stack` resource.

 `Parameters`   <a name="sam-application-parameters"></a>
Application parameter values.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Parameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html#cfn-cloudformation-stack-parameters)` property of an `AWS::CloudFormation::Stack` resource.

 `Tags`   <a name="sam-application-tags"></a>
A map (string to string) that specifies the tags to be added to this application. Keys and values are limited to alphanumeric characters. Keys can be 1 to 127 Unicode characters in length and cannot be prefixed with aws:. Values can be 1 to 255 Unicode characters in length.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html#cfn-cloudformation-stack-tags)` property of an `AWS::CloudFormation::Stack` resource. The Tags property in SAM consists of Key:Value pairs; in CloudFormation it consists of a list of Tag objects. When the stack is created, SAM will automatically add a `lambda:createdBy:SAM` tag to this application. In addition, if this application is from the AWS Serverless Application Repository, then SAM will also automatically the two additional tags `serverlessrepo:applicationId:ApplicationId` and `serverlessrepo:semanticVersion:SemanticVersion`.

 `TimeoutInMinutes`   <a name="sam-application-timeoutinminutes"></a>
The length of time, in minutes, that CloudFormation waits for the nested stack to reach the `CREATE_COMPLETE` state. The default is no timeout. When CloudFormation detects that the nested stack has reached the `CREATE_COMPLETE` state, it marks the nested stack resource as `CREATE_COMPLETE` in the parent stack and resumes creating the parent stack. If the timeout period expires before the nested stack reaches `CREATE_COMPLETE`, CloudFormation marks the nested stack as failed and rolls back both the nested stack and parent stack.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[TimeoutInMinutes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html#cfn-cloudformation-stack-timeoutinminutes)` property of an `AWS::CloudFormation::Stack` resource.

## Return Values
<a name="sam-resource-application-return-values"></a>

### Ref
<a name="sam-resource-application-return-values-ref"></a>

When the logical ID of this resource is provided to the `Ref` intrinsic function, it returns the resource name of the underlying `AWS::CloudFormation::Stack` resource.

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) in the *AWS CloudFormation User Guide*. 

### Fn::GetAtt
<a name="sam-resource-application-return-values-fn--getatt"></a>

`Fn::GetAtt` returns a value for a specified attribute of this type. The following are the available attributes and sample return values. 

For more information about using `Fn::GetAtt`, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) in the *AWS CloudFormation User Guide*. 

`Outputs.ApplicationOutputName`  <a name="Outputs.ApplicationOutputName-fn::getatt"></a>
The value of the stack output with name `ApplicationOutputName`.

## Examples
<a name="sam-resource-application--examples"></a>

### SAR Application
<a name="sam-resource-application--examples--sar-application"></a>

Application that uses a template from the Serverless Application Repository

#### YAML
<a name="sam-resource-application--examples--sar-application--yaml"></a>

```
Type: AWS::Serverless::Application
Properties:
  Location:
    ApplicationId: 'arn:aws:serverlessrepo:us-east-1:012345678901:applications/my-application'
    SemanticVersion: 1.0.0
  Parameters:
    StringParameter: parameter-value
    IntegerParameter: 2
```

### Normal-Application
<a name="sam-resource-application--examples--normal-application"></a>

Application from an S3 url

#### YAML
<a name="sam-resource-application--examples--normal-application--yaml"></a>

```
Type: AWS::Serverless::Application
Properties:
  Location: https://s3.amazonaws.com/sam-s3-demo-bucket/template.yaml
```

# ApplicationLocationObject
<a name="sam-property-application-applicationlocationobject"></a>

An application that has been published to the [AWS Serverless Application Repository](https://docs.aws.amazon.com/serverlessrepo/latest/devguide/what-is-serverlessrepo.html).

## Syntax
<a name="sam-property-application-applicationlocationobject-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-application-applicationlocationobject-syntax.yaml"></a>

```
  [ApplicationId](#sam-application-applicationlocationobject-applicationid): String
  [SemanticVersion](#sam-application-applicationlocationobject-semanticversion): String
```

## Properties
<a name="sam-property-application-applicationlocationobject-properties"></a>

 `ApplicationId`   <a name="sam-application-applicationlocationobject-applicationid"></a>
The Amazon Resource Name (ARN) of the application.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SemanticVersion`   <a name="sam-application-applicationlocationobject-semanticversion"></a>
The semantic version of the application.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-application-applicationlocationobject--examples"></a>

### my-application
<a name="sam-property-application-applicationlocationobject--examples--my-application"></a>

Example application location object

#### YAML
<a name="sam-property-application-applicationlocationobject--examples--my-application--yaml"></a>

```
Location:
  ApplicationId: 'arn:aws:serverlessrepo:us-east-1:012345678901:applications/my-application'
  SemanticVersion: 1.0.0
```

# AWS::Serverless::CapacityProvider
<a name="sam-resource-capacityprovider"></a>

 Creates a capacity provider for AWS Lambda functions that enables running Lambda Managed Instances on customer-owned Amazon Elastic Compute Cloud instances. This resource is part of the Lambda Managed Instances feature, which provides cost optimization for large-scale Lambda workloads by utilizing Amazon EC2 pricing models. 

 The capacity provider manages the lifecycle of Amazon EC2 instances and provides the necessary infrastructure for Lambda functions to execute on customer-owned compute resources while maintaining the serverless programming model. 

**Note**  
When you deploy to AWS CloudFormation, AWS SAM transforms your AWS SAM resources into CloudFormation resources. For more information, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md). 

## Syntax
<a name="sam-resource-capacityprovider-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-resource-capacityprovider-syntax.yaml"></a>

```
Type: AWS::Serverless::CapacityProvider
Properties:
  [CapacityProviderName](#sam-capacityprovider-capacityprovidername): String
  [VpcConfig](#sam-capacityprovider-vpcconfig): VpcConfig
  [OperatorRole](#sam-capacityprovider-operatorrole): String
  [Tags](#sam-capacityprovider-tags): Map
  [PropagateTags](#sam-capacityprovider-propagatetags): Boolean
  [InstanceRequirements](#sam-capacityprovider-instancerequirements): InstanceRequirements
  [ScalingConfig](#sam-capacityprovider-scalingconfig): ScalingConfig
  [KmsKeyArn](#sam-capacityprovider-kmskeyarn): String
```

## Properties
<a name="sam-resource-capacityprovider-properties"></a>

 `CapacityProviderName`   <a name="sam-capacityprovider-capacityprovidername"></a>
The name of the capacity provider. This name must be unique within your AWS account and region.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[CapacityProviderName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-capacityprovidername)` property of an `AWS::Lambda::CapacityProvider` resource. 

 `VpcConfig`   <a name="sam-capacityprovider-vpcconfig"></a>
The VPC configuration for the capacity provider. Specifies the VPC subnets and security groups where Amazon EC2 instances will be launched.  
*Type*: [VpcConfig](sam-property-capacityprovider-vpcconfig.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[VpcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-vpcconfig)` property of an `AWS::Lambda::CapacityProvider` resource. 

 `OperatorRole`   <a name="sam-capacityprovider-operatorrole"></a>
 The ARN of the operator role for Lambda with permissions to create and manage Amazon EC2 instances and related resources in the customer account. If not provided, AWS SAM automatically generates a role with the necessary permissions.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[CapacityProviderOperatorRoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-capacityprovider-capacityproviderpermissionsconfig.html#cfn-lambda-capacityprovider-capacityproviderpermissionsconfig-capacityprovideroperatorrolearn)` property of `[PermissionsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-permissionsconfig)` of an `AWS::Lambda::CapacityProvider` resource. 

 `Tags`   <a name="sam-capacityprovider-tags"></a>
A map of key-value pairs to apply to the capacity provider and its associated resources.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-tags)` property of an `AWS::Lambda::CapacityProvider` resource. The `Tags` property in AWS SAM consists of key-value pairs (whereas in CloudFormation this property consists of a list of Tag objects). Also, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles generated for this function. 

 `PropagateTags`   <a name="sam-capacityprovider-propagatetags"></a>
 Indicates whether or not to pass tags from the Tags property to your `AWS::Serverless::CapacityProvider` generated resources. Set this to `True` to propagate tags in your generated resources.   
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `InstanceRequirements`   <a name="sam-capacityprovider-instancerequirements"></a>
 Specifications for the types of compute instances that the capacity provider can use. This includes architecture requirements and `allowed` or `excluded` instance types.  
*Type*: [InstanceRequirements](sam-property-capacityprovider-instancerequirements.md)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[InstanceRequirements](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-instancerequirements)` property of an `AWS::Lambda::CapacityProvider` resource. 

 `ScalingConfig`   <a name="sam-capacityprovider-scalingconfig"></a>
 The scaling configuration for the capacity provider. Defines how the capacity provider scales Amazon EC2 instances based on demand.  
*Type*: [ScalingConfig](sam-property-capacityprovider-scalingconfig.md)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[CapacityProviderScalingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-capacityproviderscalingconfig)` property of an `AWS::Lambda::CapacityProvider` resource. 

 `KmsKeyArn`   <a name="sam-capacityprovider-kmskeyarn"></a>
The ARN of the AWS KMS key used to encrypt data at rest and in transit for the capacity provider.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-kmskeyarn)` property of an `AWS::Lambda::CapacityProvider` resource. 

## Return Values
<a name="sam-resource-capacityprovider-return-values"></a>

### Ref
<a name="sam-resource-capacityprovider-return-values-ref"></a>

When the logical ID of this resource is provided to the `Ref` intrinsic function, it returns the name of the capacity provider.

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) in the *AWS CloudFormation User Guide*. 

### Fn::GetAtt
<a name="sam-resource-capacityprovider-return-values-fn--getatt"></a>

`Fn::GetAtt` returns a value for a specified attribute of this type. The following are the available attributes and sample return values. 

For more information about using `Fn::GetAtt`, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) in the *AWS CloudFormation User Guide*. 

`Arn`  <a name="Arn-fn::getatt"></a>
The ARN of the capacity provider.

## Examples
<a name="sam-resource-capacityprovider-examples"></a>

### Basic capacity provider
<a name="sam-resource-capacityprovider-examples-basic"></a>

The following example creates a basic capacity provider with VPC configuration.

```
MyCapacityProvider:
  Type: AWS::Serverless::CapacityProvider
  Properties:
    CapacityProviderName: my-capacity-provider
    VpcConfig:
      SubnetIds:
        - subnet-12345678
        - subnet-87654321
      SecurityGroupIds:
        - sg-12345678
    Tags:
      Environment: Production
      Team: ServerlessTeam
```

### Advanced capacity provider with scaling
<a name="sam-resource-capacityprovider-examples-advanced"></a>

The following example creates a capacity provider with custom instance requirements and scaling configuration.

```
AdvancedCapacityProvider:
  Type: AWS::Serverless::CapacityProvider
  Properties:
    CapacityProviderName: advanced-capacity-provider
    VpcConfig:
      SubnetIds:
        - subnet-12345678
        - subnet-87654321
      SecurityGroupIds:
        - sg-12345678
    OperatorRole: arn:aws:iam::123456789012:role/MyCapacityProviderRole
    PropagateTags: true
    InstanceRequirements:
      Architectures:
        - x86_64
      ExcludedTypes:
        - t2.micro
    ScalingConfig:
      MaxInstanceCount: 10
      ManualScalingPolicies:
        AverageCPUUtilization: 70.0
    KmsKeyArn: arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
    Tags:
      Environment: Production
      CostCenter: Engineering
```

# VpcConfig
<a name="sam-property-capacityprovider-vpcconfig"></a>

Configures the VPC settings for a capacity provider, including the subnets and security groups where EC2 instances will be launched.

## Syntax
<a name="sam-property-capacityprovider-vpcconfig-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-capacityprovider-vpcconfig-syntax.yaml"></a>

```
[SubnetIds](#sam-capacityprovider-vpcconfig-subnetids): List
[SecurityGroupIds](#sam-capacityprovider-vpcconfig-securitygroupids): List
```

## Properties
<a name="sam-property-capacityprovider-vpcconfig-properties"></a>

 `SubnetIds`   <a name="sam-capacityprovider-vpcconfig-subnetids"></a>
A list of subnet IDs where EC2 instances will be launched. At least one subnet must be specified.  
*Type*: List  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[SubnetIds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-capacityprovider-capacityprovidervpcconfig.html#cfn-lambda-capacityprovider-capacityprovidervpcconfig-subnetids)` property of `[VpcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-vpcconfig) ` of an `AWS::Lambda::CapacityProvider` resource. 

 `SecurityGroupIds`   <a name="sam-capacityprovider-vpcconfig-securitygroupids"></a>
A list of security group IDs to associate with the EC2 instances. If not specified, the default security group for the VPC will be used.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[SecurityGroupIds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-capacityprovider-capacityprovidervpcconfig.html#cfn-lambda-capacityprovider-capacityprovidervpcconfig-securitygroupids)` property of `[VpcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-vpcconfig)` property of an `AWS::Lambda::CapacityProvider` resource. 

## Examples
<a name="sam-property-capacityprovider-vpcconfig-examples"></a>

### VPC configuration
<a name="sam-property-capacityprovider-vpcconfig-examples-basic"></a>

The following example shows a VPC configuration with multiple subnets and security groups.

```
VpcConfig:
  SubnetIds:
    - subnet-12345678
    - subnet-87654321
  SecurityGroupIds:
    - sg-12345678
    - sg-87654321
```

# InstanceRequirements
<a name="sam-property-capacityprovider-instancerequirements"></a>

Specifies the requirements for EC2 instances that will be launched by the capacity provider, including architectures and instance type constraints.

## Syntax
<a name="sam-property-capacityprovider-instancerequirements-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-capacityprovider-instancerequirements-syntax.yaml"></a>

```
[Architectures](#sam-capacityprovider-instancerequirements-architectures): List
[AllowedTypes](#sam-capacityprovider-instancerequirements-allowedtypes): List
[ExcludedTypes](#sam-capacityprovider-instancerequirements-excludedtypes): List
```

**Note**  
You can choose to specify either `AllowedTypes` or `ExcludedTypes` when defining instance requirements for your capacity provider, but not both.

## Properties
<a name="sam-property-capacityprovider-instancerequirements-properties"></a>

 `Architectures`   <a name="sam-capacityprovider-instancerequirements-architectures"></a>
The instruction set architectures for the capacity provider instances.  
*Valid values*: `x86_64` or `arm64`  
*Type*: List  
*Required*: No  
*Default*: `x86_64`  
*CloudFormation compatibility*: This property is passed directly to the `[Architectures](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-capacityprovider-instancerequirements.html#cfn-lambda-capacityprovider-instancerequirements-architectures)` property of `[InstanceRequirements](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-instancerequirements)` of an `AWS::Lambda::CapacityProvider` resource. 

 `AllowedTypes`   <a name="sam-capacityprovider-instancerequirements-allowedtypes"></a>
A list of allowed EC2 instance types for the capacity provider instance.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[AllowedInstanceTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-capacityprovider-instancerequirements.html#cfn-lambda-capacityprovider-instancerequirements-allowedinstancetypes)` property of `[InstanceRequirements](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-instancerequirements)` of an `AWS::Lambda::CapacityProvider` resource. 

 `ExcludedTypes`   <a name="sam-capacityprovider-instancerequirements-excludedtypes"></a>
A list of EC2 instance types to exclude from the capacity provider.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ExcludedInstanceTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-capacityprovider-instancerequirements.html#cfn-lambda-capacityprovider-instancerequirements-excludedinstancetypes)` property of `[InstanceRequirements](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-instancerequirements)` of an `AWS::Lambda::CapacityProvider` resource. 

## Examples
<a name="sam-property-capacityprovider-instancerequirements-examples"></a>

### Instance requirements configuration
<a name="sam-property-capacityprovider-instancerequirements-examples-basic"></a>

The following example shows instance requirements with specific architecture and instance type constraints.

```
InstanceRequirements:
  Architectures:
    - x86_64
  ExcludedTypes:
    - t2.micro
```

# ScalingConfig
<a name="sam-property-capacityprovider-scalingconfig"></a>

Configures how the capacity provider scales EC2 instances based on demand, including maximum instance limits and scaling policies.

## Syntax
<a name="sam-property-capacityprovider-scalingconfig-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-capacityprovider-scalingconfig-syntax.yaml"></a>

```
[MaxVCpuCount](#sam-capacityprovider-scalingconfig-maxvcpucount): Integer
[AverageCPUUtilization](#sam-capacityprovider-scalingconfig-averagecpuutilization): Double
```

## Properties
<a name="sam-property-capacityprovider-scalingconfig-properties"></a>

 `MaxVCpuCount`   <a name="sam-capacityprovider-scalingconfig-maxvcpucount"></a>
The maximum number of vCPUs that the capacity provider can provision across all compute instances.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaxVCpuCount](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-capacityprovider-capacityproviderscalingconfig.html#cfn-lambda-capacityprovider-capacityproviderscalingconfig-maxvcpucount)` property of `[CapacityProviderScalingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-capacityproviderscalingconfig)` of an `AWS::Lambda::CapacityProvider` resource. 

 `AverageCPUUtilization`   <a name="sam-capacityprovider-scalingconfig-averagecpuutilization"></a>
The target average CPU utilization percentage (0-100) for scaling decisions. When the average CPU utilization exceeds this threshold, the capacity provider will scale up Amazon EC2 instances. When specified, AWS SAM constructs `[CapacityProviderScalingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html#cfn-lambda-capacityprovider-capacityproviderscalingconfig)` of an `AWS::Lambda::CapacityProvider` resource with the `[ScalingMode](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-capacityprovider-capacityproviderscalingconfig.html#cfn-lambda-capacityprovider-capacityproviderscalingconfig-scalingmode)` set to `'Manual'` and `[ScalingPolicies](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-capacityprovider-capacityproviderscalingconfig.html#cfn-lambda-capacityprovider-capacityproviderscalingconfig-scalingpolicies)` set to `[{PredefinedMetricType: 'LambdaCapacityProviderAverageCPUUtilization', TargetValue: <this value>}]`.   
*Type*: Double  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. 

## Examples
<a name="sam-property-capacityprovider-scalingconfig-examples"></a>

### Scaling configuration
<a name="sam-property-capacityprovider-scalingconfig-examples-basic"></a>

The following example shows a scaling configuration with maximum VCpu count and average CPU utilization.

```
ScalingConfig:
  MaxVCpuCount: 10
  AverageCPUUtilization: 70.0
```

# AWS::Serverless::Connector
<a name="sam-resource-connector"></a>

Configures permissions between two resources. For an introduction to connectors, see [Managing resource permissions with AWS SAM connectors](managing-permissions-connectors.md).

For more information on generated AWS CloudFormation resources, see [CloudFormation resources generated when you specify AWS::Serverless::Connector](sam-specification-generated-resources-connector.md).

To provide feedback on connectors, [submit a new issue](https://github.com/aws/serverless-application-model/issues/new?assignees=&labels=area%2Fconnectors,stage%2Fneeds-triage&template=other.md&title=%28Feature%20Request%29) at the *serverless-application-model AWS GitHub repository*.

**Note**  
When you deploy to AWS CloudFormation, AWS SAM transforms your AWS SAM resources into CloudFormation resources. For more information, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).

## Syntax
<a name="sam-resource-connector-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use any of the following syntaxes.

**Note**  
We recommend using the embedded connectors syntax for most use cases. Being embedded within the source resource makes it easier to read and maintain over time. When you need to reference a source resource that is not within the same AWS SAM template, such as a resource in a nested stack or a shared resource, use the `AWS::Serverless::Connector` syntax.

### Embedded connectors
<a name="sam-resource-connector-syntax-embedded"></a>

```
<source-resource-logical-id>:
  Connectors:
    <connector-logical-id:
      Properties:
        [Destination](#sam-connector-destination): ResourceReference | List of ResourceReference
        [Permissions](#sam-connector-permissions): List
        [SourceReference](#sam-connector-sourcereference): SourceReference
```

### AWS::Serverless::Connector
<a name="sam-resource-connector-syntax-connector"></a>

```
Type: AWS::Serverless::Connector
Properties:
  [Destination](#sam-connector-destination): ResourceReference | List of ResourceReference
  [Permissions](#sam-connector-permissions): List
  [Source](#sam-connector-source): ResourceReference
```

## Properties
<a name="sam-resource-connector-properties"></a>

 `Destination`   <a name="sam-connector-destination"></a>
The destination resource.  
*Type*: [ ResourceReference](sam-property-connector-resourcereference.md) \$1 List of [ResourceReference](sam-property-connector-resourcereference.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Permissions`   <a name="sam-connector-permissions"></a>
The permission type that the source resource is allowed to perform on the destination resource.  
`Read` includes AWS Identity and Access Management (IAM) actions that allow reading data from the resource.  
`Write` inclues IAM actions that allow initiating and writing data to a resource.  
*Valid values*: `Read` or `Write`  
*Type*: List  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Source`   <a name="sam-connector-source"></a>
The source resource. Required when using the `AWS::Serverless::Connector` syntax.  
*Type*: [ResourceReference](sam-property-connector-resourcereference.md)  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SourceReference`   <a name="sam-connector-sourcereference"></a>
The source resource.  
Use with the embedded connectors syntax when defining additional properties for the source resource.
*Type*: [SourceReference](sam-property-connector-sourcereference.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-resource-connector-examples"></a>

### Embedded connectors
<a name="sam-resource-connector-examples-embedded"></a>

The following example uses embedded connectors to define a `Write` data connection between an AWS Lambda function and Amazon DynamoDB table:

```
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyTable:
    Type: AWS::Serverless::SimpleTable
  MyFunction:
    Type: AWS::Serverless::Function
    Connectors:
      MyConn:
        Properties:
          Destination:
            Id: MyTable
          Permissions:
            - Write
    ...
```

The following example uses embedded connectors to define `Read` and `Write` permissions:

```
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Connectors:
      MyConn:
        Properties:
          Destination:
            Id: MyTable
          Permissions:
            - Read
            - Write
  MyTable:
    Type: AWS::DynamoDB::Table
    ...
```

The following example uses embedded connectors to define a source resource with a property other than `Id`:

```
Transform: AWS::Serverless-2016-10-31
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Connectors:
      ApitoLambdaConn:
        Properties:
          SourceReference:
            Qualifier: Prod/GET/foobar
          Destination:
            Id: MyTable
          Permissions:
            - Read
            - Write
  MyTable:
    Type: AWS::DynamoDB::Table
    ...
```

### AWS::Serverless::Connector
<a name="sam-resource-connector--examples-connector"></a>

The following example uses the [AWS::Serverless::Connector](#sam-resource-connector) resource to have an AWS Lambda function read from, and write to an Amazon DynamoDB table:

```
MyConnector:
  Type: AWS::Serverless::Connector
  Properties:
    Source:
      Id: MyFunction
    Destination:
      Id: MyTable
    Permissions:
      - Read
      - Write
```

The following example uses the [AWS::Serverless::Connector](#sam-resource-connector) resource to have a Lambda function write to an Amazon SNS topic, with both resources in the same template:

```
MyConnector:
  Type: AWS::Serverless::Connector
  Properties:
    Source:
      Id: MyLambda
    Destination:
      Id: MySNSTopic
    Permissions:
      - Write
```

The following example uses the [AWS::Serverless::Connector](#sam-resource-connector) resource to have an Amazon SNS topic write to a Lambda function, which then writes to an Amazon DynamoDB table, with all resources in the same template:

```
Transform: AWS::Serverless-2016-10-31
Resources:
  Topic:
    Type: AWS::SNS::Topic
    Properties:
      Subscription:
        - Endpoint: !GetAtt Function.Arn
          Protocol: lambda

  Function:
    Type: AWS::Serverless::Function
    Properties:
      Runtime: nodejs16.x
      Handler: index.handler
      InlineCode: |
        const AWS = require('aws-sdk');
        exports.handler = async (event, context) => {
          const docClient = new AWS.DynamoDB.DocumentClient();
          await docClient.put({ 
            TableName: process.env.TABLE_NAME, 
            Item: {
              id: context.awsRequestId,
              event: JSON.stringify(event)
            }
          }).promise();
        };
      Environment:
        Variables:
          TABLE_NAME: !Ref Table

  Table:
    Type: AWS::Serverless::SimpleTable

  TopicToFunctionConnector:
    Type: AWS::Serverless::Connector
    Properties:
      Source: 
        Id: Topic
      Destination: 
        Id: Function
      Permissions:
        - Write

  FunctionToTableConnector:
    Type: AWS::Serverless::Connector
    Properties:
      Source: 
        Id: Function
      Destination: 
        Id: Table
      Permissions:
        - Write
```

The following is the transformed AWS CloudFormation template from the example above:

```
"FunctionToTableConnectorPolicy": {
  "Type": "AWS::IAM::ManagedPolicy",
  "Metadata": {
    "aws:sam:connectors": {
      "FunctionToTableConnector": {
        "Source": {
          "Type": "AWS::Lambda::Function"
        },
        "Destination": {
          "Type": "AWS::DynamoDB::Table"
        }
      }
    }
  },
  "Properties": {
    "PolicyDocument": {
      "Version": "2012-10-17",		 	 	 
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "dynamodb:PutItem",
            "dynamodb:UpdateItem",
            "dynamodb:DeleteItem",
            "dynamodb:BatchWriteItem",
            "dynamodb:PartiQLDelete",
            "dynamodb:PartiQLInsert",
            "dynamodb:PartiQLUpdate"
          ],
          "Resource": [
            {
              "Fn::GetAtt": [
                "MyTable",
                "Arn"
              ]
            },
            {
              "Fn::Sub": [
                "${DestinationArn}/index/*",
                {
                  "DestinationArn": {
                    "Fn::GetAtt": [
                      "MyTable",
                      "Arn"
                    ]
                  }
                }
              ]
            }
          ]
        }
      ]
    },
    "Roles": [
      {
        "Ref": "MyFunctionRole"
      }
    ]
  }
}
```

# ResourceReference
<a name="sam-property-connector-resourcereference"></a>

A reference to a resource that the [AWS::Serverless::Connector](sam-resource-connector.md) resource type uses.

**Note**  
For resources in the same template, provide the `Id`. For resources not in the same template, use a combination of other properties. For more information, see [AWS SAM connector reference](reference-sam-connector.md).

## Syntax
<a name="sam-property-connector-resourcereference-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-connector-resourcereference-syntax.yaml"></a>

```
  [Arn](#sam-connector-resourcereference-arn): String
  [Id](#sam-connector-resourcereference-id): String
  [Name](#sam-connector-resourcereference-name): String
  [Qualifier](#sam-connector-resourcereference-qualifier): String
  [QueueUrl](#sam-connector-resourcereference-queueurl): String
  [ResourceId](#sam-connector-resourcereference-resourceid): String
  [RoleName](#sam-connector-resourcereference-rolename): String
  [Type](#sam-connector-resourcereference-type): String
```

## Properties
<a name="sam-property-connector-resourcereference-properties"></a>

 `Arn`   <a name="sam-connector-resourcereference-arn"></a>
The ARN of a resource.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Id`   <a name="sam-connector-resourcereference-id"></a>
The [logical ID](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html) of a resource in the same template.  
When `Id` is specified, if the connector generates AWS Identity and Access Management (IAM) policies, the IAM role associated to those policies will be inferred from the resource `Id`. When `Id` is not specified, provide `RoleName` of the resource for connectors to attach generated IAM policies to an IAM role.
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Name`   <a name="sam-connector-resourcereference-name"></a>
The name of a resource.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Qualifier`   <a name="sam-connector-resourcereference-qualifier"></a>
A qualifier for a resource that narrows its scope. `Qualifier` replaces the `*` value at the end of a resource constraint ARN. For an example, see [API Gateway invoking a Lambda function](#sam-property-connector-resourcereference--examples--api-gateway-invoking-a-lambda-function).  
Qualifier definition varies per resource type. For a list of supported source and destination resource types, see [AWS SAM connector reference](reference-sam-connector.md).
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `QueueUrl`   <a name="sam-connector-resourcereference-queueurl"></a>
The Amazon SQS queue URL. This property only applies to Amazon SQS resources.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ResourceId`   <a name="sam-connector-resourcereference-resourceid"></a>
The ID of a resource. For example, the API Gateway API ID.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `RoleName`   <a name="sam-connector-resourcereference-rolename"></a>
The role name associated with a resource.  
When `Id` is specified, if the connector generates IAM policies, the IAM role associated to those policies will be inferred from the resource `Id`. When `Id` is not specified, provide `RoleName` of the resource for connectors to attach generated IAM policies to an IAM role.
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Type`   <a name="sam-connector-resourcereference-type"></a>
The CloudFormation type of a resource. For more information, go to [AWS resource and property types reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html).  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-connector-resourcereference--examples"></a>

### API Gateway invoking a Lambda function
<a name="sam-property-connector-resourcereference--examples--api-gateway-invoking-a-lambda-function"></a>

The following example uses the [AWS::Serverless::Connector](sam-resource-connector.md) resource to allow Amazon API Gateway to invoke an AWS Lambda function.

#### YAML
<a name="sam-property-connector-resourcereference--examples--api-gateway-invoking-a-lambda-function--yaml"></a>

```
Transform: AWS::Serverless-2016-10-31
Resources:
  MyRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Action: sts:AssumeRole
            Principal:
              Service: lambda.amazonaws.com
      ManagedPolicyArns:
        - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

  MyFunction:
    Type: AWS::Lambda::Function
    Properties:
      Role: !GetAtt MyRole.Arn
      Runtime: nodejs16.x
      Handler: index.handler
      Code:
        ZipFile: |
          exports.handler = async (event) => {
            return {
              statusCode: 200,
              body: JSON.stringify({
                "message": "It works!"
              }),
            };
          };

  MyApi:
    Type: AWS::ApiGatewayV2::Api
    Properties:
      Name: MyApi
      ProtocolType: HTTP

  MyStage:
    Type: AWS::ApiGatewayV2::Stage
    Properties:
      ApiId: !Ref MyApi
      StageName: prod
      AutoDeploy: True

  MyIntegration:
    Type: AWS::ApiGatewayV2::Integration
    Properties:
      ApiId: !Ref MyApi
      IntegrationType: AWS_PROXY
      IntegrationUri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations
      IntegrationMethod: POST
      PayloadFormatVersion: "2.0"

  MyRoute:
    Type: AWS::ApiGatewayV2::Route
    Properties:
      ApiId: !Ref MyApi
      RouteKey: GET /hello
      Target: !Sub integrations/${MyIntegration}

  MyConnector:
    Type: AWS::Serverless::Connector
    Properties:
      Source: # Use 'Id' when resource is in the same template
        Type: AWS::ApiGatewayV2::Api
        ResourceId: !Ref MyApi
        Qualifier: prod/GET/hello # Or "*" to allow all routes
      Destination: # Use 'Id' when resource is in the same template
        Type: AWS::Lambda::Function
        Arn: !GetAtt MyFunction.Arn
      Permissions:
        - Write

Outputs:
  Endpoint:
    Value: !Sub https://${MyApi}.execute-api.${AWS::Region}.${AWS::URLSuffix}/prod/hello
```

# SourceReference
<a name="sam-property-connector-sourcereference"></a>

A reference to a source resource that the [AWS::Serverless::Connector](sam-resource-connector.md) resource type uses.

## Syntax
<a name="sam-property-connector-sourcereference-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-connector-sourcereference-syntax.yaml"></a>

```
[Qualifier](#sam-connector-sourcereference-qualifier): String
```

## Properties
<a name="sam-property-connector-sourcereference-properties"></a>

 `Qualifier`   <a name="sam-connector-sourcereference-qualifier"></a>
A qualifier for a resource that narrows its scope. `Qualifier` replaces the `*` value at the end of a resource constraint ARN.  
Qualifier definition varies per resource type. For a list of supported source and destination resource types, see [AWS SAM connector reference](reference-sam-connector.md).
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-connector-sourcereference--examples"></a>

**The following example uses embedded connectors to define a source resource with a property other than `Id`:**

```
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Connectors:
      ApitoLambdaConn:
        Properties:
          SourceReference:
            Qualifier: Prod/GET/foobar
          Destination:
            Id: MyTable
          Permissions:
            - Read
            - Write
  MyTable:
    Type: AWS::DynamoDB::Table
    ...
```

# AWS::Serverless::Function
<a name="sam-resource-function"></a>

Creates an AWS Lambda function, an AWS Identity and Access Management (IAM) execution role, and event source mappings that trigger the function.

The [AWS::Serverless::Function](#sam-resource-function) resource also supports the `Metadata` resource attribute, so you can instruct AWS SAM to build custom runtimes that your application requires. For more information about building custom runtimes, see [Building Lambda functions with custom runtimes in AWS SAM](building-custom-runtimes.md).

**Note**  
When you deploy to AWS CloudFormation, AWS SAM transforms your AWS SAM resources into CloudFormation resources. For more information, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).

## Syntax
<a name="sam-resource-function-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-resource-function-syntax.yaml"></a>

```
Type: AWS::Serverless::Function
Properties:
  [Architectures](#sam-function-architectures): List
  [AssumeRolePolicyDocument](#sam-function-assumerolepolicydocument): JSON
  [AutoPublishAlias](#sam-function-autopublishalias): String
  AutoPublishAliasAllProperties: Boolean
  [AutoPublishCodeSha256](#sam-function-autopublishcodesha256): String
  [CapacityProviderConfig](#sam-function-capacityproviderconfig): CapacityProviderConfig
  [CodeSigningConfigArn](#sam-function-codesigningconfigarn): String
  [CodeUri](#sam-function-codeuri): String | FunctionCode
  [DeadLetterQueue](#sam-function-deadletterqueue): Map | DeadLetterQueue
  [DeploymentPreference](#sam-function-deploymentpreference): DeploymentPreference
  [Description](#sam-function-description): String
  [DurableConfig](#sam-function-durableconfig): DurableConfig
  [Environment](#sam-function-environment): [Environment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html)
  [EphemeralStorage](#sam-function-ephemeralstorage): [EphemeralStorage](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-ephemeralstorage)
  [EventInvokeConfig](#sam-function-eventinvokeconfig): EventInvokeConfiguration
  [Events](#sam-function-events): EventSource
  [FileSystemConfigs](#sam-function-filesystemconfigs): List
  [FunctionName](#sam-function-functionname): String
  [FunctionScalingConfig](#sam-function-functionscalingconfig): FunctionScalingConfig
  [FunctionUrlConfig](#sam-function-functionurlconfig): FunctionUrlConfig
  [Handler](#sam-function-handler): String
  [ImageConfig](#sam-function-imageconfig): [ImageConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-imageconfig)
  [ImageUri](#sam-function-imageuri): String
  [InlineCode](#sam-function-inlinecode): String
  [KmsKeyArn](#sam-function-kmskeyarn): String
  [Layers](#sam-function-layers): List
  LoggingConfig: [LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html)
  [MemorySize](#sam-function-memorysize): Integer
  [PackageType](#sam-function-packagetype): String
  [PermissionsBoundary](#sam-function-permissionsboundary): String
  [Policies](#sam-function-policies): String | List | Map
  [PublishToLatestPublished](#sam-function-publishtolatestpublished): Boolean
  PropagateTags: Boolean
  [ProvisionedConcurrencyConfig](#sam-function-provisionedconcurrencyconfig): [ProvisionedConcurrencyConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-provisionedconcurrencyconfig)
  RecursiveLoop: String
  [ReservedConcurrentExecutions](#sam-function-reservedconcurrentexecutions): Integer
  [Role](#sam-function-role): String
  [RolePath](#sam-function-rolepath): String
  [Runtime](#sam-function-runtime): String
  RuntimeManagementConfig: [RuntimeManagementConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html)
  SnapStart: [SnapStart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html)
  [SourceKMSKeyArn](#sam-function-sourcekmskeyarn): String
  [Tags](#sam-function-tags): Map
  [TenancyConfig](#sam-function-tenancyconfig): TenancyConfig
  [Timeout](#sam-function-timeout): Integer
  [Tracing](#sam-function-tracing): String
  [VersionDescription](#sam-function-versiondescription): String
  [VersionDeletionPolicy](#sam-function-versiondeletionpolicy): String
  [VpcConfig](#sam-function-vpcconfig): [VpcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html)
```

## Properties
<a name="sam-resource-function-properties"></a>

 `Architectures`   <a name="sam-function-architectures"></a>
The instruction set architecture for the function.  
For more information about this property, see [Lambda instruction set architectures](https://docs.aws.amazon.com/lambda/latest/dg/foundation-arch.html) in the *AWS Lambda Developer Guide*.  
*Valid values*: One of `x86_64` or `arm64`  
*Type*: List  
*Required*: No  
*Default*: `x86_64`  
*CloudFormation compatibility*: This property is passed directly to the `[Architectures](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-architectures)` property of an `AWS::Lambda::Function` resource.

 `AssumeRolePolicyDocument`   <a name="sam-function-assumerolepolicydocument"></a>
Adds an AssumeRolePolicyDocument for the default created `Role` for this function. If this property isn't specified, AWS SAM adds a default assume role for this function.  
*Type*: JSON  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[AssumeRolePolicyDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-assumerolepolicydocument)` property of an `AWS::IAM::Role` resource. AWS SAM adds this property to the generated IAM role for this function. If a role's Amazon Resource Name (ARN) is provided for this function, this property does nothing.

 `AutoPublishAlias`   <a name="sam-function-autopublishalias"></a>
The name of the Lambda alias. For more information about Lambda aliases, see [Lambda function aliases](https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html) in the *AWS Lambda Developer Guide*. For examples that use this property, see [Deploying serverless applications gradually with AWS SAM](automating-updates-to-serverless-apps.md).  
AWS SAM generates [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html) and [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html) resources when this property is set. For information about this scenario, see [AutoPublishAlias property is specified](sam-specification-generated-resources-function.md#sam-specification-generated-resources-function-autopublishalias). For general information about generated CloudFormation resources, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AutoPublishAliasAllProperties`   <a name="sam-function-autopublishaliasallproperties"></a>
Specifies when a new [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html) is created. When `true`, a new Lambda version is created when any property in the Lambda function is modified. When `false`, a new Lambda version is created only when any of the following properties are modified:  
+ `Environment`, `MemorySize`, or `SnapStart`.
+ Any change that results in an update to the `Code` property, such as `CodeDict`, `ImageUri`, or `InlineCode`.
This property requires `AutoPublishAlias` to be defined.  
If `AutoPublishCodeSha256` is also specified, its behavior takes precedence over `AutoPublishAliasAllProperties: true`.  
*Type*: Boolean  
*Required*: No  
*Default value*: `false`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AutoPublishCodeSha256`   <a name="sam-function-autopublishcodesha256"></a>
When used, this string works with the `CodeUri` value to determine if a new Lambda version needs to be published. This property is often used to resolve the following deployment issue: A deployment package is stored in an Amazon S3 location and is replaced by a new deployment package with updated Lambda function code but the `CodeUri` property remains unchanged (as opposed to the new deployment package being uploaded to a new Amazon S3 location and the `CodeUri` being changed to the new location).  
This problem is marked by an AWS SAM template having the following characteristics:  
+ The `DeploymentPreference` object is configured for gradual deployments (as described in [Deploying serverless applications gradually with AWS SAM](automating-updates-to-serverless-apps.md))
+ The `AutoPublishAlias` property is set and doesn't change between deployments
+ The `CodeUri` property is set and doesn't change between deployments.
In this scenario, updating `AutoPublishCodeSha256` results in a new Lambda version being created successfully. However, new function code deployed to Amazon S3 will not be recognized. To recognize new function code, consider using versioning in your Amazon S3 bucket. Specify the `Version` property for your Lambda function and configure your bucket to always use the latest deployment package.  
In this scenario, to trigger the gradual deployment successfully, you must provide a unique value for `AutoPublishCodeSha256`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `CapacityProviderConfig`   <a name="sam-function-capacityproviderconfig"></a>
Configures the capacity provider to which published versions of the function will be attached. This enables the function to run on customer-owned EC2 instances managed by Lambda Managed Instances.  
*Type*: [CapacityProviderConfig](sam-property-function-capacityproviderconfig.md)  
*Required*: No  
*CloudFormation compatibility*: SAM flattens the property passed to the `[CapacityProviderConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-capacityproviderconfig)` property of an `AWS::Lambda::Function` resource and reconstructs the nested structure.

 `CodeSigningConfigArn`   <a name="sam-function-codesigningconfigarn"></a>
The ARN of the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html) resource, used to enable code signing for this function. For more information about code signing, see [Set up code signing for your AWS SAM application](authoring-codesigning.md).  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[CodeSigningConfigArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-codesigningconfigarn)` property of an `AWS::Lambda::Function` resource.

 `CodeUri`   <a name="sam-function-codeuri"></a>
The code for the function. Accepted values include:  
+ The function's Amazon S3 URI. For example, `s3://bucket-123456789/sam-app/1234567890abcdefg`.
+ The local path to the function. For example, `hello_world/`.
+ A [FunctionCode](sam-property-function-functioncode.md) object.
If you provide a function's Amazon S3 URI or [FunctionCode](sam-property-function-functioncode.md) object, you must reference a valid [Lambda deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html).  
If you provide a local file path, use the AWS SAM CLI to upload the local file at deployment. To learn more, see [How AWS SAM uploads local files at deployment](deploy-upload-local-files.md).  
If you use intrinsic functions in `CodeUri` property, AWS SAM will not be able to correctly parse the values. Consider using [AWS::LanguageExtensions transform](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-languageextensions.html) instead.
*Type*: [ String \$1 [FunctionCode](sam-property-function-functioncode.md) ]  
*Required*: Conditional. When `PackageType` is set to `Zip`, one of `CodeUri` or `InlineCode` is required.  
*CloudFormation compatibility*: This property is similar to the `[ Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code)` property of an `AWS::Lambda::Function` resource. The nested Amazon S3 properties are named differently.

 `DeadLetterQueue`   <a name="sam-function-deadletterqueue"></a>
Configures an Amazon Simple Notification Service (Amazon SNS) topic or Amazon Simple Queue Service (Amazon SQS) queue where Lambda sends events that it can't process. For more information about dead-letter queue functionality, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-dlq) in the *AWS Lambda Developer Guide*.  
If your Lambda function's event source is an Amazon SQS queue, configure a dead-letter queue for the source queue, not for the Lambda function. The dead-letter queue that you configure for a function is used for the function's [asynchronous invocation queue](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html), not for event source queues.
*Type*: Map \$1 [DeadLetterQueue](sam-property-function-deadletterqueue.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[DeadLetterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-deadletterconfig.html)` property of an `AWS::Lambda::Function` resource. In CloudFormation the type is derived from the `TargetArn`, whereas in AWS SAM you must pass the type along with the `TargetArn`.

 `DeploymentPreference`   <a name="sam-function-deploymentpreference"></a>
The settings to enable gradual Lambda deployments.  
If a `DeploymentPreference` object is specified, AWS SAM creates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-application.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-application.html) called `ServerlessDeploymentApplication` (one per stack), an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-deploymentgroup.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-deploymentgroup.html) called `<function-logical-id>DeploymentGroup`, and an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html) called `CodeDeployServiceRole`.  
*Type*: [DeploymentPreference](sam-property-function-deploymentpreference.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.  
*See also*: For more information about this property, see [Deploying serverless applications gradually with AWS SAM](automating-updates-to-serverless-apps.md).

 `Description`   <a name="sam-function-description"></a>
A description of the function.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-description)` property of an `AWS::Lambda::Function` resource.

 `DurableConfig`   <a name="sam-function-durableconfig"></a>
Configuration for durable functions. Enables stateful execution with automatic checkpointing and replay capabilities.  
*Type*: [DurableConfig](sam-property-function-durableconfig.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Environment`   <a name="sam-function-environment"></a>
The configuration for the runtime environment.  
*Type*: [Environment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Environment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html)` property of an `AWS::Lambda::Function` resource.

 `EphemeralStorage`   <a name="sam-function-ephemeralstorage"></a>
An object that specifies the disk space, in MB, available to your Lambda function in `/tmp`.  
For more information about this property, see [Lambda execution environment](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html) in the *AWS Lambda Developer Guide*.  
*Type*: [EphemeralStorage](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-ephemeralstorage)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[EphemeralStorage](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-ephemeralstorage)` property of an `AWS::Lambda::Function` resource.

 `EventInvokeConfig`   <a name="sam-function-eventinvokeconfig"></a>
The object that describes event invoke configuration on a Lambda function.  
*Type*: [EventInvokeConfiguration](sam-property-function-eventinvokeconfiguration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Events`   <a name="sam-function-events"></a>
Specifies the events that trigger this function. Events consist of a type and a set of properties that depend on the type.  
*Type*: [EventSource](sam-property-function-eventsource.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FileSystemConfigs`   <a name="sam-function-filesystemconfigs"></a>
List of [FileSystemConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-filesystemconfig.html) objects that specify the connection settings for an Amazon Elastic File System (Amazon EFS) file system.  
If your template contains an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html) resource, you must also specify a `DependsOn` resource attribute to ensure that the mount target is created or updated before the function.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FileSystemConfigs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-filesystemconfigs)` property of an `AWS::Lambda::Function` resource.

 `FunctionName`   <a name="sam-function-functionname"></a>
A name for the function. If you don't specify a name, a unique name is generated for you.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FunctionName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionname)` property of an `AWS::Lambda::Function` resource.

 `FunctionScalingConfig`   <a name="sam-function-functionscalingconfig"></a>
Configures the scaling behavior for Lambda functions running on capacity providers. Defines the minimum and maximum number of execution environments.  
*Type*: [FunctionScalingConfig](sam-property-function-functionscalingconfig.md)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FunctionScalingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionscalingconfig)` property of an `AWS::Lambda::Function` resource.

 `FunctionUrlConfig`   <a name="sam-function-functionurlconfig"></a>
The object that describes a function URL. A function URL is an HTTPS endpoint that you can use to invoke your function.  
For more information, see [Function URLs](https://docs.aws.amazon.com/lambda/latest/dg/lambda-urls.html) in the *AWS Lambda Developer Guide*.  
*Type*: [FunctionUrlConfig](sam-property-function-functionurlconfig.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Handler`   <a name="sam-function-handler"></a>
The function within your code that is called to begin execution. This property is only required if the `PackageType` property is set to `Zip`.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is passed directly to the `[Handler](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-handler)` property of an `AWS::Lambda::Function` resource.

 `ImageConfig`   <a name="sam-function-imageconfig"></a>
The object used to configure Lambda container image settings. For more information, see [Using container images with Lambda](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) in the *AWS Lambda Developer Guide*.  
*Type*: [ImageConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-imageconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ImageConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-imageconfig)` property of an `AWS::Lambda::Function` resource.

 `ImageUri`   <a name="sam-function-imageuri"></a>
The URI of the Amazon Elastic Container Registry (Amazon ECR) repository for the Lambda function's container image. This property only applies if the `PackageType` property is set to `Image`, otherwise it is ignored. For more information, see [Using container images with Lambda](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) in the *AWS Lambda Developer Guide*.  
If the `PackageType` property is set to `Image`, then either `ImageUri` is required, or you must build your application with necessary `Metadata` entries in the AWS SAM template file. For more information, see [Default build with AWS SAM](serverless-sam-cli-using-build.md).
Building your application with necessary `Metadata` entries takes precedence over `ImageUri`, so if you specify both then `ImageUri` is ignored.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ImageUri](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-imageuri)` property of the `AWS::Lambda::Function` `Code` data type.

 `InlineCode`   <a name="sam-function-inlinecode"></a>
The Lambda function code that is written directly in the template. This property only applies if the `PackageType` property is set to `Zip`, otherwise it is ignored.  
If the `PackageType` property is set to `Zip` (default), then one of `CodeUri` or `InlineCode` is required.
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is passed directly to the `[ZipFile](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile)` property of the `AWS::Lambda::Function` `Code` data type.

 `KmsKeyArn`   <a name="sam-function-kmskeyarn"></a>
The ARN of an AWS Key Management Service (AWS KMS) key that Lambda uses to encrypt and decrypt your function's environment variables.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-kmskeyarn)` property of an `AWS::Lambda::Function` resource.

 `Layers`   <a name="sam-function-layers"></a>
The list of `LayerVersion` ARNs that this function should use. The order specified here is the order in which they will be imported when running the Lambda function. The version is either a full ARN including the version or a reference to a LayerVersion resource. For example, a reference to a `LayerVersion` will be `!Ref MyLayer` while a full ARN including the version will be `arn:aws:lambda:region:account-id:layer:layer-name:version`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Layers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-layers)` property of an `AWS::Lambda::Function` resource.

 `LoggingConfig`   <a name="sam-function-loggingconfig"></a>
The function's Amazon CloudWatch Logs configuration settings.  
*Type*: [LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-loggingconfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-loggingconfig) property of an `AWS::Lambda::Function` resource.

 `MemorySize`   <a name="sam-function-memorysize"></a>
The size of the memory in MB allocated per invocation of the function.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MemorySize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-memorysize)` property of an `AWS::Lambda::Function` resource.

 `PackageType`   <a name="sam-function-packagetype"></a>
The deployment package type of the Lambda function. For more information, see [Lambda deployment packages](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) in the *AWS Lambda Developer Guide*.  
**Notes**:  
1. If this property is set to `Zip` (default), then either `CodeUri` or `InlineCode` applies, and `ImageUri` is ignored.  
2. If this property is set to `Image`, then only `ImageUri` applies, and both `CodeUri` and `InlineCode` are ignored. The Amazon ECR repository required to store the function's container image can be auto created by the AWS SAM CLI. For more information, see [sam deploy](sam-cli-command-reference-sam-deploy.md).  
*Valid values*: `Zip` or `Image`  
*Type*: String  
*Required*: No  
*Default*: `Zip`  
*CloudFormation compatibility*: This property is passed directly to the `[PackageType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-packagetype)` property of an `AWS::Lambda::Function` resource.

 `PermissionsBoundary`   <a name="sam-function-permissionsboundary"></a>
The ARN of a permissions boundary to use for this function's execution role. This property works only if the role is generated for you.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[PermissionsBoundary](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary)` property of an `AWS::IAM::Role` resource.

 `Policies`   <a name="sam-function-policies"></a>
Permission policies for this function. Policies will be appended to the function's default AWS Identity and Access Management (IAM) execution role.  
This property accepts a single value or list of values. Allowed values include:  
+ [AWS SAM policy templates](serverless-policy-templates.md).
+ The ARN of an [AWS managed policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies) or [ customer managed policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#customer-managed-policies).
+ The name of an AWS managed policy from the following [ list](https://github.com/aws/serverless-application-model/blob/develop/samtranslator/internal/data/aws_managed_policies.json).
+ An [ inline IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#inline-policies) formatted in YAML as a map.
If you set the `Role` property, this property is ignored.
*Type*: String \$1 List \$1 Map  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Policies](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-policies)` property of an `AWS::IAM::Role` resource.

 `PublishToLatestPublished`   <a name="sam-function-publishtolatestpublished"></a>
Specifies whether to publish the latest function version when the function is updated.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[PublishToLatestPublished](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-publishtolatestpublished)` property of an `AWS::Lambda::Function` resource.

`PropagateTags`  <a name="sam-function-propagatetags"></a>
Indicate whether or not to pass tags from the `Tags` property to your [AWS::Serverless::Function](sam-specification-generated-resources-function.md) generated resources. Specify `True` to propagate tags in your generated resources.  
*Type*: Boolean  
*Required*: No  
*Default*: `False`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ProvisionedConcurrencyConfig`   <a name="sam-function-provisionedconcurrencyconfig"></a>
The provisioned concurrency configuration of a function's alias.  
`ProvisionedConcurrencyConfig` can be specified only if the `AutoPublishAlias` is set. Otherwise, an error results.
*Type*: [ProvisionedConcurrencyConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-provisionedconcurrencyconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ProvisionedConcurrencyConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-provisionedconcurrencyconfig)` property of an `AWS::Lambda::Alias` resource.

 `RecursiveLoop`   <a name="sam-function-recursiveloop"></a>
The status of your function's recursive loop detection configuration.  
When this value is set to `Allow` and Lambda detects your function being invoked as part of a recursive loop, it doesn't take any action.  
When this value is set to `Terminate` and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you.   
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RecursiveLoop](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-recursiveloop)` property of the `AWS::Lambda::Function` resource.

 `ReservedConcurrentExecutions`   <a name="sam-function-reservedconcurrentexecutions"></a>
The maximum number of concurrent executions that you want to reserve for the function.  
For more information about this property, see [Lambda Function Scaling](https://docs.aws.amazon.com/lambda/latest/dg/scaling.html) in the *AWS Lambda Developer Guide*.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ReservedConcurrentExecutions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-reservedconcurrentexecutions)` property of an `AWS::Lambda::Function` resource.

 `Role`   <a name="sam-function-role"></a>
The ARN of an IAM role to use as this function's execution role.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-role)` property of an `AWS::Lambda::Function` resource. This is required in CloudFormation but not in AWS SAM. If a role isn't specified, one is created for you with a logical ID of `<function-logical-id>Role`.

 `RolePath`   <a name="sam-function-rolepath"></a>
The path to the function's IAM execution role.  
Use this property when the role is generated for you. Do not use when the role is specified with the `Role` property.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is passed directly to the `[Path](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path)` property of an `AWS::IAM::Role` resource.

 `Runtime`   <a name="sam-function-runtime"></a>
The identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). This property is only required if the `PackageType` property is set to `Zip`.  
If you specify the `provided` identifier for this property, you can use the `Metadata` resource attribute to instruct AWS SAM to build the custom runtime that this function requires. For more information about building custom runtimes, see [Building Lambda functions with custom runtimes in AWS SAM](building-custom-runtimes.md).
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is passed directly to the `[Runtime](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-runtime)` property of an `AWS::Lambda::Function` resource.

 `RuntimeManagementConfig`   <a name="sam-function-runtimemanagementconfig"></a>
Configure runtime management options for your Lambda functions such as runtime environment updates, rollback behavior, and selecting a specific runtime version. To learn more, see [Lambda runtime updates](https://docs.aws.amazon.com//lambda/latest/dg/runtimes-update.html) in the *AWS Lambda Developer Guide*.  
*Type*: [RuntimeManagementConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ RuntimeManagementConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html)` property of an `AWS::Lambda::Function` resource.

 `SnapStart`   <a name="sam-function-snapstart"></a>
Create a snapshot of any new Lambda function version. A snapshot is a cached state of your initialized function, including all of its dependencies. The function is initialized just once and the cached state is reused for all future invocations, improving application performance by reducing the number of times your function must be initialized. To learn more, see [Improving startup performance with Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) in the *AWS Lambda Developer Guide*.  
*Type*: [SnapStart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[SnapStart](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html)` property of an `AWS::Lambda::Function` resource.

 `SourceKMSKeyArn`   <a name="sam-function-sourcekmskeyarn"></a>
Represents a KMS key ARN that is used to encrypt the customer's ZIP function code.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[SourceKMSKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-sourcekmskeyarn)` property of an `AWS::Lambda::Function` `Code` data type.

 `Tags`   <a name="sam-function-tags"></a>
A map (string to string) that specifies the tags added to this function. For details about valid keys and values for tags, see [Tag Key and Value Requirements](https://docs.aws.amazon.com/lambda/latest/dg/configuration-tags.html#configuration-tags-restrictions) in the *AWS Lambda Developer Guide*.  
When the stack is created, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tags)` property of an `AWS::Lambda::Function` resource. The `Tags` property in AWS SAM consists of key-value pairs (whereas in CloudFormation this property consists of a list of `Tag` objects). Also, AWS SAM automatically adds a `lambda:createdBy:SAM` tag to this Lambda function, and to the default roles that are generated for this function.

 `TenancyConfig`   <a name="sam-function-tenancyconfig"></a>
Configuration for Lambda tenant isolation mode. Ensures execution environments are never shared between different tenant IDs, providing compute-level isolation for multi-tenant applications.  
*Type*: [TenancyConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-tenancyconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[TenancyConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tenancyconfig)` property of an `AWS::Lambda::Function` resource.

 `Timeout`   <a name="sam-function-timeout"></a>
The maximum time in seconds that the function can run before it is stopped.  
*Type*: Integer  
*Required*: No  
*Default*: 3  
*CloudFormation compatibility*: This property is passed directly to the `[Timeout](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-timeout)` property of an `AWS::Lambda::Function` resource.

 `Tracing`   <a name="sam-function-tracing"></a>
The string that specifies the function's X-Ray tracing mode.  
+ `Active` – Activates X-Ray tracing for the function.
+ `Disabled` – Deactivates X-Ray for the function.
+ `PassThrough` – Activates X-Ray tracing for the function. Sampling decision is delegated to the downstream services.
If specified as `Active` or `PassThrough` and the `Role` property is not set, AWS SAM adds the `arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess` policy to the Lambda execution role that it creates for you.  
For more information about X-Ray, see [Using AWS Lambda with AWS X-Ray](https://docs.aws.amazon.com/lambda/latest/dg/lambda-x-ray.html) in the *AWS Lambda Developer Guide*.  
*Valid values*: [`Active`\$1`Disabled`\$1`PassThrough`]  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[TracingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tracingconfig)` property of an `AWS::Lambda::Function` resource.

 `VersionDescription`   <a name="sam-function-versiondescription"></a>
Specifies the `Description` field that is added on the new Lambda version resource.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html#cfn-lambda-version-description)` property of an `AWS::Lambda::Version` resource.

 `VersionDeletionPolicy`   <a name="sam-function-versiondeletionpolicy"></a>
Specifies the deletion policy for the Lambda version resource that is created when `AutoPublishAlias` is set. This controls whether the version resource is retained or deleted when the stack is deleted.  
*Valid values*: `Delete`, `Retain`, or `Snapshot`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. It sets the `DeletionPolicy` attribute on the generated `AWS::Lambda::Version` resource.

 `VpcConfig`   <a name="sam-function-vpcconfig"></a>
The configuration that enables this function to access private resources within your virtual private cloud (VPC).  
*Type*: [VpcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[VpcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html)` property of an `AWS::Lambda::Function` resource.

## Return Values
<a name="sam-resource-function-return-values"></a>

### Ref
<a name="sam-resource-function-return-values-ref"></a>

When the logical ID of this resource is provided to the `Ref` intrinsic function, it returns the resource name of the underlying Lambda function.

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) in the *AWS CloudFormation User Guide*. 

### Fn::GetAtt
<a name="sam-resource-function-return-values-fn--getatt"></a>

`Fn::GetAtt` returns a value for a specified attribute of this type. The following are the available attributes and sample return values. 

For more information about using `Fn::GetAtt`, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) in the *AWS CloudFormation User Guide*. 

`Arn`  <a name="Arn-fn::getatt"></a>
The ARN of the underlying Lambda function.

## Examples
<a name="sam-resource-function-examples"></a>

### Simple function
<a name="sam-resource-function-examples-simple-function"></a>

The following is a basic example of an [AWS::Serverless::Function](#sam-resource-function) resource of package type `Zip` (default) and function code in an Amazon S3 bucket.

#### YAML
<a name="sam-resource-function-examples-simple-function--yaml"></a>

```
Type: AWS::Serverless::Function
Properties:
  Handler: index.handler
  Runtime: python3.9
  CodeUri: s3://bucket-name/key-name
```

### Function properties example
<a name="sam-resource-function-examples-function-properties-example"></a>

The following is an example of an [AWS::Serverless::Function](#sam-resource-function) of package type `Zip` (default) that uses `InlineCode`, `Layers`, `Tracing`, `Policies`, `Amazon EFS`, and an `Api` event source.

#### YAML
<a name="sam-resource-function-examples-function-properties-example--yaml"></a>

```
Type: AWS::Serverless::Function
DependsOn: MyMountTarget        # This is needed if an AWS::EFS::MountTarget resource is declared for EFS
Properties:
  Handler: index.handler
  Runtime: python3.9
  InlineCode: |
    def handler(event, context):
      print("Hello, world!")
  ReservedConcurrentExecutions: 30
  Layers:
    - Ref: MyLayer
  Tracing: Active
  Timeout: 120
  FileSystemConfigs:
    - Arn: !Ref MyEfsFileSystem
      LocalMountPath: /mnt/EFS
  Policies:
    - AWSLambdaExecute
    - Version: '2012-10-17		 	 	 ' 
      Statement:
        - Effect: Allow
          Action:
            - s3:GetObject
            - s3:GetObjectACL
          Resource: 'arn:aws:s3:::sam-s3-demo-bucket/*'
  Events:
    ApiEvent:
      Type: Api
      Properties:
        Path: /path
        Method: get
```

### ImageConfig example
<a name="sam-resource-function-examples-imageconfig-example"></a>

The following is an example of an `ImageConfig` for a Lambda function of package type `Image`.

#### YAML
<a name="sam-resource-function-examples-imageconfig-example--yaml"></a>

```
HelloWorldFunction:
  Type: AWS::Serverless::Function
  Properties:
    PackageType: Image
    ImageUri: account-id.dkr.ecr.region.amazonaws.com/ecr-repo-name:image-name
    ImageConfig:
      Command:
        - "app.lambda_handler"
      EntryPoint:
        - "entrypoint1"
      WorkingDirectory: "workDir"
```

### RuntimeManagementConfig examples
<a name="sam-resource-function-examples-runtimemanagementconfig-examples"></a>

A Lambda function configured to update its runtime environment according to current behavior:

```
TestFunction
  Type: AWS::Serverless::Function
  Properties:
    ...
    Runtime: python3.9
    RuntimeManagementConfig:
      UpdateRuntimeOn: Auto
```

A Lambda function configured to update its runtime environment when the function is updated:

```
TestFunction
  Type: AWS::Serverless::Function
  Properties:
    ...
    Runtime: python3.9
    RuntimeManagementConfig:
      UpdateRuntimeOn: FunctionUpdate
```

A Lambda function configured to update its runtime environment manually:

```
TestFunction
  Type: AWS::Serverless::Function
  Properties:
    ...
    Runtime: python3.9
    RuntimeManagementConfig:
      RuntimeVersionArn: arn:aws:lambda:us-east-1::runtime:4c459dd0104ee29ec65dcad056c0b3ddbe20d6db76b265ade7eda9a066859b1e
      UpdateRuntimeOn: Manual
```

### SnapStart examples
<a name="sam-resource-function-examples-snapstart-examples"></a>

Example of a Lambda function with SnapStart turned on for future versions:

```
TestFunc
  Type: AWS::Serverless::Function
  Properties:
    ...
    SnapStart:
      ApplyOn: PublishedVersions
```

### TenancyConfig examples
<a name="sam-resource-function-examples-tenancyconfig-examples"></a>

Example of a Lambda function with tenant isolation mode turned on:

```
TestFunction
  Type: AWS::Serverless::Function
  Properties:
    ...
    TenancyConfig:
      TenantIsolationMode: PER_TENANT
```

# DeadLetterQueue
<a name="sam-property-function-deadletterqueue"></a>

Specifies an SQS queue or SNS topic that AWS Lambda (Lambda) sends events to when it can't process them. For more information about dead letter queue functionality, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-dlq) in the *AWS Lambda Developer Guide*.

SAM will automatically add appropriate permission to your Lambda function execution role to give Lambda service access to the resource. sqs:SendMessage will be added for SQS queues and sns:Publish for SNS topics.

## Syntax
<a name="sam-property-function-deadletterqueue-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-deadletterqueue-syntax.yaml"></a>

```
  [TargetArn](#sam-function-deadletterqueue-targetarn): String
  [Type](#sam-function-deadletterqueue-type): String
```

## Properties
<a name="sam-property-function-deadletterqueue-properties"></a>

 `TargetArn`   <a name="sam-function-deadletterqueue-targetarn"></a>
The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[TargetArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-deadletterconfig.html#cfn-lambda-function-deadletterconfig-targetarn)` property of the `AWS::Lambda::Function` `DeadLetterConfig` data type.

 `Type`   <a name="sam-function-deadletterqueue-type"></a>
The type of dead letter queue.  
*Valid values*: `SNS`, `SQS`  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-deadletterqueue--examples"></a>

### DeadLetterQueue
<a name="sam-property-function-deadletterqueue--examples--deadletterqueue"></a>

Dead Letter Queue example for an SNS topic.

#### YAML
<a name="sam-property-function-deadletterqueue--examples--deadletterqueue--yaml"></a>

```
DeadLetterQueue:
  Type: SNS
  TargetArn: arn:aws:sns:us-east-2:123456789012:my-topic
```

# DeploymentPreference
<a name="sam-property-function-deploymentpreference"></a>

Specifies the configurations to enable gradual Lambda deployments. For more information about configuring gradual Lambda deployments, see [Deploying serverless applications gradually with AWS SAM](automating-updates-to-serverless-apps.md).

**Note**  
You must specify an `AutoPublishAlias` in your [AWS::Serverless::Function](sam-resource-function.md) to use a `DeploymentPreference` object, otherwise an error will result.

## Syntax
<a name="sam-property-function-deploymentpreference-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-deploymentpreference-syntax.yaml"></a>

```
  [Alarms](#sam-function-deploymentpreference-alarms): List
  [Enabled](#sam-function-deploymentpreference-enabled): Boolean
  [Hooks](#sam-function-deploymentpreference-hooks): Hooks
  [PassthroughCondition](#sam-function-deploymentpreference-passthroughcondition): Boolean
  [Role](#sam-function-deploymentpreference-role): String
  [TriggerConfigurations](#sam-function-deploymentpreference-triggerconfigurations): List
  [Type](#sam-function-deploymentpreference-type): String
```

## Properties
<a name="sam-property-function-deploymentpreference-properties"></a>

 `Alarms`   <a name="sam-function-deploymentpreference-alarms"></a>
A list of CloudWatch alarms that you want to be triggered by any errors raised by the deployment.  
This property accepts the `Fn::If` intrinsic function. See the Examples section at the bottom of this topic for an example template that uses `Fn::If`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Enabled`   <a name="sam-function-deploymentpreference-enabled"></a>
Whether this deployment preference is enabled.  
*Type*: Boolean  
*Required*: No  
*Default*: True  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Hooks`   <a name="sam-function-deploymentpreference-hooks"></a>
Validation Lambda functions that are run before and after traffic shifting.  
*Type*: [Hooks](sam-property-function-hooks.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `PassthroughCondition`   <a name="sam-function-deploymentpreference-passthroughcondition"></a>
If True, and if this deployment preference is enabled, the function's Condition will be passed through to the generated CodeDeploy resource. Generally, you should set this to True. Otherwise, the CodeDeploy resource would be created even if the function's Condition resolves to False.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Role`   <a name="sam-function-deploymentpreference-role"></a>
An IAM role ARN that CodeDeploy will use for traffic shifting. An IAM role will not be created if this is provided.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `TriggerConfigurations`   <a name="sam-function-deploymentpreference-triggerconfigurations"></a>
A list of trigger configurations you want to associate with the deployment group. Used to notify an SNS topic on lifecycle events.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[TriggerConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codedeploy-deploymentgroup.html#cfn-codedeploy-deploymentgroup-triggerconfigurations)` property of an `AWS::CodeDeploy::DeploymentGroup` resource.

 `Type`   <a name="sam-function-deploymentpreference-type"></a>
There are two categories of deployment types at the moment: Linear and Canary. For more information about available deployment types see [Deploying serverless applications gradually with AWS SAM](automating-updates-to-serverless-apps.md).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-deploymentpreference--examples"></a>

### DeploymentPreference with pre- and post-traffic hooks.
<a name="sam-property-function-deploymentpreference--examples--deploymentpreference-with-pre--and-post-traffic-hooks."></a>

Example deployment preference that contains pre- and post-traffic hooks.

#### YAML
<a name="sam-property-function-deploymentpreference--examples--deploymentpreference-with-pre--and-post-traffic-hooks.--yaml"></a>

```
DeploymentPreference:
  Enabled: true
  Type: Canary10Percent10Minutes 
  Alarms:
    - !Ref: AliasErrorMetricGreaterThanZeroAlarm
    - !Ref: LatestVersionErrorMetricGreaterThanZeroAlarm
  Hooks:
    PreTraffic:
      !Ref: PreTrafficLambdaFunction
    PostTraffic:
      !Ref: PostTrafficLambdaFunction
```

### DeploymentPreference with Fn::If intrinsic function
<a name="sam-property-function-deploymentpreference--examples--deploymentpreference-with-fn::if-intrinsic-function"></a>

Example deployment preference that uses `Fn::If` for configuring alarms. In this example, `Alarm1` will be configured if `MyCondition` is `true`, and `Alarm2` and `Alarm5` will be configured if `MyCondition` is `false`.

#### YAML
<a name="sam-property-function-deploymentpreference--examples--deploymentpreference-with-fn::if-intrinsic-function--yaml"></a>

```
DeploymentPreference:
  Enabled: true
  Type: Canary10Percent10Minutes 
  Alarms:
    Fn::If:
      - MyCondition
      - - Alarm1
      - - Alarm2
        - Alarm5
```

# Hooks
<a name="sam-property-function-hooks"></a>

Validation Lambda functions that are run before and after traffic shifting.

**Note**  
The Lambda functions referenced in this property configure the `CodeDeployLambdaAliasUpdate` object of the resulting [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html) resource. For more information, see [CodeDeployLambdaAliasUpdate Policy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html#cfn-attributes-updatepolicy-codedeploylambdaaliasupdate) in the *AWS CloudFormation User Guide*.

## Syntax
<a name="sam-property-function-hooks-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-hooks-syntax.yaml"></a>

```
  [PostTraffic](#sam-function-hooks-posttraffic): String
  [PreTraffic](#sam-function-hooks-pretraffic): String
```

## Properties
<a name="sam-property-function-hooks-properties"></a>

 `PostTraffic`   <a name="sam-function-hooks-posttraffic"></a>
Lambda function that is run after traffic shifting.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `PreTraffic`   <a name="sam-function-hooks-pretraffic"></a>
Lambda function that is run before traffic shifting.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-hooks--examples"></a>

### Hooks
<a name="sam-property-function-hooks--examples--hooks"></a>

Example hook functions

#### YAML
<a name="sam-property-function-hooks--examples--hooks--yaml"></a>

```
Hooks:
  PreTraffic:
    Ref: PreTrafficLambdaFunction
  PostTraffic:
    Ref: PostTrafficLambdaFunction
```

# DurableConfig
<a name="sam-property-function-durableconfig"></a>

Configures durable execution settings for AWS Lambda functions. Durable functions can run for up to one year and automatically checkpoint progress, enabling long-running workflows and fault-tolerant applications. For more information about durable functions, see [Lambda durable functions](https://docs.aws.amazon.com/lambda/latest/dg/durable-functions.html) in the *AWS Lambda Developer Guide*.

## Syntax
<a name="sam-property-function-durableconfig-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-durableconfig-syntax.yaml"></a>

```
  [ExecutionTimeout](#sam-function-durableconfig-executiontimeout): Integer
  [RetentionPeriodInDays](#sam-function-durableconfig-retentionperiodindays): Integer
```

## Properties
<a name="sam-property-function-durableconfig-properties"></a>

 `ExecutionTimeout`   <a name="sam-function-durableconfig-executiontimeout"></a>
The amount of time (in seconds) that Lambda allows a durable function to run before stopping it. The maximum is one 366-day year or 31,622,400 seconds.  
*Type*: Integer  
*Required*: Yes  
*Minimum*: 1  
*Maximum*: 31622400  
*CloudFormation compatibility*: This property is passed directly to the `[ExecutionTimeout](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-durableconfig.html#cfn-lambda-function-durableconfig-executiontimeout)` property of the `AWS::Lambda::Function` `DurableConfig` data type.

 `RetentionPeriodInDays`   <a name="sam-function-durableconfig-retentionperiodindays"></a>
The number of days after a durable execution is closed that Lambda retains its history, from one to 90 days. The default is 14 days.  
*Type*: Integer  
*Required*: No  
*Default*: 14  
*Minimum*: 1  
*Maximum*: 90  
*CloudFormation compatibility*: This property is passed directly to the `[RetentionPeriodInDays](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-durableconfig.html#cfn-lambda-function-durableconfig-retentionperiodindays)` property of the `AWS::Lambda::Function` `DurableConfig` data type.

## Examples
<a name="sam-property-function-durableconfig--examples"></a>

### DurableConfig
<a name="sam-property-function-durableconfig--examples--durableconfig"></a>

Durable configuration example for a function with a 1-hour execution timeout and 7-day retention period.

#### YAML
<a name="sam-property-function-durableconfig--examples--durableconfig--yaml"></a>

```
DurableConfig:
  ExecutionTimeout: 3600
  RetentionPeriodInDays: 7
```

# EventInvokeConfiguration
<a name="sam-property-function-eventinvokeconfiguration"></a>

Configuration options for [asynchronous](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html) Lambda Alias or Version invocations.

## Syntax
<a name="sam-property-function-eventinvokeconfiguration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-eventinvokeconfiguration-syntax.yaml"></a>

```
  [DestinationConfig](#sam-function-eventinvokeconfiguration-destinationconfig): EventInvokeDestinationConfiguration
  [MaximumEventAgeInSeconds](#sam-function-eventinvokeconfiguration-maximumeventageinseconds): Integer
  [MaximumRetryAttempts](#sam-function-eventinvokeconfiguration-maximumretryattempts): Integer
```

## Properties
<a name="sam-property-function-eventinvokeconfiguration-properties"></a>

 `DestinationConfig`   <a name="sam-function-eventinvokeconfiguration-destinationconfig"></a>
A configuration object that specifies the destination of an event after Lambda processes it.  
*Type*: [EventInvokeDestinationConfiguration](sam-property-function-eventinvokedestinationconfiguration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-destinationconfig.html)` property of an `AWS::Lambda::EventInvokeConfig` resource. SAM requires an extra parameter, "Type", that does not exist in CloudFormation.

 `MaximumEventAgeInSeconds`   <a name="sam-function-eventinvokeconfiguration-maximumeventageinseconds"></a>
The maximum age of a request that Lambda sends to a function for processing.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumEventAgeInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-maximumeventageinseconds)` property of an `AWS::Lambda::EventInvokeConfig` resource.

 `MaximumRetryAttempts`   <a name="sam-function-eventinvokeconfiguration-maximumretryattempts"></a>
The maximum number of times to retry before the function returns an error.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumRetryAttempts](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-maximumretryattempts)` property of an `AWS::Lambda::EventInvokeConfig` resource.

## Examples
<a name="sam-property-function-eventinvokeconfiguration--examples"></a>

### MaximumEventAgeInSeconds
<a name="sam-property-function-eventinvokeconfiguration--examples--maximumeventageinseconds"></a>

MaximumEventAgeInSeconds example

#### YAML
<a name="sam-property-function-eventinvokeconfiguration--examples--maximumeventageinseconds--yaml"></a>

```
EventInvokeConfig:
  MaximumEventAgeInSeconds: 60
  MaximumRetryAttempts: 2
  DestinationConfig:
    OnSuccess:
      Type: SQS
      Destination: arn:aws:sqs:us-west-2:012345678901:my-queue
    OnFailure:
      Type: Lambda
      Destination: !GetAtt DestinationLambda.Arn
```

# EventInvokeDestinationConfiguration
<a name="sam-property-function-eventinvokedestinationconfiguration"></a>

A configuration object that specifies the destination of an event after Lambda processes it.

## Syntax
<a name="sam-property-function-eventinvokedestinationconfiguration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-eventinvokedestinationconfiguration-syntax.yaml"></a>

```
  [OnFailure](#sam-function-eventinvokedestinationconfiguration-onfailure): OnFailure
  [OnSuccess](#sam-function-eventinvokedestinationconfiguration-onsuccess): OnSuccess
```

## Properties
<a name="sam-property-function-eventinvokedestinationconfiguration-properties"></a>

 `OnFailure`   <a name="sam-function-eventinvokedestinationconfiguration-onfailure"></a>
A destination for events that failed processing.  
*Type*: [OnFailure](sam-property-function-onfailure.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[OnFailure](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-onfailure.html)` property of an `AWS::Lambda::EventInvokeConfig` resource. Requires `Type`, an additional SAM-only property.

 `OnSuccess`   <a name="sam-function-eventinvokedestinationconfiguration-onsuccess"></a>
A destination for events that were processed successfully.  
*Type*: [OnSuccess](sam-property-function-onsuccess.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[OnSuccess](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-onsuccess)` property of an `AWS::Lambda::EventInvokeConfig` resource. Requires `Type`, an additional SAM-only property.

## Examples
<a name="sam-property-function-eventinvokedestinationconfiguration--examples"></a>

### OnSuccess
<a name="sam-property-function-eventinvokedestinationconfiguration--examples--onsuccess"></a>

OnSuccess example

#### YAML
<a name="sam-property-function-eventinvokedestinationconfiguration--examples--onsuccess--yaml"></a>

```
EventInvokeConfig:
  DestinationConfig:
    OnSuccess:
      Type: SQS
      Destination: arn:aws:sqs:us-west-2:012345678901:my-queue
    OnFailure:
      Type: Lambda
      Destination: !GetAtt DestinationLambda.Arn
```

# OnFailure
<a name="sam-property-function-onfailure"></a>

A destination for events that failed processing.

## Syntax
<a name="sam-property-function-onfailure-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-onfailure-syntax.yaml"></a>

```
  [Destination](#sam-function-onfailure-destination): String
  [Type](#sam-function-onfailure-type): String
```

## Properties
<a name="sam-property-function-onfailure-properties"></a>

 `Destination`   <a name="sam-function-onfailure-destination"></a>
The Amazon Resource Name (ARN) of the destination resource.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is similar to the `[OnFailure](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-onfailure.html)` property of an `AWS::Lambda::EventInvokeConfig` resource. SAM will add any necessary permissions to the auto-generated IAM Role associated with this function to access the resource referenced in this property.  
*Additional notes*: If the type is Lambda/EventBridge, Destination is required.

 `Type`   <a name="sam-function-onfailure-type"></a>
Type of the resource referenced in the destination. Supported types are `SQS`, `SNS`, `S3`, `Lambda`, and `EventBridge`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.  
*Additional notes*: If the type is SQS/SNS and the `Destination` property is left blank, then the SQS/SNS resource is auto generated by SAM. To reference the resource, use `<function-logical-id>.DestinationQueue` for SQS or `<function-logical-id>.DestinationTopic` for SNS. If the type is Lambda/EventBridge, `Destination` is required.

## Examples
<a name="sam-property-function-onfailure--examples"></a>

### EventInvoke Configuration Example with SQS and Lambda destinations
<a name="sam-property-function-onfailure--examples--eventinvoke-configuration-example-with-sqs-and-lambda-destinations"></a>

In this example no Destination is given for the SQS OnSuccess configuration, so SAM implicitly creates a SQS queue and adds any necessary permissions. Also for this example, a Destination for a Lambda resource declared in the template file is specified in the OnFailure configuration, so SAM adds the necessary permissions to this Lambda function to call the destination Lambda function.

#### YAML
<a name="sam-property-function-onfailure--examples--eventinvoke-configuration-example-with-sqs-and-lambda-destinations--yaml"></a>

```
EventInvokeConfig:
  DestinationConfig:
    OnSuccess:
      Type: SQS
    OnFailure:
      Type: Lambda
      Destination: !GetAtt DestinationLambda.Arn  # Arn of a Lambda function declared in the template file.
```

### EventInvoke Configuration Example with SNS destination
<a name="sam-property-function-onfailure--examples--eventinvoke-configuration-example-with-sns-destination"></a>

In this example a Destination is given for an SNS topic declared in the template file for the OnSuccess configuration.

#### YAML
<a name="sam-property-function-onfailure--examples--eventinvoke-configuration-example-with-sns-destination--yaml"></a>

```
EventInvokeConfig:
  DestinationConfig:
    OnSuccess:
      Type: SNS
      Destination:
        Ref: DestinationSNS       # Arn of an SNS topic declared in the tempate file
```

# OnSuccess
<a name="sam-property-function-onsuccess"></a>

A destination for events that were processed successfully.

## Syntax
<a name="sam-property-function-onsuccess-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-onsuccess-syntax.yaml"></a>

```
  [Destination](#sam-function-onsuccess-destination): String
  [Type](#sam-function-onsuccess-type): String
```

## Properties
<a name="sam-property-function-onsuccess-properties"></a>

 `Destination`   <a name="sam-function-onsuccess-destination"></a>
The Amazon Resource Name (ARN) of the destination resource.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is similar to the `[OnSuccess](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-onsuccess)` property of an `AWS::Lambda::EventInvokeConfig` resource. SAM will add any necessary permissions to the auto-generated IAM Role associated with this function to access the resource referenced in this property.  
*Additional notes*: If the type is Lambda/EventBridge, Destination is required.

 `Type`   <a name="sam-function-onsuccess-type"></a>
Type of the resource referenced in the destination. Supported types are `SQS`, `SNS`, `S3`, `Lambda`, and `EventBridge`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.  
*Additional notes*: If the type is SQS/SNS and the `Destination` property is left blank, then the SQS/SNS resource is auto generated by SAM. To reference the resource, use `<function-logical-id>.DestinationQueue` for SQS or `<function-logical-id>.DestinationTopic` for SNS. If the type is Lambda/EventBridge, `Destination` is required.

## Examples
<a name="sam-property-function-onsuccess--examples"></a>

### EventInvoke Configuration Example with SQS and Lambda destinations
<a name="sam-property-function-onsuccess--examples--eventinvoke-configuration-example-with-sqs-and-lambda-destinations"></a>

In this example no Destination is given for the SQS OnSuccess configuration, so SAM implicitly creates a SQS queue and adds any necessary permissions. Also for this example, a Destination for a Lambda resource declared in the template file is specified in the OnFailure configuration, so SAM adds the necessary permissions to this Lambda function to call the destination Lambda function.

#### YAML
<a name="sam-property-function-onsuccess--examples--eventinvoke-configuration-example-with-sqs-and-lambda-destinations--yaml"></a>

```
EventInvokeConfig:
  DestinationConfig:
    OnSuccess:
      Type: SQS
    OnFailure:
      Type: Lambda
      Destination: !GetAtt DestinationLambda.Arn  # Arn of a Lambda function declared in the template file.
```

### EventInvoke Configuration Example with SNS destination
<a name="sam-property-function-onsuccess--examples--eventinvoke-configuration-example-with-sns-destination"></a>

In this example a Destination is given for an SNS topic declared in the template file for the OnSuccess configuration.

#### YAML
<a name="sam-property-function-onsuccess--examples--eventinvoke-configuration-example-with-sns-destination--yaml"></a>

```
EventInvokeConfig:
  DestinationConfig:
    OnSuccess:
      Type: SNS
      Destination:
        Ref: DestinationSNS       # Arn of an SNS topic declared in the tempate file
```

# EventSource
<a name="sam-property-function-eventsource"></a>

The object describing the source of events which trigger the function. Each event consists of a type and a set of properties that depend on that type. For more information about the properties of each event source, see the topic corresponding to that type.

## Syntax
<a name="sam-property-function-eventsource-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-eventsource-syntax.yaml"></a>

```
  [Properties](#sam-function-eventsource-properties): AlexaSkill | Api | CloudWatchEvent | CloudWatchLogs | Cognito | DocumentDB | DynamoDB | EventBridgeRule | HttpApi | IoTRule | Kinesis | MQ | MSK | S3 | Schedule | ScheduleV2 | SelfManagedKafka | SNS | SQS
  [Type](#sam-function-eventsource-type): String
```

## Properties
<a name="sam-property-function-eventsource-properties"></a>

 `Properties`   <a name="sam-function-eventsource-properties"></a>
Object describing properties of this event mapping. The set of properties must conform to the defined Type.  
*Type*: [AlexaSkill](sam-property-function-alexaskill.md) \$1 [Api](sam-property-function-api.md) \$1 [CloudWatchEvent](sam-property-function-cloudwatchevent.md) \$1 [CloudWatchLogs](sam-property-function-cloudwatchlogs.md) \$1 [Cognito](sam-property-function-cognito.md) \$1 [DocumentDB](sam-property-function-documentdb.md) \$1 [DynamoDB](sam-property-function-dynamodb.md) \$1 [EventBridgeRule](sam-property-function-eventbridgerule.md) \$1 [HttpApi](sam-property-function-httpapi.md) \$1 [IoTRule](sam-property-function-iotrule.md) \$1 [Kinesis](sam-property-function-kinesis.md) \$1 [MQ](sam-property-function-mq.md) \$1 [MSK](sam-property-function-msk.md) \$1 [S3](sam-property-function-s3.md) \$1 [Schedule](sam-property-function-schedule.md) \$1 [ScheduleV2](sam-property-function-schedulev2.md) \$1 [SelfManagedKafka](sam-property-function-selfmanagedkafka.md) \$1 [SNS](sam-property-function-sns.md) \$1 [SQS](sam-property-function-sqs.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Type`   <a name="sam-function-eventsource-type"></a>
The event type.  
*Valid values*: `AlexaSkill`, `Api`, `CloudWatchEvent`, `CloudWatchLogs`, `Cognito`, `DocumentDB`, `DynamoDB`, `EventBridgeRule`, `HttpApi`, `IoTRule`, `Kinesis`, `MQ`, `MSK`, `S3`, `Schedule`, `ScheduleV2`, `SelfManagedKafka`, `SNS`, `SQS`  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-eventsource--examples"></a>

### APIEvent
<a name="sam-property-function-eventsource--examples--apievent"></a>

Example of using an API event

#### YAML
<a name="sam-property-function-eventsource--examples--apievent--yaml"></a>

```
ApiEvent:
  Type: Api
  Properties:
    Method: get
    Path: /group/{user}
    RestApiId: 
      Ref: MyApi
```

# AlexaSkill
<a name="sam-property-function-alexaskill"></a>

The object describing an `AlexaSkill` event source type.

## Syntax
<a name="sam-property-function-alexaskill-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-alexaskill-syntax.yaml"></a>

```
  [SkillId](#sam-function-alexaskill-skillid): String
```

## Properties
<a name="sam-property-function-alexaskill-properties"></a>

 `SkillId`   <a name="sam-function-alexaskill-skillid"></a>
The Alexa Skill ID for your Alexa Skill. For more information about Skill ID see [Configure the trigger for a Lambda function](https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-an-aws-lambda-function.html#configuring-the-alexa-skills-kit-trigger) in the Alexa Skills Kit documentation.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-alexaskill--examples"></a>

### AlexaSkillTrigger
<a name="sam-property-function-alexaskill--examples--alexaskilltrigger"></a>

Alexa Skill Event Example

#### YAML
<a name="sam-property-function-alexaskill--examples--alexaskilltrigger--yaml"></a>

```
AlexaSkillEvent:
  Type: AlexaSkill
```

# Api
<a name="sam-property-function-api"></a>

The object describing an `Api` event source type. If an [AWS::Serverless::Api](sam-resource-api.md) resource is defined, the path and method values must correspond to an operation in the OpenAPI definition of the API.

If no [AWS::Serverless::Api](sam-resource-api.md) is defined, the function input and output are a representation of the HTTP request and HTTP response.

For example, using the JavaScript API, the status code and body of the response can be controlled by returning an object with the keys statusCode and body.

## Syntax
<a name="sam-property-function-api-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-api-syntax.yaml"></a>

```
  [Auth](#sam-function-api-auth): ApiFunctionAuth
  [Method](#sam-function-api-method): String
  [Path](#sam-function-api-path): String
  [RequestModel](#sam-function-api-requestmodel): RequestModel
  [RequestParameters](#sam-function-api-requestparameters): List of [ String | RequestParameter ]
  [RestApiId](#sam-function-api-restapiid): String
  [ResponseTransferMode](#sam-function-api-responsetransfermode): String
  TimeoutInMillis: Integer
```

## Properties
<a name="sam-property-function-api-properties"></a>

 `Auth`   <a name="sam-function-api-auth"></a>
Auth configuration for this specific Api\$1Path\$1Method.  
Useful for overriding the API's `DefaultAuthorizer` setting auth config on an individual path when no `DefaultAuthorizer` is specified or overriding the default `ApiKeyRequired` setting.  
*Type*: [ApiFunctionAuth](sam-property-function-apifunctionauth.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Method`   <a name="sam-function-api-method"></a>
HTTP method for which this function is invoked. Options include `DELETE`, `GET`, `HEAD`, `OPTIONS`, `PATCH`, `POST`, `PUT`, and `ANY`. Refer to [Set up an HTTP method](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-settings-method-request.html#setup-method-add-http-method) in the *API Gateway Developer Guide* for details.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Path`   <a name="sam-function-api-path"></a>
Uri path for which this function is invoked. Must start with `/`.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `RequestModel`   <a name="sam-function-api-requestmodel"></a>
Request model to use for this specific Api\$1Path\$1Method. This should reference the name of a model specified in the `Models` section of an [AWS::Serverless::Api](sam-resource-api.md) resource.  
*Type*: [RequestModel](sam-property-function-requestmodel.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `RequestParameters`   <a name="sam-function-api-requestparameters"></a>
Request parameters configuration for this specific Api\$1Path\$1Method. All parameter names must start with `method.request` and must be limited to `method.request.header`, `method.request.querystring`, or `method.request.path`.  
A list can contain both parameter name strings and [RequestParameter](sam-property-function-requestparameter.md) objects. For strings, the `Required` and `Caching` properties will default to `false`.  
*Type*: List of [ String \$1 [RequestParameter](sam-property-function-requestparameter.md) ]  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `RestApiId`   <a name="sam-function-api-restapiid"></a>
Identifier of a RestApi resource, which must contain an operation with the given path and method. Typically, this is set to reference an [AWS::Serverless::Api](sam-resource-api.md) resource defined in this template.  
If you don't define this property, AWS SAM creates a default [AWS::Serverless::Api](sam-resource-api.md) resource using a generated `OpenApi` document. That resource contains a union of all paths and methods defined by `Api` events in the same template that do not specify a `RestApiId`.  
This cannot reference an [AWS::Serverless::Api](sam-resource-api.md) resource defined in another template.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

`ResponseTransferMode`  <a name="sam-function-api-responsetransfermode"></a>
The response transfer mode for the Lambda function integration. Set to `RESPONSE_STREAM` to enable Lambda response streaming through API Gateway, allowing the function to stream responses back to clients. When set to `RESPONSE_STREAM`, API Gateway uses the Lambda InvokeWithResponseStreaming API.  
*Type*: String  
*Required*: No  
*Valid values*: `BUFFERED` \$1 `RESPONSE_STREAM`  
*CloudFormation compatibility*: This property is passed directly to the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-method-integration.html#cfn-apigateway-method-integration-responsetransfermode](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-method-integration.html#cfn-apigateway-method-integration-responsetransfermode) property of an `AWS::ApiGateway::Method Integration`.

`TimeoutInMillis`  <a name="sam-function-api-timeoutinmillis"></a>
Custom timeout between 50 and 29,000 milliseconds.  
When you specify this property, AWS SAM modifies your OpenAPI definition. The OpenAPI definition must be specified inline using the `DefinitionBody` property. 
*Type*: Integer  
*Required*: No  
*Default*: 29,000 milliseconds or 29 seconds  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-api--examples"></a>

### Basic example
<a name="sam-property-function-api--examples--apievent"></a>

#### YAML
<a name="sam-property-function-api--examples--apievent--yaml"></a>

```
Events:
  ApiEvent:
    Type: Api
    Properties:
      Path: /path
      Method: get
      RequestParameters:
        - method.request.header.Authorization
        - method.request.querystring.keyword:
            Required: true
            Caching: false
```

# ApiFunctionAuth
<a name="sam-property-function-apifunctionauth"></a>

Configures authorization at the event level, for a specific API, path, and method.

## Syntax
<a name="sam-property-function-apifunctionauth-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-apifunctionauth-syntax.yaml"></a>

```
  [ApiKeyRequired](#sam-function-apifunctionauth-apikeyrequired): Boolean
  [AuthorizationScopes](#sam-function-apifunctionauth-authorizationscopes): List
  [Authorizer](#sam-function-apifunctionauth-authorizer): String
  [InvokeRole](#sam-function-apifunctionauth-invokerole): String
  OverrideApiAuth: Boolean
  [ResourcePolicy](#sam-function-apifunctionauth-resourcepolicy): ResourcePolicyStatement
```

## Properties
<a name="sam-property-function-apifunctionauth-properties"></a>

 `ApiKeyRequired`   <a name="sam-function-apifunctionauth-apikeyrequired"></a>
Requires an API key for this API, path, and method.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AuthorizationScopes`   <a name="sam-function-apifunctionauth-authorizationscopes"></a>
The authorization scopes to apply to this API, path, and method.  
The scopes that you specify will override any scopes applied by the `DefaultAuthorizer` property if you have specified it.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Authorizer`   <a name="sam-function-apifunctionauth-authorizer"></a>
The `Authorizer` for a specific function.  
If you have a global authorizer specified for your `AWS::Serverless::Api` resource, you can override the authorizer by setting `Authorizer` to `NONE`. For an example, see [Override a global authorizer for your Amazon API Gateway REST API](#sam-property-function-apifunctionauth--examples--override).  
If you use the `DefinitionBody` property of an `AWS::Serverless::Api` resource to describe your API, you must use `OverrideApiAuth` with `Authorizer` to override your global authorizer. See `OverrideApiAuth` for more information.
*Valid values*: `AWS_IAM`, `NONE`, or the logical ID for any authorizer defined in your AWS SAM template.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `InvokeRole`   <a name="sam-function-apifunctionauth-invokerole"></a>
Specifies the `InvokeRole` to use for `AWS_IAM` authorization.  
*Type*: String  
*Required*: No  
*Default*: `CALLER_CREDENTIALS`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.  
*Additional notes*: `CALLER_CREDENTIALS` maps to `arn:aws:iam:::<user>/`, which uses the caller credentials to invoke the endpoint.

`OverrideApiAuth`  <a name="sam-function-apifunctionauth-overrideapiauth"></a>
Specify as `true` to override the global authorizer configuration of your `AWS::Serverless::Api` resource. This property is only required if you specify a global authorizer and use the `DefinitionBody` property of an `AWS::Serverless::Api` resource to describe your API.  
When you specify `OverrideApiAuth` as `true`, AWS SAM will override your global authorizer with any values provided for `ApiKeyRequired`, `Authorizer`, or `ResourcePolicy`. Therefore, at least one of these properties must also be specified when using `OverrideApiAuth`. For an example, see [Override a global authorizer when DefinitionBody for AWS::Serverless::Api is specified](#sam-property-function-apifunctionauth--examples--override2).
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ResourcePolicy`   <a name="sam-function-apifunctionauth-resourcepolicy"></a>
Configure Resource Policy for this path on an API.  
*Type*: [ResourcePolicyStatement](sam-property-function-resourcepolicystatement.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-apifunctionauth--examples"></a>

### Function-Auth
<a name="sam-property-function-apifunctionauth--examples--function-auth"></a>

The following example specifies authorization at the function level.

#### YAML
<a name="sam-property-function-apifunctionauth--examples--function-auth--yaml"></a>

```
Auth:
  ApiKeyRequired: true
  Authorizer: NONE
```

### Override a global authorizer for your Amazon API Gateway REST API
<a name="sam-property-function-apifunctionauth--examples--override"></a>

You can specify a global authorizer for your `AWS::Serverless::Api` resource. The following is an example that configures a global default authorizer:

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyApiWithLambdaRequestAuth:
    Type: AWS::Serverless::Api
    Properties:
      ...
      Auth:
        Authorizers:
          MyLambdaRequestAuth:
            FunctionArn: !GetAtt MyAuthFn.Arn
        DefaultAuthorizer: MyLambdaRequestAuth
```

To override the default authorizer for your AWS Lambda function, you can specify `Authorizer` as `NONE`. The following is an example:

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
...
Resources:
  ...
  MyFn:
    Type: AWS::Serverless::Function
    Properties:
      ...
      Events:
        LambdaRequest:
          Type: Api
          Properties:
            RestApiId: !Ref MyApiWithLambdaRequestAuth
            Method: GET
            Auth:
              Authorizer: NONE
```

### Override a global authorizer when DefinitionBody for AWS::Serverless::Api is specified
<a name="sam-property-function-apifunctionauth--examples--override2"></a>

When using the `DefinitionBody` property to describe your `AWS::Serverless::Api` resource, the previous override method does not work. The following is an example of using the `DefinitionBody` property for an `AWS::Serverless::Api` resource:

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyApiWithLambdaRequestAuth:
    Type: AWS::Serverless::Api
    Properties:
      ...
      DefinitionBody:
        swagger: 2.0
        ...
        paths:
          /lambda-request:
            ...
      Auth:
        Authorizers:
          MyLambdaRequestAuth:
            FunctionArn: !GetAtt MyAuthFn.Arn
        DefaultAuthorizer: MyLambdaRequestAuth
```

To override the global authorizer, use the `OverrideApiAuth` property. The following is an example that uses `OverrideApiAuth` to override the global authorizer with the value provided for `Authorizer`:

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyApiWithLambdaRequestAuth:
    Type: AWS::Serverless::Api
    Properties:
      ...
      DefinitionBody:
        swagger: 2-0
        ...
        paths:
          /lambda-request:
            ...
      Auth:
        Authorizers:
          MyLambdaRequestAuth:
            FunctionArn: !GetAtt MyAuthFn.Arn
        DefaultAuthorizer: MyLambdaRequestAuth
    
    MyAuthFn:
      Type: AWS::Serverless::Function
      ...
    
    MyFn:
      Type: AWS::Serverless::Function
        Properties:
          ...
          Events:
            LambdaRequest:
              Type: Api
              Properties:
                RestApiId: !Ref MyApiWithLambdaRequestAuth
                Method: GET
                Auth:
                  Authorizer: NONE
                  OverrideApiAuth: true
                Path: /lambda-token
```

# ResourcePolicyStatement
<a name="sam-property-function-resourcepolicystatement"></a>

Configures a resource policy for all methods and paths of an API. For more information about resource policies, see [Controlling access to an API with API Gateway resource policies](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies.html) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-function-resourcepolicystatement-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-resourcepolicystatement-syntax.yaml"></a>

```
  [AwsAccountBlacklist](#sam-function-resourcepolicystatement-awsaccountblacklist): List
  [AwsAccountWhitelist](#sam-function-resourcepolicystatement-awsaccountwhitelist): List
  [CustomStatements](#sam-function-resourcepolicystatement-customstatements): List
  [IntrinsicVpcBlacklist](#sam-function-resourcepolicystatement-intrinsicvpcblacklist): List
  [IntrinsicVpcWhitelist](#sam-function-resourcepolicystatement-intrinsicvpcwhitelist): List
  [IntrinsicVpceBlacklist](#sam-function-resourcepolicystatement-intrinsicvpceblacklist): List
  [IntrinsicVpceWhitelist](#sam-function-resourcepolicystatement-intrinsicvpcewhitelist): List
  [IpRangeBlacklist](#sam-function-resourcepolicystatement-iprangeblacklist): List
  [IpRangeWhitelist](#sam-function-resourcepolicystatement-iprangewhitelist): List
  [SourceVpcBlacklist](#sam-function-resourcepolicystatement-sourcevpcblacklist): List
  [SourceVpcWhitelist](#sam-function-resourcepolicystatement-sourcevpcwhitelist): List
```

## Properties
<a name="sam-property-function-resourcepolicystatement-properties"></a>

 `AwsAccountBlacklist`   <a name="sam-function-resourcepolicystatement-awsaccountblacklist"></a>
The AWS accounts to block.  
*Type*: List of String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AwsAccountWhitelist`   <a name="sam-function-resourcepolicystatement-awsaccountwhitelist"></a>
The AWS accounts to allow. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List of String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `CustomStatements`   <a name="sam-function-resourcepolicystatement-customstatements"></a>
A list of custom resource policy statements to apply to this API. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpcBlacklist`   <a name="sam-function-resourcepolicystatement-intrinsicvpcblacklist"></a>
The list of virtual private clouds (VPCs) to block, where each VPC is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpcWhitelist`   <a name="sam-function-resourcepolicystatement-intrinsicvpcwhitelist"></a>
The list of VPCs to allow, where each VPC is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html).  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpceBlacklist`   <a name="sam-function-resourcepolicystatement-intrinsicvpceblacklist"></a>
The list of VPC endpoints to block, where each VPC endpoint is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html).  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpceWhitelist`   <a name="sam-function-resourcepolicystatement-intrinsicvpcewhitelist"></a>
The list of VPC endpoints to allow, where each VPC endpoint is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IpRangeBlacklist`   <a name="sam-function-resourcepolicystatement-iprangeblacklist"></a>
The IP addresses or address ranges to block. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IpRangeWhitelist`   <a name="sam-function-resourcepolicystatement-iprangewhitelist"></a>
The IP addresses or address ranges to allow.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SourceVpcBlacklist`   <a name="sam-function-resourcepolicystatement-sourcevpcblacklist"></a>
The source VPC or VPC endpoints to block. Source VPC names must start with `"vpc-"` and source VPC endpoint names must start with `"vpce-"`. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SourceVpcWhitelist`   <a name="sam-function-resourcepolicystatement-sourcevpcwhitelist"></a>
The source VPC or VPC endpoints to allow. Source VPC names must start with `"vpc-"` and source VPC endpoint names must start with `"vpce-"`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-resourcepolicystatement--examples"></a>

### Resource Policy Example
<a name="sam-property-function-resourcepolicystatement--examples--resource-policy-example"></a>

The following example blocks two IP addresses and a source VPC, and allows an AWS account.

#### YAML
<a name="sam-property-function-resourcepolicystatement--examples--resource-policy-example--yaml"></a>

```
Auth:
  ResourcePolicy:
    CustomStatements: [{
                         "Effect": "Allow",
                         "Principal": "*",
                         "Action": "execute-api:Invoke",
                         "Resource": "execute-api:/Prod/GET/pets",
                         "Condition": {
                           "IpAddress": {
                             "aws:SourceIp": "1.2.3.4"
                           }
                         }
                       }]
    IpRangeBlacklist:
      - "10.20.30.40"
      - "1.2.3.4"
    SourceVpcBlacklist:
      - "vpce-1a2b3c4d"
    AwsAccountWhitelist:
      - "111122223333"
    IntrinsicVpcBlacklist:
      - "{{resolve:ssm:SomeVPCReference:1}}" 
      - !Ref MyVPC
    IntrinsicVpceWhitelist:
      - "{{resolve:ssm:SomeVPCEReference:1}}" 
      - !Ref MyVPCE
```

# RequestModel
<a name="sam-property-function-requestmodel"></a>

Configures a Request Model for a specific Api\$1Path\$1Method.

## Syntax
<a name="sam-property-function-requestmodel-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-requestmodel-syntax.yaml"></a>

```
  [Model](#sam-function-requestmodel-model): String
  [Required](#sam-function-requestmodel-required): Boolean
  [ValidateBody](#sam-function-requestmodel-validatebody): Boolean
  [ValidateParameters](#sam-function-requestmodel-validateparameters): Boolean
```

## Properties
<a name="sam-property-function-requestmodel-properties"></a>

 `Model`   <a name="sam-function-requestmodel-model"></a>
Name of a model defined in the Models property of the [AWS::Serverless::Api](sam-resource-api.md).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Required`   <a name="sam-function-requestmodel-required"></a>
Adds a `required` property in the parameters section of the OpenApi definition for the given API endpoint.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ValidateBody`   <a name="sam-function-requestmodel-validatebody"></a>
Specifies whether API Gateway uses the `Model` to validate the request body. For more information, see [Enable request validation in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-request-validation.html) in the *API Gateway Developer Guide*.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ValidateParameters`   <a name="sam-function-requestmodel-validateparameters"></a>
Specifies whether API Gateway uses the `Model` to validate request path parameters, query strings, and headers. For more information, see [Enable request validation in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-request-validation.html) in the *API Gateway Developer Guide*.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-requestmodel--examples"></a>

### Request Model
<a name="sam-property-function-requestmodel--examples--request-model"></a>

Request Model Example

#### YAML
<a name="sam-property-function-requestmodel--examples--request-model--yaml"></a>

```
RequestModel:
  Model: User
  Required: true
  ValidateBody: true
  ValidateParameters: true
```

# RequestParameter
<a name="sam-property-function-requestparameter"></a>

Configure Request Parameter for a specific Api\$1Path\$1Method.

Either `Required` or `Caching` property needs to be specified for request parameter

## Syntax
<a name="sam-property-function-requestparameter-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-requestparameter-syntax.yaml"></a>

```
  [Caching](#sam-function-requestparameter-caching): Boolean
  [Required](#sam-function-requestparameter-required): Boolean
```

## Properties
<a name="sam-property-function-requestparameter-properties"></a>

 `Caching`   <a name="sam-function-requestparameter-caching"></a>
Adds `cacheKeyParameters` section to the API Gateway OpenApi definition  
*Type*: Boolean  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Required`   <a name="sam-function-requestparameter-required"></a>
This field specifies whether a parameter is required  
*Type*: Boolean  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-requestparameter--examples"></a>

### Request Parameter
<a name="sam-property-function-requestparameter--examples--request-parameter"></a>

Example of setting Request Parameters

#### YAML
<a name="sam-property-function-requestparameter--examples--request-parameter--yaml"></a>

```
RequestParameters:
  - method.request.header.Authorization:
      Required: true
      Caching: true
```

# CloudWatchEvent
<a name="sam-property-function-cloudwatchevent"></a>

The object describing a `CloudWatchEvent` event source type.

AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html) resource when this event type is set.

**Important Note**: [EventBridgeRule](sam-property-function-eventbridgerule.md) is the preferred event source type to use, instead of `CloudWatchEvent`. `EventBridgeRule` and `CloudWatchEvent` use the same underlying service, API, and CloudFormation resources. However, AWS SAM will add support for new features only to `EventBridgeRule`.

## Syntax
<a name="sam-property-function-cloudwatchevent-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-cloudwatchevent-syntax.yaml"></a>

```
  [Enabled](#sam-function-cloudwatchevent-enabled): Boolean
  [EventBusName](#sam-function-cloudwatchevent-eventbusname): String
  [Input](#sam-function-cloudwatchevent-input): String
  [InputPath](#sam-function-cloudwatchevent-inputpath): String
  [Pattern](#sam-function-cloudwatchevent-pattern): [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)
  [State](#sam-function-cloudwatchevent-state): String
```

## Properties
<a name="sam-property-function-cloudwatchevent-properties"></a>

 `Enabled`   <a name="sam-function-cloudwatchevent-enabled"></a>
Indicates whether the rule is enabled.  
To disable the rule, set this property to `false`.  
Specify either the `Enabled` or `State` property, but not both.
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state)` property of an `AWS::Events::Rule` resource. If this property is set to `true` then AWS SAM passes `ENABLED`, otherwise it passes `DISABLED`.

 `EventBusName`   <a name="sam-function-cloudwatchevent-eventbusname"></a>
The event bus to associate with this rule. If you omit this property, AWS SAM uses the default event bus.  
*Type*: String  
*Required*: No  
*Default*: Default event bus  
*CloudFormation compatibility*: This property is passed directly to the `[EventBusName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventbusname)` property of an `AWS::Events::Rule` resource.

 `Input`   <a name="sam-function-cloudwatchevent-input"></a>
Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-input)` property of an `AWS::Events::Rule Target` resource.

 `InputPath`   <a name="sam-function-cloudwatchevent-inputpath"></a>
When you don't want to pass the entire matched event to the target, use the `InputPath` property to describe which part of the event to pass.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[InputPath](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-inputpath)` property of an `AWS::Events::Rule Target` resource.

 `Pattern`   <a name="sam-function-cloudwatchevent-pattern"></a>
Describes which events are routed to the specified target. For more information, see [Events and Event Patterns in EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) in the *Amazon EventBridge User Guide*.  
*Type*: [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)` property of an `AWS::Events::Rule` resource.

 `State`   <a name="sam-function-cloudwatchevent-state"></a>
The state of the rule.  
*Accepted values:* `DISABLED | ENABLED`  
Specify either the `Enabled` or `State` property, but not both.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state)` property of an `AWS::Events::Rule` resource.

## Examples
<a name="sam-property-function-cloudwatchevent--examples"></a>

### CloudWatchEvent
<a name="sam-property-function-cloudwatchevent--examples--cloudwatchevent"></a>

The following is an example of a `CloudWatchEvent` event source type.

#### YAML
<a name="sam-property-function-cloudwatchevent--examples--cloudwatchevent--yaml"></a>

```
CWEvent:
  Type: CloudWatchEvent
  Properties:
    Enabled: false
    Input: '{"Key": "Value"}'
    Pattern:
      detail:
        state:
          - running
```

# CloudWatchLogs
<a name="sam-property-function-cloudwatchlogs"></a>

The object describing a `CloudWatchLogs` event source type.

This event generates a [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html) resource and specifies a subscription filter and associates it with the specified log group.

## Syntax
<a name="sam-property-function-cloudwatchlogs-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-cloudwatchlogs-syntax.yaml"></a>

```
  [FilterPattern](#sam-function-cloudwatchlogs-filterpattern): String
  [LogGroupName](#sam-function-cloudwatchlogs-loggroupname): String
```

## Properties
<a name="sam-property-function-cloudwatchlogs-properties"></a>

 `FilterPattern`   <a name="sam-function-cloudwatchlogs-filterpattern"></a>
The filtering expressions that restrict what gets delivered to the destination AWS resource. For more information about the filter pattern syntax, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[FilterPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html#cfn-cwl-subscriptionfilter-filterpattern)` property of an `AWS::Logs::SubscriptionFilter` resource.

 `LogGroupName`   <a name="sam-function-cloudwatchlogs-loggroupname"></a>
The log group to associate with the subscription filter. All log events that are uploaded to this log group are filtered and delivered to the specified AWS resource if the filter pattern matches the log events.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[LogGroupName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html#cfn-cwl-subscriptionfilter-loggroupname)` property of an `AWS::Logs::SubscriptionFilter` resource.

## Examples
<a name="sam-property-function-cloudwatchlogs--examples"></a>

### Cloudwatchlogs Subscription filter
<a name="sam-property-function-cloudwatchlogs--examples--cloudwatchlogs-subscription-filter"></a>

Cloudwatchlogs Subscription filter Example

#### YAML
<a name="sam-property-function-cloudwatchlogs--examples--cloudwatchlogs-subscription-filter--yaml"></a>

```
CWLog:
  Type: CloudWatchLogs
  Properties:
    LogGroupName:
      Ref: CloudWatchLambdaLogsGroup
    FilterPattern: My pattern
```

# Cognito
<a name="sam-property-function-cognito"></a>

The object describing a `Cognito` event source type.

## Syntax
<a name="sam-property-function-cognito-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-cognito-syntax.yaml"></a>

```
  [Trigger](#sam-function-cognito-trigger): List
  [UserPool](#sam-function-cognito-userpool): String
```

## Properties
<a name="sam-property-function-cognito-properties"></a>

 `Trigger`   <a name="sam-function-cognito-trigger"></a>
The Lambda trigger configuration information for the new user pool.  
*Type*: List  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[LambdaConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html)` property of an `AWS::Cognito::UserPool` resource.

 `UserPool`   <a name="sam-function-cognito-userpool"></a>
Reference to UserPool defined in the same template  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-cognito--examples"></a>

### Cognito Event
<a name="sam-property-function-cognito--examples--cognito-event"></a>

Cognito Event Example

#### YAML
<a name="sam-property-function-cognito--examples--cognito-event--yaml"></a>

```
CognitoUserPoolPreSignup:
  Type: Cognito
  Properties:
    UserPool:
      Ref: MyCognitoUserPool
    Trigger: PreSignUp
```

# DocumentDB
<a name="sam-property-function-documentdb"></a>

The object describing a `DocumentDB` event source type. For more information, see [Using AWS Lambda with Amazon DocumentDB](https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html) in the *AWS Lambda Developer Guide*.

## Syntax
<a name="sam-property-function-documentdb-syntax"></a>

To declare this entity in your AWS SAM template, use the following syntax.

### YAML
<a name="sam-property-function-documentdb-syntax-yaml"></a>

```
BatchSize: Integer
Cluster: [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)
CollectionName: String
DatabaseName: String
Enabled: Boolean
FilterCriteria: [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)
FullDocument: String
KmsKeyArn: String  
MaximumBatchingWindowInSeconds: Integer
SecretsManagerKmsKeyId: String
SourceAccessConfigurations: List
StartingPosition: String
StartingPositionTimestamp: Double
```

## Properties
<a name="sam-property-function-documentdb-properties"></a>

 `BatchSize`   <a name="sam-function-documentdb-batchsize"></a>
The maximum number of items to retrieve in a single batch.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Cluster`   <a name="sam-function-documentdb-cluster"></a>
The Amazon Resource Name (ARN) of the Amazon DocumentDB cluster.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `CollectionName`   <a name="sam-function-documentdb-collectionname"></a>
The name of the collection to consume within the database. If you do not specify a collection, Lambda consumes all collections.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ CollectionName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-collectionname)` property of an `AWS::Lambda::EventSourceMapping` `DocumentDBEventSourceConfig` data type.

 `DatabaseName`   <a name="sam-function-documentdb-databasename"></a>
The name of the database to consume within the Amazon DocumentDB cluster.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ DatabaseName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-databasename)` property of an `AWS::Lambda::EventSourceMapping` `DocumentDBEventSourceConfig`data type.

 `Enabled`   <a name="sam-function-documentdb-enabled"></a>
If `true`, the event source mapping is active. To pause polling and invocation, set to `false`.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FilterCriteria`   <a name="sam-function-documentdb-filtercriteria"></a>
An object that defines the criteria that determines whether Lambda should process an event. For more information, see [ Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*.  
*Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FullDocument`   <a name="sam-function-documentdb-fulldocument"></a>
Determines what Amazon DocumentDB sends to your event stream during document update operations. If set to `UpdateLookup`, Amazon DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, Amazon DocumentDB sends only a partial document that contains the changes.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ FullDocument](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-fulldocument)` property of an `AWS::Lambda::EventSourceMapping` `DocumentDBEventSourceConfig` data type.

 `KmsKeyArn`   <a name="sam-function-documentdb-kmskeyarn"></a>
The Amazon Resource Name (ARN) of the key to encrypt information related to this event.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumBatchingWindowInSeconds`   <a name="sam-function-documentdb-maximumbatchingwindowinseconds"></a>
The maximum amount of time to gather records before invoking the function, in seconds.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `SecretsManagerKmsKeyId`   <a name="sam-function-documentdb-secretsmanagerkmskeyid"></a>
The AWS Key Management Service (AWS KMS) key ID of a customer managed key from AWS Secrets Manager. Required when you use a customer managed key from Secrets Manager with a Lambda execution role that doesn’t include the `kms:Decrypt` permission.  
The value of this property is a UUID. For example: `1abc23d4-567f-8ab9-cde0-1fab234c5d67`.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent.

 `SourceAccessConfigurations`   <a name="sam-function-documentdb-sourceaccessconfigurations"></a>
An array of the authentication protocol or virtual host. Specify this using the [ SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html) data type.  
For the `DocumentDB` event source type, the only valid configuration type is `BASIC_AUTH`.  
+ `BASIC_AUTH` – The Secrets Manager secret that stores your broker credentials. For this type, the credential must be in the following format: `{"username": "your-username", "password": "your-password"}`. Only one object of type `BASIC_AUTH` is allowed.
*Type*: List  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `StartingPosition`   <a name="sam-function-documentdb-startingposition"></a>
The position in a stream from which to start reading.  
+ `AT_TIMESTAMP` – Specify a time from which to start reading records.
+ `LATEST` – Read only new records.
+ `TRIM_HORIZON` – Process all available records.
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ StartingPosition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `StartingPositionTimestamp`   <a name="sam-function-documentdb-startingpositiontimestamp"></a>
The time from which to start reading, in Unix time seconds. Define `StartingPositionTimestamp` when `StartingPosition` is specified as `AT_TIMESTAMP`.  
*Type*: Double  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ StartingPositionTimestamp](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp)` property of an `AWS::Lambda::EventSourceMapping` resource.

## Examples
<a name="sam-property-function-documentdb-examples"></a>

### Amazon DocumentDB event source
<a name="sam-property-function-documentdb-examples-example1"></a>

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
    ...
      Events:
        MyDDBEvent:
          Type: DocumentDB
          Properties:
            Cluster: "arn:aws:rds:us-west-2:123456789012:cluster:docdb-2023-01-01"
            BatchSize: 10
            MaximumBatchingWindowInSeconds: 5
            DatabaseName: "db1"
            CollectionName: "collection1"
            FullDocument: "UpdateLookup"
            SourceAccessConfigurations:
              - Type: BASIC_AUTH
                URI: "arn:aws:secretsmanager:us-west-2:123456789012:secret:doc-db"
```

# DynamoDB
<a name="sam-property-function-dynamodb"></a>

The object describing a `DynamoDB` event source type. For more information, see [Using AWS Lambda with Amazon DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) in the *AWS Lambda Developer Guide*.

AWS SAM generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set.

## Syntax
<a name="sam-property-function-dynamodb-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-dynamodb-syntax.yaml"></a>

```
  [BatchSize](#sam-function-dynamodb-batchsize): Integer
  [BisectBatchOnFunctionError](#sam-function-dynamodb-bisectbatchonfunctionerror): Boolean
  [DestinationConfig](#sam-function-dynamodb-destinationconfig): [DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig)
  [Enabled](#sam-function-dynamodb-enabled): Boolean
  [FilterCriteria](#sam-function-dynamodb-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)
  [FunctionResponseTypes](#sam-function-dynamodb-functionresponsetypes): List
  KmsKeyArn: String          
  [MaximumBatchingWindowInSeconds](#sam-function-dynamodb-maximumbatchingwindowinseconds): Integer
  [MaximumRecordAgeInSeconds](#sam-function-dynamodb-maximumrecordageinseconds): Integer
  [MaximumRetryAttempts](#sam-function-dynamodb-maximumretryattempts): Integer
  [MetricsConfig](#sam-function-dynamodb-metricsconfig): [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)
  [ParallelizationFactor](#sam-function-dynamodb-parallelizationfactor): Integer
  [StartingPosition](#sam-function-dynamodb-startingposition): String
  StartingPositionTimestamp: Double
  [Stream](#sam-function-dynamodb-stream): String
  [TumblingWindowInSeconds](#sam-function-dynamodb-tumblingwindowinseconds): Integer
```

## Properties
<a name="sam-property-function-dynamodb-properties"></a>

 `BatchSize`   <a name="sam-function-dynamodb-batchsize"></a>
The maximum number of items to retrieve in a single batch.  
*Type*: Integer  
*Required*: No  
*Default*: 100  
*CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource.  
*Minimum*: `1`  
*Maximum*: `1000`

 `BisectBatchOnFunctionError`   <a name="sam-function-dynamodb-bisectbatchonfunctionerror"></a>
If the function returns an error, split the batch in two and retry.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[BisectBatchOnFunctionError](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-bisectbatchonfunctionerror)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `DestinationConfig`   <a name="sam-function-dynamodb-destinationconfig"></a>
An Amazon Simple Queue Service (Amazon SQS) queue or Amazon Simple Notification Service (Amazon SNS) topic destination for discarded records.  
*Type*: [DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Enabled`   <a name="sam-function-dynamodb-enabled"></a>
Disables the event source mapping to pause polling and invocation.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FilterCriteria`   <a name="sam-function-dynamodb-filtercriteria"></a>
A object that defines the criteria to determine whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*.  
*Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FunctionResponseTypes`   <a name="sam-function-dynamodb-functionresponsetypes"></a>
A list of the response types currently applied to the event source mapping. For more information, see [Reporting batch item failures](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-ddb-batchfailurereporting) in the *AWS Lambda Developer Guide*.  
*Valid values*: `ReportBatchItemFailures`  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FunctionResponseTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `KmsKeyArn`   <a name="sam-function-dynamodb-kmskeyarn"></a>
The Amazon Resource Name (ARN) of the key to encrypt information related to this event.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumBatchingWindowInSeconds`   <a name="sam-function-dynamodb-maximumbatchingwindowinseconds"></a>
The maximum amount of time to gather records before invoking the function, in seconds.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumRecordAgeInSeconds`   <a name="sam-function-dynamodb-maximumrecordageinseconds"></a>
The maximum age of a record that Lambda sends to a function for processing.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumRecordAgeInSeconds](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumRetryAttempts`   <a name="sam-function-dynamodb-maximumretryattempts"></a>
The maximum number of times to retry when the function returns an error.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumRetryAttempts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MetricsConfig`   <a name="sam-function-dynamodb-metricsconfig"></a>
An opt-in configuration to get enhanced metrics for event source mappings that capture each stage of processing. For an example, see [MetricsConfig event](#sam-property-function-dynamodb-example-metricsconfigevent).  
*Type*: [MetricsConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `ParallelizationFactor`   <a name="sam-function-dynamodb-parallelizationfactor"></a>
The number of batches to process from each shard concurrently.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ParallelizationFactor](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-parallelizationfactor)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `StartingPosition`   <a name="sam-function-dynamodb-startingposition"></a>
The position in a stream from which to start reading.  
+ `AT_TIMESTAMP` – Specify a time from which to start reading records.
+ `LATEST` – Read only new records.
+ `TRIM_HORIZON` – Process all available records.
*Valid values*: `AT_TIMESTAMP` \$1 `LATEST` \$1 `TRIM_HORIZON`  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[StartingPosition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `StartingPositionTimestamp`   <a name="sam-function-dynamodb-startingpositiontimestamp"></a>
The time from which to start reading, in Unix time seconds. Define `StartingPositionTimestamp` when `StartingPosition` is specified as `AT_TIMESTAMP`.  
*Type*: Double  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[StartingPositionTimestamp](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Stream`   <a name="sam-function-dynamodb-stream"></a>
The Amazon Resource Name (ARN) of the DynamoDB stream.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `TumblingWindowInSeconds`   <a name="sam-function-dynamodb-tumblingwindowinseconds"></a>
The duration, in seconds, of a processing window. The valid range is 1 to 900 (15 minutes).  
For more information, see [Tumbling windows](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#streams-tumbling) in the *AWS Lambda Developer Guide*.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[TumblingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-tumblingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

## Examples
<a name="sam-property-function-dynamodb--examples"></a>

### MetricsConfig event
<a name="sam-property-function-dynamodb-example-metricsconfigevent"></a>

The following is an example of a resource that uses the `MetricsConfig` property to capture each stage of processing for their event source mappings.

```
Resources:
  FilteredEventsFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: s3://sam-demo-bucket/metricsConfig.zip
      Handler: index.handler
      Runtime: nodejs16.x
      Events:
        KinesisStream:
          Type: Kinesis
          Properties:
            Stream: !GetAtt KinesisStream.Arn
            StartingPosition: LATEST
            MetricsConfig:
              Metrics:
              - EventCount
```

### DynamoDB event source for existing DynamoDB table
<a name="sam-property-function-dynamodb--examples--dynamodb-event-source-for-existing-dynamodb-table"></a>

DynamoDB event source for a DynamoDB table that already exists in an AWS account.

#### YAML
<a name="sam-property-function-dynamodb--examples--dynamodb-event-source-for-existing-dynamodb-table--yaml"></a>

```
Events:
  DDBEvent:
    Type: DynamoDB
    Properties:
      Stream: arn:aws:dynamodb:us-east-1:123456789012:table/TestTable/stream/2016-08-11T21:21:33.291
      StartingPosition: TRIM_HORIZON
      BatchSize: 10
      Enabled: false
```

### DynamoDB Event for DynamoDB Table Declared in Template
<a name="sam-property-function-dynamodb--examples--dynamodb-event-for-dynamodb-table-declared-in-template"></a>

DynamoDB Event for a DynamoDB table that is declared in the same template file.

#### YAML
<a name="sam-property-function-dynamodb--examples--dynamodb-event-for-dynamodb-table-declared-in-template--yaml"></a>

```
Events:
  DDBEvent:
    Type: DynamoDB
    Properties:
      Stream: 
        !GetAtt MyDynamoDBTable.StreamArn   # This must be the name of a DynamoDB table declared in the same template file
      StartingPosition: TRIM_HORIZON
      BatchSize: 10
      Enabled: false
```

# EventBridgeRule
<a name="sam-property-function-eventbridgerule"></a>

The object describing an `EventBridgeRule` event source type, which sets your serverless function as the target of an Amazon EventBridge rule. For more information, see [What Is Amazon EventBridge?](https://docs.aws.amazon.com/eventbridge/latest/userguide/what-is-amazon-eventbridge.html) in the *Amazon EventBridge User Guide*.

AWS SAM generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html) resource when this event type is set. AWS SAM also creates an `AWS::Lambda::Permission` resource, which is needed so the `EventBridgeRule` can call Lambda.

## Syntax
<a name="sam-property-function-eventbridgerule-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-eventbridgerule-syntax.yaml"></a>

```
  [DeadLetterConfig](#sam-function-eventbridgerule-deadletterconfig): DeadLetterConfig
  [EventBusName](#sam-function-eventbridgerule-eventbusname): String
  [Input](#sam-function-eventbridgerule-input): String
  [InputPath](#sam-function-eventbridgerule-inputpath): String
  InputTransformer: [InputTransformer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-inputtransformer.html)
  [Pattern](#sam-function-eventbridgerule-pattern): [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)
  [RetryPolicy](#sam-function-eventbridgerule-retrypolicy): [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)
  RuleName: String 
  State: String
  [Target](#sam-function-eventbridgerule-target): Target
```

## Properties
<a name="sam-property-function-eventbridgerule-properties"></a>

 `DeadLetterConfig`   <a name="sam-function-eventbridgerule-deadletterconfig"></a>
Configure the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn't exist, or when EventBridge has insufficient permissions to invoke the Lambda function. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.  
The [AWS::Serverless::Function](sam-resource-function.md) resource type has a similar data type, `DeadLetterQueue`, which handles failures that occur after successful invocation of the target Lambda function. Examples of these types of failures include Lambda throttling, or errors returned by the Lambda target function. For more information about the function `DeadLetterQueue` property, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) in the *AWS Lambda Developer Guide*.
*Type*: [DeadLetterConfig](sam-property-function-deadletterconfig.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[DeadLetterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-deadletterconfig)` property of the `AWS::Events::Rule` `Target` data type. The AWS SAM version of this property includes additional subproperties, in case you want AWS SAM to create the dead-letter queue for you.

 `EventBusName`   <a name="sam-function-eventbridgerule-eventbusname"></a>
The event bus to associate with this rule. If you omit this property, AWS SAM uses the default event bus.  
*Type*: String  
*Required*: No  
*Default*: Default event bus  
*CloudFormation compatibility*: This property is passed directly to the `[EventBusName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventbusname)` property of an `AWS::Events::Rule` resource.

 `Input`   <a name="sam-function-eventbridgerule-input"></a>
Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-input)` property of an `AWS::Events::Rule Target` resource.

 `InputPath`   <a name="sam-function-eventbridgerule-inputpath"></a>
When you don't want to pass the entire matched event to the target, use the `InputPath` property to describe which part of the event to pass.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[InputPath](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-inputpath)` property of an `AWS::Events::Rule Target` resource.

 `InputTransformer`   <a name="sam-function-eventbridgerule-inputtransformer"></a>
Settings to enable you to provide custom input to a target based on certain event data. You can extract one or more key-value pairs from the event and then use that data to send customized input to the target. For more information, see [Amazon EventBridge input transformation](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-transform-target-input.html) in the *Amazon EventBridge User Guide*.   
*Type*: [InputTransformer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-inputtransformer)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[InputTransformer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-inputtransformer.html)` property of an `AWS::Events::Rule` `Target` data type.

 `Pattern`   <a name="sam-function-eventbridgerule-pattern"></a>
Describes which events are routed to the specified target. For more information, see [Amazon EventBridge events](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-events.html) and [EventBridge event patterns](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns.html) in the *Amazon EventBridge User Guide*.  
*Type*: [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)` property of an `AWS::Events::Rule` resource.

 `RetryPolicy`   <a name="sam-function-eventbridgerule-retrypolicy"></a>
A `RetryPolicy` object that includes information about the retry policy settings. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.  
*Type*: [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)` property of the `AWS::Events::Rule` `Target` data type.

 `RuleName`   <a name="sam-function-eventbridgerule-rulename"></a>
The name of the rule.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-name)` property of an `AWS::Events::Rule` resource.

 `State`   <a name="sam-function-eventbridgerule-state"></a>
The state of the rule.  
*Accepted values*: `DISABLED` \$1 `ENABLED` \$1 `ENABLED_WITH_ALL_CLOUDTRAIL_MANAGEMENT_EVENTS`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state) ` property of an `AWS::Events::Rule` resource.

 `Target`   <a name="sam-function-eventbridgerule-target"></a>
The AWS resource that EventBridge invokes when a rule is triggered. You can use this property to specify the logical ID of the target. If this property is not specified, then AWS SAM generates the logical ID of the target.  
*Type*: [Target](sam-property-function-target.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Targets](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-targets)` property of an `AWS::Events::Rule` resource. `Amazon EC2 RebootInstances API call` is an example of a target property. The AWS SAM version of this property only allows you to specify the logical ID of a single target.

## Examples
<a name="sam-property-function-eventbridgerule--examples"></a>

### EventBridgeRule
<a name="sam-property-function-eventbridgerule--examples--eventbridgerule"></a>

The following is an example of an `EventBridgeRule` event source type.

#### YAML
<a name="sam-property-function-eventbridgerule--examples--eventbridgerule--yaml"></a>

```
EBRule:
  Type: EventBridgeRule
  Properties:
    Input: '{"Key": "Value"}'
    Pattern:
      detail:
        state:
          - terminated
    RetryPolicy:
      MaximumRetryAttempts: 5
      MaximumEventAgeInSeconds: 900
    DeadLetterConfig:
      Type: SQS
      QueueLogicalId: EBRuleDLQ
    Target:
      Id: MyTarget
```

# DeadLetterConfig
<a name="sam-property-function-deadletterconfig"></a>

The object used to specify the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn’t exist, or insufficient permissions to invoke the Lambda function. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.

**Note**  
The [AWS::Serverless::Function](sam-resource-function.md) resource type has a similar data type, `DeadLetterQueue` which handles failures that occur after successful invocation of the target Lambda function. Examples of this type of failure include Lambda throttling, or errors returned by the Lambda target function. For more information about the function `DeadLetterQueue` property, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) in the *AWS Lambda Developer Guide*.

## Syntax
<a name="sam-property-function-deadletterconfig-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-deadletterconfig-syntax.yaml"></a>

```
  [Arn](#sam-function-deadletterconfig-arn): String
  [QueueLogicalId](#sam-function-deadletterconfig-queuelogicalid): String
  [Type](#sam-function-deadletterconfig-type): String
```

## Properties
<a name="sam-property-function-deadletterconfig-properties"></a>

 `Arn`   <a name="sam-function-deadletterconfig-arn"></a>
The Amazon Resource Name (ARN) of the Amazon SQS queue specified as the target for the dead-letter queue.  
Specify either the `Type` property or `Arn` property, but not both.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Arn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-deadletterconfig.html#cfn-events-rule-deadletterconfig-arn)` property of the `AWS::Events::Rule` `DeadLetterConfig` data type.

 `QueueLogicalId`   <a name="sam-function-deadletterconfig-queuelogicalid"></a>
The custom name of the dead letter queue that AWS SAM creates if `Type` is specified.  
If the `Type` property is not set, this property is ignored.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Type`   <a name="sam-function-deadletterconfig-type"></a>
The type of the queue. When this property is set, AWS SAM automatically creates a dead-letter queue and attaches necessary [resource-based policy](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html#dlq-perms) to grant permission to rule resource to send events to the queue.  
Specify either the `Type` property or `Arn` property, but not both.
*Valid values*: `SQS`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-deadletterconfig--examples"></a>

### DeadLetterConfig
<a name="sam-property-function-deadletterconfig--examples--deadletterconfig"></a>

DeadLetterConfig

#### YAML
<a name="sam-property-function-deadletterconfig--examples--deadletterconfig--yaml"></a>

```
DeadLetterConfig:
  Type: SQS
  QueueLogicalId: MyDLQ
```

# Target
<a name="sam-property-function-target"></a>

Configures the AWS resource that EventBridge invokes when a rule is triggered.

## Syntax
<a name="sam-property-function-target-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-target-syntax.yaml"></a>

```
  [Id](#sam-function-target-id): String
```

## Properties
<a name="sam-property-function-target-properties"></a>

 `Id`   <a name="sam-function-target-id"></a>
The logical ID of the target.  
The value of `Id` can include alphanumeric characters, periods (`.`), hyphens (`-`), and underscores (`_`).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Id](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-id)` property of the `AWS::Events::Rule` `Target` data type.

## Examples
<a name="sam-property-function-target--examples"></a>

### Target
<a name="sam-property-function-target--examples--target"></a>

#### YAML
<a name="sam-property-function-target--examples--target--yaml"></a>

```
EBRule:
  Type: EventBridgeRule
  Properties:
    Target:
      Id: MyTarget
```

# HttpApi
<a name="sam-property-function-httpapi"></a>

The object describing an event source with type HttpApi.

If an OpenApi definition for the specified path and method exists on the API, SAM will add the Lambda integration and security section (if applicable) for you.

If no OpenApi definition for the specified path and method exists on the API, SAM will create this definition for you.

## Syntax
<a name="sam-property-function-httpapi-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-httpapi-syntax.yaml"></a>

```
  [ApiId](#sam-function-httpapi-apiid): String
  [Auth](#sam-function-httpapi-auth): HttpApiFunctionAuth
  [Method](#sam-function-httpapi-method): String
  [Path](#sam-function-httpapi-path): String
  [PayloadFormatVersion](#sam-function-httpapi-payloadformatversion): String
  [RouteSettings](#sam-function-httpapi-routesettings): [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)
  [TimeoutInMillis](#sam-function-httpapi-timeoutinmillis): Integer
```

## Properties
<a name="sam-property-function-httpapi-properties"></a>

 `ApiId`   <a name="sam-function-httpapi-apiid"></a>
Identifier of an [AWS::Serverless::HttpApi](sam-resource-httpapi.md) resource defined in this template.  
If not defined, a default [AWS::Serverless::HttpApi](sam-resource-httpapi.md) resource is created called `ServerlessHttpApi` using a generated OpenApi document containing a union of all paths and methods defined by Api events defined in this template that do not specify an `ApiId`.  
This cannot reference an [AWS::Serverless::HttpApi](sam-resource-httpapi.md) resource defined in another template.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Auth`   <a name="sam-function-httpapi-auth"></a>
Auth configuration for this specific Api\$1Path\$1Method.  
Useful for overriding the API's `DefaultAuthorizer` or setting auth config on an individual path when no `DefaultAuthorizer` is specified.  
*Type*: [HttpApiFunctionAuth](sam-property-function-httpapifunctionauth.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Method`   <a name="sam-function-httpapi-method"></a>
HTTP method for which this function is invoked.  
If no `Path` and `Method` are specified, SAM will create a default API path that routes any request that doesn't map to a different endpoint to this Lambda function. Only one of these default paths can exist per API.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Path`   <a name="sam-function-httpapi-path"></a>
Uri path for which this function is invoked. Must start with `/`.  
If no `Path` and `Method` are specified, SAM will create a default API path that routes any request that doesn't map to a different endpoint to this Lambda function. Only one of these default paths can exist per API.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `PayloadFormatVersion`   <a name="sam-function-httpapi-payloadformatversion"></a>
Specifies the format of the payload sent to an integration.  
NOTE: PayloadFormatVersion requires SAM to modify your OpenAPI definition, so it only works with inline OpenApi defined in the `DefinitionBody` property.  
*Type*: String  
*Required*: No  
*Default*: 2.0  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `RouteSettings`   <a name="sam-function-httpapi-routesettings"></a>
The per-route route settings for this HTTP API. For more information about route settings, see [AWS::ApiGatewayV2::Stage RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-stage-routesettings.html) in the *API Gateway Developer Guide*.  
Note: If RouteSettings are specified in both the HttpApi resource and event source, AWS SAM merges them with the event source properties taking precedence.  
*Type*: [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)` property of an `AWS::ApiGatewayV2::Stage` resource.

 `TimeoutInMillis`   <a name="sam-function-httpapi-timeoutinmillis"></a>
Custom timeout between 50 and 29,000 milliseconds.  
NOTE: TimeoutInMillis requires SAM to modify your OpenAPI definition, so it only works with inline OpenApi defined in the `DefinitionBody` property.  
*Type*: Integer  
*Required*: No  
*Default*: 5000  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-httpapi--examples"></a>

### Default HttpApi Event
<a name="sam-property-function-httpapi--examples--default-httpapi-event"></a>

HttpApi Event that uses the default path. All unmapped paths and methods on this API will route to this endpoint.

#### YAML
<a name="sam-property-function-httpapi--examples--default-httpapi-event--yaml"></a>

```
Events:
  HttpApiEvent:
    Type: HttpApi
```

### HttpApi
<a name="sam-property-function-httpapi--examples--httpapi"></a>

HttpApi Event that uses a specific path and method.

#### YAML
<a name="sam-property-function-httpapi--examples--httpapi--yaml"></a>

```
Events:
  HttpApiEvent:
    Type: HttpApi
    Properties:
      Path: /
      Method: GET
```

### HttpApi Authorization
<a name="sam-property-function-httpapi--examples--httpapi-authorization"></a>

HttpApi Event that uses an Authorizer.

#### YAML
<a name="sam-property-function-httpapi--examples--httpapi-authorization--yaml"></a>

```
Events:
  HttpApiEvent:
    Type: HttpApi
    Properties:
      Path: /authenticated
      Method: GET
      Auth:
        Authorizer: OpenIdAuth
        AuthorizationScopes:
          - scope1
          - scope2
```

# HttpApiFunctionAuth
<a name="sam-property-function-httpapifunctionauth"></a>

Configures authorization at the event level.

Configure Auth for a specific API \$1 Path \$1 Method

## Syntax
<a name="sam-property-function-httpapifunctionauth-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-httpapifunctionauth-syntax.yaml"></a>

```
  [AuthorizationScopes](#sam-function-httpapifunctionauth-authorizationscopes): List
  [Authorizer](#sam-function-httpapifunctionauth-authorizer): String
```

## Properties
<a name="sam-property-function-httpapifunctionauth-properties"></a>

 `AuthorizationScopes`   <a name="sam-function-httpapifunctionauth-authorizationscopes"></a>
The authorization scopes to apply to this API, path, and method.  
Scopes listed here will override any scopes applied by the `DefaultAuthorizer` if one exists.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Authorizer`   <a name="sam-function-httpapifunctionauth-authorizer"></a>
The `Authorizer` for a specific Function. To use IAM authorization, specify `AWS_IAM` and specify `true` for `EnableIamAuthorizer` in the `Globals` section of your template.  
If you have specified a Global Authorizer on the API and want to make a specific Function public, override by setting `Authorizer` to `NONE`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-httpapifunctionauth--examples"></a>

### Function-Auth
<a name="sam-property-function-httpapifunctionauth--examples--function-auth"></a>

Specifing Authorization at Function level

#### YAML
<a name="sam-property-function-httpapifunctionauth--examples--function-auth--yaml"></a>

```
Auth:
  Authorizer: OpenIdAuth
  AuthorizationScopes:
    - scope1
    - scope2
```

### IAM authorization
<a name="sam-property-function-httpapifunctionauth--examples--iam-authorization"></a>

Specifies IAM authorization at the event level. To use `AWS_IAM` authorization at the event level, you must also specify `true` for `EnableIamAuthorizer` in the `Globals` section of your template. For more information, see [Globals section of the AWS SAM template](sam-specification-template-anatomy-globals.md).

#### YAML
<a name="sam-property-function-httpapifunctionauth--examples--iam-authorization--yaml"></a>

```
Globals:
  HttpApi:
    Auth:
      EnableIamAuthorizer: true

Resources:
  HttpApiFunctionWithIamAuth:
    Type: AWS::Serverless::Function
    Properties:
      Events:
        ApiEvent:
          Type: HttpApi
          Properties:
            Path: /iam-auth
            Method: GET
            Auth:
              Authorizer: AWS_IAM
      Handler: index.handler
      InlineCode: |
        def handler(event, context):
          return {'body': 'HttpApiFunctionWithIamAuth', 'statusCode': 200}
      Runtime: python3.9
```

# IoTRule
<a name="sam-property-function-iotrule"></a>

The object describing an `IoTRule` event source type.

Creates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-topicrule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-topicrule.html) resource to declare an AWS IoT rule. For more information see [CloudFormation documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-topicrule.html)

## Syntax
<a name="sam-property-function-iotrule-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-iotrule-syntax.yaml"></a>

```
  [AwsIotSqlVersion](#sam-function-iotrule-awsiotsqlversion): String
  [Sql](#sam-function-iotrule-sql): String
```

## Properties
<a name="sam-property-function-iotrule-properties"></a>

 `AwsIotSqlVersion`   <a name="sam-function-iotrule-awsiotsqlversion"></a>
The version of the SQL rules engine to use when evaluating the rule.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[AwsIotSqlVersion](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-topicrule-topicrulepayload.html#cfn-iot-topicrule-topicrulepayload-awsiotsqlversion)` property of an `AWS::IoT::TopicRule TopicRulePayload` resource.

 `Sql`   <a name="sam-function-iotrule-sql"></a>
The SQL statement used to query the topic. For more information, see [AWS IoT SQL Reference](https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html#aws-iot-sql-reference) in the *AWS IoT Developer Guide*.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Sql](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-topicrule-topicrulepayload.html#cfn-iot-topicrule-topicrulepayload-sql)` property of an `AWS::IoT::TopicRule TopicRulePayload` resource.

## Examples
<a name="sam-property-function-iotrule--examples"></a>

### IOT Rule
<a name="sam-property-function-iotrule--examples--iot-rule"></a>

IOT Rule Example

#### YAML
<a name="sam-property-function-iotrule--examples--iot-rule--yaml"></a>

```
IoTRule:
  Type: IoTRule
  Properties:
    Sql: SELECT * FROM 'topic/test'
```

# Kinesis
<a name="sam-property-function-kinesis"></a>

The object describing a `Kinesis` event source type. For more information, see [Using AWS Lambda with Amazon Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) in the *AWS Lambda Developer Guide*.

AWS SAM generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set.

## Syntax
<a name="sam-property-function-kinesis-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-kinesis-syntax.yaml"></a>

```
  [BatchSize](#sam-function-kinesis-batchsize): Integer
  [BisectBatchOnFunctionError](#sam-function-kinesis-bisectbatchonfunctionerror): Boolean
  [DestinationConfig](#sam-function-kinesis-destinationconfig): [DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig)
  [Enabled](#sam-function-kinesis-enabled): Boolean
  [FilterCriteria](#sam-function-kinesis-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)
  [FunctionResponseTypes](#sam-function-kinesis-functionresponsetypes): List
  KmsKeyArn: String          
  [MaximumBatchingWindowInSeconds](#sam-function-kinesis-maximumbatchingwindowinseconds): Integer
  [MaximumRecordAgeInSeconds](#sam-function-kinesis-maximumrecordageinseconds): Integer
  [MaximumRetryAttempts](#sam-function-kinesis-maximumretryattempts): Integer
  [MetricsConfig](#sam-function-kinesis-metricsconfig): [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)
  [ParallelizationFactor](#sam-function-kinesis-parallelizationfactor): Integer
  [StartingPosition](#sam-function-kinesis-startingposition): String
  StartingPositionTimestamp: Double
  [Stream](#sam-function-kinesis-stream): String
  [TumblingWindowInSeconds](#sam-function-kinesis-tumblingwindowinseconds): Integer
```

## Properties
<a name="sam-property-function-kinesis-properties"></a>

 `BatchSize`   <a name="sam-function-kinesis-batchsize"></a>
The maximum number of items to retrieve in a single batch.  
*Type*: Integer  
*Required*: No  
*Default*: 100  
*CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource.  
*Minimum*: `1`  
*Maximum*: `10000`

 `BisectBatchOnFunctionError`   <a name="sam-function-kinesis-bisectbatchonfunctionerror"></a>
If the function returns an error, split the batch in two and retry.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[BisectBatchOnFunctionError](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-bisectbatchonfunctionerror)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `DestinationConfig`   <a name="sam-function-kinesis-destinationconfig"></a>
An Amazon Simple Queue Service (Amazon SQS) queue or Amazon Simple Notification Service (Amazon SNS) topic destination for discarded records.  
*Type*: [DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[DestinationConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Enabled`   <a name="sam-function-kinesis-enabled"></a>
Disables the event source mapping to pause polling and invocation.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FilterCriteria`   <a name="sam-function-kinesis-filtercriteria"></a>
A object that defines the criteria to determine whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*.  
*Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FunctionResponseTypes`   <a name="sam-function-kinesis-functionresponsetypes"></a>
A list of the response types currently applied to the event source mapping. For more information, see [Reporting batch item failures](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-batchfailurereporting) in the *AWS Lambda Developer Guide*.  
*Valid values*: `ReportBatchItemFailures`  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FunctionResponseTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `KmsKeyArn`   <a name="sam-function-kinesis-kmskeyarn"></a>
The Amazon Resource Name (ARN) of the key to encrypt information related to this event.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumBatchingWindowInSeconds`   <a name="sam-function-kinesis-maximumbatchingwindowinseconds"></a>
The maximum amount of time to gather records before invoking the function, in seconds.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumRecordAgeInSeconds`   <a name="sam-function-kinesis-maximumrecordageinseconds"></a>
The maximum age of a record that Lambda sends to a function for processing.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumRecordAgeInSeconds](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumRetryAttempts`   <a name="sam-function-kinesis-maximumretryattempts"></a>
The maximum number of times to retry when the function returns an error.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumRetryAttempts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MetricsConfig`   <a name="sam-function-kinesis-metricsconfig"></a>
An opt-in configuration to get enhanced metrics for event source mappings that capture each stage of processing. For an example, see [MetricsConfig event](sam-property-function-dynamodb.md#sam-property-function-dynamodb-example-metricsconfigevent).  
*Type*: [MetricsConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `ParallelizationFactor`   <a name="sam-function-kinesis-parallelizationfactor"></a>
The number of batches to process from each shard concurrently.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ParallelizationFactor](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-parallelizationfactor)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `StartingPosition`   <a name="sam-function-kinesis-startingposition"></a>
The position in a stream from which to start reading.  
+ `AT_TIMESTAMP` – Specify a time from which to start reading records.
+ `LATEST` – Read only new records.
+ `TRIM_HORIZON` – Process all available records.
*Valid values*: `AT_TIMESTAMP` \$1 `LATEST` \$1 `TRIM_HORIZON`  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[StartingPosition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `StartingPositionTimestamp`   <a name="sam-function-kinesis-startingpositiontimestamp"></a>
The time from which to start reading, in Unix time seconds. Define `StartingPositionTimestamp` when `StartingPosition` is specified as `AT_TIMESTAMP`.  
*Type*: Double  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[StartingPositionTimestamp](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Stream`   <a name="sam-function-kinesis-stream"></a>
The Amazon Resource Name (ARN) of the data stream or a stream consumer.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `TumblingWindowInSeconds`   <a name="sam-function-kinesis-tumblingwindowinseconds"></a>
The duration, in seconds, of a processing window. The valid range is 1 to 900 (15 minutes).  
For more information, see [Tumbling windows](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#streams-tumbling) in the *AWS Lambda Developer Guide*.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[TumblingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-tumblingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

## Examples
<a name="sam-property-function-kinesis--examples"></a>

### MetricsConfig event
<a name="sam-property-function-kinesis-example-metricsconfigevent"></a>

The following is an example of a resource that uses the `MetricsConfig` property to capture each stage of processing for their event source mappings.

```
Resources:
  FilteredEventsFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: s3://sam-demo-bucket/metricsConfig.zip
      Handler: index.handler
      Runtime: nodejs16.x
      Events:
        KinesisStream:
          Type: Kinesis
          Properties:
            Stream: !GetAtt KinesisStream.Arn
            StartingPosition: LATEST
            MetricsConfig:
              Metrics:
              - EventCount
```

### Kinesis event source
<a name="sam-property-function-kinesis--examples--kinesis-event-source"></a>

The following is an example of a Kinesis event source.

#### YAML
<a name="sam-property-function-kinesis--examples--kinesis-event-source--yaml"></a>

```
Events:
  KinesisEvent:
    Type: Kinesis
    Properties:
      Stream: arn:aws:kinesis:us-east-1:123456789012:stream/my-stream
      StartingPosition: TRIM_HORIZON
      BatchSize: 10
      Enabled: false
      FilterCriteria: 
        Filters: 
          - Pattern: '{"key": ["val1", "val2"]}'
```

# MQ
<a name="sam-property-function-mq"></a>

The object describing an `MQ` event source type. For more information, see [Using Lambda with Amazon MQ](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html) in the *AWS Lambda Developer Guide*.

AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set.

**Note**  
To have an Amazon MQ queue in a virtual private cloud (VPC) that connects to a Lambda function in a public network, your function's execution role must include the following permissions:   
`ec2:CreateNetworkInterface`
`ec2:DeleteNetworkInterface`
`ec2:DescribeNetworkInterfaces`
`ec2:DescribeSecurityGroups`
`ec2:DescribeSubnets`
`ec2:DescribeVpcs`
For more information, see [Execution role permissions](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#events-mq-permissions) in the *AWS Lambda Developer Guide*.

## Syntax
<a name="sam-property-function-mq-syntax"></a>

To declare this entity in your AWS SAM template, use the following syntax.

### YAML
<a name="sam-property-function-mq-syntax.yaml"></a>

```
  [BatchSize](#sam-function-mq-batchsize): Integer
  [Broker](#sam-function-mq-broker): String
  DynamicPolicyName: Boolean
  [Enabled](#sam-function-mq-enabled): Boolean
  [FilterCriteria](#sam-function-mq-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)
  KmsKeyArn: String 
  [MaximumBatchingWindowInSeconds](#sam-function-mq-maximumbatchingwindowinseconds): Integer
  [Queues](#sam-function-mq-queues): List
  [SecretsManagerKmsKeyId](#sam-function-mq-secretsmanagerkmskeyid): String
  [SourceAccessConfigurations](#sam-function-mq-sourceaccessconfigurations): List
```

## Properties
<a name="sam-property-function-mq-properties"></a>

 `BatchSize`   <a name="sam-function-mq-batchsize"></a>
The maximum number of items to retrieve in a single batch.  
*Type*: Integer  
*Required*: No  
*Default*: 100  
*CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource.  
*Minimum*: `1`  
*Maximum*: `10000`

 `Broker`   <a name="sam-function-mq-broker"></a>
The Amazon Resource Name (ARN) of the Amazon MQ broker.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `DynamicPolicyName`   <a name="sam-function-mq-dynamicpolicyname"></a>
By default, the AWS Identity and Access Management (IAM) policy name is `SamAutoGeneratedAMQPolicy` for backward compatibility. Specify `true` to use an auto-generated name for your IAM policy. This name will include the Amazon MQ event source logical ID.  
When using more than one Amazon MQ event source, specify `true` to avoid duplicate IAM policy names.
*Type*: Boolean  
*Required*: No  
*Default*: `false`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Enabled`   <a name="sam-function-mq-enabled"></a>
If `true`, the event source mapping is active. To pause polling and invocation, set to `false`.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FilterCriteria`   <a name="sam-function-mq-filtercriteria"></a>
A object that defines the criteria that determines whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*.  
*Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `KmsKeyArn`   <a name="sam-function-mq-kmskeyarn"></a>
The Amazon Resource Name (ARN) of the key to encrypt information related to this event.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumBatchingWindowInSeconds`   <a name="sam-function-mq-maximumbatchingwindowinseconds"></a>
The maximum amount of time to gather records before invoking the function, in seconds.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Queues`   <a name="sam-function-mq-queues"></a>
The name of the Amazon MQ broker destination queue to consume.  
*Type*: List  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Queues](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-queues)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `SecretsManagerKmsKeyId`   <a name="sam-function-mq-secretsmanagerkmskeyid"></a>
The AWS Key Management Service (AWS KMS) key ID of a customer managed key from AWS Secrets Manager. Required when you use a customer managed key from Secrets Manager with a Lambda execution role that doesn't included the `kms:Decrypt` permission.  
The value of this property is a UUID. For example: `1abc23d4-567f-8ab9-cde0-1fab234c5d67`.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SourceAccessConfigurations`   <a name="sam-function-mq-sourceaccessconfigurations"></a>
An array of the authentication protocol or vitual host. Specify this using the [SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html) data type.  
For the `MQ` event source type, the only valid configuration types are `BASIC_AUTH` and `VIRTUAL_HOST`.  
+ **`BASIC_AUTH`** – The Secrets Manager secret that stores your broker credentials. For this type, the credential must be in the following format: `{"username": "your-username", "password": "your-password"}`. Only one object of type `BASIC_AUTH` is allowed.
+ **`VIRTUAL_HOST`** – The name of the virtual host in your RabbitMQ broker. Lambda will use this Rabbit MQ's host as the event source. Only one object of type `VIRTUAL_HOST` is allowed.
*Type*: List  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations)` property of an `AWS::Lambda::EventSourceMapping` resource.

## Examples
<a name="sam-property-function-mq--examples"></a>

### Amazon MQ event source
<a name="sam-property-function-mq--examples--amazon-mq-event-source"></a>

The following is an example of an `MQ` event source type for an Amazon MQ broker.

#### YAML
<a name="sam-property-function-mq--examples--amazon-mq-event-source--yaml"></a>

```
Events:
  MQEvent:
    Type: MQ
    Properties:
      Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
      Queues: List of queues
      SourceAccessConfigurations:
        - Type: BASIC_AUTH
          URI: arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName
      BatchSize: 200
      Enabled: true
```

# MSK
<a name="sam-property-function-msk"></a>

The object describing an `MSK` event source type. For more information, see [Using AWS Lambda with Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html) in the *AWS Lambda Developer Guide*.

AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set.

To use Schema Registry, you need to define specific IAM role permissions for your function. See [Complete setup with IAM roles](#sam-property-function-msk-example-complete) for an example of the required configuration.

## Syntax
<a name="sam-property-function-msk-syntax"></a>

To declare this entity in your AWS SAM template, use the following syntax.

### YAML
<a name="sam-property-function-msk-syntax.yaml"></a>

```
  [BatchSize](#sam-function-msk-batchsize): Integer
  [BisectBatchOnFunctionError](#sam-function-msk-bisectbatchonfunctionerror): Boolean
  [ConsumerGroupId](#sam-function-msk-consumergroupid): String
  DestinationConfig: [DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html)
  [Enabled](#sam-function-msk-enabled): Boolean
  [FilterCriteria](#sam-function-msk-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)
  [FunctionResponseTypes](#sam-function-msk-functionresponsetypes): List
  KmsKeyArn: String
  [MaximumBatchingWindowInSeconds](#sam-function-msk-maximumbatchingwindowinseconds): Integer
  [MaximumRecordAgeInSeconds](#sam-function-msk-maximumrecordageinseconds): Integer
  [MaximumRetryAttempts](#sam-function-msk-maximumretryattempts): Integer
  [LoggingConfig](#sam-function-msk-loggingconfig): [LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-loggingconfig.html)
  [MetricsConfig](#sam-function-msk-metricsconfig): [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig.html)
  [ProvisionedPollerConfig](#sam-function-msk-provisionedpollerconfig): [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig)
  [SchemaRegistryConfig](#sam-function-msk-schemaregistryconfig): [SchemaRegistryConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-schemaregistryconfig.html)
  SourceAccessConfigurations: [SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations)
  [StartingPosition](#sam-function-msk-startingposition): String
  StartingPositionTimestamp: Double
  [Stream](#sam-function-msk-stream): String
  [Topics](#sam-function-msk-topics): List
```

## Properties
<a name="sam-property-function-msk-properties"></a>

 `BatchSize`   <a name="sam-function-msk-batchsize"></a>
The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).  
*Default*: 100  
*Valid Range*: Minimum value of 1. Maximum value of 10,000.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `BisectBatchOnFunctionError`   <a name="sam-function-msk-bisectbatchonfunctionerror"></a>
If the function returns an error, split the batch in two and retry.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[BisectBatchOnFunctionError](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-bisectbatchonfunctionerror)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `ConsumerGroupId`   <a name="sam-function-msk-consumergroupid"></a>
A string that configures how events will be read from Kafka topics.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[AmazonManagedKafkaConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `DestinationConfig`   <a name="sam-function-msk-destinationconfig"></a>
A configuration object that specifies the destination of an event after Lambda processes it.  
Use this property to specify the destination of failed invocations from the Amazon MSK event source.  
*Type*: [DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Enabled`   <a name="sam-function-msk-enabled"></a>
Disables the event source mapping to pause polling and invocation.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FilterCriteria`   <a name="sam-function-msk-filtercriteria"></a>
A object that defines the criteria that determines whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*.  
*Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FunctionResponseTypes`   <a name="sam-function-msk-functionresponsetypes"></a>
A list of the response types currently applied to the event source mapping. For more information, see [Reporting batch item failures](https://docs.aws.amazon.com/lambda/latest/dg/kafka-retry-configurations.html) in the *AWS Lambda Developer Guide*.  
*Valid values*: `ReportBatchItemFailures`  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FunctionResponseTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `KmsKeyArn`   <a name="sam-function-msk-kmskeyarn"></a>
The Amazon Resource Name (ARN) of the key to encrypt information related to this event.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumBatchingWindowInSeconds`   <a name="sam-function-msk-maximumbatchingwindowinseconds"></a>
The maximum amount of time to gather records before invoking the function, in seconds.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumRecordAgeInSeconds`   <a name="sam-function-msk-maximumrecordageinseconds"></a>
The maximum age of a record that Lambda sends to a function for processing.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumRecordAgeInSeconds](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumRetryAttempts`   <a name="sam-function-msk-maximumretryattempts"></a>
The maximum number of times to retry when the function returns an error.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumRetryAttempts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `LoggingConfig`   <a name="sam-function-msk-loggingconfig"></a>
A configuration object that specifies the logging configuration for the event source mapping.  
*Type*: [LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-loggingconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-loggingconfig.html)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MetricsConfig`   <a name="sam-function-msk-metricsconfig"></a>
A configuration object that specifies the metrics configuration for the event source mapping.  
*Type*: [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig.html)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `ProvisionedPollerConfig`   <a name="sam-function-msk-provisionedpollerconfig"></a>
Configuration to increase the amount of pollers used to compute event source mappings. This configuration allows for a minimum of 1 poller and a maximum of 2000 pollers. For an example, refer to [ProvisionedPollerConfig example](#sam-property-function-msk-example-provisionedpollerconfig).  
*Type*: [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

`SchemaRegistryConfig`  <a name="sam-function-msk-schemaregistryconfig"></a>
Configuration for using a schema registry with the Kafka event source.  
This feature requires `ProvisionedPollerConfig` to be configured.
*Type*: SchemaRegistryConfig  
*Required*: No  
*CloudFormation compatibility:* This property is passed directly to the `[AmazonManagedKafkaEventSourceConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `SourceAccessConfigurations`   <a name="sam-function-msk-sourceaccessconfigurations"></a>
An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.  
*Valid values*: `CLIENT_CERTIFICATE_TLS_AUTH`  
*Type*: List of [SourceAccessConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html)  
*Required*: No  
*CloudFormation compatibility:* This propertyrty is part of the [AmazonManagedKafkaEventSourceConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig) property of an `AWS::Lambda::EventSourceMapping` resource.

 `StartingPosition`   <a name="sam-function-msk-startingposition"></a>
The position in a stream from which to start reading.  
+ `AT_TIMESTAMP` – Specify a time from which to start reading records.
+ `LATEST` – Read only new records.
+ `TRIM_HORIZON` – Process all available records.
*Valid values*: `AT_TIMESTAMP` \$1 `LATEST` \$1 `TRIM_HORIZON`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[StartingPosition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `StartingPositionTimestamp`   <a name="sam-function-msk-startingpositiontimestamp"></a>
The time from which to start reading, in Unix time seconds. Define `StartingPositionTimestamp` when `StartingPosition` is specified as `AT_TIMESTAMP`.  
*Type*: Double  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[StartingPositionTimestamp](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Stream`   <a name="sam-function-msk-stream"></a>
The Amazon Resource Name (ARN) of the data stream or a stream consumer.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Topics`   <a name="sam-function-msk-topics"></a>
The name of the Kafka topic.  
*Type*: List  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Topics](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-topics)` property of an `AWS::Lambda::EventSourceMapping` resource.

## Examples
<a name="sam-property-function-msk--examples"></a>

### Complete setup with IAM roles
<a name="sam-property-function-msk-example-complete"></a>

The following example shows a complete setup including the required IAM role configuration for using Schema Registry:

```
Parameters:
  PreCreatedSubnetOne:
    Type: String
  PreCreatedSubnetTwo:
    Type: String
  MskClusterName4:
    Type: String

Resources:
  MyLambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17		 	 	 '
        Statement:
        - Action: [sts:AssumeRole]
          Effect: Allow
          Principal:
            Service: [lambda.amazonaws.com]
      Policies:
      - PolicyName: KafkaClusterPermissions
        PolicyDocument:
          Statement:
          - Action: [kafka:DescribeClusterV2, kafka:GetBootstrapBrokers]
            Effect: Allow
            Resource: 'arn:aws:kafka:us-east-1:123456789012:cluster/*'
      - PolicyName: KafkaAuthPolicy
        PolicyDocument:
          Statement:
          - Action: [secretsmanager:GetSecretValue, kms:Decrypt]
            Effect: "Allow"
            Resource: ['arn:aws:secretsmanager:us-west-2:123456789012:secret:kafkaSecret-******',
                        'arn:aws:kms:us-west-2:123456789012:key/keyId']
      - PolicyName: ENIPolicy
        PolicyDocument:
          Statement:
          - Action: [ec2:CreateNetworkInterface,
              ec2:DescribeNetworkInterfaces, ec2:DescribeVpcs, ec2:DeleteNetworkInterface,
              ec2:DescribeSubnets, ec2:DescribeSecurityGroups]
            Effect: Allow
            Resource: '*'
      - PolicyName: SchemaRegistryPolicy
        PolicyDocument:
          Statement:
          - Action: [glue:GetRegistry]
            Effect: Allow
            Resource: 'arn:aws:glue:{region}:{account-id}:registry/{registry-name}'
      - PolicyName: SchemaVersionsPolicy
        PolicyDocument:
          Statement:
          - Action: [glue:GetSchemaVersions]
            Effect: Allow
            Resource: '*'
      ManagedPolicyArns:
      - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Tags:
      - {Value: SAM, Key: lambda:createdBy}

  MyMskCluster:
    Type: AWS::MSK::Cluster
    Properties:
      BrokerNodeGroupInfo:
        ClientSubnets:
        - Ref: PreCreatedSubnetOne
        - Ref: PreCreatedSubnetTwo
        InstanceType: kafka.t3.small
        StorageInfo:
          EBSStorageInfo:
            VolumeSize: 1
      ClusterName:
        Ref: MskClusterName4
      KafkaVersion: 3.8.x
      NumberOfBrokerNodes: 2

  MyMskStreamProcessor:
    Type: AWS::Serverless::Function
    Properties:
      Runtime: nodejs18.x
      Handler: index.handler
      CodeUri: ${codeuri}
      Role:
        Fn::GetAtt: [MyLambdaExecutionRole, Arn]
      Events:
        MyMskEvent:
          Type: MSK
          Properties:
            StartingPosition: LATEST
            Stream:
              Ref: MyMskCluster
            SourceAccessConfigurations:
            - Type: SASL_SCRAM_512_AUTH
              URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c
            Topics:
            - SchemaRegistryTestTopic
            ProvisionedPollerConfig:
              MinimumPollers: 1
            SchemaRegistryConfig:
              AccessConfigs:
              - Type: BASIC_AUTH
                URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c
              SchemaValidationConfigs:
              - Attribute: KEY
              EventRecordFormat: JSON
              SchemaRegistryURI: !Sub arn:${AWS::Partition}:glue:us-west-2:123456789012:registry/myregistry
```

### ProvisionedPollerConfig example
<a name="sam-property-function-msk-example-provisionedpollerconfig"></a>

```
ProvisionedPollerConfig:
  MinimumPollers: 1
  MaximumPollers: 200
```

### Amazon MSK Example for Existing Cluster
<a name="sam-property-function-msk--examples--amazon-msk-example-for-existing-cluster"></a>

The following is an example of an `MSK` event source type for an Amazon MSK cluster that already exists in an AWS account.

#### YAML
<a name="sam-property-function-msk--examples--amazon-msk-example-for-existing-cluster--yaml"></a>

```
Events:
  MSKEvent:
    Type: MSK
    Properties:
      StartingPosition: LATEST
      Stream: arn:aws:kafka:us-east-1:012345678012:cluster/exampleClusterName/abcdefab-1234-abcd-5678-cdef0123ab01-2
      Topics:
        - MyTopic
```

### Amazon MSK Example for Cluster Declared in Same Template
<a name="sam-property-function-msk--examples--amazon-msk-example-for-cluster-declared-in-same-template"></a>

The following is an example of an `MSK` event source type for an Amazon MSK cluster that is declared in the same template file.

#### YAML
<a name="sam-property-function-msk--examples--amazon-msk-example-for-cluster-declared-in-same-template--yaml"></a>

```
Events:
  MSKEvent:
    Type: MSK
    Properties:
      StartingPosition: LATEST
      Stream:
        Ref: MyMskCluster   # This must be the name of an MSK cluster declared in the same template file
      Topics:
        - MyTopic
```

#### MSK Event Source with Schema Registry
<a name="sam-property-function-msk-example-schemaregistry"></a>

The following is an example of an `MSK` event source type configured with a schema registry.

```
Events:
  MSKEvent:
    Type: MSK
    Properties:
      StartingPosition: LATEST
      Stream:
        Ref: MyMskCluster
      Topics:
        - SchemaRegistryTestTopic
      ProvisionedPollerConfig:
        MinimumPollers: 1
      SchemaRegistryConfig:
        SchemaRegistryURI: !Sub arn:${AWS::Partition}:glue:us-west-2:123456789012:registry/myregistry
        EventRecordFormat: JSON
        SchemaValidationConfigs:
          - Attribute: KEY
          - Attribute: VALUE
```

#### MSK Event Source with Confluent Schema Registry
<a name="sam-property-function-msk-example-schemaregistry-confluent"></a>

The following is an example of an `MSK` event source type configured with a Confluent Schema Registry.

```
Events:
  MSKEvent:
    Type: MSK
    Properties:
      StartingPosition: LATEST
      Stream:
        Ref: MyMskCluster
      Topics:
        - SchemaRegistryTestTopic
      ProvisionedPollerConfig:
        MinimumPollers: 1
      SchemaRegistryConfig:
        SchemaRegistryURI: https://my-schema-registry.confluent.cloud
        AccessConfigs:
          - Type: BASIC_AUTH
            URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-secret
        EventRecordFormat: JSON
        SchemaValidationConfigs:
          - Attribute: KEY
          - Attribute: VALUE
```

# S3
<a name="sam-property-function-s3"></a>

The object describing an `S3` event source type.

## Syntax
<a name="sam-property-function-s3-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-s3-syntax.yaml"></a>

```
  [Bucket](#sam-function-s3-bucket): String
  [Events](#sam-function-s3-events): String | List
  [Filter](#sam-function-s3-filter): [NotificationFilter](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter.html)
```

## Properties
<a name="sam-property-function-s3-properties"></a>

 `Bucket`   <a name="sam-function-s3-bucket"></a>
S3 bucket name. This bucket must exist in the same template.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is similar to the `[BucketName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-name)` property of an `AWS::S3::Bucket` resource. This is a required field in SAM. This field only accepts a reference to the S3 bucket created in this template

 `Events`   <a name="sam-function-s3-events"></a>
The Amazon S3 bucket event for which to invoke the Lambda function. See [Amazon S3 supported event types](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#supported-notification-event-types) for a list of valid values.  
*Type*: String \$1 List  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Event](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html#cfn-s3-bucket-notificationconfig-lambdaconfig-event)` property of the `AWS::S3::Bucket` `LambdaConfiguration` data type.

 `Filter`   <a name="sam-function-s3-filter"></a>
The filtering rules that determine which Amazon S3 objects invoke the Lambda function. For information about Amazon S3 key name filtering, see [Configuring Amazon S3 Event Notifications](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) in the *Amazon Simple Storage Service User Guide*.  
*Type*: [NotificationFilter](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Filter](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfiguration-config-filter.html)` property of the `AWS::S3::Bucket` `LambdaConfiguration` data type.

## Examples
<a name="sam-property-function-s3--examples"></a>

### S3-Event
<a name="sam-property-function-s3--examples--s3-event"></a>

Example of an S3 Event.

#### YAML
<a name="sam-property-function-s3--examples--s3-event--yaml"></a>

```
Events:
  S3Event:
    Type: S3
    Properties:
      Bucket:
        Ref: ImagesBucket     # This must be the name of an S3 bucket declared in the same template file
      Events: s3:ObjectCreated:*
      Filter:
        S3Key:
          Rules:
          - Name: prefix      # or "suffix"
            Value: value      # The value to search for in the S3 object key names
```

# Schedule
<a name="sam-property-function-schedule"></a>

The object describing a `Schedule` event source type, which sets your serverless function as the target of an Amazon EventBridge rule that triggers on a schedule. For more information, see [What Is Amazon EventBridge?](https://docs.aws.amazon.com/eventbridge/latest/userguide/what-is-amazon-eventbridge.html) in the *Amazon EventBridge User Guide*.

AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html) resource when this event type is set.

**Note**  
EventBridge now offers a new scheduling capability, [Amazon EventBridge Scheduler](https://docs.aws.amazon.com/scheduler/latest/UserGuide/what-is-scheduler.html). Amazon EventBridge Scheduler is a serverless scheduler that allows you to create, run, and manage tasks from one central, managed service. EventBridge Scheduler is highly customizable, and offers improved scalability over EventBridge scheduled rules, with a wider set of target API operations and AWS services.  
We recommend that you use EventBridge Scheduler to invoke targets on a schedule. To define this event source type in your AWS SAM templates, see [ScheduleV2](sam-property-function-schedulev2.md).

## Syntax
<a name="sam-property-function-schedule-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-schedule-syntax.yaml"></a>

```
  [DeadLetterConfig](#sam-function-schedule-deadletterconfig): DeadLetterConfig
  [Description](#sam-function-schedule-description): String
  [Enabled](#sam-function-schedule-enabled): Boolean
  [Input](#sam-function-schedule-input): String
  [Name](#sam-function-schedule-name): String
  [RetryPolicy](#sam-function-schedule-retrypolicy): [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)
  [Schedule](#sam-function-schedule-schedule): String
  [State](#sam-function-schedule-state): String
```

## Properties
<a name="sam-property-function-schedule-properties"></a>

 `DeadLetterConfig`   <a name="sam-function-schedule-deadletterconfig"></a>
Configure the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn't exist, or when EventBridge has insufficient permissions to invoke the Lambda function. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.  
The [AWS::Serverless::Function](sam-resource-function.md) resource type has a similar data type, `DeadLetterQueue`, which handles failures that occur after successful invocation of the target Lambda function. Examples of these types of failures include Lambda throttling, or errors returned by the Lambda target function. For more information about the function `DeadLetterQueue` property, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) in the *AWS Lambda Developer Guide*.
*Type*: [DeadLetterConfig](sam-property-function-scheduledeadletterconfig.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[DeadLetterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-deadletterconfig)` property of the `AWS::Events::Rule` `Target` data type. The AWS SAM version of this property includes additional subproperties, in case you want AWS SAM to create the dead-letter queue for you.

 `Description`   <a name="sam-function-schedule-description"></a>
A description of the rule.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-description)` property of an `AWS::Events::Rule` resource.

 `Enabled`   <a name="sam-function-schedule-enabled"></a>
Indicates whether the rule is enabled.  
To disable the rule, set this property to `false`.  
Specify either the `Enabled` or `State` property, but not both.
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state)` property of an `AWS::Events::Rule` resource. If this property is set to `true` then AWS SAM passes `ENABLED`, otherwise it passes `DISABLED`.

 `Input`   <a name="sam-function-schedule-input"></a>
Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-input)` property of an `AWS::Events::Rule Target` resource.

 `Name`   <a name="sam-function-schedule-name"></a>
The name of the rule. If you don't specify a name, CloudFormation generates a unique physical ID and uses that ID for the rule name.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-name)` property of an `AWS::Events::Rule` resource.

 `RetryPolicy`   <a name="sam-function-schedule-retrypolicy"></a>
A `RetryPolicy` object that includes information about the retry policy settings. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.  
*Type*: [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)` property of the `AWS::Events::Rule` `Target` data type.

 `Schedule`   <a name="sam-function-schedule-schedule"></a>
The scheduling expression that determines when and how often the rule runs. For more information, see [Schedule Expressions for Rules](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule-schedule.html).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ScheduleExpression](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-scheduleexpression)` property of an `AWS::Events::Rule` resource.

 `State`   <a name="sam-function-schedule-state"></a>
The state of the rule.  
*Accepted values:* `DISABLED | ENABLED`  
Specify either the `Enabled` or `State` property, but not both.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state)` property of an `AWS::Events::Rule` resource.

## Examples
<a name="sam-property-function-schedule--examples"></a>

### CloudWatch Schedule Event
<a name="sam-property-function-schedule--examples--cloudwatch-schedule-event"></a>

CloudWatch Schedule Event Example

#### YAML
<a name="sam-property-function-schedule--examples--cloudwatch-schedule-event--yaml"></a>

```
CWSchedule:
  Type: Schedule
  Properties:
    Schedule: 'rate(1 minute)'
    Name: TestSchedule
    Description: test schedule
    Enabled: false
```

# DeadLetterConfig
<a name="sam-property-function-scheduledeadletterconfig"></a>

The object used to specify the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn’t exist, or insufficient permissions to invoke the Lambda function. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.

**Note**  
The [AWS::Serverless::Function](sam-resource-function.md) resource type has a similar data type, `DeadLetterQueue` which handles failures that occur after successful invocation of the target Lambda function. Examples of this type of failure include Lambda throttling, or errors returned by the Lambda target function. For more information about the function `DeadLetterQueue` property, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) in the *AWS Lambda Developer Guide*.

## Syntax
<a name="sam-property-function-scheduledeadletterconfig-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-scheduledeadletterconfig-syntax.yaml"></a>

```
  [Arn](#sam-function-scheduledeadletterconfig-arn): String
  [QueueLogicalId](#sam-function-scheduledeadletterconfig-queuelogicalid): String
  [Type](#sam-function-scheduledeadletterconfig-type): String
```

## Properties
<a name="sam-property-function-scheduledeadletterconfig-properties"></a>

 `Arn`   <a name="sam-function-scheduledeadletterconfig-arn"></a>
The Amazon Resource Name (ARN) of the Amazon SQS queue specified as the target for the dead-letter queue.  
Specify either the `Type` property or `Arn` property, but not both.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Arn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-deadletterconfig.html#cfn-events-rule-deadletterconfig-arn)` property of the `AWS::Events::Rule` `DeadLetterConfig` data type.

 `QueueLogicalId`   <a name="sam-function-scheduledeadletterconfig-queuelogicalid"></a>
The custom name of the dead letter queue that AWS SAM creates if `Type` is specified.  
If the `Type` property is not set, this property is ignored.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Type`   <a name="sam-function-scheduledeadletterconfig-type"></a>
The type of the queue. When this property is set, AWS SAM automatically creates a dead-letter queue and attaches necessary [resource-based policy](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html#dlq-perms) to grant permission to rule resource to send events to the queue.  
Specify either the `Type` property or `Arn` property, but not both.
*Valid values*: `SQS`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-scheduledeadletterconfig--examples"></a>

### DeadLetterConfig
<a name="sam-property-function-scheduledeadletterconfig--examples--deadletterconfig"></a>

DeadLetterConfig

#### YAML
<a name="sam-property-function-scheduledeadletterconfig--examples--deadletterconfig--yaml"></a>

```
DeadLetterConfig:
  Type: SQS
  QueueLogicalId: MyDLQ
```

# ScheduleV2
<a name="sam-property-function-schedulev2"></a>

The object describing a `ScheduleV2` event source type, which sets your serverless function as the target of an Amazon EventBridge Scheduler event that triggers on a schedule. For more information, see [What is Amazon EventBridge Scheduler?](https://docs.aws.amazon.com/scheduler/latest/UserGuide/what-is-scheduler.html) in the *EventBridge Scheduler User Guide*.

AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html) resource when this event type is set.

## Syntax
<a name="sam-property-function-schedulev2-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-schedulev2-syntax.yaml"></a>

```
[DeadLetterConfig](#sam-function-schedulev2-deadletterconfig): DeadLetterConfig
[Description](#sam-function-schedulev2-description): String
[EndDate](#sam-function-schedulev2-enddate): String
[FlexibleTimeWindow](#sam-function-schedulev2-flexibletimewindow): FlexibleTimeWindow
[GroupName](#sam-function-schedulev2-groupname): String
[Input](#sam-function-schedulev2-input): String
[KmsKeyArn](#sam-function-schedulev2-kmskeyarn): String
[Name](#sam-function-schedulev2-name): String
OmitName: Boolean
[PermissionsBoundary](#sam-function-schedulev2-permissionsboundary): String
[RetryPolicy](#sam-function-schedulev2-retrypolicy): RetryPolicy
[RoleArn](#sam-function-schedulev2-rolearn): String
[ScheduleExpression](#sam-function-schedulev2-schedule): String
[ScheduleExpressionTimezone](#sam-function-schedulev2-scheduleexpressiontimezone): String
[StartDate](#sam-function-schedulev2-startdate): String
[State](#sam-function-schedulev2-state): String
```

## Properties
<a name="sam-property-function-schedulev2-properties"></a>

 `DeadLetterConfig`   <a name="sam-function-schedulev2-deadletterconfig"></a>
Configure the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn't exist, or when EventBridge has insufficient permissions to invoke the Lambda function. For more information, see [Configuring a dead-letter queue for EventBridge Scheduler](https://docs.aws.amazon.com/scheduler/latest/UserGuide/configuring-schedule-dlq.html) in the *EventBridge Scheduler User Guide*.  
The [AWS::Serverless::Function](sam-resource-function.md) resource type has a similar data type, `DeadLetterQueue`, which handles failures that occur after successful invocation of the target Lambda function. Examples of these types of failures include Lambda throttling, or errors returned by the Lambda target function. For more information about the function `DeadLetterQueue` property, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) in the *AWS Lambda Developer Guide*.
*Type*: [DeadLetterConfig](sam-property-function-scheduledeadletterconfig.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[DeadLetterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-deadletterconfig)` property of the `AWS::Scheduler::Schedule` `Target` data type. The AWS SAM version of this property includes additional subproperties, in case you want AWS SAM to create the dead-letter queue for you.

 `Description`   <a name="sam-function-schedulev2-description"></a>
A description of the schedule.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-description)` property of an `AWS::Scheduler::Schedule` resource.

 `EndDate`   <a name="sam-function-schedulev2-enddate"></a>
The date, in UTC, before which the schedule can invoke its target. Depending on the schedule's recurrence expression, invocations might stop on, or before, the **EndDate** you specify.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[EndDate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-enddate)` property of an `AWS::Scheduler::Schedule` resource.

 `FlexibleTimeWindow`   <a name="sam-function-schedulev2-flexibletimewindow"></a>
Allows configuration of a window within which a schedule can be invoked.  
*Type*: [FlexibleTimeWindow](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-flexibletimewindow)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FlexibleTimeWindow](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-flexibletimewindow)` property of an `AWS::Scheduler::Schedule` resource.

 `GroupName`   <a name="sam-function-schedulev2-groupname"></a>
The name of the schedule group to associate with this schedule. If not defined, the default group is used.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[GroupName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-groupname)` property of an `AWS::Scheduler::Schedule` resource.

 `Input`   <a name="sam-function-schedulev2-input"></a>
Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-input)` property of an `AWS::Scheduler::Schedule Target` resource.

 `KmsKeyArn`   <a name="sam-function-schedulev2-kmskeyarn"></a>
The ARN for a KMS Key that will be used to encrypt customer data.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-kmskeyarn)` property of an `AWS::Scheduler::Schedule` resource.

 `Name`   <a name="sam-function-schedulev2-name"></a>
The name of the schedule. If you don't specify a name, AWS SAM generates a name in the format `Function-Logical-IDEvent-Source-Name` and uses that ID for the schedule name.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-name)` property of an `AWS::Scheduler::Schedule` resource.

`OmitName`  <a name="sam-function-schedulev2-omitname"></a>
By default, AWS SAM generates and uses a schedule name in the format of *<Function-logical-ID><event-source-name>*. Set this property to `true` to have CloudFormation generate a unique physical ID and use that for the schedule name instead.  
*Type*: Boolean  
*Required*: No  
*Default*: `false`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `PermissionsBoundary`   <a name="sam-function-schedulev2-permissionsboundary"></a>
The ARN of the policy used to set the permissions boundary for the role.  
If `PermissionsBoundary` is defined, AWS SAM will apply the same boundaries to the scheduler schedule's target IAM role.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[PermissionsBoundary](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary)` property of an `AWS::IAM::Role` resource.

 `RetryPolicy`   <a name="sam-function-schedulev2-retrypolicy"></a>
A **RetryPolicy** object that includes information about the retry policy settings.  
*Type*: [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-retrypolicy)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-retrypolicy)` property of the `AWS::Scheduler::Schedule` `Target` data type.

 `RoleArn`   <a name="sam-function-schedulev2-rolearn"></a>
The ARN of the IAM role that EventBridge Scheduler will use for the target when the schedule is invoked.  
*Type*: [RoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-rolearn)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-rolearn)` property of the `AWS::Scheduler::Schedule` `Target` data type.

 `ScheduleExpression`   <a name="sam-function-schedulev2-scheduleexpression"></a>
The scheduling expression that determines when and how often the scheduler schedule event runs.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ScheduleExpression](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-scheduleexpression)` property of an `AWS::Scheduler::Schedule` resource.

 `ScheduleExpressionTimezone`   <a name="sam-function-schedulev2-scheduleexpressiontimezone"></a>
The timezone in which the scheduling expression is evaluated.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ScheduleExpressionTimezone](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-scheduleexpressiontimezone)` property of an `AWS::Scheduler::Schedule` resource.

 `StartDate`   <a name="sam-function-schedulev2-startdate"></a>
The date, in UTC, after which the schedule can begin invoking a target. Depending on the schedule's recurrence expression, invocations might occur on, or after, the **StartDate** you specify.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[StartDate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-startdate)` property of an `AWS::Scheduler::Schedule` resource.

 `State`   <a name="sam-function-schedulev2-state"></a>
The state of the Scheduler schedule.  
*Accepted values:* `DISABLED | ENABLED`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-state)` property of an `AWS::Scheduler::Schedule` resource.

## Examples
<a name="sam-property-function-schedulev2--examples"></a>

### Basic example of defining a ScheduleV2 resource
<a name="sam-property-function-schedulev2--examples--example1"></a>

```
Resources:
  Function:
    Properties:
      ...
      Events:
        ScheduleEvent:
          Type: ScheduleV2
          Properties:
            ScheduleExpression: "rate(1 minute)"
        ComplexScheduleEvent:
          Type: ScheduleV2
          Properties:
            ScheduleExpression: rate(1 minute)
            FlexibleTimeWindow:
              Mode: FLEXIBLE
              MaximumWindowInMinutes: 5
            StartDate: '2022-12-28T12:00:00.000Z'
            EndDate: '2023-01-28T12:00:00.000Z'
            ScheduleExpressionTimezone: UTC
            RetryPolicy:
              MaximumRetryAttempts: 5
              MaximumEventAgeInSeconds: 300
            DeadLetterConfig:
              Type: SQS
```

**Note**  
The generated physical ID of ScheduleV2 does not include stack name.

# SelfManagedKafka
<a name="sam-property-function-selfmanagedkafka"></a>

The object describing a `SelfManagedKafka` event source type. For more information, see [Using AWS Lambda with self-managed Apache Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html) in the *AWS Lambda Developer Guide*.

AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set.

To use Schema Registry, you need to define specific IAM role permissions for your function. See [Complete setup with IAM roles](sam-property-function-msk.md#sam-property-function-msk-example-complete) for an example of the required configuration.

## Syntax
<a name="sam-property-function-selfmanagedkafka-syntax"></a>

To declare this entity in your AWS SAM template, use the following syntax.

### YAML
<a name="sam-property-function-selfmanagedkafka-syntax.yaml"></a>

```
  [BatchSize](#sam-function-selfmanagedkafka-batchsize): Integer
  [BisectBatchOnFunctionError](#sam-function-selfmanagedkafka-bisectbatchonfunctionerror): Boolean
  [ConsumerGroupId](#sam-function-selfmanagedkafka-consumergroupid): String
  DestinationConfig: [DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html)
  [Enabled](#sam-function-selfmanagedkafka-enabled): Boolean
  [FilterCriteria](#sam-function-selfmanagedkafka-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)
  [KafkaBootstrapServers](#sam-function-selfmanagedkafka-kafkabootstrapservers): List
  [FunctionResponseTypes](#sam-function-selfmanagedkafka-functionresponsetypes): List
  KmsKeyArn: String
  [LoggingConfig](#sam-function-selfmanagedkafka-loggingconfig): LoggingConfig
  [MaximumRecordAgeInSeconds](#sam-function-selfmanagedkafka-maximumrecordageinseconds): Integer
  [MaximumRetryAttempts](#sam-function-selfmanagedkafka-maximumretryattempts): Integer
  [MetricsConfig](#sam-function-selfmanagedkafka-metricsconfig): MetricsConfig
  [ProvisionedPollerConfig](#sam-function-selfmanagedkafka-provisionedpollerconfig): [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig)
  [SchemaRegistryConfig](#sam-function-selfmanagedkafka-schemaregistryconfig): [SchemaRegistryConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-schemaregistryconfig.html)
  [SourceAccessConfigurations](#sam-function-selfmanagedkafka-sourceaccessconfigurations): [SourceAccessConfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations)
  StartingPosition: String
  StartingPositionTimestamp: Double
  [Topics](#sam-function-selfmanagedkafka-topics): List
```

## Properties
<a name="sam-property-function-selfmanagedkafka-properties"></a>

 `BatchSize`   <a name="sam-function-selfmanagedkafka-batchsize"></a>
The maximum number of records in each batch that Lambda pulls from your stream and sends to your function.  
*Type*: Integer  
*Required*: No  
*Default*: 100  
*CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource.  
*Minimum*: `1`  
*Maximum*: `10000`

 `BisectBatchOnFunctionError`   <a name="sam-function-selfmanagedkafka-bisectbatchonfunctionerror"></a>
If the function returns an error, split the batch in two and retry.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[BisectBatchOnFunctionError](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-bisectbatchonfunctionerror)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `ConsumerGroupId`   <a name="sam-function-selfmanagedkafka-consumergroupid"></a>
A string that configures how events will be read from Kafka topics.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[SelfManagedKafkaEventSourceConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `DestinationConfig`   <a name="sam-function-selfmanagedkafka-destinationconfig"></a>
A configuration object that specifies the destination of an event after Lambda processes it.  
Use this property to specify the destination of failed invocations from the self-managed Kafka event source.  
*Type*: [DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ DestinationConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Enabled`   <a name="sam-function-selfmanagedkafka-enabled"></a>
Disables the event source mapping to pause polling and invocation.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FilterCriteria`   <a name="sam-function-selfmanagedkafka-filtercriteria"></a>
A object that defines the criteria to determine whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*.  
*Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-filtercriteria)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `KafkaBootstrapServers`   <a name="sam-function-selfmanagedkafka-kafkabootstrapservers"></a>
The list of bootstrap servers for your Kafka brokers. Include the port, for example `broker.example.com:xxxx`  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FunctionResponseTypes`   <a name="sam-function-selfmanagedkafka-functionresponsetypes"></a>
A list of the response types currently applied to the event source mapping. For more information, see [Reporting batch item failures](https://docs.aws.amazon.com/lambda/latest/dg/kafka-retry-configurations.html) in the *AWS Lambda Developer Guide*.  
*Valid values*: `ReportBatchItemFailures`  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FunctionResponseTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `KmsKeyArn`   <a name="sam-function-selfmanagedkafka-kmskeyarn"></a>
The Amazon Resource Name (ARN) of the key to encrypt information related to this event.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `LoggingConfig`   <a name="sam-function-selfmanagedkafka-loggingconfig"></a>
The logging configuration for your event source.  
*Type*: [LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-loggingconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[LoggingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-loggingconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumRecordAgeInSeconds`   <a name="sam-function-selfmanagedkafka-maximumrecordageinseconds"></a>
The maximum age of a record that Lambda sends to a function for processing.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumRecordAgeInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MetricsConfig`   <a name="sam-function-selfmanagedkafka-metricsconfig"></a>
The metrics configuration for your event source.  
*Type*: [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-metricsconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumRetryAttempts`   <a name="sam-function-selfmanagedkafka-maximumretryattempts"></a>
The maximum number of times to retry when the function returns an error.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumRetryAttempts](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `ProvisionedPollerConfig`   <a name="sam-function-selfmanagedkafka-provisionedpollerconfig"></a>
Configuration to increase the amount of pollers used to compute event source mappings. This configuration allows for a minumum of 1 poller and a maximum of 2000 pollers. For an example, refer to [ProvisionedPollerConfig example](#sam-property-function-selfmanagedkafka-example-provisionedpollerconfig)  
*Type*: [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-provisionedpollerconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

`SchemaRegistryConfig`  <a name="sam-function-selfmanagedkafka-schemaregistryconfig"></a>
Configuration for using a schema registry with the self-managed Kafka event source.  
This feature requires `ProvisionedPollerConfig` to be configured.
*Type*: [SchemaRegistryConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-schemaregistryconfig)  
*Required*: No  
*CloudFormation compatibility:* This property is passed directly to the `[SelfManagedKafkaEventSourceConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `SourceAccessConfigurations`   <a name="sam-function-selfmanagedkafka-sourceaccessconfigurations"></a>
An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.  
*Valid values*: `BASIC_AUTH | CLIENT_CERTIFICATE_TLS_AUTH | SASL_SCRAM_256_AUTH | SASL_SCRAM_512_AUTH | SERVER_ROOT_CA_CERTIFICATE`  
*Type*: List of [SourceAccessConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration)  
*Required*: Yes  
*CloudFormation compatibility:* This property is part of the `[SelfManagedKafkaEventSourceConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `StartingPosition`   <a name="sam-function-selfmanagedkafka-startingposition"></a>
The position in a stream from which to start reading.  
+ `AT_TIMESTAMP` – Specify a time from which to start reading records.
+ `LATEST` – Read only new records.
+ `TRIM_HORIZON` – Process all available records.
*Valid values*: `AT_TIMESTAMP` \$1 `LATEST` \$1 `TRIM_HORIZON`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[StartingPosition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `StartingPositionTimestamp`   <a name="sam-function-selfmanagedkafka-startingpositiontimestamp"></a>
The time from which to start reading, in Unix time seconds. Define `StartingPositionTimestamp` when `StartingPosition` is specified as `AT_TIMESTAMP`.  
*Type*: Double  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[StartingPositionTimestamp](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Topics`   <a name="sam-function-selfmanagedkafka-topics"></a>
The name of the Kafka topic.  
*Type*: List  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Topics](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-topics)` property of an `AWS::Lambda::EventSourceMapping` resource.

## Examples
<a name="sam-property-function-selfmanagedkafka--examples"></a>

### Complete setup with IAM roles
<a name="sam-property-function-selfmanagedkafka-example-complete"></a>

The following example shows a complete setup including the required IAM role configuration for using Schema Registry:

```
Parameters:
  PreCreatedSubnetOne:
    Type: String
  PreCreatedSubnetTwo:
    Type: String

Resources:
  MyLambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17		 	 	 '
        Statement:
        - Action: [sts:AssumeRole]
          Effect: Allow
          Principal:
            Service: [lambda.amazonaws.com]
      Policies:
      - PolicyName: KafkaAuthPolicy
        PolicyDocument:
          Statement:
          - Action: [secretsmanager:GetSecretValue, kms:Decrypt]
            Effect: "Allow"
            Resource: ['arn:aws:secretsmanager:us-west-2:123456789012:secret:kafkaSecret-******',
                        'arn:aws:kms:us-west-2:123456789012:key/keyId']
      - PolicyName: ENIPolicy
        PolicyDocument:
          Statement:
          - Action: [ec2:CreateNetworkInterface,
              ec2:DescribeNetworkInterfaces, ec2:DescribeVpcs, ec2:DeleteNetworkInterface,
              ec2:DescribeSubnets, ec2:DescribeSecurityGroups]
            Effect: Allow
            Resource: '*'
      - PolicyName: SchemaRegistryPolicy
        PolicyDocument:
          Statement:
          - Action: [glue:GetRegistry]
            Effect: Allow
            Resource: 'arn:aws:glue:{region}:{account-id}:registry/{registry-name}'
      - PolicyName: SchemaVersionsPolicy
        PolicyDocument:
          Statement:
          - Action: [glue:GetSchemaVersions]
            Effect: Allow
            Resource: '*'
      ManagedPolicyArns:
      - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Tags:
      - {Value: SAM, Key: lambda:createdBy}

  MyKafkaProcessor:
    Type: AWS::Serverless::Function
    Properties:
      Runtime: nodejs18.x
      Handler: index.handler
      CodeUri: ${codeuri}
      Role:
        Fn::GetAtt: [MyLambdaExecutionRole, Arn]
      Events:
        SelfManagedKafkaEvent:
          Type: SelfManagedKafka
          Properties:
            KafkaBootstrapServers:
              - my-kafka-broker-1:9092
              - my-kafka-broker-2:9092
            Topics:
              - SchemaRegistryTestTopic
            StartingPosition: LATEST
            SourceAccessConfigurations:
              - Type: VPC_SUBNET
                URI: subnet:subnet-12345678
              - Type: VPC_SECURITY_GROUP
                URI: security_group:sg-12345678
              - Type: BASIC_AUTH
                URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c
            ProvisionedPollerConfig:
              MinimumPollers: 1
            SchemaRegistryConfig:
              AccessConfigs:
              - Type: BASIC_AUTH
                URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c
              SchemaValidationConfigs:
              - Attribute: KEY
              EventRecordFormat: JSON
              SchemaRegistryURI: !Sub arn:${AWS::Partition}:glue:us-west-2:123456789012:registry/myregistry
```

### ProvisionedPollerConfig example
<a name="sam-property-function-selfmanagedkafka-example-provisionedpollerconfig"></a>

```
ProvisionedPollerConfig:
  MinimumPollers: 1
  MaximumPollers: 200
```

### Self-managed Kafka event source
<a name="sam-property-function-selfmanagedkafka--examples--self-managed-kafka-event-source"></a>

The following is an example of a `SelfManagedKafka` event source type.

#### YAML
<a name="sam-property-function-selfmanagedkafka--examples--self-managed-kafka-event-source--yaml"></a>

```
Events:
  SelfManagedKafkaEvent:
    Type: SelfManagedKafka
    Properties:
      BatchSize: 1000
      Enabled: true
      KafkaBootstrapServers:
        - abc.xyz.com:xxxx
      SourceAccessConfigurations:
        -  Type: BASIC_AUTH
           URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c
      Topics:
        - MyKafkaTopic
```

### Self-managed Kafka Event Source with AWS Glue Schema Registry
<a name="sam-property-function-selfmanagedkafka-example-schemaregistry"></a>

The following is an example of a `SelfManagedKafka` event source type configured with AWS Glue Schema Registry.

```
Events:
  SelfManagedKafkaEvent:
    Type: SelfManagedKafka
    Properties:
      KafkaBootstrapServers:
        - abc.xyz.com:9092
      Topics:
        - SchemaRegistryTestTopic
      StartingPosition: LATEST
      ProvisionedPollerConfig:
        MinimumPollers: 1
      SchemaRegistryConfig:
        SchemaRegistryURI: !Sub arn:${AWS::Partition}:glue:us-west-2:123456789012:registry/myregistry
        EventRecordFormat: JSON
        SchemaValidationConfigs:
          - Attribute: KEY
          - Attribute: VALUE
      SourceAccessConfigurations:
        - Type: VPC_SUBNET
          URI: subnet:subnet-12345678
        - Type: VPC_SECURITY_GROUP
          URI: security_group:sg-12345678
```

### Self-managed Kafka Event Source with Confluent Schema Registry
<a name="sam-property-function-selfmanagedkafka-example-schemaregistry-confluent"></a>

The following is an example of a `SelfManagedKafka` event source type configured with Confluent Schema Registry.

```
Events:
  SelfManagedKafkaEvent:
    Type: SelfManagedKafka
    Properties:
      KafkaBootstrapServers:
        - abc.xyz.com:9092
      Topics:
        - SchemaRegistryTestTopic
      StartingPosition: LATEST
      ProvisionedPollerConfig:
        MinimumPollers: 1
      SchemaRegistryConfig:
        SchemaRegistryURI: https://my-schema-registry.confluent.cloud
        AccessConfigs:
          - Type: BASIC_AUTH
            URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:my-secret
        EventRecordFormat: JSON
        SchemaValidationConfigs:
          - Attribute: KEY
          - Attribute: VALUE
      SourceAccessConfigurations:
        - Type: VPC_SUBNET
          URI: subnet:subnet-12345678
        - Type: VPC_SECURITY_GROUP
          URI: security_group:sg-12345678
        - Type: BASIC_AUTH
          URI: !Sub arn:${AWS::Partition}:secretsmanager:us-west-2:123456789012:secret:kafka-secret
```

# SNS
<a name="sam-property-function-sns"></a>

The object describing an `SNS` event source type.

SAM generates [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html) resource when this event type is set

## Syntax
<a name="sam-property-function-sns-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-sns-syntax.yaml"></a>

```
  [FilterPolicy](#sam-function-sns-filterpolicy): [SnsFilterPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy)
  FilterPolicyScope: String
  RedrivePolicy: Json
  [Region](#sam-function-sns-region): String
  [SqsSubscription](#sam-function-sns-sqssubscription): Boolean | SqsSubscriptionObject
  [Topic](#sam-function-sns-topic): String
```

## Properties
<a name="sam-property-function-sns-properties"></a>

 `FilterPolicy`   <a name="sam-function-sns-filterpolicy"></a>
The filter policy JSON assigned to the subscription. For more information, see [GetSubscriptionAttributes](https://docs.aws.amazon.com/sns/latest/api/API_GetSubscriptionAttributes.html) in the Amazon Simple Notification Service API Reference.  
*Type*: [SnsFilterPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FilterPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy)` property of an `AWS::SNS::Subscription` resource.

 `FilterPolicyScope`   <a name="sam-function-sns-filterpolicyscope"></a>
This attribute lets you choose the filtering scope by using one of the following string value types:  
+ `MessageAttributes` – The filter is applied on the message attributes.
+ `MessageBody` – The filter is applied on the message body.
*Type*: String  
*Required*: No  
*Default*: `MessageAttributes`  
*CloudFormation compatibility*: This property is passed directly to the ` [ FilterPolicyScope](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicyscope)` property of an `AWS::SNS::Subscription` resource.

 `RedrivePolicy`   <a name="sam-function-sns-redrivepolicy"></a>
When specified, sends undeliverable messages to the specified Amazon SQS dead-letter queue. Messages that can't be delivered due to client errors (for example, when the subscribed endpoint is unreachable) or server errors (for example, when the service that powers the subscribed endpoint becomes unavailable) are held in the dead-letter queue for further analysis or reprocessing.  
For more information about the redrive policy and dead-letter queues, see [ Amazon SQS dead-letter queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) in the *Amazon Simple Queue Service Developer Guide*.  
*Type*: Json  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ RedrivePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-redrivepolicy)` property of an `AWS::SNS::Subscription` resource.

 `Region`   <a name="sam-function-sns-region"></a>
For cross-region subscriptions, the region in which the topic resides.  
If no region is specified, CloudFormation uses the region of the caller as the default.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Region](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-region)` property of an `AWS::SNS::Subscription` resource.

 `SqsSubscription`   <a name="sam-function-sns-sqssubscription"></a>
Set this property to true, or specify `SqsSubscriptionObject` to enable batching SNS topic notifications in an SQS queue. Setting this property to `true` creates a new SQS queue, whereas specifying a `SqsSubscriptionObject` uses an existing SQS queue.  
*Type*: Boolean \$1 [SqsSubscriptionObject](sam-property-function-sqssubscriptionobject.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Topic`   <a name="sam-function-sns-topic"></a>
The ARN of the topic to subscribe to.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[TopicArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#topicarn)` property of an `AWS::SNS::Subscription` resource.

## Examples
<a name="sam-property-function-sns--examples"></a>

### SNS Event Source Example
<a name="sam-property-function-sns--examples--sns-event-source-example"></a>

SNS Event Source Example

#### YAML
<a name="sam-property-function-sns--examples--sns-event-source-example--yaml"></a>

```
Events:
  SNSEvent:
    Type: SNS
    Properties:
      Topic: arn:aws:sns:us-east-1:123456789012:my_topic
      SqsSubscription: true
      FilterPolicy:
        store:
          - example_corp
        price_usd:
          - numeric:
              - ">="
              - 100
```

# SqsSubscriptionObject
<a name="sam-property-function-sqssubscriptionobject"></a>

Specify an existing SQS queue option to SNS event

## Syntax
<a name="sam-property-function-sqssubscriptionobject-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-sqssubscriptionobject-syntax.yaml"></a>

```
  [BatchSize](#sam-function-sqssubscriptionobject-batchsize): String
  [Enabled](#sam-function-sqssubscriptionobject-enabled): Boolean
  [QueueArn](#sam-function-sqssubscriptionobject-queuearn): String
  [QueuePolicyLogicalId](#sam-function-sqssubscriptionobject-queuepolicylogicalid): String
  [QueueUrl](#sam-function-sqssubscriptionobject-queueurl): String
```

## Properties
<a name="sam-property-function-sqssubscriptionobject-properties"></a>

 `BatchSize`   <a name="sam-function-sqssubscriptionobject-batchsize"></a>
The maximum number of items to retrieve in a single batch for the SQS queue.  
*Type*: String  
*Required*: No  
*Default*: 10  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Enabled`   <a name="sam-function-sqssubscriptionobject-enabled"></a>
Disables the SQS event source mapping to pause polling and invocation.  
*Type*: Boolean  
*Required*: No  
*Default*: True  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `QueueArn`   <a name="sam-function-sqssubscriptionobject-queuearn"></a>
Specify an existing SQS queue arn.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `QueuePolicyLogicalId`   <a name="sam-function-sqssubscriptionobject-queuepolicylogicalid"></a>
Give a custom logicalId name for the [AWS::SQS::QueuePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-policy.html) resource.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `QueueUrl`   <a name="sam-function-sqssubscriptionobject-queueurl"></a>
Specify the queue URL associated with the `QueueArn` property.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-function-sqssubscriptionobject--examples"></a>

### Existing SQS for SNS event
<a name="sam-property-function-sqssubscriptionobject--examples--existing-sqs-for-sns-event"></a>

Example to add existing SQS queue for subscibing to an SNS topic.

#### YAML
<a name="sam-property-function-sqssubscriptionobject--examples--existing-sqs-for-sns-event--yaml"></a>

```
QueuePolicyLogicalId: CustomQueuePolicyLogicalId
QueueArn:
  Fn::GetAtt: MyCustomQueue.Arn
QueueUrl:
  Ref: MyCustomQueue
BatchSize: 5
```

# SQS
<a name="sam-property-function-sqs"></a>

The object describing an `SQS` event source type. For more information, see [Using AWS Lambda with Amazon SQS](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html) in the *AWS Lambda Developer Guide*.

SAM generates [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html) resource when this event type is set

## Syntax
<a name="sam-property-function-sqs-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-sqs-syntax.yaml"></a>

```
  [BatchSize](#sam-function-sqs-batchsize): Integer
  [Enabled](#sam-function-sqs-enabled): Boolean
  [FilterCriteria](#sam-function-sqs-filtercriteria): [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)
  [FunctionResponseTypes](#sam-function-sqs-functionresponsetypes): List
  KmsKeyArn: String
  [MaximumBatchingWindowInSeconds](#sam-function-sqs-maximumbatchingwindowinseconds): Integer
  [MetricsConfig](#sam-function-sqs-metricsconfig): [MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)
  [ProvisionedPollerConfig](#sam-function-sqs-provisionedpollerconfig): [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig)
  [Queue](#sam-function-sqs-queue): String
  ScalingConfig: [ScalingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-scalingconfig.html)
```

## Properties
<a name="sam-property-function-sqs-properties"></a>

 `BatchSize`   <a name="sam-function-sqs-batchsize"></a>
The maximum number of items to retrieve in a single batch.  
*Type*: Integer  
*Required*: No  
*Default*: 10  
*CloudFormation compatibility*: This property is passed directly to the `[BatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize)` property of an `AWS::Lambda::EventSourceMapping` resource.  
*Minimum*: `1`  
*Maximum*: `10000`

 `Enabled`   <a name="sam-function-sqs-enabled"></a>
Disables the event source mapping to pause polling and invocation.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Enabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FilterCriteria`   <a name="sam-function-sqs-filtercriteria"></a>
A object that defines the criteria to determine whether Lambda should process an event. For more information, see [AWS Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) in the *AWS Lambda Developer Guide*.  
*Type*: [FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FilterCriteria](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `FunctionResponseTypes`   <a name="sam-function-sqs-functionresponsetypes"></a>
 A list of the response types currently applied to the event source mapping. For more information, see [ Reporting batch item failures](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#services-sqs-batchfailurereporting) in the *AWS Lambda Developer Guide*.   
 *Valid values*: `ReportBatchItemFailures`   
 *Type*: List   
 *Required*: No   
 *CloudFormation compatibility*: This property is passed directly to the `[FunctionResponseTypes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes)` property of an `AWS::Lambda::EventSourceMapping` resource. 

 `KmsKeyArn`   <a name="sam-function-sqs-kmskeyarn"></a>
The Amazon Resource Name (ARN) of the key to encrypt information related to this event.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MaximumBatchingWindowInSeconds`   <a name="sam-function-sqs-maximumbatchingwindowinseconds"></a>
The maximum amount of time, in seconds, to gather records before invoking the function.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaximumBatchingWindowInSeconds](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `MetricsConfig`   <a name="sam-function-sqs-metricsconfig"></a>
An opt-in configuration to get enhanced metrics for event source mappings that capture each stage of processing. For an example, see [MetricsConfig event](sam-property-function-dynamodb.md#sam-property-function-dynamodb-example-metricsconfigevent).  
*Type*: [MetricsConfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MetricsConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-metricsconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `ProvisionedPollerConfig`   <a name="sam-function-sqs-provisionedpollerconfig"></a>
Configuration to increase the amount of pollers used to compute event source mappings. This configuration allows for a minimum of 2 pollers and a maximum of 2000 pollers. For an example, refer to [ProvisionedPollerConfig example](#sam-property-function-sqs-example-provisionedpollerconfig).  
*Type*: [ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ProvisionedPollerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-provisionedpollerconfig)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `Queue`   <a name="sam-function-sqs-queue"></a>
The ARN of the queue.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[EventSourceArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn)` property of an `AWS::Lambda::EventSourceMapping` resource.

 `ScalingConfig`   <a name="sam-function-sqs-scalingconfig"></a>
Scaling configuration of SQS pollers to control the invoke rate and set maximum concurrent invokes.  
*Type*: `[ScalingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-scalingconfig.html)`  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ ScalingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-scalingconfig.html)` property of an `AWS::Lambda::EventSourceMapping` resource.

## Examples
<a name="sam-property-function-sqs--examples"></a>

### MetricsConfig event
<a name="sam-property-function-sqs-example-metricsconfigevent"></a>

The following is an example of a resource that uses the `MetricsConfig` property to capture each stage of processing for their event source mappings.

```
Resources:
  FilteredEventsFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: s3://sam-demo-bucket/metricsConfig.zip
      Handler: index.handler
      Runtime: nodejs16.x
      Events:
        KinesisStream:
          Type: Kinesis
          Properties:
            Stream: !GetAtt KinesisStream.Arn
            StartingPosition: LATEST
            MetricsConfig:
              Metrics:
              - EventCount
```

### Basic SQS event
<a name="sam-property-function-sqs--examples--sqs-event"></a>

```
Events:
  SQSEvent:
    Type: SQS
    Properties:
      Queue: arn:aws:sqs:us-west-2:012345678901:my-queue
      BatchSize: 10
      Enabled: false
      FilterCriteria:
        Filters:
          - Pattern: '{"key": ["val1", "val2"]}'
```

### Configure partial batch reporting for your SQS queue
<a name="sam-property-function-sqs--examples--sqs-partial-batch"></a>

```
Events:
  SQSEvent:
    Type: SQS
    Properties:
      Enabled: true
      FunctionResponseTypes:
        - ReportBatchItemFailures
      Queue: !GetAtt MySqsQueue.Arn
      BatchSize: 10
```

### Lambda function with an SQS event that has scaling configured
<a name="sam-property-function-sqs--examples--sqs-event-scaling"></a>

```
MyFunction:
  Type: AWS::Serverless::Function
  Properties:
    ...
    Events:
      MySQSEvent:
        Type: SQS
        Properties:
          ...
          ScalingConfig:
            MaximumConcurrency: 10
```

### ProvisionedPollerConfig example
<a name="sam-property-function-sqs-example-provisionedpollerconfig"></a>

```
MyFunction:
  Type: AWS::Serverless::Function
  Properties:
    Handler: index.handler
    Runtime: nodejs18.x
    Timeout: 30
    Events:
      SQSEvent:
        Type: SQS
        Properties:
          Queue: !GetAtt MyQueue.Arn
          BatchSize: 10
          Enabled: True
          ProvisionedPollerConfig:
            MaximumPollers: 300
            MinimumPollers: 10
```

# FunctionCode
<a name="sam-property-function-functioncode"></a>

The [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/deployment-package-v2.html) for a Lambda function.

## Syntax
<a name="sam-property-function-functioncode-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-functioncode-syntax.yaml"></a>

```
  [Bucket](#sam-function-functioncode-bucket): String
  [Key](#sam-function-functioncode-key): String
  [Version](#sam-function-functioncode-version): String
```

## Properties
<a name="sam-property-function-functioncode-properties"></a>

 `Bucket`   <a name="sam-function-functioncode-bucket"></a>
An Amazon S3 bucket in the same AWS Region as your function.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[S3Bucket](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3bucket)` property of the `AWS::Lambda::Function` `Code` data type.

 `Key`   <a name="sam-function-functioncode-key"></a>
The Amazon S3 key of the deployment package.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[S3Key](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3key)` property of the `AWS::Lambda::Function` `Code` data type.

 `Version`   <a name="sam-function-functioncode-version"></a>
For versioned objects, the version of the deployment package object to use.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[S3ObjectVersion](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3objectversion)` property of the `AWS::Lambda::Function` `Code` data type.

## Examples
<a name="sam-property-function-functioncode--examples"></a>

### FunctionCode
<a name="sam-property-function-functioncode--examples--functioncode"></a>

`CodeUri`: Function Code example

#### YAML
<a name="sam-property-function-functioncode--examples--functioncode--yaml"></a>

```
CodeUri:
  Bucket: sam-s3-demo-bucket-name
  Key: mykey-name
  Version: 121212
```

# FunctionUrlConfig
<a name="sam-property-function-functionurlconfig"></a>

Creates an AWS Lambda function URL with the specified configuration parameters. A Lambda function URL is an HTTPS endpoint that you can use to invoke your function.

By default, the function URL that you create uses the `$LATEST` version of your Lambda function. If you specify an `AutoPublishAlias` for your Lambda function, the endpoint connects to the specified function alias.

For more information, see [Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/lambda-urls.html) in the *AWS Lambda Developer Guide*.

## Syntax
<a name="sam-property-function-functionurlconfig-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-functionurlconfig-syntax.yaml"></a>

```
[AuthType](#sam-function-functionurlconfig-authtype): String
[Cors](#sam-function-functionurlconfig-cors): [Cors](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html)
[InvokeMode](#sam-function-functionurlconfig-invokemode): String
```

## Properties
<a name="sam-property-function-functionurlconfig-properties"></a>

 `AuthType`   <a name="sam-function-functionurlconfig-authtype"></a>
The type of authorization for your function URL. To use AWS Identity and Access Management (IAM) to authorize requests, set to `AWS_IAM`. For open access, set to `NONE`.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[AuthType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-authtype)` property of an `AWS::Lambda::Url` resource.

 `Cors`   <a name="sam-function-functionurlconfig-cors"></a>
The cross-origin resource sharing (CORS) settings for your function URL.  
*Type*: [Cors](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Cors](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html)` property of an `AWS::Lambda::Url` resource.

 `InvokeMode`  <a name="sam-function-functionurlconfig-invokemode"></a>
The mode that your function URL will be invoked. To have your function return the response after invocation completes, set to `BUFFERED`. To have your function stream the response, set to `RESPONSE_STREAM`. The default value is `BUFFERED`.  
*Valid values*: `BUFFERED` or `RESPONSE_STREAM`  
*Type*: String  
*Required*: No  
*AWS CloudFormation compatibility*: This property is passed directly to the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-invokemode](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-invokemode) property of an `AWS::Lambda::Url` resource.

## Examples
<a name="sam-property-function-functionurlconfig--examples"></a>

### Function URL
<a name="sam-property-function-functionurlconfig--examples--function-url"></a>

The following example creates a Lambda function with a function URL. The function URL uses IAM authorization.

#### YAML
<a name="sam-property-function-functionurlconfig--examples--function-url--yaml"></a>

```
HelloWorldFunction:
  Type: AWS::Serverless::Function
  Properties:
    CodeUri: hello_world/
    Handler: index.handler
    Runtime: nodejs20.x
    FunctionUrlConfig:
      AuthType: AWS_IAM
      InvokeMode: RESPONSE_STREAM

Outputs:
  MyFunctionUrlEndpoint:
      Description: "My Lambda Function URL Endpoint"
      Value:
        Fn::GetAtt: HelloWorldFunctionUrl.FunctionUrl
```

# CapacityProviderConfig
<a name="sam-property-function-capacityproviderconfig"></a>

Configures the capacity provider to which published versions of the function will be attached. This enables the function to run on customer-owned EC2 instances managed by Lambda.

**Note**  
This configuration determines the compute type of a function and needs to be specified during the first function deployment. It can't be added or removed after the function resource has been created.

## Syntax
<a name="sam-property-function-capacityproviderconfig-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-capacityproviderconfig-syntax.yaml"></a>

```
[Arn](#sam-function-capacityproviderconfig-arn): String
[ExecutionEnvironmentMemoryGiBPerVCpu](#sam-function-capacityproviderconfig-executionenvironmentmemorygibpervcpu): Float
[PerExecutionEnvironmentMaxConcurrency](#sam-function-capacityproviderconfig-perexecutionenvironmentmaxconcurrency): Integer
```

## Properties
<a name="sam-property-function-capacityproviderconfig-properties"></a>

 `Arn`   <a name="sam-function-capacityproviderconfig-arn"></a>
The ARN of the capacity provider to use for this function.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to SAM.

 `ExecutionEnvironmentMemoryGiBPerVCpu`   <a name="sam-function-capacityproviderconfig-executionenvironmentmemorygibpervcpu"></a>
The ratio of memory (in GiB) to vCPU for each execution environment.  
The memory ratio per CPU can't exceed function's total memory of 2048MB. The supported memory-to-CPU ratios are 2GB, 4GB, or 8GB per CPU.
*Type*: Float  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ExecutionEnvironmentMemoryGiBPerVCpu](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-lambdamanagedinstancescapacityproviderconfig)` property of an `AWS::Lambda::Function` resource.

 `PerExecutionEnvironmentMaxConcurrency`   <a name="sam-function-capacityproviderconfig-perexecutionenvironmentmaxconcurrency"></a>
The maximum number of concurrent executions per execution environment (sandbox).  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[PerExecutionEnvironmentMaxConcurrency](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-lambdamanagedinstancescapacityproviderconfig)` property of an `AWS::Lambda::Function` resource.

## Examples
<a name="sam-property-function-capacityproviderconfig-examples"></a>

### Capacity provider configuration
<a name="sam-property-function-capacityproviderconfig-examples-basic"></a>

The following example shows a capacity provider configuration that references a capacity provider resource.

```
CapacityProviderConfig:
  Arn: !GetAtt MyCapacityProvider.Arn
  ExecutionEnvironmentMemoryGiBPerVCpu: 4.0
  PerExecutionEnvironmentMaxConcurrency: 100
```

# FunctionScalingConfig
<a name="sam-property-function-functionscalingconfig"></a>

Configures the scaling behavior for Lambda function versions, controlling the number of execution environments (sandboxes) that can be created. This configuration applies to both \$1LATEST.PUBLISHED and numeric function versions.

## Syntax
<a name="sam-property-function-functionscalingconfig-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-function-functionscalingconfig-syntax.yaml"></a>

```
[MinExecutionEnvironments](#sam-function-functionscalingconfig-minexecutionenvironments): Integer
[MaxExecutionEnvironments](#sam-function-functionscalingconfig-maxexecutionenvironments): Integer
```

## Properties
<a name="sam-property-function-functionscalingconfig-properties"></a>

 `MinExecutionEnvironments`   <a name="sam-function-functionscalingconfig-minexecutionenvironments"></a>
The minimum number of execution environments to maintain for the function version.  
*Type*: Integer  
*Required*: No  
*Default*: `3`  
*Minimum*: `0`  
*CloudFormation compatibility*: This property is passed directly to the `[MinExecutionEnvironments](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionscalingconfig-minexecutionenvironments)` property of an `AWS::Lambda::Function` resource.

 `MaxExecutionEnvironments`   <a name="sam-function-functionscalingconfig-maxexecutionenvironments"></a>
The maximum number of execution environments that can be created for the function version.  
*Type*: Integer  
*Required*: No  
*Default*: `3`  
*Minimum*: `0`  
*CloudFormation compatibility*: This property is passed directly to the `[MaxExecutionEnvironments](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionscalingconfig-maxexecutionenvironments)` property of an `AWS::Lambda::Function` resource.

## Examples
<a name="sam-property-function-functionscalingconfig-examples"></a>

### Function scaling configuration
<a name="sam-property-function-functionscalingconfig-examples-basic"></a>

The following example shows a function scaling configuration with minimum and maximum execution environments.

```
FunctionScalingConfig:
  MinExecutionEnvironments: 5
  MaxExecutionEnvironments: 100
```

# AWS::Serverless::GraphQLApi
<a name="sam-resource-graphqlapi"></a>

Use the AWS Serverless Application Model (AWS SAM) `AWS::Serverless::GraphQLApi` resource type to create and configure an AWS AppSync GraphQL API for your serverless application.

To learn more about AWS AppSync, see [What is AWS AppSync?](https://docs.aws.amazon.com/appsync/latest/devguide/what-is-appsync.html) in the *AWS AppSync Developer Guide*.

## Syntax
<a name="sam-resource-graphqlapi-syntax"></a>

### YAML
<a name="sam-resource-graphqlapi-syntax-yaml"></a>

```
LogicalId:
  Type: AWS::Serverless::GraphQLApi
  Properties:
    ApiKeys: ApiKeys
    Auth: Auth
    Cache: [AWS::AppSync::ApiCache](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-apicache.html)
    DataSources: DataSource
    DomainName: [AWS::AppSync::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-domainname.html)
    Functions: Function
    Logging: [LogConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-logconfig.html)
    Name: String
    Resolvers: Resolver
    SchemaInline: String
    SchemaUri: String
    Tags:
    - [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)
    XrayEnabled: Boolean
```

## Properties
<a name="sam-resource-graphqlapi-properties"></a>

`ApiKeys`  <a name="sam-graphqlapi-apikeys"></a>
Create a unique key that can be used to perform GraphQL operations requiring an API key.  
*Type*: [ApiKeys](sam-property-graphqlapi-apikeys.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent.

`Auth`  <a name="sam-graphqlapi-auth"></a>
Configure authentication for your GraphQL API.  
*Type*: [Auth](sam-property-graphqlapi-auth.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent.

`Cache`  <a name="sam-graphqlapi-cache"></a>
The input of a `CreateApiCache` operation.  
*Type*: [AWS::AppSync::ApiCache](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-apicache.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the [AWS::AppSync::ApiCache](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-apicache.html) resource.

`DataSources`  <a name="sam-graphqlapi-datasources"></a>
Create data sources for functions in AWS AppSync to connect to. AWS SAM supports Amazon DynamoDB and AWS Lambda data sources.  
*Type*: [DataSource](sam-property-graphqlapi-datasource.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent.

`DomainName`  <a name="sam-graphqlapi-domainname"></a>
Custom domain name for your GraphQL API.  
*Type*: [AWS::AppSync::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-domainname.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the [AWS::AppSync::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-domainname.html) resource. AWS SAM automatically generates the [AWS::AppSync::DomainNameApiAssociation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-domainnameapiassociation.html) resource.

`Functions`  <a name="sam-graphqlapi-functions"></a>
Configure functions in GraphQL APIs to perform certain operations.  
*Type*: [Function](sam-property-graphqlapi-function.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent.

`Logging`  <a name="sam-graphqlapi-logging"></a>
Configures Amazon CloudWatch logging for your GraphQL API.  
If you don’t specify this property, AWS SAM will generate `CloudWatchLogsRoleArn` and set the following values:  
+ `ExcludeVerboseContent: true`
+ `FieldLogLevel: ALL`
To opt out of logging, specify the following:  

```
Logging: false
```
*Type*: [LogConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-logconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[LogConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-logconfig)` property of an `AWS::AppSync::GraphQLApi` resource.

`LogicalId`  <a name="sam-graphqlapi-logicalid"></a>
The unique name of your GraphQL API.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-name)` property of an `AWS::AppSync::GraphQLApi` resource.

`Name`  <a name="sam-graphqlapi-name"></a>
The name of your GraphQL API. Specify this property to override the `LogicalId` value.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-name)` property of an `AWS::AppSync::GraphQLApi` resource.

`Resolvers`  <a name="sam-graphqlapi-resolvers"></a>
Configure resolvers for the fields of your GraphQL API. AWS SAM supports [JavaScript pipeline resolvers](https://docs.aws.amazon.com/appsync/latest/devguide/resolver-reference-overview-js.html#anatomy-of-a-pipeline-resolver-js).  
*Type*: [Resolver](sam-property-graphqlapi-resolver.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent.

`SchemaInline`  <a name="sam-graphqlapi-schemainline"></a>
The text representation of a GraphQL schema in SDL format.  
*Type*: String  
*Required*: Conditional. You must specify `SchemaInline` or `SchemaUri`.  
*CloudFormation compatibility*: This property is passed directly to the `[Definition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlschema.html#cfn-appsync-graphqlschema-definition)` property of an `AWS::AppSync::GraphQLSchema` resource.

`SchemaUri`  <a name="sam-graphqlapi-schemauri"></a>
The schema’s Amazon Simple Storage Service (Amazon S3) bucket URI or path to a local folder.  
If you specify a path to a local folder, CloudFormation requires that the file is first uploaded to Amazon S3 before deployment. You can use the AWS SAM CLI to facilitate this process. For more information, see [How AWS SAM uploads local files at deployment](deploy-upload-local-files.md).  
*Type*: String  
*Required*: Conditional. You must specify `SchemaInline` or `SchemaUri`.  
*CloudFormation compatibility*: This property is passed directly to the `[DefinitionS3Location](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlschema.html#cfn-appsync-graphqlschema-definitions3location)` property of an `AWS::AppSync::GraphQLSchema` resource.

`Tags`  <a name="sam-graphqlapi-tags"></a>
Tags (key-value pairs) for this GraphQL API. Use tags to identify and categorize resources.  
*Type*: List of [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-tags)` property of an `AWS::AppSync::GraphQLApi` resource.

`XrayEnabled`  <a name="sam-graphqlapi-xrayenabled"></a>
Indicate whether to use [AWS X-Ray tracing](https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html) for this resource.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[XrayEnabled](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-xrayenabled)` property of an `AWS::AppSync::GraphQLApi` resource.

## Return Values
<a name="sam-resource-graphqlapi-return-values"></a>

For a list of return values, refer to [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#aws-resource-appsync-graphqlapi-return-values.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#aws-resource-appsync-graphqlapi-return-values.html) in the [CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html).

## Examples
<a name="sam-resource-graphqlapi-examples"></a>

### GraphQL API with DynamoDB data source
<a name="sam-resource-graphqlapi-examples-example1"></a>

In this example, we create a GraphQL API that uses a DynamoDB table as a data source.

**schema.graphql**

```
schema {
  query: Query
  mutation: Mutation
}

type Query {
  getPost(id: String!): Post
}

type Mutation {
  addPost(author: String!, title: String!, content: String!): Post!
}

type Post {
  id: String!
  author: String
  title: String
  content: String
  ups: Int!
  downs: Int!
  version: Int!
}
```

**template.yaml**

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
...
Resources:
  DynamoDBPostsTable:
    Type: AWS::Serverless::SimpleTable

  MyGraphQLAPI:
    Type: AWS::Serverless::GraphQLApi
    Properties:
      SchemaUri: ./sam_graphql_api/schema.graphql
      Auth:
        Type: AWS_IAM
      DataSources:
        DynamoDb:
          PostsDataSource:
            TableName: !Ref DynamoDBPostsTable
            TableArn: !GetAtt DynamoDBPostsTable.Arn
      Functions:
        preprocessPostItem:
          Runtime:
            Name: APPSYNC_JS
            Version: 1.0.0
          DataSource: NONE
          CodeUri: ./sam_graphql_api/preprocessPostItem.js
        createPostItem:
          Runtime:
            Name: APPSYNC_JS
            Version: "1.0.0"
          DataSource: PostsDataSource
          CodeUri: ./sam_graphql_api/createPostItem.js
        getPostFromTable:
          Runtime:
            Name: APPSYNC_JS
            Version: "1.0.0"
          DataSource: PostsDataSource
          CodeUri: ./sam_graphql_api/getPostFromTable.js
      Resolvers:
        Mutation:
          addPost:
            Runtime:
              Name: APPSYNC_JS
              Version: "1.0.0"
            Pipeline:
            - preprocessPostItem
            - createPostItem
        Query:
          getPost:
            CodeUri: ./sam_graphql_api/getPost.js
            Runtime:
              Name: APPSYNC_JS
              Version: "1.0.0"
            Pipeline:
            - getPostFromTable
```

**createPostItem.js**

```
import { util } from "@aws-appsync/utils";

export function request(ctx) {
  const { key, values } = ctx.prev.result;
  return {
    operation: "PutItem",
    key: util.dynamodb.toMapValues(key),
    attributeValues: util.dynamodb.toMapValues(values),
  };
}

export function response(ctx) {
  return ctx.result;
}
```

**getPostFromTable.js**

```
import { util } from "@aws-appsync/utils";

export function request(ctx) {
  return dynamoDBGetItemRequest({ id: ctx.args.id });
}

export function response(ctx) {
  return ctx.result;
}

/**
 * A helper function to get a DynamoDB item
 */
function dynamoDBGetItemRequest(key) {
  return {
    operation: "GetItem",
    key: util.dynamodb.toMapValues(key),
  };
}
```

**preprocessPostItem.js**

```
import { util } from "@aws-appsync/utils";

export function request(ctx) {
  const id = util.autoId();
  const { ...values } = ctx.args;
  values.ups = 1;
  values.downs = 0;
  values.version = 1;
  return { payload: { key: { id }, values: values } };
}

export function response(ctx) {
  return ctx.result;
}
```

Here is our resolver code:

**getPost.js**

```
export function request(ctx) {
  return {};
}

export function response(ctx) {
  return ctx.prev.result;
}
```

### GraphQL API with a Lambda function as a data source
<a name="sam-resource-graphqlapi-examples-example2"></a>

In this example, we create a GraphQL API that uses a Lambda function as a data source.

**template.yaml**

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs20.x
      CodeUri: ./lambda

  MyGraphQLAPI:
    Type: AWS::Serverless::GraphQLApi
    Properties:
      Name: MyApi
      SchemaUri: ./gql/schema.gql
      Auth:
        Type: API_KEY
      ApiKeys:
        MyApiKey:
          Description: my api key
      DataSources:
        Lambda:
          MyLambdaDataSource:
            FunctionArn: !GetAtt MyLambdaFunction.Arn
      Functions:
        lambdaInvoker:
          Runtime:
            Name: APPSYNC_JS
            Version: 1.0.0
          DataSource: MyLambdaDataSource
          CodeUri: ./gql/invoker.js
      Resolvers:
        Mutation:
          addPost:
            Runtime:
              Name: APPSYNC_JS
              Version: 1.0.0
            Pipeline:
            - lambdaInvoker
        Query:
          getPost:
            Runtime:
              Name: APPSYNC_JS
              Version: 1.0.0
            Pipeline:
            - lambdaInvoker

Outputs:
  MyGraphQLAPI:
    Description: AppSync API
    Value: !GetAtt MyGraphQLAPI.GraphQLUrl
  MyGraphQLAPIMyApiKey:
    Description: API Key for authentication
    Value: !GetAtt MyGraphQLAPIMyApiKey.ApiKey
```

**schema.graphql**

```
schema {
  query: Query
  mutation: Mutation
}
type Query {
  getPost(id: ID!): Post
}
type Mutation {
  addPost(id: ID!, author: String!, title: String, content: String): Post!
}
type Post {
  id: ID!
  author: String!
  title: String
  content: String
  ups: Int
  downs: Int
}
```

Here are our functions:

**lambda/index.js**

```
exports.handler = async (event) => {
  console.log("Received event {}", JSON.stringify(event, 3));

  const posts = {
    1: {
      id: "1",
      title: "First book",
      author: "Author1",
      content: "Book 1 has this content",
      ups: "100",
      downs: "10",
    },
  };

  console.log("Got an Invoke Request.");
  let result;
  switch (event.field) {
    case "getPost":
      return posts[event.arguments.id];
    case "addPost":
      // return the arguments back
      return event.arguments;
    default:
      throw new Error("Unknown field, unable to resolve " + event.field);
  }
};
```

**invoker.js**

```
import { util } from "@aws-appsync/utils";

export function request(ctx) {
  const { source, args } = ctx;
  return {
    operation: "Invoke",
    payload: { field: ctx.info.fieldName, arguments: args, source },
  };
}

export function response(ctx) {
  return ctx.result;
}
```

# ApiKeys
<a name="sam-property-graphqlapi-apikeys"></a>

Create a unique key that can be used to perform GraphQL operations requiring an API key.

## Syntax
<a name="sam-property-graphqlapi-apikeys-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-graphqlapi-apikeys-syntax-yaml"></a>

```
LogicalId:
  ApiKeyId: String
  Description: String
  ExpiresOn: Double
```

## Properties
<a name="sam-property-graphqlapi-apikeys-properties"></a>

`ApiKeyId`  <a name="sam-graphqlapi-apikeys-apikeyid"></a>
The unique name of your API key. Specify to override the `LogicalId` value.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ApiKeyId](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-apikey.html#cfn-appsync-apikey-apikeyid)` property of an `AWS::AppSync::ApiKey` resource.

`Description`  <a name="sam-graphqlapi-apikeys-description"></a>
Description of your API key.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-apikey.html#cfn-appsync-apikey-description)` property of an `AWS::AppSync::ApiKey` resource.

`ExpiresOn`  <a name="sam-graphqlapi-apikeys-expireson"></a>
The time after which the API key expires. The date is represented as seconds since the epoch, rounded down to the nearest hour.  
*Type*: Double  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Expires](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-apikey.html#cfn-appsync-apikey-expires)` property of an `AWS::AppSync::ApiKey` resource.

`LogicalId`  <a name="sam-graphqlapi-apikeys-logicalid"></a>
The unique name of your API key.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ApiKeyId](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-apikey.html#cfn-appsync-apikey-apikeyid)` property of an `AWS::AppSync::ApiKey` resource.

# Auth
<a name="sam-property-graphqlapi-auth"></a>

Configure authorization for your GraphQL API.

## Syntax
<a name="sam-property-graphqlapi-auth-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-graphqlapi-auth-syntax-yaml"></a>

```
Additional:
- AuthProvider
LambdaAuthorizer: [LambdaAuthorizerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-lambdaauthorizerconfig.html)
OpenIDConnect: [OpenIDConnectConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-openidconnectconfig.html)
Type: String
UserPool: [UserPoolConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-userpoolconfig.html)
```

## Properties
<a name="sam-property-graphqlapi-auth-properties"></a>

`Additional`  <a name="sam-graphqlapi-auth-additional"></a>
A list of additional authorization types for your GraphQL API.  
*Type*: List of [ AuthProvider](sam-property-graphqlapi-auth-authprovider.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

`LambdaAuthorizer`  <a name="sam-graphqlapi-auth-lambdaauthorizer"></a>
Specify the optional authorization configuration for your Lambda function authorizer. You can configure this optional property when `Type` is specified as `AWS_LAMBDA`.  
*Type*: [ LambdaAuthorizerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-lambdaauthorizerconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ LambdaAuthorizerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-lambdaauthorizerconfig.html)` property of an `AWS::AppSync::GraphQLApi` resource.

`OpenIDConnect`  <a name="sam-graphqlapi-auth-openidconnect"></a>
Specify the optional authorization configuration for your OpenID Connect compliant service. You can configure this optional property when `Type` is specified as `OPENID_CONNECT`.  
*Type*: [ OpenIDConnectConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-openidconnectconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ OpenIDConnectConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-openidconnectconfig.html)` property of an `AWS::AppSync::GraphQLApi` resource.

`Type`  <a name="sam-graphqlapi-auth-type"></a>
The default authorization type between applications and your AWS AppSync GraphQL API.  
For a list and description of allowed values, see [Authorization and authentication](https://docs.aws.amazon.com/appsync/latest/devguide/security-authz.html) in the *AWS AppSync Developer Guide*.  
When you specify a Lambda authorizer (`AWS_LAMBDA`), AWS SAM creates an AWS Identity and Access Management (IAM) policy to provision permissions between your GraphQL API and Lambda function.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[AuthenticationType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-authenticationtype)` property of an `AWS::AppSync::GraphQLApi` resource.

`UserPool`  <a name="sam-graphqlapi-auth-userpool"></a>
Specify the optional authorization configuration for using Amazon Cognito user pools. You can configure this optional property when `Type` is specified as `AMAZON_COGNITO_USER_POOLS`.  
*Type*: [ UserPoolConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-userpoolconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ UserPoolConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-userpoolconfig.html)` property of an `AWS::AppSync::GraphQLApi` resource.

## Examples
<a name="sam-property-graphqlapi-auth-examples"></a>

### Configure a default and additional authorization type
<a name="sam-property-graphqlapi-auth-examples-example1"></a>

In this example, we start by configuring a Lambda authorizer as the default authorization type for our GraphQL API.

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyGraphQLAPI:
    Type: AWS::Serverless::GraphQLApi
    Properties:
      Auth:
        Type: AWS_LAMBDA
        LambdaAuthorizer:
          AuthorizerUri: !GetAtt Authorizer1.Arn
          AuthorizerResultTtlInSeconds: 10
          IdentityValidationExpression: hello
```

Next, we configure additional authorization types for our GraphQL API by adding the following to our AWS SAM template:

```
        Additional:
        - Type: AWS_IAM
        - Type: API_KEY
        - Type: OPENID_CONNECT
          OpenIDConnect:
            AuthTTL: 10
            ClientId: myId
            IatTTL: 10
            Issuer: prod
```

This results in the following AWS SAM template:

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyGraphQLAPI:
    Type: AWS::Serverless::GraphQLApi
    Properties:
      Auth:
        Type: AWS_LAMBDA
        LambdaAuthorizer:
          AuthorizerUri: !GetAtt Authorizer1.Arn
          AuthorizerResultTtlInSeconds: 10
          IdentityValidationExpression: hello
        Additional:
        - Type: AWS_IAM
        - Type: API_KEY
        - Type: OPENID_CONNECT
          OpenIDConnect:
            AuthTTL: 10
            ClientId: myId
            IatTTL: 10
            Issuer: prod
```

# AuthProvider
<a name="sam-property-graphqlapi-auth-authprovider"></a>

Optional authorization configuration for your additional GraphQL API authorization types.

## Syntax
<a name="sam-property-graphqlapi-auth-authprovider-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-graphqlapi-auth-authprovider-syntax-yaml"></a>

```
LambdaAuthorizer: [LambdaAuthorizerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-lambdaauthorizerconfig.html)
OpenIDConnect: [OpenIDConnectConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-openidconnectconfig.html)
Type: String
UserPool: [UserPoolConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-userpoolconfig.html)
```

## Properties
<a name="sam-property-graphqlapi-auth-authprovider-properties"></a>

`LambdaAuthorizer`  <a name="sam-graphqlapi-auth-authprovider-lambdaauthorizer"></a>
Specify the optional authorization configuration for your AWS Lambda function authorizer. You can configure this optional property when `Type` is specified as `AWS_LAMBDA`.  
*Type*: [ LambdaAuthorizerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-lambdaauthorizerconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ LambdaAuthorizerConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-lambdaauthorizerconfig.html)` property of an `AWS::AppSync::GraphQLApi` `[ AdditionalAuthenticationProvider](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-additionalauthenticationprovider.html)` object.

`OpenIDConnect`  <a name="sam-graphqlapi-auth-authprovider-openidconnect"></a>
Specify the optional authorization configuration for your OpenID Connect compliant service. You can configure this optional property when `Type` is specified as `OPENID_CONNECT`.  
*Type*: [ OpenIDConnectConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-openidconnectconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ OpenIDConnectConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-openidconnectconfig.html)` property of an `AWS::AppSync::GraphQLApi` `[ AdditionalAuthenticationProvider](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-additionalauthenticationprovider.html)` object.

`Type`  <a name="sam-graphqlapi-auth-authprovider-type"></a>
The default authorization type between applications and your AWS AppSync GraphQL API.  
For a list and description of allowed values, see [Authorization and authentication](https://docs.aws.amazon.com/appsync/latest/devguide/security-authz.html) in the *AWS AppSync Developer Guide*.  
When you specify a Lambda authorizer (`AWS_LAMBDA`), AWS SAM creates an AWS Identity and Access Management (IAM) policy to provision permissions between your GraphQL API and Lambda function.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ AuthenticationType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-additionalauthenticationprovider.html#cfn-appsync-graphqlapi-additionalauthenticationprovider-authenticationtype)` property of an `AWS::AppSync::GraphQLApi` `[ AdditionalAuthenticationProvider](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-additionalauthenticationprovider.html)` object.

`UserPool`  <a name="sam-graphqlapi-auth-authprovider-userpool"></a>
Specify the optional authorization configuration for using Amazon Cognito user pools. You can configure this optional property when `Type` is specified as `AMAZON_COGNITO_USER_POOLS`.  
*Type*: [ UserPoolConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#cfn-appsync-graphqlapi-userpoolconfig)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ UserPoolConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-userpoolconfig.html)` property of an `AWS::AppSync::GraphQLApi` `[ AdditionalAuthenticationProvider](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-additionalauthenticationprovider.html)` object.

# DataSource
<a name="sam-property-graphqlapi-datasource"></a>

Configure a data source that your GraphQL API resolver can connect to. You can use AWS Serverless Application Model (AWS SAM) templates to configure connections to the following data sources:
+ Amazon DynamoDB
+ AWS Lambda

To learn more about data sources, see [Attaching a data source](https://docs.aws.amazon.com/appsync/latest/devguide/attaching-a-data-source.html) in the *AWS AppSync Developer Guide*.

## Syntax
<a name="sam-property-graphqlapi-datasource-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-graphqlapi-datasource-syntax-yaml"></a>

```
DynamoDb: DynamoDb
Lambda: Lambda
```

## Properties
<a name="sam-property-graphqlapi-datasource-properties"></a>

`DynamoDb`  <a name="sam-graphqlapi-datasource-dynamodb"></a>
Configure a DynamoDB table as a data source for your GraphQL API resolver.  
*Type*: [DynamoDb](sam-property-graphqlapi-datasource-dynamodb.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent.

`Lambda`  <a name="sam-graphqlapi-datasource-lambda"></a>
Configure a Lambda function as a data source for your GraphQL API resolver.  
*Type*: [Lambda](sam-property-graphqlapi-datasource-lambda.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent.

# DynamoDb
<a name="sam-property-graphqlapi-datasource-dynamodb"></a>

Configure an Amazon DynamoDB table as a data source for your GraphQL API resolver.

## Syntax
<a name="sam-property-graphqlapi-datasource-dynamodb-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-graphqlapi-datasource-dynamodb-syntax-yaml"></a>

```
LogicalId:
  DeltaSync: [DeltaSyncConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-datasource-deltasyncconfig.html)
  Description: String
  Name: String
  Permissions: List
  Region: String
  ServiceRoleArn: String
  TableArn: String
  TableName: String
  UseCallerCredentials: Boolean
  Versioned: Boolean
```

## Properties
<a name="sam-property-graphqlapi-datasource-dynamodb-properties"></a>

`DeltaSync`  <a name="sam-graphqlapi-datasource-dynamodb-deltasync"></a>
Describes a Delta Sync configuration.  
*Type*: [DeltaSyncConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-datasource-deltasyncconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[DeltaSyncConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-datasource-dynamodbconfig.html#cfn-appsync-datasource-dynamodbconfig-deltasyncconfig)` property of an `AWS::AppSync::DataSource DynamoDBConfig` object.

`Description`  <a name="sam-graphqlapi-datasource-dynamodb-description"></a>
The description of your data source.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html#cfn-appsync-datasource-description)` property of an `AWS::AppSync::DataSource` resource.

`LogicalId`  <a name="sam-graphqlapi-datasource-dynamodb-logicalid"></a>
The unique name of your data source.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html#cfn-appsync-datasource-name)` property of an `AWS::AppSync::DataSource` resource.

`Name`  <a name="sam-graphqlapi-datasource-dynamodb-name"></a>
The name of your data source. Specify this property to override the `LogicalId` value.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html#cfn-appsync-datasource-name)` property of an `AWS::AppSync::DataSource` resource.

`Permissions`  <a name="sam-graphqlapi-datasource-dynamodb-permissions"></a>
Provision permissions to your data source using [AWS SAM connectors](managing-permissions-connectors.md). You can provide any of the following values in a list:  
+ `Read` – Allow your resolver to read your data source.
+ `Write` – Allow your resolver to write to your data source.
AWS SAM uses an `AWS::Serverless::Connector` resource which is transformed at deployment to provision your permissions. To learn about generated resources, see [CloudFormation resources generated when you specify AWS::Serverless::Connector](sam-specification-generated-resources-connector.md).  
You can specify `Permissions` or `ServiceRoleArn`, but not both. If neither are specified, AWS SAM will generate default values of `Read` and `Write`. To revoke access to your data source, remove the DynamoDB object from your AWS SAM template.
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent. It is similar to the `Permissions` property of an `AWS::Serverless::Connector` resource.

`Region`  <a name="sam-graphqlapi-datasource-dynamodb-region"></a>
The AWS Region of your DynamoDB table. If you don’t specify it, AWS SAM uses `[AWS::Region](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-parameter-reference.html#cfn-pseudo-param-region)`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[AwsRegion](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-datasource-dynamodbconfig.html#cfn-appsync-datasource-dynamodbconfig-awsregion)` property of an `AWS::AppSync::DataSource DynamoDBConfig` object.

`ServiceRoleArn`  <a name="sam-graphqlapi-datasource-dynamodb-servicerolearn"></a>
The AWS Identity and Access Management (IAM) service role ARN for the data source. The system assumes this role when accessing the data source.  
You can specify `Permissions` or `ServiceRoleArn`, but not both.  
*Type*: String  
*Required*: No. If not specified, AWS SAM applies the default value for `Permissions`.  
*CloudFormation compatibility*: This property is passed directly to the `[ServiceRoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html#cfn-appsync-datasource-servicerolearn)` property of an `AWS::AppSync::DataSource` resource.

`TableArn`  <a name="sam-graphqlapi-datasource-dynamodb-tablearn"></a>
The ARN for the DynamoDB table.  
*Type*: String  
*Required*: Conditional. If you don’t specify `ServiceRoleArn`, `TableArn` is required.  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent.

`TableName`  <a name="sam-graphqlapi-datasource-dynamodb-tablename"></a>
The table name.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[TableName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-datasource-dynamodbconfig.html#cfn-appsync-datasource-dynamodbconfig-tablename)` property of an `AWS::AppSync::DataSource DynamoDBConfig` object.

`UseCallerCredentials`  <a name="sam-graphqlapi-datasource-dynamodb-usecallercredentials"></a>
Set to `true` to use IAM with this data source.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[UseCallerCredentials](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-datasource-dynamodbconfig.html#cfn-appsync-datasource-dynamodbconfig-usecallercredentials)` property of an `AWS::AppSync::DataSource DynamoDBConfig` object.

`Versioned`  <a name="sam-graphqlapi-datasource-dynamodb-versioned"></a>
Set to `true` to use [Conflict Detection, Conflict Resolution, and Sync](https://docs.aws.amazon.com/appsync/latest/devguide/conflict-detection-and-sync.html) with this data source.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Versioned](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-datasource-dynamodbconfig.html#cfn-appsync-datasource-dynamodbconfig-versioned)` property of an `AWS::AppSync::DataSource DynamoDBConfig` object.

# Lambda
<a name="sam-property-graphqlapi-datasource-lambda"></a>

Configure an AWS Lambda function as a data source for your GraphQL API resolver.

## Syntax
<a name="sam-property-graphqlapi-datasource-lambda-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-graphqlapi-datasource-lambda-syntax-yaml"></a>

```
LogicalId:
  Description: String
  FunctionArn: String
  Name: String
  ServiceRoleArn: String
```

## Properties
<a name="sam-property-graphqlapi-datasource-lambda-properties"></a>

`Description`  <a name="sam-graphqlapi-datasource-lambda-description"></a>
The description of your data source.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html#cfn-appsync-datasource-description)` property of an `AWS::AppSync::DataSource` resource.

`FunctionArn`  <a name="sam-graphqlapi-datasource-lambda-functionarn"></a>
The ARN for the Lambda function.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[LambdaFunctionArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-datasource-lambdaconfig.html#cfn-appsync-datasource-lambdaconfig-lambdafunctionarn)` property of an `AWS::AppSync::DataSource LambdaConfig` object.

`LogicalId`  <a name="sam-graphqlapi-datasource-lambda-logicalid"></a>
The unique name of your data source.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html#cfn-appsync-datasource-name)` property of an `AWS::AppSync::DataSource` resource.

`Name`  <a name="sam-graphqlapi-datasource-lambda-name"></a>
The name of your data source. Specify this property to override the `LogicalId` value.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html#cfn-appsync-datasource-name)` property of an `AWS::AppSync::DataSource` resource.

`ServiceRoleArn`  <a name="sam-graphqlapi-datasource-lambda-servicerolearn"></a>
The AWS Identity and Access Management (IAM) service role ARN for the data source. The system assumes this role when accessing the data source.  
To revoke access to your data source, remove the Lambda object from your AWS SAM template.
*Type*: String  
*Required*: No. If not specified, AWS SAM will provision `Write` permissions using [AWS SAM connectors](managing-permissions-connectors.md).  
*CloudFormation compatibility*: This property is passed directly to the `[ServiceRoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html#cfn-appsync-datasource-servicerolearn)` property of an `AWS::AppSync::DataSource` resource.

# Function
<a name="sam-property-graphqlapi-function"></a>

Configure functions in GraphQL APIs to perform certain operations.

## Syntax
<a name="sam-property-graphqlapi-function-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-graphqlapi-function-syntax-yaml"></a>

```
LogicalId:
  CodeUri: String
  DataSource: String
  Description: String
  Id: String
  InlineCode: String
  MaxBatchSize: Integer
  Name: String
  Runtime: Runtime
  Sync: [SyncConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-functionconfiguration-syncconfig.html)
```

## Properties
<a name="sam-property-graphqlapi-function-properties"></a>

`CodeUri`  <a name="sam-graphqlapi-function-codeuri"></a>
The function code’s Amazon Simple Storage Service (Amazon S3) URI or path to local folder.  
If you specify a path to a local folder, CloudFormation requires that the file is first uploaded to Amazon S3 before deployment. You can use the AWS SAM CLI to facilitate this process. For more information, see [How AWS SAM uploads local files at deployment](deploy-upload-local-files.md).  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[CodeS3Location](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-codes3location)` property of an `AWS::AppSync::FunctionConfiguration` resource.

`DataSource`  <a name="sam-graphqlapi-function-datasource"></a>
The name of the data source that this function will attach to.  
+ To reference a data source within the `AWS::Serverless::GraphQLApi` resource, specify its logical ID.
+ To reference a data source outside of the `AWS::Serverless::GraphQLApi` resource, provide its `Name` attribute using the `Fn::GetAtt` intrinsic function. For example, `!GetAtt MyLambdaDataSource.Name`.
+ To reference a data source from a different stack, use `[Fn::ImportValue](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)`.
If a variation of `[NONE | None | none]` is specified, AWS SAM will generate a `None` value for the `AWS::AppSync::DataSource` `[Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html#cfn-appsync-datasource-type)` object.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[DataSourceName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-datasourcename)` property of an `AWS::AppSync::FunctionConfiguration` resource.

`Description`  <a name="sam-graphqlapi-function-description"></a>
The description of your function.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-description)` property of an `AWS::AppSync::FunctionConfiguration` resource.

`Id`  <a name="sam-graphqlapi-function-id"></a>
The Function ID for a function located outside of the `AWS::Serverless::GraphQLApi` resource.  
+ To reference a function within the same AWS SAM template, use the `Fn::GetAtt` intrinsic function. For example `Id: !GetAtt createPostItemFunc.FunctionId`.
+ To reference a function from a different stack, use `[Fn::ImportValue](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)`.
When using `Id`, all other properties are not allowed. AWS SAM will automatically pass the Function ID of your referenced function.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent.

`InlineCode`  <a name="sam-graphqlapi-function-inlinecode"></a>
The function code that contains the request and response functions.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-code)` property of an `AWS::AppSync::FunctionConfiguration` resource.

`LogicalId`  <a name="sam-graphqlapi-function-logicalid"></a>
The unique name of your function.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-name)` property of an `AWS::AppSync::FunctionConfiguration` resource.

`MaxBatchSize`  <a name="sam-graphqlapi-function-maxbatchsize"></a>
The maximum number of resolver request inputs that will be sent to a single AWS Lambda function in a `BatchInvoke` operation.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the [MaxBatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-maxbatchsize) property of an `AWS::AppSync::FunctionConfiguration` resource.

`Name`  <a name="sam-graphqlapi-function-name"></a>
The name of the function. Specify to override the `LogicalId` value.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-name)` property of an `AWS::AppSync::FunctionConfiguration` resource.

`Runtime`  <a name="sam-graphqlapi-function-runtime"></a>
Describes a runtime used by an AWS AppSync pipeline resolver or AWS AppSync function. Specifies the name and version of the runtime to use.  
*Type*: [Runtime](sam-property-graphqlapi-function-runtime.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. It is similar to the `[Runtime](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-runtime)` property of an `AWS::AppSync::FunctionConfiguration` resource.

`Sync`  <a name="sam-graphqlapi-function-sync"></a>
Describes a Sync configuration for a function.  
Specifies which Conflict Detection strategy and Resolution strategy to use when the function is invoked.  
*Type*: [SyncConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-functionconfiguration-syncconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[SyncConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-functionconfiguration.html#cfn-appsync-functionconfiguration-syncconfig)` property of an `AWS::AppSync::FunctionConfiguration` resource.

# Runtime
<a name="sam-property-graphqlapi-function-runtime"></a>

The runtime of your pipeline resolver or function. Specifies the name and version to use.

## Syntax
<a name="sam-property-graphqlapi-function-runtime-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-graphqlapi-function-runtime-syntax-yaml"></a>

```
Name: String
Version: String
```

## Properties
<a name="sam-property-graphqlapi-function-runtime-properties"></a>

`Name`  <a name="sam-graphqlapi-function-runtime-name"></a>
The name of the runtime to use. Currently, the only allowed value is `APPSYNC_JS`.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-functionconfiguration-appsyncruntime.html#cfn-appsync-functionconfiguration-appsyncruntime-name)` property of an `AWS::AppSync::FunctionConfiguration AppSyncRuntime` object.

`Version`  <a name="sam-graphqlapi-function-runtime-version"></a>
The version of the runtime to use. Currently, the only allowed version is `1.0.0`.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[RuntimeVersion](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-functionconfiguration-appsyncruntime.html#cfn-appsync-functionconfiguration-appsyncruntime-runtimeversion)` property of an `AWS::AppSync::FunctionConfiguration AppSyncRuntime` object.

# Resolver
<a name="sam-property-graphqlapi-resolver"></a>

Configure resolvers for the fields of your GraphQL API. AWS Serverless Application Model (AWS SAM) supports [JavaScript pipeline resolvers](https://docs.aws.amazon.com/appsync/latest/devguide/resolver-reference-overview-js.html).

## Syntax
<a name="sam-property-graphqlapi-resolver-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-graphqlapi-resolver-syntax-yaml"></a>

```
OperationType:
  LogicalId:
    Caching: [CachingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-resolver-cachingconfig.html)
    CodeUri: String
    FieldName: String
    InlineCode: String 
    MaxBatchSize: Integer
    Pipeline: List
    Runtime: Runtime
    Sync: [SyncConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-resolver-syncconfig.html)
```

## Properties
<a name="sam-property-graphqlapi-resolver-properties"></a>

`Caching`  <a name="sam-graphqlapi-resolver-caching"></a>
The caching configuration for the resolver that has caching activated.  
*Type*: [CachingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-resolver-cachingconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[CachingConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-cachingconfig)` property of an `AWS::AppSync::Resolver` resource.

`CodeUri`  <a name="sam-graphqlapi-resolver-codeuri"></a>
The resolver function code’s Amazon Simple Storage Service (Amazon S3) URI or path to a local folder.  
If you specify a path to a local folder, CloudFormation requires that the file is first uploaded to Amazon S3 before deployment. You can use the AWS SAM CLI to facilitate this process. For more information, see [How AWS SAM uploads local files at deployment](deploy-upload-local-files.md).  
If neither `CodeUri` or `InlineCode` are provided, AWS SAM will generate `InlineCode` that redirects the request to the first pipeline function and receives the response from the last pipeline function.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[CodeS3Location](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-codes3location)` property of an `AWS::AppSync::Resolver` resource.

`FieldName`  <a name="sam-graphqlapi-resolver-fieldname"></a>
The name of your resolver. Specify this property to override the `LogicalId` value.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FieldName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-fieldname)` property of an `AWS::AppSync::Resolver` resource.

`InlineCode`  <a name="sam-graphqlapi-resolver-inlinecode"></a>
The resolver code that contains the request and response functions.  
If neither `CodeUri` or `InlineCode` are provided, AWS SAM will generate `InlineCode` that redirects the request to the first pipeline function and receives the response from the last pipeline function.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Code](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-code)` property of an `AWS::AppSync::Resolver` resource.

`LogicalId`  <a name="sam-graphqlapi-resolver-logicalid"></a>
The unique name for your resolver. In a GraphQL schema, your resolver name should match the field name that its used for. Use that same field name for `LogicalId`.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn’t have an CloudFormation equivalent.

`MaxBatchSize`  <a name="sam-graphqlapi-resolver-maxbatchsize"></a>
The maximum number of resolver request inputs that will be sent to a single AWS Lambda function in a `BatchInvoke` operation.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MaxBatchSize](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-maxbatchsize)` property of an `AWS::AppSync::Resolver` resource.

`OperationType`  <a name="sam-graphqlapi-resolver-operationtype"></a>
The GraphQL operation type that is associated with your resolver. For example, `Query`, `Mutation`, or `Subscription`. You can nest multiple resolvers by `LogicalId` within a single `OperationType`.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[TypeName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-typename)` property of an `AWS::AppSync::Resolver` resource.

`Pipeline`  <a name="sam-graphqlapi-resolver-pipeline"></a>
Functions linked with the pipeline resolver. Specify functions by logical ID in a list.  
*Type*: List  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. It is similar to the `[PipelineConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-pipelineconfig)` property of an `AWS::AppSync::Resolver` resource.

`Runtime`  <a name="sam-graphqlapi-resolver-runtime"></a>
The runtime of your pipeline resolver or function. Specifies the name and version to use.  
*Type*: [Runtime](sam-property-graphqlapi-resolver-runtime.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. It is similar to the `[Runtime](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-runtime)` property of an `AWS::AppSync::Resolver` resource.

`Sync`  <a name="sam-graphqlapi-resolver-sync"></a>
Describes a Sync configuration for a resolver.  
Specifies which Conflict Detection strategy and Resolution strategy to use when the resolver is invoked.  
*Type*: [SyncConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-resolver-syncconfig.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[SyncConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-resolver.html#cfn-appsync-resolver-syncconfig)` property of an `AWS::AppSync::Resolver` resource.

## Examples
<a name="sam-property-graphqlapi-resolver-examples"></a>

### Use the AWS SAM generated resolver function code and save fields as variables
<a name="sam-property-graphqlapi-resolver-examples-example1"></a>

Here is the GraphQL schema for our example:

```
schema {
  query: Query
  mutation: Mutation
}

type Query {
  getPost(id: ID!): Post
}

type Mutation {
  addPost(author: String!, title: String!, content: String!): Post!
}

type Post {
  id: ID!
  author: String
  title: String
  content: String
}
```

Here is a snippet of our AWS SAM template:

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
...
Resources:
  MyGraphQLApi:
    Type: AWS::Serverless::GraphQLApi
    Properties:
      ...
      Functions:
        preprocessPostItem:
          ...
        createPostItem:
          ...
      Resolvers:
        Mutation:
          addPost:
            Runtime:
              Name: APPSYNC_JS
              Version: 1.0.0
            Pipeline:
            - preprocessPostItem
            - createPostItem
```

In our AWS SAM template, we don’t specify `CodeUri` or `InlineCode`. At deployment, AWS SAM automatically generates the following inline code for our resolver:

```
export function request(ctx) {
  return {};
}

export function response(ctx) {
  return ctx.prev.result;
}
```

This default resolver code redirects the request to the first pipeline function and receives the response from the last pipeline function.

In our first pipeline function, we can use the provided `args` field to parse the request object and create our variables. We can then use these variables within our function. Here is an example of our `preprocessPostItem` function:

```
import { util } from "@aws-appsync/utils";

export function request(ctx) {
  const author = ctx.args.author;
  const title = ctx.args.title;
  const content = ctx.args.content;
  
  // Use variables to process data
  
}

export function response(ctx) {
  return ctx.result;
}
```

# Runtime
<a name="sam-property-graphqlapi-resolver-runtime"></a>

The runtime of your pipeline resolver or function. Specifies the name and version to use.

## Syntax
<a name="sam-property-graphqlapi-resolver-runtime-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-graphqlapi-resolver-runtime-syntax-yaml"></a>

```
Name: String
Version: String
```

## Properties
<a name="sam-property-graphqlapi-resolver-runtime-properties"></a>

`Name`  <a name="sam-graphqlapi-resolver-runtime-name"></a>
The name of the runtime to use. Currently, the only allowed value is `APPSYNC_JS`.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-resolver-appsyncruntime.html#cfn-appsync-resolver-appsyncruntime-name)` property of an `AWS::AppSync::Resolver AppSyncRuntime` object.

`Version`  <a name="sam-graphqlapi-resolver-runtime-version"></a>
The version of the runtime to use. Currently, the only allowed version is `1.0.0`.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[RuntimeVersion](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-resolver-appsyncruntime.html#cfn-appsync-resolver-appsyncruntime-runtimeversion)` property of an `AWS::AppSync::Resolver AppSyncRuntime` object.

# AWS::Serverless::HttpApi
<a name="sam-resource-httpapi"></a>

Creates an Amazon API Gateway HTTP API, which enables you to create RESTful APIs with lower latency and lower costs than REST APIs. For more information, see [Working with HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api.html) in the *API Gateway Developer Guide*.

We recommend that you use CloudFormation hooks or IAM policies to verify that API Gateway resources have authorizers attached to them to control access to them.

For more information about using CloudFormation hooks, see [Registering hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/registering-hook-python.html) in the *CloudFormation CLI user guide* and the [apigw-enforce-authorizer](https://github.com/aws-cloudformation/aws-cloudformation-samples/tree/main/hooks/python-hooks/apigw-enforce-authorizer/) GitHub repository.

For more information about using IAM policies, see [Require that API routes have authorization](https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_id-based-policy-examples.html#security_iam_id-based-policy-examples-require-authorization) in the *API Gateway Developer Guide*.

**Note**  
When you deploy to AWS CloudFormation, AWS SAM transforms your AWS SAM resources into CloudFormation resources. For more information, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).

## Syntax
<a name="sam-resource-httpapi-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-resource-httpapi-syntax.yaml"></a>

```
Type: AWS::Serverless::HttpApi
Properties:
  [AccessLogSettings](#sam-httpapi-accesslogsettings): [AccessLogSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-accesslogsettings)
  [Auth](#sam-httpapi-auth): HttpApiAuth
  [CorsConfiguration](#sam-httpapi-corsconfiguration): String | HttpApiCorsConfiguration
  [DefaultRouteSettings](#sam-httpapi-defaultroutesettings): [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)
  [DefinitionBody](#sam-httpapi-definitionbody): JSON
  [DefinitionUri](#sam-httpapi-definitionuri): String | HttpApiDefinition
  [Description](#sam-httpapi-description): String
  [DisableExecuteApiEndpoint](#sam-httpapi-disableexecuteapiendpoint): Boolean
  [Domain](#sam-httpapi-domain): HttpApiDomainConfiguration
  [FailOnWarnings](#sam-httpapi-failonwarnings): Boolean
  Name: String
  PropagateTags: Boolean
  [RouteSettings](#sam-httpapi-routesettings): [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)
  [StageName](#sam-httpapi-stagename): String
  [StageVariables](#sam-httpapi-stagevariables): [Json](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-stagevariables)
  [Tags](#sam-httpapi-tags): Map
```

## Properties
<a name="sam-resource-httpapi-properties"></a>

 `AccessLogSettings`   <a name="sam-httpapi-accesslogsettings"></a>
The settings for access logging in a stage.  
*Type*: [AccessLogSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-accesslogsettings)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[AccessLogSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-accesslogsettings)` property of an `AWS::ApiGatewayV2::Stage` resource.

 `Auth`   <a name="sam-httpapi-auth"></a>
Configures authorization for controlling access to your API Gateway HTTP API.  
For more information, see [Controlling access to HTTP APIs with JWT authorizers](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html) in the *API Gateway Developer Guide*.  
*Type*: [HttpApiAuth](sam-property-httpapi-httpapiauth.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `CorsConfiguration`   <a name="sam-httpapi-corsconfiguration"></a>
Manages cross-origin resource sharing (CORS) for all your API Gateway HTTP APIs. Specify the domain to allow as a string, or specify an `HttpApiCorsConfiguration` object. Note that CORS requires AWS SAM to modify your OpenAPI definition, so CORS works only if the `DefinitionBody` property is specified.  
For more information, see [Configuring CORS for an HTTP API](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html) in the *API Gateway Developer Guide*.  
If `CorsConfiguration` is set both in an OpenAPI definition and at the property level, then AWS SAM merges both configuration sources with the properties taking precedence. If this property is set to `true`, then all origins are allowed.
*Type*: String \$1 [HttpApiCorsConfiguration](sam-property-httpapi-httpapicorsconfiguration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `DefaultRouteSettings`   <a name="sam-httpapi-defaultroutesettings"></a>
The default route settings for this HTTP API. These settings apply to all routes unless overridden by the `RouteSettings` property for certain routes.  
*Type*: [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)` property of an `AWS::ApiGatewayV2::Stage` resource.

 `DefinitionBody`   <a name="sam-httpapi-definitionbody"></a>
The OpenAPI definition that describes your HTTP API. If you don't specify a `DefinitionUri` or a `DefinitionBody`, AWS SAM generates a `DefinitionBody` for you based on your template configuration.  
*Type*: JSON  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Body](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-body)` property of an `AWS::ApiGatewayV2::Api` resource. If certain properties are provided, AWS SAM may insert content into or modify the `DefinitionBody` before it is passed to CloudFormation. Properties include `Auth` and an `EventSource` of type HttpApi for a corresponding `AWS::Serverless::Function` resource.

 `DefinitionUri`   <a name="sam-httpapi-definitionuri"></a>
The Amazon Simple Storage Service (Amazon S3) URI, local file path, or location object of the the OpenAPI definition that defines the HTTP API. The Amazon S3 object that this property references must be a valid OpenAPI definition file. If you don't specify a `DefinitionUri` or a `DefinitionBody` are specified, AWS SAM generates a `DefinitionBody` for you based on your template configuration.  
If you provide a local file path, the template must go through the workflow that includes the `sam deploy` or `sam package` command for the definition to be transformed properly.  
Intrinsic functions are not supported in external OpenApi definition files that you reference with `DefinitionUri`. To import an OpenApi definition into the template, use the `DefinitionBody` property with the [Include transform](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html).  
*Type*: String \$1 [HttpApiDefinition](sam-property-httpapi-httpapidefinition.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[BodyS3Location](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-bodys3location)` property of an `AWS::ApiGatewayV2::Api` resource. The nested Amazon S3 properties are named differently.

 `Description`   <a name="sam-httpapi-description"></a>
The description of the HTTP API resource.  
When you specify `Description`, AWS SAM will modify the HTTP API resource's OpenApi definition by setting the `description` field. The following scenarios will result in an error:  
+ The `DefinitionBody` property is specified with the `description` field set in the Open API definition – This results in a conflict of the `description` field that AWS SAM won't resolve.
+ The `DefinitionUri` property is specified – AWS SAM won't modify an Open API definition that is retrieved from Amazon S3.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `DisableExecuteApiEndpoint`   <a name="sam-httpapi-disableexecuteapiendpoint"></a>
Specifies whether clients can invoke your HTTP API by using the default `execute-api` endpoint `https://{api_id}.execute-api.{region}.amazonaws.com`. By default, clients can invoke your API with the default endpoint. To require that clients only use a custom domain name to invoke your API, disable the default endpoint.  
To use this property, you must specify the `DefinitionBody` property instead of the `DefinitionUri` property or define `x-amazon-apigateway-endpoint-configuration` with `disableExecuteApiEndpoint` in your OpenAPI definition.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[ DisableExecuteApiEndpoint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-disableexecuteapiendpoint)` property of an `AWS::ApiGatewayV2::Api` resource. It is passed directly to the `disableExecuteApiEndpoint` property of an `[ x-amazon-apigateway-endpoint-configuration](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html)` extension, which gets added to the ` [ Body](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-body)` property of an `AWS::ApiGatewayV2::Api` resource.

 `Domain`   <a name="sam-httpapi-domain"></a>
Configures a custom domain for this API Gateway HTTP API.  
*Type*: [HttpApiDomainConfiguration](sam-property-httpapi-httpapidomainconfiguration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FailOnWarnings`   <a name="sam-httpapi-failonwarnings"></a>
Specifies whether to roll back the HTTP API creation (`true`) or not (`false`) when a warning is encountered. The default value is `false`.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FailOnWarnings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-failonwarnings)` property of an `AWS::ApiGatewayV2::Api` resource.

`Name`  <a name="sam-httpapi-name"></a>
The name of the HTTP API resource.  
When you specify `Name`, AWS SAM will modify the HTTP API resource's OpenAPI definition by setting the `title` field. The following scenarios will result in an error:  
+ The `DefinitionBody` property is specified with the `title` field set in the Open API definition – This results in a conflict of the `title` field that AWS SAM won't resolve.
+ The `DefinitionUri` property is specified – AWS SAM won't modify an Open API definition that is retrieved from Amazon S3.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

`PropagateTags`  <a name="sam-httpapi-propagatetags"></a>
Indicate whether or not to pass tags from the `Tags` property to your [AWS::Serverless::HttpApi](sam-specification-generated-resources-httpapi.md) generated resources. Specify `True` to propagate tags in your generated resources.  
*Type*: Boolean  
*Required*: No  
*Default*: `False`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `RouteSettings`   <a name="sam-httpapi-routesettings"></a>
The route settings, per route, for this HTTP API. For more information, see [Working with routes for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-routes.html) in the *API Gateway Developer Guide*.  
*Type*: [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)` property of an `AWS::ApiGatewayV2::Stage` resource.

 `StageName`   <a name="sam-httpapi-stagename"></a>
The name of the API stage. If no name is specified, AWS SAM uses the `$default` stage from API Gateway.  
*Type*: String  
*Required*: No  
*Default*: \$1default  
*CloudFormation compatibility*: This property is passed directly to the `[StageName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-stagename)` property of an `AWS::ApiGatewayV2::Stage` resource.

 `StageVariables`   <a name="sam-httpapi-stagevariables"></a>
A map that defines the stage variables. Variable names can have alphanumeric and underscore characters. The values must match [A-Za-z0-9-.\$1\$1:/?\$1&=,]\$1.  
*Type*: [Json](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-stagevariables)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[StageVariables](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-stagevariables)` property of an `AWS::ApiGatewayV2::Stage` resource.

 `Tags`   <a name="sam-httpapi-tags"></a>
A map (string to string) that specifies the tags to add to this API Gateway stage. Keys can be 1 to 128 Unicode characters in length and cannot include the prefix `aws:`. You can use any of the following characters: the set of Unicode letters, digits, whitespace, `_`, `.`, `/`, `=`, `+`, and `-`. Values can be 1 to 256 Unicode characters in length.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.  
*Additional notes*: The `Tags` property requires AWS SAM to modify your OpenAPI definition, so tags are added only if the `DefinitionBody` property is specified—no tags are added if the `DefinitionUri` property is specified. AWS SAM automatically adds an `httpapi:createdBy:SAM` tag. Tags are also added to the `AWS::ApiGatewayV2::Stage` resource and the `AWS::ApiGatewayV2::DomainName` resource (if `DomainName` is specified).

## Return Values
<a name="sam-resource-httpapi-return-values"></a>

### Ref
<a name="sam-resource-httpapi-return-values-ref"></a>

When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the API ID of the underlying `AWS::ApiGatewayV2::Api` resource, for example, `a1bcdef2gh`.

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) in the *AWS CloudFormation User Guide*. 

## Examples
<a name="sam-resource-httpapi--examples"></a>

### Simple HttpApi
<a name="sam-resource-httpapi--examples--simple-httpapi"></a>

The following example shows the minimum needed to set up an HTTP API endpoint backed by an Lambda function. This example uses the default HTTP API that AWS SAM creates.

#### YAML
<a name="sam-resource-httpapi--examples--simple-httpapi--yaml"></a>

```
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS SAM template with a simple API definition
Resources:
  ApiFunction:
    Type: AWS::Serverless::Function
    Properties:
      Events:
        ApiEvent:
          Type: HttpApi
      Handler: index.handler
      InlineCode: |
        def handler(event, context):
            return {'body': 'Hello World!', 'statusCode': 200}
      Runtime: python3.7
Transform: AWS::Serverless-2016-10-31
```

### HttpApi with Auth
<a name="sam-resource-httpapi--examples--httpapi-with-auth"></a>

The following example shows how to set up authorization on HTTP API endpoints.

#### YAML
<a name="sam-resource-httpapi--examples--httpapi-with-auth--yaml"></a>

```
Properties:
  FailOnWarnings: true
  Auth:
    DefaultAuthorizer: OAuth2
    Authorizers:
      OAuth2:
        AuthorizationScopes:
          - scope4
        JwtConfiguration:
          issuer: "https://www.example.com/v1/connect/oauth2"
          audience:
            - MyApi
        IdentitySource: "$request.querystring.param"
```

### HttpApi with OpenAPI definition
<a name="sam-resource-httpapi--examples--httpapi-with-openapi-definition"></a>

The following example shows how to add an OpenAPI definition to the template.

Note that AWS SAM fills in any missing Lambda integrations for HttpApi events that reference this HTTP API. AWS SAM also also adds any missing paths that HttpApi events reference.

#### YAML
<a name="sam-resource-httpapi--examples--httpapi-with-openapi-definition--yaml"></a>

```
Properties:
  FailOnWarnings: true
  DefinitionBody:
    info:
      version: '1.0'
      title:
        Ref: AWS::StackName
    paths:
      "/":
        get:
          security:
          - OpenIdAuth:
            - scope1
            - scope2
          responses: {}
    openapi: 3.0.1
    securitySchemes:
      OpenIdAuth:
        type: openIdConnect
        x-amazon-apigateway-authorizer:
          identitySource: "$request.querystring.param"
          type: jwt
          jwtConfiguration:
            audience:
            - MyApi
            issuer: https://www.example.com/v1/connect/oidc
          openIdConnectUrl: https://www.example.com/v1/connect/oidc/.well-known/openid-configuration
```

### HttpApi with configuration settings
<a name="sam-resource-httpapi--examples--httpapi-with-configuration-settings"></a>

The following example shows how to add HTTP API and stage configurations to the template.

#### YAML
<a name="sam-resource-httpapi--examples--httpapi-with-configuration-settings--yaml"></a>

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Parameters:
  StageName:
    Type: String
    Default: Prod
    
Resources:
  HttpApiFunction:
    Type: AWS::Serverless::Function
    Properties:
      InlineCode: |
          def handler(event, context):
              import json
              return {
                  "statusCode": 200,
                  "body": json.dumps(event),
              }
      Handler: index.handler
      Runtime: python3.7
      Events:
        ExplicitApi: # warning: creates a public endpoint
          Type: HttpApi
          Properties:
            ApiId: !Ref HttpApi
            Method: GET
            Path: /path
            TimeoutInMillis: 15000
            PayloadFormatVersion: "2.0"
            RouteSettings:
              ThrottlingBurstLimit: 600

  HttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      StageName: !Ref StageName
      Tags:
        Tag: Value
      AccessLogSettings:
        DestinationArn: !GetAtt AccessLogs.Arn
        Format: $context.requestId
      DefaultRouteSettings:
        ThrottlingBurstLimit: 200
      RouteSettings:
        "GET /path":
          ThrottlingBurstLimit: 500 # overridden in HttpApi Event
      StageVariables:
        StageVar: Value
      FailOnWarnings: true

  AccessLogs:
    Type: AWS::Logs::LogGroup

Outputs:
  HttpApiUrl:
    Description: URL of your API endpoint
    Value:
      Fn::Sub: 'https://${HttpApi}.execute-api.${AWS::Region}.${AWS::URLSuffix}/${StageName}/'
  HttpApiId:
    Description: Api id of HttpApi
    Value:
      Ref: HttpApi
```

# HttpApiAuth
<a name="sam-property-httpapi-httpapiauth"></a>

Configure authorization to control access to your Amazon API Gateway HTTP API.

For more information about configuring access to HTTP APIs, see [Controlling and managing access to an HTTP API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-access-control.html) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-httpapi-httpapiauth-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-httpapiauth-syntax.yaml"></a>

```
  [Authorizers](#sam-httpapi-httpapiauth-authorizers): OAuth2Authorizer | LambdaAuthorizer
  [DefaultAuthorizer](#sam-httpapi-httpapiauth-defaultauthorizer): String
  [EnableIamAuthorizer](#sam-httpapi-httpapiauth-enableiamauthorizer): Boolean
```

## Properties
<a name="sam-property-httpapi-httpapiauth-properties"></a>

 `Authorizers`   <a name="sam-httpapi-httpapiauth-authorizers"></a>
The authorizer used to control access to your API Gateway API.  
*Type*: [OAuth2Authorizer](sam-property-httpapi-oauth2authorizer.md) \$1 [LambdaAuthorizer](sam-property-httpapi-lambdaauthorizer.md)  
*Required*: No  
*Default*: None  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.  
*Additional notes*: AWS SAM adds the authorizers to the OpenAPI definition.

 `DefaultAuthorizer`   <a name="sam-httpapi-httpapiauth-defaultauthorizer"></a>
Specify the default authorizer to use for authorizing API calls to your API Gateway API. You can specify `AWS_IAM` as a default authorizer if `EnableIamAuthorizer` is set to `true`. Otherwise, specify an authorizer that you've defined in `Authorizers`.  
*Type*: String  
*Required*: No  
*Default*: None  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `EnableIamAuthorizer`   <a name="sam-httpapi-httpapiauth-enableiamauthorizer"></a>
Specify whether to use IAM authorization for the API route.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-httpapi-httpapiauth--examples"></a>

### OAuth 2.0 Authorizer
<a name="sam-property-httpapi-httpapiauth--examples--oauth-2.0-authorizer"></a>

OAuth 2.0 authorizer example

#### YAML
<a name="sam-property-httpapi-httpapiauth--examples--oauth-2.0-authorizer--yaml"></a>

```
Auth:
  Authorizers:
    OAuth2Authorizer:
      AuthorizationScopes:
        - scope1
        - scope2
      JwtConfiguration:
        issuer: "https://www.example.com/v1/connect/oauth2"
        audience:
          - MyApi
      IdentitySource: "$request.querystring.param"
  DefaultAuthorizer: OAuth2Authorizer
```

### IAM authorizer
<a name="sam-property-httpapi-httpapiauth--examples--iam-authorizer"></a>

IAM authorizer example

#### YAML
<a name="sam-property-httpapi-httpapiauth--examples--iam-authorizer--yaml"></a>

```
Auth:
  EnableIamAuthorizer: true
  DefaultAuthorizer: AWS_IAM
```

# LambdaAuthorizer
<a name="sam-property-httpapi-lambdaauthorizer"></a>

Configure a Lambda authorizer to control access to your Amazon API Gateway HTTP API with an AWS Lambda function.

For more information and examples, see [Working with AWS Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-httpapi-lambdaauthorizer-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-lambdaauthorizer-syntax.yaml"></a>

```
  [AuthorizerPayloadFormatVersion](#sam-httpapi-lambdaauthorizer-authorizerpayloadformatversion): String
  EnableFunctionDefaultPermissions: Boolean
  [EnableSimpleResponses](#sam-httpapi-lambdaauthorizer-enablesimpleresponses): Boolean
  [FunctionArn](#sam-httpapi-lambdaauthorizer-functionarn): String
  [FunctionInvokeRole](#sam-httpapi-lambdaauthorizer-functioninvokerole): String
  [Identity](#sam-httpapi-lambdaauthorizer-identity): LambdaAuthorizationIdentity
```

## Properties
<a name="sam-property-httpapi-lambdaauthorizer-properties"></a>

 `AuthorizerPayloadFormatVersion`   <a name="sam-httpapi-lambdaauthorizer-authorizerpayloadformatversion"></a>
Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers.  
This is passed through to the `authorizerPayloadFormatVersion` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
*Valid values*: `1.0` or `2.0`  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `EnableFunctionDefaultPermissions`   <a name="sam-httpapi-lambdaauthorizer-enablefunctiondefaultpermissions"></a>
By default, the HTTP API resource is not granted permission to invoke the Lambda authorizer. Specify this property as `true` to automatically create permissions between your HTTP API resource and your Lambda authorizer.  
*Type*: Boolean  
*Required*: No  
*Default value*: `false`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `EnableSimpleResponses`   <a name="sam-httpapi-lambdaauthorizer-enablesimpleresponses"></a>
Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an AWS Identity and Access Management (IAM) policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy.  
This is passed through to the `enableSimpleResponses` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FunctionArn`   <a name="sam-httpapi-lambdaauthorizer-functionarn"></a>
The Amazon Resource Name (ARN) of the Lambda function that provides authorization for the API.  
This is passed through to the `authorizerUri` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FunctionInvokeRole`   <a name="sam-httpapi-lambdaauthorizer-functioninvokerole"></a>
The ARN of the IAM role that has the credentials required for API Gateway to invoke the authorizer function. Specify this parameter if your function's resource-based policy doesn't grant API Gateway `lambda:InvokeFunction` permission.  
This is passed through to the `authorizerCredentials` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
For more information, see [Create a Lambda authorizer](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html#http-api-lambda-authorizer.example-create) in the *API Gateway Developer Guide*.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Identity`   <a name="sam-httpapi-lambdaauthorizer-identity"></a>
Specifies an `IdentitySource` in an incoming request for an authorizer.  
This is passed through to the `identitySource` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
*Type*: [LambdaAuthorizationIdentity](sam-property-httpapi-lambdaauthorizationidentity.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-httpapi-lambdaauthorizer--examples"></a>

### LambdaAuthorizer
<a name="sam-property-httpapi-lambdaauthorizer--examples--lambdaauthorizer"></a>

LambdaAuthorizer example

#### YAML
<a name="sam-property-httpapi-lambdaauthorizer--examples--lambdaauthorizer--yaml"></a>

```
Auth:
  Authorizers:
    MyLambdaAuthorizer:
      AuthorizerPayloadFormatVersion: 2.0
      FunctionArn:
        Fn::GetAtt:
          - MyAuthFunction
          - Arn
      FunctionInvokeRole:
        Fn::GetAtt:
          - LambdaAuthInvokeRole
          - Arn
      Identity:
        Headers:
          - Authorization
```

# LambdaAuthorizationIdentity
<a name="sam-property-httpapi-lambdaauthorizationidentity"></a>

Use property can be used to specify an IdentitySource in an incoming request for a Lambda authorizer. For more information about identity sources, see [Identity sources](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html#http-api-lambda-authorizer.identity-sources) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-httpapi-lambdaauthorizationidentity-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-lambdaauthorizationidentity-syntax.yaml"></a>

```
  [Context](#sam-httpapi-lambdaauthorizationidentity-context): List
  [Headers](#sam-httpapi-lambdaauthorizationidentity-headers): List
  [QueryStrings](#sam-httpapi-lambdaauthorizationidentity-querystrings): List
  [ReauthorizeEvery](#sam-httpapi-lambdaauthorizationidentity-reauthorizeevery): Integer
  [StageVariables](#sam-httpapi-lambdaauthorizationidentity-stagevariables): List
```

## Properties
<a name="sam-property-httpapi-lambdaauthorizationidentity-properties"></a>

 `Context`   <a name="sam-httpapi-lambdaauthorizationidentity-context"></a>
Converts the given context strings to a list of mapping expressions in the format `$context.contextString`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Headers`   <a name="sam-httpapi-lambdaauthorizationidentity-headers"></a>
Converts the headers to a list of mapping expressions in the format `$request.header.name`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `QueryStrings`   <a name="sam-httpapi-lambdaauthorizationidentity-querystrings"></a>
Converts the given query strings to a list of mapping expressions in the format `$request.querystring.queryString`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ReauthorizeEvery`   <a name="sam-httpapi-lambdaauthorizationidentity-reauthorizeevery"></a>
The time-to-live (TTL) period, in seconds, that specifies how long API Gateway caches authorizer results. If you specify a value greater than 0, API Gateway caches the authorizer responses. The maximum value is 3600, or 1 hour.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `StageVariables`   <a name="sam-httpapi-lambdaauthorizationidentity-stagevariables"></a>
Converts the given stage variables to a list of mapping expressions in the format `$stageVariables.stageVariable`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-httpapi-lambdaauthorizationidentity--examples"></a>

### LambdaRequestIdentity
<a name="sam-property-httpapi-lambdaauthorizationidentity--examples--lambdarequestidentity"></a>

Lambda request identity example

#### YAML
<a name="sam-property-httpapi-lambdaauthorizationidentity--examples--lambdarequestidentity--yaml"></a>

```
Identity:
  QueryStrings:
    - auth
  Headers:
    - Authorization
  StageVariables:
    - VARIABLE
  Context:
    - authcontext
  ReauthorizeEvery: 100
```

# OAuth2Authorizer
<a name="sam-property-httpapi-oauth2authorizer"></a>

Definition for an OAuth 2.0 authorizer, also known to as a JSON Web Token (JWT) authorizer.

For more information, see [Controlling access to HTTP APIs with JWT authorizers](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-httpapi-oauth2authorizer-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-oauth2authorizer-syntax.yaml"></a>

```
  [AuthorizationScopes](#sam-httpapi-oauth2authorizer-authorizationscopes): List
  [IdentitySource](#sam-httpapi-oauth2authorizer-identitysource): String
  [JwtConfiguration](#sam-httpapi-oauth2authorizer-jwtconfiguration): Map
```

## Properties
<a name="sam-property-httpapi-oauth2authorizer-properties"></a>

 `AuthorizationScopes`   <a name="sam-httpapi-oauth2authorizer-authorizationscopes"></a>
List of authorization scopes for this authorizer.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IdentitySource`   <a name="sam-httpapi-oauth2authorizer-identitysource"></a>
Identity source expression for this authorizer.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `JwtConfiguration`   <a name="sam-httpapi-oauth2authorizer-jwtconfiguration"></a>
JWT configuration for this authorizer.  
This is passed through to the `jwtConfiguration` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
Properties `issuer` and `audience` are case insensitive and can be used either lowercase as in OpenAPI or uppercase `Issuer` and `Audience` as in [ AWS::ApiGatewayV2::Authorizer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-authorizer-jwtconfiguration.html). 
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-httpapi-oauth2authorizer--examples"></a>

### OAuth 2.0 authorizer
<a name="sam-property-httpapi-oauth2authorizer--examples--oauth-2.0-authorizer"></a>

OAuth 2.0 authorizer Example

#### YAML
<a name="sam-property-httpapi-oauth2authorizer--examples--oauth-2.0-authorizer--yaml"></a>

```
Auth:
  Authorizers:
    OAuth2Authorizer:
      AuthorizationScopes:
        - scope1
      JwtConfiguration:
        issuer: "https://www.example.com/v1/connect/oauth2"
        audience:
          - MyApi
      IdentitySource: "$request.querystring.param"
  DefaultAuthorizer: OAuth2Authorizer
```

# HttpApiCorsConfiguration
<a name="sam-property-httpapi-httpapicorsconfiguration"></a>

Manage cross-origin resource sharing (CORS) for your HTTP APIs. Specify the domain to allow as a string or specify a dictionary with additional Cors configuration. NOTE: Cors requires SAM to modify your OpenAPI definition, so it only works with inline OpenApi defined in the `DefinitionBody` property.

For more information about CORS, see [Configuring CORS for an HTTP API](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html) in the *API Gateway Developer Guide*.

Note: If HttpApiCorsConfiguration is set both in OpenAPI and at the property level, AWS SAM merges them with the properties taking precedence.

## Syntax
<a name="sam-property-httpapi-httpapicorsconfiguration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-httpapicorsconfiguration-syntax.yaml"></a>

```
  [AllowCredentials](#sam-httpapi-httpapicorsconfiguration-allowcredentials): Boolean
  [AllowHeaders](#sam-httpapi-httpapicorsconfiguration-allowheaders): List
  [AllowMethods](#sam-httpapi-httpapicorsconfiguration-allowmethods): List
  [AllowOrigins](#sam-httpapi-httpapicorsconfiguration-alloworigins): List
  [ExposeHeaders](#sam-httpapi-httpapicorsconfiguration-exposeheaders): List
  [MaxAge](#sam-httpapi-httpapicorsconfiguration-maxage): Integer
```

## Properties
<a name="sam-property-httpapi-httpapicorsconfiguration-properties"></a>

 `AllowCredentials`   <a name="sam-httpapi-httpapicorsconfiguration-allowcredentials"></a>
Specifies whether credentials are included in the CORS request.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AllowHeaders`   <a name="sam-httpapi-httpapicorsconfiguration-allowheaders"></a>
Represents a collection of allowed headers.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AllowMethods`   <a name="sam-httpapi-httpapicorsconfiguration-allowmethods"></a>
Represents a collection of allowed HTTP methods.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AllowOrigins`   <a name="sam-httpapi-httpapicorsconfiguration-alloworigins"></a>
Represents a collection of allowed origins.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ExposeHeaders`   <a name="sam-httpapi-httpapicorsconfiguration-exposeheaders"></a>
Represents a collection of exposed headers.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `MaxAge`   <a name="sam-httpapi-httpapicorsconfiguration-maxage"></a>
The number of seconds that the browser should cache preflight request results.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-httpapi-httpapicorsconfiguration--examples"></a>

### HttpApiCorsConfiguration
<a name="sam-property-httpapi-httpapicorsconfiguration--examples--httpapicorsconfiguration"></a>

HTTP API Cors Configuration example.

#### YAML
<a name="sam-property-httpapi-httpapicorsconfiguration--examples--httpapicorsconfiguration--yaml"></a>

```
CorsConfiguration:
  AllowOrigins:
    - "https://example.com"
  AllowHeaders:
    - x-apigateway-header
  AllowMethods:
    - GET
  MaxAge: 600
  AllowCredentials: true
```

# HttpApiDefinition
<a name="sam-property-httpapi-httpapidefinition"></a>

An OpenAPI document defining the API.

## Syntax
<a name="sam-property-httpapi-httpapidefinition-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-httpapidefinition-syntax.yaml"></a>

```
  [Bucket](#sam-httpapi-httpapidefinition-bucket): String
  [Key](#sam-httpapi-httpapidefinition-key): String
  [Version](#sam-httpapi-httpapidefinition-version): String
```

## Properties
<a name="sam-property-httpapi-httpapidefinition-properties"></a>

 `Bucket`   <a name="sam-httpapi-httpapidefinition-bucket"></a>
The name of the Amazon S3 bucket where the OpenAPI file is stored.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Bucket](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-api-bodys3location.html#cfn-apigatewayv2-api-bodys3location-bucket)` property of the `AWS::ApiGatewayV2::Api` `BodyS3Location` data type.

 `Key`   <a name="sam-httpapi-httpapidefinition-key"></a>
The Amazon S3 key of the OpenAPI file.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Key](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-api-bodys3location.html#cfn-apigatewayv2-api-bodys3location-key)` property of the `AWS::ApiGatewayV2::Api` `BodyS3Location` data type.

 `Version`   <a name="sam-httpapi-httpapidefinition-version"></a>
For versioned objects, the version of the OpenAPI file.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Version](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-api-bodys3location.html#cfn-apigatewayv2-api-bodys3location-version)` property of the `AWS::ApiGatewayV2::Api` `BodyS3Location` data type.

## Examples
<a name="sam-property-httpapi-httpapidefinition--examples"></a>

### Definition Uri example
<a name="sam-property-httpapi-httpapidefinition--examples--definition-uri-example"></a>

API Definition example

#### YAML
<a name="sam-property-httpapi-httpapidefinition--examples--definition-uri-example--yaml"></a>

```
DefinitionUri:
  Bucket: sam-s3-demo-bucket-name
  Key: mykey-name
  Version: 121212
```

# HttpApiDomainConfiguration
<a name="sam-property-httpapi-httpapidomainconfiguration"></a>

Configures a custom domain for an API.

## Syntax
<a name="sam-property-httpapi-httpapidomainconfiguration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-httpapidomainconfiguration-syntax.yaml"></a>

```
  [BasePath](#sam-httpapi-httpapidomainconfiguration-basepath): List
  [CertificateArn](#sam-httpapi-httpapidomainconfiguration-certificatearn): String
  [DomainName](#sam-httpapi-httpapidomainconfiguration-domainname): String
  [EndpointConfiguration](#sam-httpapi-httpapidomainconfiguration-endpointconfiguration): String
  [MutualTlsAuthentication](#sam-httpapi-httpapidomainconfiguration-mutualtlsauthentication): [MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html#cfn-apigatewayv2-domainname-mutualtlsauthentication)
  [OwnershipVerificationCertificateArn](#sam-httpapi-httpapidomainconfiguration-ownershipverificationcertificatearn): String
  [Route53](#sam-httpapi-httpapidomainconfiguration-route53): Route53Configuration
  [SecurityPolicy](#sam-httpapi-httpapidomainconfiguration-securitypolicy): String
```

## Properties
<a name="sam-property-httpapi-httpapidomainconfiguration-properties"></a>

 `BasePath`   <a name="sam-httpapi-httpapidomainconfiguration-basepath"></a>
A list of the basepaths to configure with the Amazon API Gateway domain name.  
*Type*: List  
*Required*: No  
*Default*: /  
*CloudFormation compatibility*: This property is similar to the `[ApiMappingKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-apimapping.html#cfn-apigatewayv2-apimapping-apimappingkey)` property of an `AWS::ApiGatewayV2::ApiMapping` resource. AWS SAM creates multiple `AWS::ApiGatewayV2::ApiMapping` resources, one per value specified in this property.

 `CertificateArn`   <a name="sam-httpapi-httpapidomainconfiguration-certificatearn"></a>
The Amazon Resource Name (ARN) of an AWS managed certificate for this domain name's endpoint. AWS Certificate Manager is the only supported source.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[CertificateArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-domainname-domainnameconfiguration.html#cfn-apigatewayv2-domainname-domainnameconfiguration-certificatearn)` property of an `AWS::ApiGateway2::DomainName DomainNameConfiguration` resource.

 `DomainName`   <a name="sam-httpapi-httpapidomainconfiguration-domainname"></a>
The custom domain name for your API Gateway API. Uppercase letters are not supported.  
AWS SAM generates an `AWS::ApiGatewayV2::DomainName` resource when this property is set. For information about this scenario, see [DomainName property is specified](sam-specification-generated-resources-httpapi.md#sam-specification-generated-resources-httpapi-domain-name). For information about generated CloudFormation resources, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html#cfn-apigatewayv2-domainname-domainname)` property of an `AWS::ApiGateway2::DomainName` resource.

 `EndpointConfiguration`   <a name="sam-httpapi-httpapidomainconfiguration-endpointconfiguration"></a>
Defines the type of API Gateway endpoint to map to the custom domain. The value of this property determines how the `CertificateArn` property is mapped in CloudFormation.  
The only valid value for HTTP APIs is `REGIONAL`.  
*Type*: String  
*Required*: No  
*Default*: `REGIONAL`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `MutualTlsAuthentication`   <a name="sam-httpapi-httpapidomainconfiguration-mutualtlsauthentication"></a>
The mutual transport layer security (TLS) authentication configuration for a custom domain name.  
*Type*: [MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html#cfn-apigatewayv2-domainname-mutualtlsauthentication)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html#cfn-apigatewayv2-domainname-mutualtlsauthentication)` property of an `AWS::ApiGatewayV2::DomainName` resource.

 `OwnershipVerificationCertificateArn`   <a name="sam-httpapi-httpapidomainconfiguration-ownershipverificationcertificatearn"></a>
The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Required only when you configure mutual TLS and you specify an ACM imported or private CA certificate ARN for the `CertificateArn`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[OwnershipVerificationCertificateArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-domainname-domainnameconfiguration.html#cfn-apigatewayv2-domainname-domainnameconfiguration-ownershipverificationcertificatearn)` property of the `AWS::ApiGatewayV2::DomainName` `DomainNameConfiguration` data type.

 `Route53`   <a name="sam-httpapi-httpapidomainconfiguration-route53"></a>
Defines an Amazon Route 53 configuration.  
*Type*: [Route53Configuration](sam-property-httpapi-route53configuration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SecurityPolicy`   <a name="sam-httpapi-httpapidomainconfiguration-securitypolicy"></a>
The TLS version of the security policy for this domain name.  
The only valid value for HTTP APIs is `TLS_1_2`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[SecurityPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-domainname-domainnameconfiguration.html#cfn-apigatewayv2-domainname-domainnameconfiguration-securitypolicy)` property of the `AWS::ApiGatewayV2::DomainName` `DomainNameConfiguration` data type.

## Examples
<a name="sam-property-httpapi-httpapidomainconfiguration--examples"></a>

### DomainName
<a name="sam-property-httpapi-httpapidomainconfiguration--examples--domainname"></a>

DomainName example

#### YAML
<a name="sam-property-httpapi-httpapidomainconfiguration--examples--domainname--yaml"></a>

```
Domain:
  DomainName: www.example.com
  CertificateArn: arn-example
  EndpointConfiguration: REGIONAL
  Route53:
    HostedZoneId: Z1PA6795UKMFR9
  BasePath:
    - foo
    - bar
```

# Route53Configuration
<a name="sam-property-httpapi-route53configuration"></a>

Configures the Route53 record sets for an API.

## Syntax
<a name="sam-property-httpapi-route53configuration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-route53configuration-syntax.yaml"></a>

```
  [DistributionDomainName](#sam-httpapi-route53configuration-distributiondomainname): String
  [EvaluateTargetHealth](#sam-httpapi-route53configuration-evaluatetargethealth): Boolean
  [HostedZoneId](#sam-httpapi-route53configuration-hostedzoneid): String
  [HostedZoneName](#sam-httpapi-route53configuration-hostedzonename): String
  [IpV6](#sam-httpapi-route53configuration-ipv6): Boolean
  Region: String
  SetIdentifier: String
```

## Properties
<a name="sam-property-httpapi-route53configuration-properties"></a>

 `DistributionDomainName`   <a name="sam-httpapi-route53configuration-distributiondomainname"></a>
Configures a custom distribution of the API custom domain name.  
*Type*: String  
*Required*: No  
*Default*: Use the API Gateway distribution.  
*CloudFormation compatibility*: This property is passed directly to the `[DNSName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget-1.html#cfn-route53-aliastarget-dnshostname)` property of an `AWS::Route53::RecordSetGroup AliasTarget` resource.  
*Additional notes*: The domain name of a [CloudFront distribution](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html).

 `EvaluateTargetHealth`   <a name="sam-httpapi-route53configuration-evaluatetargethealth"></a>
When EvaluateTargetHealth is true, an alias record inherits the health of the referenced AWS resource, such as an Elastic Load Balancing load balancer or another record in the hosted zone.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[EvaluateTargetHealth](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget.html#cfn-route53-aliastarget-evaluatetargethealth)` property of an `AWS::Route53::RecordSetGroup AliasTarget` resource.  
*Additional notes*: You can't set EvaluateTargetHealth to true when the alias target is a CloudFront distribution.

 `HostedZoneId`   <a name="sam-httpapi-route53configuration-hostedzoneid"></a>
The ID of the hosted zone that you want to create records in.  
Specify either `HostedZoneName` or `HostedZoneId`, but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[HostedZoneId](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-hostedzoneid)` property of an `AWS::Route53::RecordSetGroup RecordSet` resource.

 `HostedZoneName`   <a name="sam-httpapi-route53configuration-hostedzonename"></a>
The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.`) as part of the `HostedZoneName`.  
Specify either `HostedZoneName` or `HostedZoneId`, but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[HostedZoneName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-hostedzonename)` property of an `AWS::Route53::RecordSetGroup RecordSet` resource.

 `IpV6`   <a name="sam-httpapi-route53configuration-ipv6"></a>
When this property is set, AWS SAM creates a `AWS::Route53::RecordSet` resource and sets [Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset.html#cfn-route53-recordset-type) to `AAAA` for the provided HostedZone.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

`Region`  <a name="sam-httpapi-route53configuration-region"></a>
*Latency-based resource record sets only:* The Amazon EC2 Region where you created the resource that this resource record set refers to. The resource typically is an AWS resource, such as an EC2 instance or an ELB load balancer, and is referred to by an IP address or a DNS domain name, depending on the record type.  
When Amazon Route 53 receives a DNS query for a domain name and type for which you have created latency resource record sets, Route 53 selects the latency resource record set that has the lowest latency between the end user and the associated Amazon EC2 Region. Route 53 then returns the value that is associated with the selected resource record set.  
Note the following:  
+ You can only specify one `ResourceRecord` per latency resource record set.
+ You can only create one latency resource record set for each Amazon EC2 Region.
+ You aren't required to create latency resource record sets for all Amazon EC2 Regions. Route 53 will choose the region with the best latency from among the regions that you create latency resource record sets for.
+ You can't create non-latency resource record sets that have the same values for the `Name` and `Type` elements as latency resource record sets.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ Region](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-region)` property of an `AWS::Route53::RecordSetGroup` `RecordSet` data type.

`SetIdentifier`  <a name="sam-httpapi-route53configuration-setidentifier"></a>
*Resource record sets that have a routing policy other than simple:* An identifier that differentiates among multiple resource record sets that have the same combination of name and type, such as multiple weighted resource record sets named acme.example.com that have a type of A. In a group of resource record sets that have the same name and type, the value of `SetIdentifier` must be unique for each resource record set.  
For information about routing policies, see [Choosing a routing policy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) in the *Amazon Route 53 Developer Guide*.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ SetIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-setidentifier)` property of an `AWS::Route53::RecordSetGroup` `RecordSet` data type.

## Examples
<a name="sam-property-httpapi-route53configuration--examples"></a>

### Route 53 Configuration Example
<a name="sam-property-httpapi-route53configuration--examples--route-53-configuration-example"></a>

This example shows how to configure Route 53.

#### YAML
<a name="sam-property-httpapi-route53configuration--examples--route-53-configuration-example--yaml"></a>

```
Domain:
  DomainName: www.example.com
  CertificateArn: arn-example
  EndpointConfiguration: EDGE
  Route53:
    HostedZoneId: Z1PA6795UKMFR9
    EvaluateTargetHealth: true
    DistributionDomainName: xyz
```

# AWS::Serverless::LayerVersion
<a name="sam-resource-layerversion"></a>

Creates a Lambda LayerVersion that contains library or runtime code needed by a Lambda Function.

The [AWS::Serverless::LayerVersion](#sam-resource-layerversion) resource also supports the `Metadata` resource attribute, so you can instruct AWS SAM to build layers included in your application. For more information about building layers, see [Building Lambda layers in AWS SAM](building-layers.md).

**Important Note**: Since the release of the [UpdateReplacePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html) resource attribute in CloudFormation, [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html) (recommended) offers the same benefits as [AWS::Serverless::LayerVersion](#sam-resource-layerversion).

When a Serverless LayerVersion is transformed, SAM also transforms the logical id of the resource so that old LayerVersions are not automatically deleted by CloudFormation when the resource is updated.

**Note**  
When you deploy to AWS CloudFormation, AWS SAM transforms your AWS SAM resources into CloudFormation resources. For more information, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).

## Syntax
<a name="sam-resource-layerversion-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-resource-layerversion-syntax.yaml"></a>

```
Type: AWS::Serverless::LayerVersion
Properties:
  [CompatibleArchitectures](#sam-layerversion-compatiblearchitectures): List
  [CompatibleRuntimes](#sam-layerversion-compatibleruntimes): List
  [ContentUri](#sam-layerversion-contenturi): String | LayerContent
  [Description](#sam-layerversion-description): String
  [LayerName](#sam-layerversion-layername): String
  [LicenseInfo](#sam-layerversion-licenseinfo): String
  [PublishLambdaVersion](#sam-layerversion-PublishLambdaVersion): Boolean
  [RetentionPolicy](#sam-layerversion-retentionpolicy): String
```

## Properties
<a name="sam-resource-layerversion-properties"></a>

 `CompatibleArchitectures`   <a name="sam-layerversion-compatiblearchitectures"></a>
Specifies the supported instruction set architectures for the layer version.  
For more information about this property, see [Lambda instruction set architectures](https://docs.aws.amazon.com/lambda/latest/dg/foundation-arch.html) in the *AWS Lambda Developer Guide*.  
*Valid values*: `x86_64`, `arm64`  
*Type*: List  
*Required*: No  
*Default*: `x86_64`  
*CloudFormation compatibility*: This property is passed directly to the `[CompatibleArchitectures](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-compatiblearchitectures)` property of an `AWS::Lambda::LayerVersion` resource.

 `CompatibleRuntimes`   <a name="sam-layerversion-compatibleruntimes"></a>
List of runtimes compatible with this LayerVersion.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[CompatibleRuntimes](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-compatibleruntimes)` property of an `AWS::Lambda::LayerVersion` resource.

 `ContentUri`   <a name="sam-layerversion-contenturi"></a>
Amazon S3 Uri, path to local folder, or LayerContent object of the layer code.  
If an Amazon S3 Uri or LayerContent object is provided, The Amazon S3 object referenced must be a valid ZIP archive that contains the contents of an [Lambda layer](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html).  
If a path to a local folder is provided, for the content to be transformed properly the template must go through the workflow that includes [sam build](sam-cli-command-reference-sam-build.md) followed by either [sam deploy](sam-cli-command-reference-sam-deploy.md) or [sam package](sam-cli-command-reference-sam-package.md). By default, relative paths are resolved with respect to the AWS SAM template's location.  
*Type*: String \$1 [LayerContent](sam-property-layerversion-layercontent.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is similar to the `[Content](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-content)` property of an `AWS::Lambda::LayerVersion` resource. The nested Amazon S3 properties are named differently.

 `Description`   <a name="sam-layerversion-description"></a>
Description of this layer.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-description)` property of an `AWS::Lambda::LayerVersion` resource.

 `LayerName`   <a name="sam-layerversion-layername"></a>
The name or Amazon Resource Name (ARN) of the layer.  
*Type*: String  
*Required*: No  
*Default*: Resource logical id  
*CloudFormation compatibility*: This property is similar to the `[LayerName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-layername)` property of an `AWS::Lambda::LayerVersion` resource. If you don't specify a name, the logical id of the resource will be used as the name.

 `LicenseInfo`   <a name="sam-layerversion-licenseinfo"></a>
Information about the license for this LayerVersion.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[LicenseInfo](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-licenseinfo)` property of an `AWS::Lambda::LayerVersion` resource.

 `PublishLambdaVersion`   <a name="sam-layerversion-PublishLambdaVersion"></a>
An opt-in property that creates a new Lambda version whenever there is a change in the referenced `LayerVersion` resource. When enabled with `AutoPublishAlias` and `AutoPublishAliasAllProperties` in the connected Lambda function, there will be a new Lambda version created for every change made to the `LayerVersion` resource.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `RetentionPolicy`   <a name="sam-layerversion-retentionpolicy"></a>
This property specifies whether old versions of your `LayerVersion` are retained or deleted when you delete a resource. If you need to retain old versions of your `LayerVersion` when updating or replacing a resource, you must have the `UpdateReplacePolicy` attribute enabled. For information on doing this, refer to [`UpdateReplacePolicy` attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html) in the *AWS CloudFormation User Guide*.  
*Valid values*: `Retain` or `Delete`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.  
*Additional notes*: When you specify `Retain`, AWS SAM adds a [Resource attributes supported by AWS SAM](sam-specification-resource-attributes.md) of `DeletionPolicy: Retain` to the transformed `AWS::Lambda::LayerVersion` resource.

## Return Values
<a name="sam-resource-layerversion-return-values"></a>

### Ref
<a name="sam-resource-layerversion-return-values-ref"></a>

When the logical ID of this resource is provided to the `Ref` intrinsic function, it returns the resource ARN of the underlying Lambda LayerVersion.

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) in the *AWS CloudFormation User Guide*. 

## Examples
<a name="sam-resource-layerversion--examples"></a>

### LayerVersionExample
<a name="sam-resource-layerversion--examples--layerversionexample"></a>

Example of a LayerVersion

#### YAML
<a name="sam-resource-layerversion--examples--layerversionexample--yaml"></a>

```
Properties:
  LayerName: MyLayer
  Description: Layer description
  ContentUri: 's3://sam-s3-demo-bucket/my-layer.zip'
  CompatibleRuntimes:
    - nodejs10.x
    - nodejs12.x
  LicenseInfo: 'Available under the MIT-0 license.'
  RetentionPolicy: Retain
```

# LayerContent
<a name="sam-property-layerversion-layercontent"></a>

A ZIP archive that contains the contents of an [Lambda layer](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html).

## Syntax
<a name="sam-property-layerversion-layercontent-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-layerversion-layercontent-syntax.yaml"></a>

```
  [Bucket](#sam-layerversion-layercontent-bucket): String
  [Key](#sam-layerversion-layercontent-key): String
  [Version](#sam-layerversion-layercontent-version): String
```

## Properties
<a name="sam-property-layerversion-layercontent-properties"></a>

 `Bucket`   <a name="sam-layerversion-layercontent-bucket"></a>
The Amazon S3 bucket of the layer archive.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[S3Bucket](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-layerversion-content.html#cfn-lambda-layerversion-content-s3bucket)` property of the `AWS::Lambda::LayerVersion` `Content` data type.

 `Key`   <a name="sam-layerversion-layercontent-key"></a>
The Amazon S3 key of the layer archive.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[S3Key](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-layerversion-content.html#cfn-lambda-layerversion-content-s3key)` property of the `AWS::Lambda::LayerVersion` `Content` data type.

 `Version`   <a name="sam-layerversion-layercontent-version"></a>
For versioned objects, the version of the layer archive object to use.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[S3ObjectVersion](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-layerversion-content.html#cfn-lambda-layerversion-content-s3objectversion)` property of the `AWS::Lambda::LayerVersion` `Content` data type.

## Examples
<a name="sam-property-layerversion-layercontent--examples"></a>

### LayerContent
<a name="sam-property-layerversion-layercontent--examples--layercontent"></a>

Layer Content example

#### YAML
<a name="sam-property-layerversion-layercontent--examples--layercontent--yaml"></a>

```
LayerContent:
  Bucket: amzn-s3-demo-bucket-name
  Key: mykey-name
  Version: 121212
```

# AWS::Serverless::SimpleTable
<a name="sam-resource-simpletable"></a>

Creates a DynamoDB table with a single attribute primary key. It is useful when data only needs to be accessed via a primary key.

For more advanced features, use an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html) resource in CloudFormation. These resouces can be used in AWS SAM. They are comprehensive and provide further customization, including [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-keyschema.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-keyschema.html) and [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-resourcepolicy.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-resourcepolicy.html) customization.

**Note**  
When you deploy to AWS CloudFormation, AWS SAM transforms your AWS SAM resources into CloudFormation resources. For more information, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).

## Syntax
<a name="sam-resource-simpletable-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-resource-simpletable-syntax.yaml"></a>

```
Type: AWS::Serverless::SimpleTable
Properties:
  PointInTimeRecoverySpecification: [PointInTimeRecoverySpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-pointintimerecoveryspecification.html)
  [PrimaryKey](#sam-simpletable-primarykey): PrimaryKeyObject
  [ProvisionedThroughput](#sam-simpletable-provisionedthroughput): ProvisionedThroughputObject
  [SSESpecification](#sam-simpletable-ssespecification): [SSESpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-ssespecification.html)
  [TableName](#sam-simpletable-tablename): String
  [Tags](#sam-simpletable-tags): Map
```

## Properties
<a name="sam-resource-simpletable-properties"></a>

 `PointInTimeRecoverySpecification`   <a name="sam-simpletable-pointintimerecoveryspecification"></a>
The settings used to enable point in time recovery.  
*Type*: [ PointInTimeRecoverySpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-pointintimerecoveryspecification.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[PointInTimeRecoverySpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-pointintimerecoveryspecification.html)` property of an `AWS::DynamoDB::Table` resource.

 `PrimaryKey`   <a name="sam-simpletable-primarykey"></a>
Attribute name and type to be used as the table's primary key. If not provided, the primary key will be a `String` with a value of `id`.  
The value of this property cannot be modified after this resource is created.
*Type*: [PrimaryKeyObject](sam-property-simpletable-primarykeyobject.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ProvisionedThroughput`   <a name="sam-simpletable-provisionedthroughput"></a>
Read and write throughput provisioning information.  
If `ProvisionedThroughput` is not specified `BillingMode` will be specified as `PAY_PER_REQUEST`.  
*Type*: [ProvisionedThroughputObject](sam-property-simpletable-provisionedthroughputobject.md)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ProvisionedThroughput](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-provisionedthroughput.html)` property of an `AWS::DynamoDB::Table` resource.

 `SSESpecification`   <a name="sam-simpletable-ssespecification"></a>
Specifies the settings to enable server-side encryption.  
*Type*: [SSESpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-ssespecification.html)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[SSESpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-ssespecification.html)` property of an `AWS::DynamoDB::Table` resource.

 `TableName`   <a name="sam-simpletable-tablename"></a>
Name for the DynamoDB Table.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[TableName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#cfn-dynamodb-table-tablename)` property of an `AWS::DynamoDB::Table` resource.

 `Tags`   <a name="sam-simpletable-tags"></a>
A map (string to string) that specifies the tags to be added to this SimpleTable. For details about valid keys and values for tags, see [Resource tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) in the *AWS CloudFormation User Guide*.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#cfn-dynamodb-table-tags)` property of an `AWS::DynamoDB::Table` resource. The Tags property in SAM consists of Key:Value pairs; in CloudFormation it consists of a list of Tag objects.

## Return Values
<a name="sam-resource-simpletable-return-values"></a>

### Ref
<a name="sam-resource-simpletable-return-values-ref"></a>

When the logical ID of this resource is provided to the Ref intrinsic function, it returns the resource name of the underlying DynamoDB table.

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) in the *AWS CloudFormation User Guide*. 

## Examples
<a name="sam-resource-simpletable--examples"></a>

### SimpleTableExample
<a name="sam-resource-simpletable--examples--simpletableexample"></a>

Example of a SimpleTable

#### YAML
<a name="sam-resource-simpletable--examples--simpletableexample--yaml"></a>

```
Properties:
  TableName: my-table
  PrimaryKey:
    Name: MyPrimaryKey
    Type: String
  ProvisionedThroughput:
    ReadCapacityUnits: 5
    WriteCapacityUnits: 5
  Tags:
    Department: Engineering
    AppType: Serverless
```

# PrimaryKeyObject
<a name="sam-property-simpletable-primarykeyobject"></a>

The object describing the properties of a primary key.

## Syntax
<a name="sam-property-simpletable-primarykeyobject-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-simpletable-primarykeyobject-syntax.yaml"></a>

```
  [Name](#sam-simpletable-primarykeyobject-name): String
  [Type](#sam-simpletable-primarykeyobject-type): String
```

## Properties
<a name="sam-property-simpletable-primarykeyobject-properties"></a>

 `Name`   <a name="sam-simpletable-primarykeyobject-name"></a>
Attribute name of the primary key.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[AttributeName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-attributedef.html#cfn-dynamodb-attributedef-attributename)` property of the `AWS::DynamoDB::Table` `AttributeDefinition` data type.  
*Additional notes*: This property is also passed to the [AttributeName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-keyschema.html#aws-properties-dynamodb-keyschema-attributename) property of an `AWS::DynamoDB::Table KeySchema` data type.

 `Type`   <a name="sam-simpletable-primarykeyobject-type"></a>
The data type for the primary key.  
*Valid values*: `String`, `Number`, `Binary`  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[AttributeType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-attributedef.html#cfn-dynamodb-attributedef-attributename-attributetype)` property of the `AWS::DynamoDB::Table` `AttributeDefinition` data type.

## Examples
<a name="sam-property-simpletable-primarykeyobject--examples"></a>

### PrimaryKey
<a name="sam-property-simpletable-primarykeyobject--examples--primarykey"></a>

Primary key example.

#### YAML
<a name="sam-property-simpletable-primarykeyobject--examples--primarykey--yaml"></a>

```
Properties:
  PrimaryKey:
    Name: MyPrimaryKey
    Type: String
```

# ProvisionedThroughputObject
<a name="sam-property-simpletable-provisionedthroughputobject"></a>

The object describing the properties of a provisioned throughput.

## Syntax
<a name="sam-property-simpletable-provisionedthroughputobject-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="w2aac13c22c41c19b5b5"></a>

```
  [ReadCapacityUnits](#sam-simpletable-provisionedthroughputobject-readcapacityunits): Integer
  [WriteCapacityUnits](#sam-simpletable-provisionedthroughputobject-writecapacityunits): Integer
```

## Properties
<a name="sam-property-simpletable-provisionedthroughputobject-properties"></a>

 `ReadCapacityUnits`   <a name="sam-simpletable-provisionedthroughputobject-readcapacityunits"></a>
The maximum number of strongly consistent reads consumed per second before DynamoDB returns a `ThrottlingException`.  
*Type*: Integer  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ReadCapacityUnits](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-provisionedthroughput.html#aws-properties-dynamodb-table-provisionedthroughput-properties)` property of the `AWS::DynamoDB::Table` `ProvisionedThroughput` data type.

 `WriteCapacityUnits`   <a name="sam-simpletable-provisionedthroughputobject-writecapacityunits"></a>
The maximum number of writes consumed per second before DynamoDB returns a `ThrottlingException`.  
*Type*: Integer  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[WriteCapacityUnits](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-table-provisionedthroughput.html#aws-properties-dynamodb-table-provisionedthroughput-properties)` property of the `AWS::DynamoDB::Table` `ProvisionedThroughput` data type.

## Examples
<a name="sam-property-simpletable-provisionedthroughputobject--examples"></a>

### ProvisionedThroughput
<a name="sam-property-simpletable-provisionedthroughputobject--examples--provisionedthroughput"></a>

Provisioned throughput example.

#### YAML
<a name="sam-property-simpletable-provisionedthroughputobject--examples--provisionedthroughput--yaml"></a>

```
Properties:
   ProvisionedThroughput:
     ReadCapacityUnits: 5
     WriteCapacityUnits: 5
```

# AWS::Serverless::StateMachine
<a name="sam-resource-statemachine"></a>

Creates an AWS Step Functions state machine, which you can use to orchestrate AWS Lambda functions and other AWS resources to form complex and robust workflows.

For more information about Step Functions, see the [AWS Step Functions Developer Guide](https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html).

**Note**  
When you deploy to AWS CloudFormation, AWS SAM transforms your AWS SAM resources into CloudFormation resources. For more information, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).

## Syntax
<a name="sam-resource-statemachine-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-resource-statemachine-syntax.yaml"></a>

```
Type: AWS::Serverless::StateMachine
Properties:
  AutoPublishAlias: String
  UseAliasAsEventTarget: Boolean
  [Definition](#sam-statemachine-definition): Map
  [DefinitionSubstitutions](#sam-statemachine-definitionsubstitutions): Map
  [DefinitionUri](#sam-statemachine-definitionuri): String | [S3Location](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-definitions3location)
  DeploymentPreference: [DeploymentPreference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stepfunctions-statemachinealias-deploymentpreference.html)
  [Events](#sam-statemachine-events): EventSource
  [Logging](#sam-statemachine-logging): [LoggingConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-loggingconfiguration)
  [Name](#sam-statemachine-name): String
  [PermissionsBoundary](#sam-statemachine-permissionsboundary): String
  [Policies](#sam-statemachine-policies): String | List | Map
  PropagateTags: Boolean
  [RolePath](#sam-statemachine-rolepath): String
  [Role](#sam-statemachine-role): String
  [Tags](#sam-statemachine-tags): Map
  [Tracing](#sam-statemachine-tracing): [TracingConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-tracingconfiguration)
  [Type](#sam-statemachine-type): String
```

## Properties
<a name="sam-resource-statemachine-properties"></a>

 `AutoPublishAlias`   <a name="sam-statemachine-autopublishalias"></a>
The name of the state machine alias. To learn more about using Step Functions state machine aliases, see [ Manage continuous deployments with versions and aliases](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-cd-aliasing-versioning.html) in the *AWS Step Functions Developer Guide*.  
Use `DeploymentPreference` to configure deployment preferences for your alias. If you don’t specify `DeploymentPreference`, AWS SAM will configure traffic to shift to the newer state machine version all at once.  
AWS SAM sets the version’s `DeletionPolicy` and `UpdateReplacePolicy` to `Retain` by default. Previous versions will not be deleted automatically.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the ` [ Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachinealias.html#cfn-stepfunctions-statemachinealias-name)` property of an `AWS::StepFunctions::StateMachineAlias` resource.

 `UseAliasAsEventTarget`   <a name="sam-statemachine-usealiasaseventtarget"></a>
Indicate whether or not to pass the alias, created by using the `AutoPublishAlias` property, to the events source's target defined with [Events](#sam-statemachine-events).  
Specify `True` to use the alias as the events' target.  
*Type*: Boolean  
*Required*: No  
*Default*: `False`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Definition`   <a name="sam-statemachine-definition"></a>
The state machine definition is an object, where the format of the object matches the format of your AWS SAM template file, for example, JSON or YAML. State machine definitions adhere to the [Amazon States Language](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html).  
For an example of an inline state machine definition, see [Examples](#sam-resource-statemachine--examples).  
You must provide either a `Definition` or a `DefinitionUri`.  
*Type*: Map  
*Required*: Conditional  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `DefinitionSubstitutions`   <a name="sam-statemachine-definitionsubstitutions"></a>
A string-to-string map that specifies the mappings for placeholder variables in the state machine definition. This enables you to inject values obtained at runtime (for example, from intrinsic functions) into the state machine definition.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[DefinitionSubstitutions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-definitionsubstitutions)` property of an `AWS::StepFunctions::StateMachine` resource. If any intrinsic functions are specified in an inline state machine definition, AWS SAM adds entries to this property to inject them into the state machine definition.

 `DefinitionUri`   <a name="sam-statemachine-definitionuri"></a>
The Amazon Simple Storage Service (Amazon S3) URI or local file path of the state machine definition written in the [Amazon States Language](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html).  
If you provide a local file path, the template must go through the workflow that includes the `sam deploy` or `sam package` command to correctly transform the definition. To do this, you must use version 0.52.0 or later of the AWS SAM CLI.  
You must provide either a `Definition` or a `DefinitionUri`.  
*Type*: String \$1 [S3Location](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-definitions3location)  
*Required*: Conditional  
*CloudFormation compatibility*: This property is passed directly to the `[DefinitionS3Location](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-definitions3location)` property of an `AWS::StepFunctions::StateMachine` resource.

 `DeploymentPreference`   <a name="sam-statemachine-deploymentpreference"></a>
The settings that enable and configure gradual state machine deployments. To learn more about Step Functions gradual deployments, see [ Manage continuous deployments with versions and aliases](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-cd-aliasing-versioning.html) in the *AWS Step Functions Developer Guide*.  
Specify `AutoPublishAlias` before configuring this property. Your `DeploymentPreference` settings will be applied to the alias specified with `AutoPublishAlias`.  
When you specify `DeploymentPreference`, AWS SAM generates the `StateMachineVersionArn` sub-property value automatically.  
*Type*: [DeploymentPreference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stepfunctions-statemachinealias-deploymentpreference.html)  
*Required*: No  
*CloudFormation compatibility*: AWS SAM generates and attaches the `StateMachineVersionArn` property value to `DeploymentPreference` and passes `DeploymentPreference` to the `[DeploymentPreference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachinealias.html#cfn-stepfunctions-statemachinealias-deploymentpreference)` property of an `AWS::StepFunctions::StateMachineAlias` resource. 

 `Events`   <a name="sam-statemachine-events"></a>
Specifies the events that trigger this state machine. Events consist of a type and a set of properties that depend on the type.  
*Type*: [EventSource](sam-property-statemachine-statemachineeventsource.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Logging`   <a name="sam-statemachine-logging"></a>
Defines which execution history events are logged and where they are logged.  
*Type*: [LoggingConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-loggingconfiguration)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[LoggingConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-loggingconfiguration)` property of an `AWS::StepFunctions::StateMachine` resource.

 `Name`   <a name="sam-statemachine-name"></a>
The name of the state machine.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[StateMachineName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-statemachinename)` property of an `AWS::StepFunctions::StateMachine` resource.

 `PermissionsBoundary`   <a name="sam-statemachine-permissionsboundary"></a>
The ARN of a permissions boundary to use for this state machine's execution role. This property only works if the role is generated for you.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[PermissionsBoundary](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary)` property of an `AWS::IAM::Role` resource.

 `Policies`   <a name="sam-statemachine-policies"></a>
Permission policies for this state machine. Policies will be appended to the state machine's default AWS Identity and Access Management (IAM) execution role.  
This property accepts a single value or list of values. Allowed values include:  
+ [AWS SAM policy templates](serverless-policy-templates.md).
+ The ARN of an [AWS managed policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies) or [customer managed policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#customer-managed-policies).
+ The name of an AWS managed policy from the following [ list](https://github.com/aws/serverless-application-model/blob/develop/samtranslator/internal/data/aws_managed_policies.json).
+ An [ inline IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#inline-policies) formatted in YAML as a map.
If you set the `Role` property, this property is ignored.
*Type*: String \$1 List \$1 Map  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

`PropagateTags`  <a name="sam-statemachine-propagatetags"></a>
Indicate whether or not to pass tags from the `Tags` property to your [AWS::Serverless::StateMachine](sam-specification-generated-resources-statemachine.md) generated resources. Specify `True` to propagate tags in your generated resources.  
*Type*: Boolean  
*Required*: No  
*Default*: `False`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Role`   <a name="sam-statemachine-role"></a>
The ARN of an IAM role to use as this state machine's execution role.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is passed directly to the `[ RoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-rolearn)` property of an `AWS::StepFunctions::StateMachine` resource.

 `RolePath`   <a name="sam-statemachine-rolepath"></a>
The path to the state machine's IAM execution role.  
Use this property when the role is generated for you. Do not use when the role is specified with the `Role` property.  
*Type*: String  
*Required*: Conditional  
*CloudFormation compatibility*: This property is passed directly to the `[Path](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path)` property of an `AWS::IAM::Role` resource.

 `Tags`   <a name="sam-statemachine-tags"></a>
A string-to-string map that specifies the tags added to the state machine and the corresponding execution role. For information about valid keys and values for tags, see the [Tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-tags) property of an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html) resource.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-tags)` property of an `AWS::StepFunctions::StateMachine` resource. AWS SAM automatically adds a `stateMachine:createdBy:SAM` tag to this resource, and to the default role that is generated for it.

 `Tracing`   <a name="sam-statemachine-tracing"></a>
Selects whether or not AWS X-Ray is enabled for the state machine. For more information about using X-Ray with Step Functions, see [AWS X-Ray and Step Functions](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-xray-tracing.html) in the *AWS Step Functions Developer Guide*.  
*Type*: [TracingConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-tracingconfiguration)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[TracingConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-tracingconfiguration)` property of an `AWS::StepFunctions::StateMachine` resource.

 `Type`   <a name="sam-statemachine-type"></a>
The type of the state machine.  
*Valid values*: `STANDARD` or `EXPRESS`  
*Type*: String  
*Required*: No  
*Default*: `STANDARD`  
*CloudFormation compatibility*: This property is passed directly to the `[StateMachineType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html#cfn-stepfunctions-statemachine-statemachinetype)` property of an `AWS::StepFunctions::StateMachine` resource.

## Return Values
<a name="sam-resource-statemachine-return-values"></a>

### Ref
<a name="sam-resource-statemachine-return-values-ref"></a>

When you provide the logical ID of this resource to the Ref intrinsic function, Ref returns the Amazon Resource Name (ARN) of the underlying `AWS::StepFunctions::StateMachine` resource.

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) in the *AWS CloudFormation User Guide*. 

### Fn::GetAtt
<a name="sam-resource-statemachine-return-values-fn--getatt"></a>

`Fn::GetAtt` returns a value for a specified attribute of this type. The following are the available attributes and sample return values. 

For more information about using `Fn::GetAtt`, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) in the *AWS CloudFormation User Guide*. 

`Name`  <a name="Name-fn::getatt"></a>
Returns the name of the state machine, such as `HelloWorld-StateMachine`.

## Examples
<a name="sam-resource-statemachine--examples"></a>

### State Machine Definition File
<a name="sam-resource-statemachine--examples--state-machine-definition-file"></a>

The following is an example of an inline state machine definition that allows a lambda function to invoke state machine. Note that this example expects the `Role` property to configure proper policy to allow invocation. The `my_state_machine.asl.json` file must be written in the [Amazon States Language](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html).

In this example, the `DefinitionSubstitution` entries allow the state machine to include resources that are declared in the AWS SAM template file.

#### YAML
<a name="sam-resource-statemachine--examples--state-machine-definition-file--yaml"></a>

```
MySampleStateMachine:
  Type: AWS::Serverless::StateMachine
  Properties:
    DefinitionUri: statemachine/my_state_machine.asl.json
    Role: arn:aws:iam::123456123456:role/service-role/my-sample-role
    Tracing:
      Enabled: true
    DefinitionSubstitutions:
      MyFunctionArn: !GetAtt MyFunction.Arn
      MyDDBTable: !Ref TransactionTable
```

### Inline State Machine Definition
<a name="sam-resource-statemachine--examples--inline-state-machine-definition"></a>

The following is an example of an inline state machine definition.

In this example, the AWS SAM template file is written in YAML, so the state machine definition is also in YAML. To declare an inline state machine definition in JSON, write your AWS SAM template file in JSON.

#### YAML
<a name="sam-resource-statemachine--examples--inline-state-machine-definition--yaml"></a>

```
MySampleStateMachine:
  Type: AWS::Serverless::StateMachine
  Properties:
    Definition:
      StartAt: MyLambdaState
      States:
        MyLambdaState:
          Type: Task
          Resource: arn:aws:lambda:us-east-1:123456123456:function:my-sample-lambda-app
          End: true
    Role: arn:aws:iam::123456123456:role/service-role/my-sample-role
    Tracing:
      Enabled: true
```

# EventSource
<a name="sam-property-statemachine-statemachineeventsource"></a>

The object describing the source of events which trigger the state machine. Each event consists of a type and a set of properties that depend on that type. For more information about the properties of each event source, see the subtopic corresponding to that type.

## Syntax
<a name="sam-property-statemachine-statemachineeventsource-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-statemachineeventsource-syntax.yaml"></a>

```
  [Properties](#sam-statemachine-statemachineeventsource-properties): Schedule | ScheduleV2 | CloudWatchEvent | EventBridgeRule | Api
  [Type](#sam-statemachine-statemachineeventsource-type): String
```

## Properties
<a name="sam-property-statemachine-statemachineeventsource-properties"></a>

 `Properties`   <a name="sam-statemachine-statemachineeventsource-properties"></a>
An object describing the properties of this event mapping. The set of properties must conform to the defined `Type`.  
*Type*: [Schedule](sam-property-statemachine-statemachineschedule.md) \$1 [ScheduleV2](sam-property-statemachine-statemachineschedulev2.md) \$1 [CloudWatchEvent](sam-property-statemachine-statemachinecloudwatchevent.md) \$1 [EventBridgeRule](sam-property-statemachine-statemachineeventbridgerule.md) \$1 [Api](sam-property-statemachine-statemachineapi.md)  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Type`   <a name="sam-statemachine-statemachineeventsource-type"></a>
The event type.  
*Valid values*: `Api`, `Schedule`, `ScheduleV2`, `CloudWatchEvent`, `EventBridgeRule`  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-statemachine-statemachineeventsource--examples"></a>

### API
<a name="sam-property-statemachine-statemachineeventsource--examples--api"></a>

The following is an example of an event of the `API` type.

#### YAML
<a name="sam-property-statemachine-statemachineeventsource--examples--api--yaml"></a>

```
ApiEvent:
  Type: Api
  Properties:
    Method: get
    Path: /group/{user}
    RestApiId: 
      Ref: MyApi
```

# Api
<a name="sam-property-statemachine-statemachineapi"></a>

The object describing an `Api` event source type. If an [AWS::Serverless::Api](sam-resource-api.md) resource is defined, the path and method values must correspond to an operation in the OpenAPI definition of the API. 

## Syntax
<a name="sam-property-statemachine-statemachineapi-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-statemachineapi-syntax.yaml"></a>

```
  [Auth](#sam-statemachine-statemachineapi-auth): ApiStateMachineAuth
  [Method](#sam-statemachine-statemachineapi-method): String
  [Path](#sam-statemachine-statemachineapi-path): String
  [RestApiId](#sam-statemachine-statemachineapi-restapiid): String
  UnescapeMappingTemplate: Boolean
```

## Properties
<a name="sam-property-statemachine-statemachineapi-properties"></a>

 `Auth`   <a name="sam-statemachine-statemachineapi-auth"></a>
The authorization configuration for this API, path, and method.  
Use this property to override the API's `DefaultAuthorizer` setting for an individual path, when no `DefaultAuthorizer` is specified, or to override the default `ApiKeyRequired` setting.  
*Type*: [ApiStateMachineAuth](sam-property-statemachine-apistatemachineauth.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Method`   <a name="sam-statemachine-statemachineapi-method"></a>
The HTTP method for which this function is invoked.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Path`   <a name="sam-statemachine-statemachineapi-path"></a>
The URI path for which this function is invoked. The value must start with `/`.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `RestApiId`   <a name="sam-statemachine-statemachineapi-restapiid"></a>
The identifier of a `RestApi` resource, which must contain an operation with the given path and method. Typically, this is set to reference an [AWS::Serverless::Api](sam-resource-api.md) resource that is defined in this template.  
If you don't define this property, AWS SAM creates a default [AWS::Serverless::Api](sam-resource-api.md) resource using a generated `OpenApi` document. That resource contains a union of all paths and methods defined by `Api` events in the same template that do not specify a `RestApiId`.  
This property can't reference an [AWS::Serverless::Api](sam-resource-api.md) resource that is defined in another template.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `UnescapeMappingTemplate`   <a name="sam-statemachine-statemachineapi-unescapemappingtemplate"></a>
Unescapes single quotes, by replacing `\'` with `'`, on the input that is passed to the state machine. Use when your input contains single quotes.  
If set to `False` and your input contains single quotes, an error will occur.
*Type*: Boolean  
*Required*: No  
*Default*: False  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-statemachine-statemachineapi--examples"></a>

### ApiEvent
<a name="sam-property-statemachine-statemachineapi--examples--apievent"></a>

The following is an example of an event of the `Api` type.

#### YAML
<a name="sam-property-statemachine-statemachineapi--examples--apievent--yaml"></a>

```
Events:
  ApiEvent:
    Type: Api
    Properties:
      Path: /path
      Method: get
```

# ApiStateMachineAuth
<a name="sam-property-statemachine-apistatemachineauth"></a>

Configures authorization at the event level, for a specific API, path, and method.

## Syntax
<a name="sam-property-statemachine-apistatemachineauth-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-apistatemachineauth-syntax.yaml"></a>

```
  [ApiKeyRequired](#sam-statemachine-apistatemachineauth-apikeyrequired): Boolean
  [AuthorizationScopes](#sam-statemachine-apistatemachineauth-authorizationscopes): List
  [Authorizer](#sam-statemachine-apistatemachineauth-authorizer): String
  [ResourcePolicy](#sam-statemachine-apistatemachineauth-resourcepolicy): ResourcePolicyStatement
```

## Properties
<a name="sam-property-statemachine-apistatemachineauth-properties"></a>

 `ApiKeyRequired`   <a name="sam-statemachine-apistatemachineauth-apikeyrequired"></a>
Requires an API key for this API, path, and method.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AuthorizationScopes`   <a name="sam-statemachine-apistatemachineauth-authorizationscopes"></a>
The authorization scopes to apply to this API, path, and method.  
The scopes that you specify will override any scopes applied by the `DefaultAuthorizer` property if you have specified it.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Authorizer`   <a name="sam-statemachine-apistatemachineauth-authorizer"></a>
The `Authorizer` for a specific state machine.  
If you have specified a global authorizer for the API and want to make this state machine public, override the global authorizer by setting `Authorizer` to `NONE`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ResourcePolicy`   <a name="sam-statemachine-apistatemachineauth-resourcepolicy"></a>
Configure the resource policy for this API and path.  
*Type*: [ResourcePolicyStatement](sam-property-statemachine-resourcepolicystatement.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-statemachine-apistatemachineauth--examples"></a>

### StateMachine-Auth
<a name="sam-property-statemachine-apistatemachineauth--examples--statemachine-auth"></a>

The following example specifies authorization at the state machine level.

#### YAML
<a name="sam-property-statemachine-apistatemachineauth--examples--statemachine-auth--yaml"></a>

```
Auth:
  ApiKeyRequired: true
  Authorizer: NONE
```

# ResourcePolicyStatement
<a name="sam-property-statemachine-resourcepolicystatement"></a>

Configures a resource policy for all methods and paths of an API. For more information about resource policies, see [Controlling access to an API with API Gateway resource policies](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies.html) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-statemachine-resourcepolicystatement-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-resourcepolicystatement-syntax.yaml"></a>

```
  [AwsAccountBlacklist](#sam-statemachine-resourcepolicystatement-awsaccountblacklist): List
  [AwsAccountWhitelist](#sam-statemachine-resourcepolicystatement-awsaccountwhitelist): List
  [CustomStatements](#sam-statemachine-resourcepolicystatement-customstatements): List
  [IntrinsicVpcBlacklist](#sam-statemachine-resourcepolicystatement-intrinsicvpcblacklist): List
  [IntrinsicVpcWhitelist](#sam-statemachine-resourcepolicystatement-intrinsicvpcwhitelist): List
  [IntrinsicVpceBlacklist](#sam-statemachine-resourcepolicystatement-intrinsicvpceblacklist): List
  [IntrinsicVpceWhitelist](#sam-statemachine-resourcepolicystatement-intrinsicvpcewhitelist): List
  [IpRangeBlacklist](#sam-statemachine-resourcepolicystatement-iprangeblacklist): List
  [IpRangeWhitelist](#sam-statemachine-resourcepolicystatement-iprangewhitelist): List
  [SourceVpcBlacklist](#sam-statemachine-resourcepolicystatement-sourcevpcblacklist): List
  [SourceVpcWhitelist](#sam-statemachine-resourcepolicystatement-sourcevpcwhitelist): List
```

## Properties
<a name="sam-property-statemachine-resourcepolicystatement-properties"></a>

 `AwsAccountBlacklist`   <a name="sam-statemachine-resourcepolicystatement-awsaccountblacklist"></a>
The AWS accounts to block.  
*Type*: List of String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AwsAccountWhitelist`   <a name="sam-statemachine-resourcepolicystatement-awsaccountwhitelist"></a>
The AWS accounts to allow. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List of String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `CustomStatements`   <a name="sam-statemachine-resourcepolicystatement-customstatements"></a>
A list of custom resource policy statements to apply to this API. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpcBlacklist`   <a name="sam-statemachine-resourcepolicystatement-intrinsicvpcblacklist"></a>
The list of virtual private clouds (VPCs) to block, where each VPC is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpcWhitelist`   <a name="sam-statemachine-resourcepolicystatement-intrinsicvpcwhitelist"></a>
The list of VPCs to allow, where each VPC is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html).  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpceBlacklist`   <a name="sam-statemachine-resourcepolicystatement-intrinsicvpceblacklist"></a>
The list of VPC endpoints to block, where each VPC endpoint is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html).  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IntrinsicVpceWhitelist`   <a name="sam-statemachine-resourcepolicystatement-intrinsicvpcewhitelist"></a>
The list of VPC endpoints to allow, where each VPC endpoint is specified as a reference such as a [dynamic reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html) or the `Ref` [intrinsic function](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html). For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IpRangeBlacklist`   <a name="sam-statemachine-resourcepolicystatement-iprangeblacklist"></a>
The IP addresses or address ranges to block. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IpRangeWhitelist`   <a name="sam-statemachine-resourcepolicystatement-iprangewhitelist"></a>
The IP addresses or address ranges to allow.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SourceVpcBlacklist`   <a name="sam-statemachine-resourcepolicystatement-sourcevpcblacklist"></a>
The source VPC or VPC endpoints to block. Source VPC names must start with `"vpc-"` and source VPC endpoint names must start with `"vpce-"`. For an example use of this property, see the Examples section at the bottom of this page.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SourceVpcWhitelist`   <a name="sam-statemachine-resourcepolicystatement-sourcevpcwhitelist"></a>
The source VPC or VPC endpoints to allow. Source VPC names must start with `"vpc-"` and source VPC endpoint names must start with `"vpce-"`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-statemachine-resourcepolicystatement--examples"></a>

### Resource Policy Example
<a name="sam-property-statemachine-resourcepolicystatement--examples--resource-policy-example"></a>

The following example blocks two IP addresses and a source VPC, and allows an AWS account.

#### YAML
<a name="sam-property-statemachine-resourcepolicystatement--examples--resource-policy-example--yaml"></a>

```
Auth:
  ResourcePolicy:
    CustomStatements: [{
                         "Effect": "Allow",
                         "Principal": "*",
                         "Action": "execute-api:Invoke",
                         "Resource": "execute-api:/Prod/GET/pets",
                         "Condition": {
                           "IpAddress": {
                             "aws:SourceIp": "1.2.3.4"
                           }
                         }
                       }]
    IpRangeBlacklist:
      - "10.20.30.40"
      - "1.2.3.4"
    SourceVpcBlacklist:
      - "vpce-1a2b3c4d"
    AwsAccountWhitelist:
      - "111122223333"
    IntrinsicVpcBlacklist:
      - "{{resolve:ssm:SomeVPCReference:1}}" 
      - !Ref MyVPC
    IntrinsicVpceWhitelist:
      - "{{resolve:ssm:SomeVPCEReference:1}}" 
      - !Ref MyVPCE
```

# CloudWatchEvent
<a name="sam-property-statemachine-statemachinecloudwatchevent"></a>

The object describing a `CloudWatchEvent` event source type.

AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html) resource when this event type is set.

**Important Note**: [EventBridgeRule](sam-property-statemachine-statemachineeventbridgerule.md) is the preferred event source type to use, instead of `CloudWatchEvent`. `EventBridgeRule` and `CloudWatchEvent` use the same underlying service, API, and CloudFormation resources. However, AWS SAM will add support for new features only to `EventBridgeRule`.

## Syntax
<a name="sam-property-statemachine-statemachinecloudwatchevent-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-statemachinecloudwatchevent-syntax.yaml"></a>

```
  [EventBusName](#sam-statemachine-statemachinecloudwatchevent-eventbusname): String
  [Input](#sam-statemachine-statemachinecloudwatchevent-input): String
  [InputPath](#sam-statemachine-statemachinecloudwatchevent-inputpath): String
  [Pattern](#sam-statemachine-statemachinecloudwatchevent-pattern): [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)
```

## Properties
<a name="sam-property-statemachine-statemachinecloudwatchevent-properties"></a>

 `EventBusName`   <a name="sam-statemachine-statemachinecloudwatchevent-eventbusname"></a>
The event bus to associate with this rule. If you omit this property, AWS SAM uses the default event bus.  
*Type*: String  
*Required*: No  
*Default*: Default event bus  
*CloudFormation compatibility*: This property is passed directly to the `[EventBusName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventbusname)` property of an `AWS::Events::Rule` resource.

 `Input`   <a name="sam-statemachine-statemachinecloudwatchevent-input"></a>
Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-input)` property of an `AWS::Events::Rule Target` resource.

 `InputPath`   <a name="sam-statemachine-statemachinecloudwatchevent-inputpath"></a>
When you don't want to pass the entire matched event to the target, use the `InputPath` property to describe which part of the event to pass.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[InputPath](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-inputpath)` property of an `AWS::Events::Rule Target` resource.

 `Pattern`   <a name="sam-statemachine-statemachinecloudwatchevent-pattern"></a>
Describes which events are routed to the specified target. For more information, see [Events and Event Patterns in EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) in the *Amazon EventBridge User Guide*.  
*Type*: [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)` property of an `AWS::Events::Rule` resource.

## Examples
<a name="sam-property-statemachine-statemachinecloudwatchevent--examples"></a>

### CloudWatchEvent
<a name="sam-property-statemachine-statemachinecloudwatchevent--examples--cloudwatchevent"></a>

The following is an example of a `CloudWatchEvent` event source type.

#### YAML
<a name="sam-property-statemachine-statemachinecloudwatchevent--examples--cloudwatchevent--yaml"></a>

```
CWEvent:
  Type: CloudWatchEvent
  Properties:
    Input: '{"Key": "Value"}'
    Pattern:
      detail:
        state:
          - running
```

# EventBridgeRule
<a name="sam-property-statemachine-statemachineeventbridgerule"></a>

The object describing an `EventBridgeRule` event source type, which sets your state machine as the target for an Amazon EventBridge rule. For more information, see [What Is Amazon EventBridge?](https://docs.aws.amazon.com/eventbridge/latest/userguide/what-is-amazon-eventbridge.html) in the *Amazon EventBridge User Guide*.

AWS SAM generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html) resource when this event type is set.

## Syntax
<a name="sam-property-statemachine-statemachineeventbridgerule-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-statemachineeventbridgerule-syntax.yaml"></a>

```
  DeadLetterConfig: DeadLetterConfig
  EventBusName: String
  Input: String
  InputPath: String
  InputTransformer: [InputTransformer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-inputtransformer.html)
  Pattern: [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)
  RetryPolicy: [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)
  RuleName: String
  State: String
  Target: Target
```

## Properties
<a name="sam-property-statemachine-statemachineeventbridgerule-properties"></a>

 `DeadLetterConfig`   <a name="sam-statemachine-statemachineeventbridgerule-deadletterconfig"></a>
Configure the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn't exist, or when EventBridge has insufficient permissions to invoke the Lambda function. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.  
*Type*: [DeadLetterConfig](sam-property-statemachine-statemachinedeadletterconfig.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[DeadLetterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-deadletterconfig)` property of the `AWS::Events::Rule` `Target` data type. The AWS SAM version of this property includes additional subproperties, in case you want AWS SAM to create the dead-letter queue for you.

 `EventBusName`   <a name="sam-statemachine-statemachineeventbridgerule-eventbusname"></a>
The event bus to associate with this rule. If you omit this property, AWS SAM uses the default event bus.  
*Type*: String  
*Required*: No  
*Default*: Default event bus  
*CloudFormation compatibility*: This property is passed directly to the `[EventBusName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventbusname)` property of an `AWS::Events::Rule` resource.

 `Input`   <a name="sam-statemachine-statemachineeventbridgerule-input"></a>
Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-input)` property of an `AWS::Events::Rule Target` resource.

 `InputPath`   <a name="sam-statemachine-statemachineeventbridgerule-inputpath"></a>
When you don't want to pass the entire matched event to the target, use the `InputPath` property to describe which part of the event to pass.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[InputPath](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-inputpath)` property of an `AWS::Events::Rule Target` resource.

`InputTransformer`  <a name="sam-statemachine-statemachineeventbridgerule-inputtransformer"></a>
Settings to enable you to provide custom input to a target based on certain event data. You can extract one or more key-value pairs from the event and then use that data to send customized input to the target. For more information, see [ Amazon EventBridge input transformation](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-transform-target-input.html) in the *Amazon EventBridge User Guide*.  
*Type*: [InputTransformer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-inputtransformer)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[InputTransformer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-inputtransformer.html) ` property of an `AWS::Events::Rule` `Target` data type.

 `Pattern`   <a name="sam-statemachine-statemachineeventbridgerule-pattern"></a>
Describes which events are routed to the specified target. For more information, see [Events and Event Patterns in EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) in the *Amazon EventBridge User Guide*.  
*Type*: [EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[EventPattern](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-eventpattern)` property of an `AWS::Events::Rule` resource.

 `RetryPolicy`   <a name="sam-statemachine-statemachineeventbridgerule-retrypolicy"></a>
A `RetryPolicy` object that includes information about the retry policy settings. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.  
*Type*: [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)` property of the `AWS::Events::Rule` `Target` data type.

 `RuleName`   <a name="sam-statemachine-statemachineeventbridgerule-rulename"></a>
The name of the rule.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-name)` property of an `AWS::Events::Rule` resource.

`State`  <a name="sam-statemachine-statemachineeventbridgerule-state"></a>
The state of the rule.  
*Valid values*: `[ DISABLED | ENABLED ]`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state)` property of an `AWS::Events::Rule` resource.

 `Target`   <a name="sam-statemachine-statemachineeventbridgerule-target"></a>
The AWS resource that EventBridge invokes when a rule is triggered. You can use this property to specify the logical ID of the target. If this property is not specified, then AWS SAM generates the logical ID of the target.  
*Type*: [Target](sam-property-statemachine-statemachinetarget.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Targets](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-targets)` property of an `AWS::Events::Rule` resource. The AWS SAM version of this property only allows you to specify the logical ID of a single target.

## Examples
<a name="sam-property-statemachine-statemachineeventbridgerule--examples"></a>

### EventBridgeRule
<a name="sam-property-statemachine-statemachineeventbridgerule--examples--eventbridgerule"></a>

The following is an example of an `EventBridgeRule` event source type.

#### YAML
<a name="sam-property-statemachine-statemachineeventbridgerule--examples--eventbridgerule--yaml"></a>

```
EBRule:
  Type: EventBridgeRule
  Properties:
    Input: '{"Key": "Value"}'
    Pattern:
      detail:
        state:
          - terminated
```

# DeadLetterConfig
<a name="sam-property-statemachine-statemachinedeadletterconfig"></a>

The object used to specify the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a state machine that doesn’t exist, or insufficient permissions to invoke the state machine. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.

## Syntax
<a name="sam-property-statemachine-statemachinedeadletterconfig-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-statemachinedeadletterconfig-syntax.yaml"></a>

```
  [Arn](#sam-statemachine-statemachinedeadletterconfig-arn): String
  [QueueLogicalId](#sam-statemachine-statemachinedeadletterconfig-queuelogicalid): String
  [Type](#sam-statemachine-statemachinedeadletterconfig-type): String
```

## Properties
<a name="sam-property-statemachine-statemachinedeadletterconfig-properties"></a>

 `Arn`   <a name="sam-statemachine-statemachinedeadletterconfig-arn"></a>
The Amazon Resource Name (ARN) of the Amazon SQS queue specified as the target for the dead-letter queue.  
Specify either the `Type` property or `Arn` property, but not both.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Arn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-deadletterconfig.html#cfn-events-rule-deadletterconfig-arn)` property of the `AWS::Events::Rule` `DeadLetterConfig` data type.

 `QueueLogicalId`   <a name="sam-statemachine-statemachinedeadletterconfig-queuelogicalid"></a>
The custom name of the dead letter queue that AWS SAM creates if `Type` is specified.  
If the `Type` property is not set, this property is ignored.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Type`   <a name="sam-statemachine-statemachinedeadletterconfig-type"></a>
The type of the queue. When this property is set, AWS SAM automatically creates a dead-letter queue and attaches necessary [resource-based policy](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html#dlq-perms) to grant permission to rule resource to send events to the queue.  
Specify either the `Type` property or `Arn` property, but not both.
*Valid values*: `SQS`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-statemachine-statemachinedeadletterconfig--examples"></a>

### DeadLetterConfig
<a name="sam-property-statemachine-statemachinedeadletterconfig--examples--deadletterconfig"></a>

DeadLetterConfig

#### YAML
<a name="sam-property-statemachine-statemachinedeadletterconfig--examples--deadletterconfig--yaml"></a>

```
DeadLetterConfig:
  Type: SQS
  QueueLogicalId: MyDLQ
```

# Target
<a name="sam-property-statemachine-statemachinetarget"></a>

Configures the AWS resource that EventBridge invokes when a rule is triggered.

## Syntax
<a name="sam-property-statemachine-statemachinetarget-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-statemachinetarget-syntax.yaml"></a>

```
  [Id](#sam-statemachine-statemachinetarget-id): String
```

## Properties
<a name="sam-property-statemachine-statemachinetarget-properties"></a>

 `Id`   <a name="sam-statemachine-statemachinetarget-id"></a>
The logical ID of the target.  
The value of `Id` can include alphanumeric characters, periods (`.`), hyphens (`-`), and underscores (`_`).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Id](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-id)` property of the `AWS::Events::Rule` `Target` data type.

## Examples
<a name="sam-property-statemachine-statemachinetarget--examples"></a>

### Target
<a name="sam-property-statemachine-statemachinetarget--examples--target"></a>

#### YAML
<a name="sam-property-statemachine-statemachinetarget--examples--target--yaml"></a>

```
EBRule:
  Type: EventBridgeRule
  Properties:
    Target:
      Id: MyTarget
```

# Schedule
<a name="sam-property-statemachine-statemachineschedule"></a>

The object describing a `Schedule` event source type, which sets your state machine as the target of an EventBridge rule that triggers on a schedule. For more information, see [What Is Amazon EventBridge?](https://docs.aws.amazon.com/eventbridge/latest/userguide/what-is-amazon-eventbridge.html) in the *Amazon EventBridge User Guide*.

AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html) resource when this event type is set.

## Syntax
<a name="sam-property-statemachine-statemachineschedule-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-statemachineschedule-syntax.yaml"></a>

```
  [DeadLetterConfig](#sam-statemachine-statemachineschedule-deadletterconfig): DeadLetterConfig
  [Description](#sam-statemachine-statemachineschedule-description): String
  [Enabled](#sam-statemachine-statemachineschedule-enabled): Boolean
  [Input](#sam-statemachine-statemachineschedule-input): String
  [Name](#sam-statemachine-statemachineschedule-name): String
  [RetryPolicy](#sam-statemachine-statemachineschedule-retrypolicy): [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)
  [RoleArn](#sam-statemachine-statemachineschedulev-rolearn): String
  [Schedule](#sam-statemachine-statemachineschedule-schedule): String
  [State](#sam-statemachine-statemachineschedule-state): String
  Target: Target
```

## Properties
<a name="sam-property-statemachine-statemachineschedule-properties"></a>

 `DeadLetterConfig`   <a name="sam-statemachine-statemachineschedule-deadletterconfig"></a>
Configure the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn't exist, or when EventBridge has insufficient permissions to invoke the Lambda function. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.  
*Type*: [DeadLetterConfig](sam-property-statemachine-statemachinescheduledeadletterconfig.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[DeadLetterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-deadletterconfig)` property of the `AWS::Events::Rule` `Target` data type. The AWS SAM version of this property includes additional subproperties, in case you want AWS SAM to create the dead-letter queue for you.

 `Description`   <a name="sam-statemachine-statemachineschedule-description"></a>
A description of the rule.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-description)` property of an `AWS::Events::Rule` resource.

 `Enabled`   <a name="sam-statemachine-statemachineschedule-enabled"></a>
Indicates whether the rule is enabled.  
To disable the rule, set this property to `false`.  
Specify either the `Enabled` or `State` property, but not both.
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state)` property of an `AWS::Events::Rule` resource. If this property is set to `true` then AWS SAM passes `ENABLED`, otherwise it passes `DISABLED`.

 `Input`   <a name="sam-statemachine-statemachineschedule-input"></a>
Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-input)` property of an `AWS::Events::Rule Target` resource.

 `Name`   <a name="sam-statemachine-statemachineschedule-name"></a>
The name of the rule. If you don't specify a name, CloudFormation generates a unique physical ID and uses that ID for the rule name.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-name)` property of an `AWS::Events::Rule` resource.

 `RetryPolicy`   <a name="sam-statemachine-statemachineschedule-retrypolicy"></a>
A `RetryPolicy` object that includes information about the retry policy settings. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.  
*Type*: [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-retrypolicy)` property of the `AWS::Events::Rule` `Target` data type.

 `RoleArn`   <a name="sam-statemachine-statemachineschedulev-rolearn"></a>
The ARN of the IAM role that EventBridge Scheduler will use for the target when the schedule is invoked.  
*Type*: [RoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-rolearn)  
*Required*: No. If not provided, a new role will be created and used.  
*CloudFormation compatibility*: This property is passed directly to the `[RoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-rolearn)` property of the `AWS::Scheduler::Schedule` `Target` data type.

 `Schedule`   <a name="sam-statemachine-statemachineschedule-schedule"></a>
The scheduling expression that determines when and how often the rule runs. For more information, see [Schedule Expressions for Rules](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule-schedule.html).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ScheduleExpression](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-scheduleexpression)` property of an `AWS::Events::Rule` resource.

 `State`   <a name="sam-statemachine-statemachineschedule-state"></a>
The state of the rule.  
*Accepted values:* `DISABLED | ENABLED`  
Specify either the `Enabled` or `State` property, but not both.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-state)` property of an `AWS::Events::Rule` resource.

 `Target`   <a name="sam-statemachine-statemachineschedule-target"></a>
The AWS resource that EventBridge invokes when a rule is triggered. You can use this property to specify the logical ID of the target. If this property is not specified, then AWS SAM generates the logical ID of the target.  
*Type*: [Target](sam-property-statemachine-statemachinetarget.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Targets](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html#cfn-events-rule-targets)` property of an `AWS::Events::Rule` resource. The AWS SAM version of this property only allows you to specify the logical ID of a single target.

## Examples
<a name="sam-property-statemachine-statemachineschedule--examples"></a>

### CloudWatch Schedule Event
<a name="sam-property-statemachine-statemachineschedule--examples--cloudwatch-schedule-event"></a>

CloudWatch Schedule Event Example

#### YAML
<a name="sam-property-statemachine-statemachineschedule--examples--cloudwatch-schedule-event--yaml"></a>

```
CWSchedule:
  Type: Schedule
  Properties:
    Schedule: 'rate(1 minute)'
    Name: TestSchedule
    Description: test schedule
    Enabled: false
```

# DeadLetterConfig
<a name="sam-property-statemachine-statemachinescheduledeadletterconfig"></a>

The object used to specify the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a state machine that doesn’t exist, or insufficient permissions to invoke the state machine. For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html) in the *Amazon EventBridge User Guide*.

## Syntax
<a name="sam-property-statemachine-statemachinescheduledeadletterconfig-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-statemachinescheduledeadletterconfig-syntax.yaml"></a>

```
  [Arn](#sam-statemachine-statemachinescheduledeadletterconfig-arn): String
  [QueueLogicalId](#sam-statemachine-statemachinescheduledeadletterconfig-queuelogicalid): String
  [Type](#sam-statemachine-statemachinescheduledeadletterconfig-type): String
```

## Properties
<a name="sam-property-statemachine-statemachinescheduledeadletterconfig-properties"></a>

 `Arn`   <a name="sam-statemachine-statemachinescheduledeadletterconfig-arn"></a>
The Amazon Resource Name (ARN) of the Amazon SQS queue specified as the target for the dead-letter queue.  
Specify either the `Type` property or `Arn` property, but not both.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Arn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-deadletterconfig.html#cfn-events-rule-deadletterconfig-arn)` property of the `AWS::Events::Rule` `DeadLetterConfig` data type.

 `QueueLogicalId`   <a name="sam-statemachine-statemachinescheduledeadletterconfig-queuelogicalid"></a>
The custom name of the dead letter queue that AWS SAM creates if `Type` is specified.  
If the `Type` property is not set, this property is ignored.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Type`   <a name="sam-statemachine-statemachinescheduledeadletterconfig-type"></a>
The type of the queue. When this property is set, AWS SAM automatically creates a dead-letter queue and attaches necessary [resource-based policy](https://docs.aws.amazon.com/eventbridge/latest/userguide/rule-dlq.html#dlq-perms) to grant permission to rule resource to send events to the queue.  
Specify either the `Type` property or `Arn` property, but not both.
*Valid values*: `SQS`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-statemachine-statemachinescheduledeadletterconfig--examples"></a>

### DeadLetterConfig
<a name="sam-property-statemachine-statemachinescheduledeadletterconfig--examples--deadletterconfig"></a>

DeadLetterConfig

#### YAML
<a name="sam-property-statemachine-statemachinescheduledeadletterconfig--examples--deadletterconfig--yaml"></a>

```
DeadLetterConfig:
  Type: SQS
  QueueLogicalId: MyDLQ
```

# Target
<a name="sam-property-statemachine-statemachinescheduletarget"></a>

Configures the AWS resource that EventBridge invokes when a rule is triggered.

## Syntax
<a name="sam-property-statemachine-statemachinescheduletarget-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-statemachinescheduletarget-syntax.yaml"></a>

```
  [Id](#sam-statemachine-statemachinescheduletarget-id): String
```

## Properties
<a name="sam-property-statemachine-statemachinescheduletarget-properties"></a>

 `Id`   <a name="sam-statemachine-statemachinescheduletarget-id"></a>
The logical ID of the target.  
The value of `Id` can include alphanumeric characters, periods (`.`), hyphens (`-`), and underscores (`_`).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Id](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html#cfn-events-rule-target-id)` property of the `AWS::Events::Rule` `Target` data type.

## Examples
<a name="sam-property-statemachine-statemachinescheduletarget--examples"></a>

### Target
<a name="sam-property-statemachine-statemachinescheduletarget--examples--target"></a>

#### YAML
<a name="sam-property-statemachine-statemachinescheduletarget--examples--target--yaml"></a>

```
EBRule:
  Type: Schedule
  Properties:
    Target:
      Id: MyTarget
```

# ScheduleV2
<a name="sam-property-statemachine-statemachineschedulev2"></a>

The object describing a `ScheduleV2` event source type, which sets your state machine as the target of an Amazon EventBridge Scheduler event that triggers on a schedule. For more information, see [What is Amazon EventBridge Scheduler?](https://docs.aws.amazon.com/scheduler/latest/UserGuide/what-is-scheduler.html) in the *EventBridge Scheduler User Guide*.

AWS Serverless Application Model (AWS SAM) generates an [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html) resource when this event type is set.

## Syntax
<a name="sam-property-statemachine-statemachineschedulev2-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-statemachine-statemachineschedulev2-syntax.yaml"></a>

```
DeadLetterConfig: DeadLetterConfig
[Description](#sam-statemachine-statemachineschedulev2-description): String
[EndDate](#sam-statemachine-statemachineschedulev2-enddate): String
[FlexibleTimeWindow](#sam-statemachine-statemachineschedulev2-flexibletimewindow): FlexibleTimeWindow
[GroupName](#sam-statemachine-statemachineschedulev2-groupname): String
[Input](#sam-statemachine-statemachineschedulev2-input): String
[KmsKeyArn](#sam-statemachine-statemachineschedulev2-kmskeyarn): String
[Name](#sam-statemachine-statemachineschedulev2-name): String
OmitName: Boolean
[PermissionsBoundary](#sam-statemachine-statemachineschedulev2-permissionsboundary): String
[RetryPolicy](#sam-statemachine-statemachineschedulev2-retrypolicy): RetryPolicy
[RoleArn](#sam-statemachine-statemachineschedulev2-rolearn): String
[ScheduleExpression](#sam-statemachine-statemachineschedulev2-scheduleexpression): String
[ScheduleExpressionTimezone](#sam-statemachine-statemachineschedulev2-scheduleexpressiontimezone): String
[StartDate](#sam-statemachine-statemachineschedulev2-startdate): String
[State](#sam-statemachine-statemachineschedulev2-state): String
```

## Properties
<a name="sam-property-statemachine-statemachineschedulev2-properties"></a>

 `DeadLetterConfig`   <a name="sam-statemachine-statemachineschedulev2-deadletterconfig"></a>
Configure the Amazon Simple Queue Service (Amazon SQS) queue where EventBridge sends events after a failed target invocation. Invocation can fail, for example, when sending an event to a Lambda function that doesn't exist, or when EventBridge has insufficient permissions to invoke the Lambda function. For more information, see [Configuring a dead-letter queue for EventBridge Scheduler](https://docs.aws.amazon.com/scheduler/latest/UserGuide/configuring-schedule-dlq.html) in the *EventBridge Scheduler User Guide*.  
*Type*: [DeadLetterConfig](sam-property-statemachine-statemachinescheduledeadletterconfig.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[DeadLetterConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-deadletterconfig)` property of the `AWS::Scheduler::Schedule` `Target` data type. The AWS SAM version of this property includes additional subproperties, in case you want AWS SAM to create the dead-letter queue for you.

 `Description`   <a name="sam-statemachine-statemachineschedulev2-description"></a>
A description of the schedule.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Description](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-description)` property of an `AWS::Scheduler::Schedule` resource.

 `EndDate`   <a name="sam-statemachine-statemachineschedulev2-enddate"></a>
The date, in UTC, before which the schedule can invoke its target. Depending on the schedule's recurrence expression, invocations might stop on, or before, the **EndDate** you specify.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[EndDate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-enddate)` property of an `AWS::Scheduler::Schedule` resource.

 `FlexibleTimeWindow`   <a name="sam-statemachine-statemachineschedulev2-flexibletimewindow"></a>
Allows configuration of a window within which a schedule can be invoked.  
*Type*: [FlexibleTimeWindow](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-flexibletimewindow)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FlexibleTimeWindow](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler.html#cfn-scheduler-schedule-flexibletimewindow)` property of an `AWS::Scheduler::Schedule` resource.

 `GroupName`   <a name="sam-statemachine-statemachineschedulev2-groupname"></a>
The name of the schedule group to associate with this schedule. If not defined, the default group is used.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[GroupName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-groupname)` property of an `AWS::Scheduler::Schedule` resource.

 `Input`   <a name="sam-statemachine-statemachineschedulev2-input"></a>
Valid JSON text passed to the target. If you use this property, nothing from the event text itself is passed to the target.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Input](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-input)` property of an `AWS::Scheduler::Schedule Target` resource.

 `KmsKeyArn`   <a name="sam-statemachine-statemachineschedulev2-kmskeyarn"></a>
The ARN for a KMS Key that will be used to encrypt customer data.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[KmsKeyArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-kmskeyarn)` property of an `AWS::Scheduler::Schedule` resource.

 `Name`   <a name="sam-statemachine-statemachineschedulev2-name"></a>
The name of the schedule. If you don't specify a name, AWS SAM generates a name in the format `StateMachine-Logical-IDEvent-Source-Name` and uses that ID for the schedule name.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Name](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-name)` property of an `AWS::Scheduler::Schedule` resource.

`OmitName`  <a name="sam-statemachine-statemachineschedulev2-omitname"></a>
By default, AWS SAM generates and uses a schedule name in the format of *<State-machine-logical-ID><event-source-name>*. Set this property to `true` to have CloudFormation generate a unique physical ID and use that for the schedule name instead.  
*Type*: Boolean  
*Required*: No  
*Default*: `false`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `PermissionsBoundary`   <a name="sam-statemachine-statemachineschedulev2-permissionsboundary"></a>
The ARN of the policy used to set the permissions boundary for the role.  
If `PermissionsBoundary` is defined, AWS SAM will apply the same boundaries to the scheduler schedule's target IAM role.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[PermissionsBoundary](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-permissionsboundary)` property of an `AWS::IAM::Role` resource.

 `RetryPolicy`   <a name="sam-statemachine-statemachineschedulev2-retrypolicy"></a>
A `RetryPolicy` object that includes information about the retry policy settings.  
*Type*: [RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-retrypolicy)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RetryPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-retrypolicy)` property of the `AWS::Scheduler::Schedule` `Target` data type.

 `RoleArn`   <a name="sam-statemachine-statemachineschedulev2-rolearn"></a>
The ARN of the IAM role that EventBridge Scheduler will use for the target when the schedule is invoked.  
*Type*: [RoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-rolearn)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RoleArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-scheduler-schedule-target.html#cfn-scheduler-schedule-target-rolearn)` property of the `AWS::Scheduler::Schedule` `Target` data type.

 `ScheduleExpression`   <a name="sam-statemachine-statemachineschedulev2-scheduleexpression"></a>
The scheduling expression that determines when and how often the schedule runs.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[ScheduleExpression](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-scheduleexpression)` property of an `AWS::Scheduler::Schedule` resource.

 `ScheduleExpressionTimezone`   <a name="sam-statemachine-statemachineschedulev2-scheduleexpressiontimezone"></a>
The timezone in which the scheduling expression is evaluated.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ScheduleExpressionTimezone](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-scheduleexpressiontimezone)` property of an `AWS::Scheduler::Schedule` resource.

 `StartDate`   <a name="sam-statemachine-statemachineschedulev2-startdate"></a>
The date, in UTC, after which the schedule can begin invoking a target. Depending on the schedule's recurrence expression, invocations might occur on, or after, the **StartDate** you specify.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[StartDate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-startdate)` property of an `AWS::Scheduler::Schedule` resource.

 `State`   <a name="sam-statemachine-statemachineschedulev2-state"></a>
The state of the schedule.  
*Accepted values:* `DISABLED | ENABLED`  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[State](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-scheduler-schedule.html#cfn-scheduler-schedule-state)` property of an `AWS::Scheduler::Schedule` resource.

## Examples
<a name="sam-property-statemachine-statemachineschedulev2--examples"></a>

### Basic example of defining a ScheduleV2 resource
<a name="sam-property-statemachine-statemachineschedulev2--examples--example1"></a>

```
StateMachine:
  Type: AWS::Serverless::StateMachine
  Properties:
    Name: MyStateMachine
    Events:
      ScheduleEvent:
        Type: ScheduleV2
        Properties:
          ScheduleExpression: "rate(1 minute)"
      ComplexScheduleEvent:
        Type: ScheduleV2
        Properties:
          ScheduleExpression: rate(1 minute)
          FlexibleTimeWindow:
            Mode: FLEXIBLE
            MaximumWindowInMinutes: 5
          StartDate: '2022-12-28T12:00:00.000Z'
          EndDate: '2023-01-28T12:00:00.000Z'
          ScheduleExpressionTimezone: UTC
          RetryPolicy:
            MaximumRetryAttempts: 5
            MaximumEventAgeInSeconds: 300
          DeadLetterConfig:
            Type: SQS
    DefinitionUri:
      Bucket: sam-sam-s3-demo-bucket
      Key: my-state-machine.asl.json
      Version: 3
    Policies:
      - LambdaInvokePolicy:
          FunctionName: !Ref MyFunction
```

# Generated CloudFormation resources for AWS SAM
<a name="sam-specification-generated-resources"></a>

This section provides details on the CloudFormation resources that are created when AWS SAM processes your AWS template. The set of CloudFormation resources that AWS SAM generates differs depending on the scenarios you specify. A *scenario* is the combination of AWS SAM resources and properties specified in your template file. You can reference the generated CloudFormation resources elsewhere within your template file, similar to how you reference resources that you declare explicitly in your template file.

For example, if you specify an `AWS::Serverless::Function` resource in your AWS SAM template file, AWS SAM always generates an `AWS::Lambda::Function` base resource. If you also specify the optional `AutoPublishAlias` property, AWS SAM additionally generates `AWS::Lambda::Alias` and `AWS::Lambda::Version` resources.

This section lists the scenarios and the CloudFormation resources that they generate, and shows how to reference the generated CloudFormation resources in your AWS SAM template file.

## Referencing generated CloudFormation resources
<a name="sam-specification-generated-resources-referencing"></a>

You have two options for referencing generated CloudFormation resources within your AWS SAM template file, by `LogicalId` or by referenceable property.

### Referencing generated CloudFormation resources by LogicalId
<a name="sam-specification-generated-resources-referencing-logicalid"></a>

The CloudFormation resources that AWS SAM generates each have a `[LogicalId](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html#resources-section-structure-logicalid)`, which is an alphanumeric (A-Z, a-z, 0-9) identifier that is unique within a template file. AWS SAM uses the `LogicalIds` of the AWS SAM resources in your template file to construct the `LogicalIds` of the CloudFormation resources it generates. You can use the `LogicalId` of a generated CloudFormation resource to access properties of that resource within your template file, just like you would for an CloudFormation resource that you have explicitly declared. For more information about `LogicalIds` in CloudFormation and AWS SAM templates, see [Resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html) in the *AWS CloudFormation User Guide*.

**Note**  
The `LogicalIds` of some generated resources include a unique hash value to avoid namespace clashes. The `LogicalIds` of these resources are derived when the stack is created. You can retrieve them only after the stack has been created using the AWS Management Console, AWS CLI, or one of the AWS SDKs. We don't recommend referencing these resources by `LogicalId` because the hash values might change.

### Referencing generated CloudFormation resources by referenceable property
<a name="sam-specification-generated-resources-referencing-referenceable-property"></a>

For some generated resources, AWS SAM provides a referenceable property of the AWS SAM resource. You can use this property to reference a generated CloudFormation resource and its properties within your AWS SAM template file.

**Note**  
Not all generated CloudFormation resources have referenceable properties. For those resources, you must use the `LogicalId`.

## Generated CloudFormation resource scenarios
<a name="sam-specification-generated-resources-scenarios"></a>

The following table summarizes the AWS SAM resources and properties that make up the scenarios that generate CloudFormation resources. The topics in the **Scenarios** column provide details about the additional CloudFormation resources that AWS SAM generates for that scenario.


| AWS SAM resource | Base CloudFormation resource | Scenarios | 
| --- | --- | --- | 
| AWS::Serverless::Api  | [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html) |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources.html)  | 
| AWS::Serverless::Application  | [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html) |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources.html)  | 
| AWS::Serverless::CapacityProvider  | [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-capacityprovider.html) |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources.html)  | 
| AWS::Serverless::Function | [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html) |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources.html)  | 
| AWS::Serverless::HttpApi | [AWS::ApiGatewayV2::Api](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html) |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources.html)  | 
| AWS::Serverless::LayerVersion  | [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html) |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources.html)  | 
| AWS::Serverless::SimpleTable  | [AWS::DynamoDB::Table](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html) |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources.html)  | 
| AWS::Serverless::StateMachine  | [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html) |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources.html)  | 

**Topics**
+ [

## Referencing generated CloudFormation resources
](#sam-specification-generated-resources-referencing)
+ [

## Generated CloudFormation resource scenarios
](#sam-specification-generated-resources-scenarios)
+ [

# CloudFormation resources generated when AWS::Serverless::Api is specified
](sam-specification-generated-resources-api.md)
+ [

# CloudFormation resources generated when AWS::Serverless::Application is specified
](sam-specification-generated-resources-application.md)
+ [

# CloudFormation resources generated when AWS::Serverless::CapacityProvider is specified
](sam-specification-generated-resources-capacityprovider.md)
+ [

# CloudFormation resources generated when you specify AWS::Serverless::Connector
](sam-specification-generated-resources-connector.md)
+ [

# CloudFormation resources generated when AWS::Serverless::Function is specified
](sam-specification-generated-resources-function.md)
+ [

# CloudFormation resources generated when AWS::Serverless::GraphQLApi is specified
](sam-specification-generated-resources-graphqlapi.md)
+ [

# CloudFormation resources generated when AWS::Serverless::HttpApi is specified
](sam-specification-generated-resources-httpapi.md)
+ [

# CloudFormation resources generated when AWS::Serverless::LayerVersion is specified
](sam-specification-generated-resources-layerversion.md)
+ [

# CloudFormation resources generated when AWS::Serverless::SimpleTable is specified
](sam-specification-generated-resources-simpletable.md)
+ [

# CloudFormation resources generated when AWS::Serverless::StateMachine is specified
](sam-specification-generated-resources-statemachine.md)

# CloudFormation resources generated when AWS::Serverless::Api is specified
<a name="sam-specification-generated-resources-api"></a>

When an `AWS::Serverless::Api` is specified, AWS Serverless Application Model (AWS SAM) always generates an `AWS::ApiGateway::RestApi` base CloudFormation resource. In addition, it also always generates an `AWS::ApiGateway::Stage` and an `AWS::ApiGateway::Deployment` resource.

**`AWS::ApiGateway::RestApi`**  
*`LogicalId`: *`<api‑LogicalId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

**`AWS::ApiGateway::Stage`**  
*`LogicalId`: *`<api‑LogicalId><stage‑name>Stage`  
`<stage‑name>` is the string that the `StageName` property is set to. For example, if you set `StageName` to `Gamma`, the `LogicalId` is `MyRestApiGammaStage`.  
*Referenceable property: *`<api‑LogicalId>.Stage`

**`AWS::ApiGateway::Deployment`**  
*`LogicalId`: *`<api‑LogicalId>Deployment<sha>`  
`<sha>` is a unique hash value that is generated when the stack is created. For example, `MyRestApiDeployment926eeb5ff1`.  
*Referenceable property: *`<api‑LogicalId>.Deployment`

In addition to these CloudFormation resources, when `AWS::Serverless::Api` is specified, AWS SAM generates additional CloudFormation resources for the following scenarios.

**Topics**
+ [

## DomainName property is specified
](#sam-specification-generated-resources-api-domain-name)
+ [

## UsagePlan property is specified
](#sam-specification-generated-resources-api-usage-plan)

## DomainName property is specified
<a name="sam-specification-generated-resources-api-domain-name"></a>

When the `DomainName` property of the `Domain` property of an `AWS::Serverless::Api` is specified, AWS SAM generates the `AWS::ApiGateway::DomainName` CloudFormation resource.

**`AWS::ApiGateway::DomainName`**  
*`LogicalId`: *`ApiGatewayDomainName<sha>`  
`<sha>` is a unique hash value that is generated when the stack is created. For example: `ApiGatewayDomainName926eeb5ff1`.  
*Referenceable property: *`<api‑LogicalId>.DomainName`

## UsagePlan property is specified
<a name="sam-specification-generated-resources-api-usage-plan"></a>

When the `UsagePlan` property of the `Auth` property of an `AWS::Serverless::Api` is specified, AWS SAM generates the following CloudFormation resources: `AWS::ApiGateway::UsagePlan`, `AWS::ApiGateway::UsagePlanKey`, and `AWS::ApiGateway::ApiKey`.

**`AWS::ApiGateway::UsagePlan`**  
*`LogicalId`: *`<api‑LogicalId>UsagePlan`  
*Referenceable property: *`<api‑LogicalId>.UsagePlan`

**`AWS::ApiGateway::UsagePlanKey`**  
*`LogicalId`: *`<api‑LogicalId>UsagePlanKey`  
*Referenceable property: *`<api‑LogicalId>.UsagePlanKey`

**`AWS::ApiGateway::ApiKey`**  
*`LogicalId`: *`<api‑LogicalId>ApiKey`  
*Referenceable property: *`<api‑LogicalId>.ApiKey`

# CloudFormation resources generated when AWS::Serverless::Application is specified
<a name="sam-specification-generated-resources-application"></a>

When an `AWS::Serverless::Application` is specified, AWS Serverless Application Model (AWS SAM) generates an `AWS::CloudFormation::Stack` base CloudFormation resource.

**`AWS::CloudFormation::Stack`**  
*`LogicalId`: *`<application‑LogicalId>`   
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

# CloudFormation resources generated when AWS::Serverless::CapacityProvider is specified
<a name="sam-specification-generated-resources-capacityprovider"></a>

When an `AWS::Serverless::CapacityProvider` is specified, AWS Serverless Application Model (AWS SAM) generates an `AWS::Lambda::CapacityProvider` base CloudFormation resource.

**`AWS::Lambda::CapacityProvider`**  
*`LogicalId`: *`<capacityprovider‑LogicalId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

In addition to this CloudFormation resource, when `AWS::Serverless::CapacityProvider` is specified, AWS SAM also generates CloudFormation resources for the following scenarios:

**Topics**
+ [

## OperatorRole property is not specified
](#sam-specification-generated-resources-capacityprovider-iam-role)

## OperatorRole property is not specified
<a name="sam-specification-generated-resources-capacityprovider-iam-role"></a>

When the `OperatorRole` property of an `AWS::Serverless::CapacityProvider` is *not* specified, AWS SAM generates an `AWS::IAM::Role` CloudFormation resource with the `AWSLambdaManagedEC2ResourceOperator` managed policy attached.

**`AWS::IAM::Role`**  
*`LogicalId`: *`<capacityprovider‑LogicalId>OperatorRole`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

# CloudFormation resources generated when you specify AWS::Serverless::Connector
<a name="sam-specification-generated-resources-connector"></a>

**Note**  
When you define connectors through the embedded `Connectors` property, it is first transformed into an `AWS::Serverless::Connector` resource before generating these resources.

When you specify an `AWS::Serverless::Connector` resource in an AWS SAM template, AWS SAM generates the following AWS CloudFormation resources as needed.

**`AWS::IAM::ManagedPolicy`**  
 *`LogicalId`:*`<connector‑LogicalId>Policy`   
 *Referenceable property:* N/A (To reference this CloudFormation resource, you must use the `LogicalId`.) 

**`AWS::SNS::TopicPolicy`**  
 *`LogicalId`:*`<connector‑LogicalId>TopicPolicy`   
 *Referenceable property:* N/A (To reference this CloudFormation resource, you must use the `LogicalId`.) 

**`AWS::SQS::QueuePolicy`**  
 *`LogicalId`:*`<connector‑LogicalId>QueuePolicy`   
 *Referenceable property:* N/A (To reference this CloudFormation resource, you must use the `LogicalId`.) 

**`AWS::Lambda::Permission`**  
 *`LogicalId`:*`<connector‑LogicalId><permission>LambdaPermission`   
 `<permission>` is a permission specified by the `Permissions` property. For example, `Write`.   
*Referenceable property:* N/A (To reference this CloudFormation resource, you must use the `LogicalId`.) 

# CloudFormation resources generated when AWS::Serverless::Function is specified
<a name="sam-specification-generated-resources-function"></a>

When an `AWS::Serverless::Function` is specified, AWS Serverless Application Model (AWS SAM) always creates an `AWS::Lambda::Function` base CloudFormation resource.

**`AWS::Lambda::Function`**  
*`LogicalId`: *`<function‑LogicalId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

In addition to this CloudFormation resource, when `AWS::Serverless::Function` is specified, AWS SAM also generates CloudFormation resources for the following scenarios.

**Topics**
+ [

## Core function properties
](#sam-specification-generated-resources-function-core-properties)
+ [

## Event sources
](#sam-specification-generated-resources-function-event-sources)
+ [

## Event configuration
](#sam-specification-generated-resources-function-event-configuration)

## Core function properties
<a name="sam-specification-generated-resources-function-core-properties"></a>

The following scenarios generate CloudFormation resources based on core function properties:

### Role property is not specified
<a name="sam-specification-generated-resources-function-not-role"></a>

When the `Role` property of an `AWS::Serverless::Function` is *not* specified, AWS SAM generates an `AWS::IAM::Role` CloudFormation resource.

**`AWS::IAM::Role`**  
*`LogicalId`: *`<function‑LogicalId>Role`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

### AutoPublishAlias property is specified
<a name="sam-specification-generated-resources-function-autopublishalias"></a>

When the `AutoPublishAlias` property of an `AWS::Serverless::Function` is specified, AWS SAM generates the following CloudFormation resources: `AWS::Lambda::Alias` and `AWS::Lambda::Version`.

**`AWS::Lambda::Alias`**  
*`LogicalId`: *`<function‑LogicalId>Alias<alias‑name>`  
`<alias‑name>` is the string that `AutoPublishAlias` is set to. For example, if you set `AutoPublishAlias` to `live`, the `LogicalId` is: *MyFunction*Alias*live*.  
*Referenceable property: *`<function‑LogicalId>.Alias`

**`AWS::Lambda::Version`**  
*`LogicalId`: *`<function‑LogicalId>Version<sha>`  
`<sha>` is a unique hash value that is generated when the stack is created. For example, *MyFunction*Version*926eeb5ff1*.  
*Referenceable property: *`<function‑LogicalId>.Version`

For additional information on the `AutoPublishAlias` property, see the [Properties section of AWS::Serverless::Function](sam-resource-function.md#sam-resource-function-properties).

### DeploymentPreference property is specified
<a name="sam-specification-generated-resources-function-deploymentpreference"></a>

When the `DeploymentPreference` property of an `AWS::Serverless::Function` is specified, AWS SAM generates the following resources CloudFormation resources: `AWS::CodeDeploy::Application` and `AWS::CodeDeploy::DeploymentGroup`. In addition, if the `Role` property of the `DeploymentPreference` object is *not* specified, AWS SAM also generates an `AWS::IAM::Role` CloudFormation resource.

**`AWS::CodeDeploy::Application`**  
*`LogicalId`: *`ServerlessDeploymentApplication`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

**`AWS::CodeDeploy::DeploymentGroup`**  
*`LogicalId`: *`<function‑LogicalId>DeploymentGroup`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

**`AWS::IAM::Role`**  
*`LogicalId`: *`CodeDeployServiceRole`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

### FunctionUrlConfig property is specified
<a name="sam-specification-generated-resources-function-functionurlconfig"></a>

When the `FunctionUrlConfig` property is specified, AWS SAM generates different CloudFormation resources based on the `AuthType`.

When `AuthType: NONE` is specified, AWS SAM generates the following CloudFormation resources:

**`AWS::Lambda::Permission` (Invoke Access)**  
*`LogicalId`: *`<function‑LogicalId>URLInvokeAllowPublicAccess`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

**`AWS::Lambda::Permission` (Public Access)**  
*`LogicalId`: *`<function‑LogicalId>UrlPublicPermissions`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

**`AWS::Lambda::Url`**  
*`LogicalId`: *`<function‑LogicalId>Url`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

When `AuthType: AWS_IAM` is specified, AWS SAM generates only:

**`AWS::Lambda::Url`**  
*`LogicalId`: *`<function‑LogicalId>Url`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

For additional information on the `FunctionUrlConfig` property, see [FunctionUrlConfig](sam-property-function-functionurlconfig.md).

## Event sources
<a name="sam-specification-generated-resources-function-event-sources"></a>

The following scenarios generate CloudFormation resources based on event sources:

### An Api event source is specified
<a name="sam-specification-generated-resources-function-api"></a>

When the `Event` property of an `AWS::Serverless::Function` is set to `Api`, but the `RestApiId` property is *not* specified, AWS SAM generates the `AWS::ApiGateway::RestApi` CloudFormation resource.

**`AWS::ApiGateway::RestApi`**  
*`LogicalId`: *`ServerlessRestApi`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

### An HttpApi event source is specified
<a name="sam-specification-generated-resources-function-httpapi"></a>

When the `Event` property of an `AWS::Serverless::Function` is set to `HttpApi`, but the `ApiId` property is *not* specified, AWS SAM generates the `AWS::ApiGatewayV2::Api` CloudFormation resource.

**`AWS::ApiGatewayV2::Api`**  
*`LogicalId`: *`ServerlessHttpApi`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

### A streaming event source is specified
<a name="sam-specification-generated-resources-function-streaming"></a>

When the `Event` property of an `AWS::Serverless::Function` is set to one of the streaming types, AWS SAM generates the `AWS::Lambda::EventSourceMapping` CloudFormation resource. This applies to the following types: `DynamoDB`, `Kinesis`, `MQ`, `MSK`, and `SQS`.

**`AWS::Lambda::EventSourceMapping`**  
*`LogicalId`: *`<function‑LogicalId><event‑LogicalId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

### An event bridge (or event bus) event source is specified
<a name="sam-specification-generated-resources-function-eventbridge"></a>

When the `Event` property of an `AWS::Serverless::Function` is set to one of the event bridge (or event bus) types, AWS SAM generates the `AWS::Events::Rule` CloudFormation resource. This applies to the following types: `EventBridgeRule`, `Schedule`, and `CloudWatchEvents`.

**`AWS::Events::Rule`**  
*`LogicalId`: *`<function‑LogicalId><event‑LogicalId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

### An IotRule event source is specified
<a name="sam-specification-generated-resources-function-iotrule"></a>

When the `Event` property of an `AWS::Serverless::Function` is set to IoTRule, AWS SAM generates the `AWS::IoT::TopicRule` CloudFormation resource.

**`AWS::IoT::TopicRule`**  
*`LogicalId`: *`<function‑LogicalId><event‑LogicalId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

## Event configuration
<a name="sam-specification-generated-resources-function-event-configuration"></a>

The following scenarios generate CloudFormation resources based on event configuration:

### OnSuccess (or OnFailure) property is specified for Amazon SNS events
<a name="sam-specification-generated-resources-function-sns-onsuccess"></a>

When the `OnSuccess` (or `OnFailure`) property of the `DestinationConfig` property of the `EventInvokeConfig` property of an `AWS::Serverless::Function` is specified, and the destination type is `SNS` but the destination ARN is *not* specified, AWS SAM generates the following CloudFormation resources: `AWS::Lambda::EventInvokeConfig` and `AWS::SNS::Topic`.

**`AWS::Lambda::EventInvokeConfig`**  
*`LogicalId`: *`<function‑LogicalId>EventInvokeConfig`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

**`AWS::SNS::Topic`**  
*`LogicalId`: *`<function‑LogicalId>OnSuccessTopic` (or `<function‑LogicalId>OnFailureTopic`)  
*Referenceable property: *`<function‑LogicalId>.DestinationTopic`  
If both `OnSuccess` and `OnFailure` are specified for an Amazon SNS event, to distinguish between the generated resources, you must use the `LogicalId`.

### OnSuccess (or OnFailure) property is specified for Amazon SQS events
<a name="sam-specification-generated-resources-function-sqs-onsuccess"></a>

When the `OnSuccess` (or `OnFailure`) property of the `DestinationConfig` property of the `EventInvokeConfig` property of an `AWS::Serverless::Function` is specified, and the destination type is `SQS` but the destination ARN is *not* specified, AWS SAM generates the following CloudFormation resources: `AWS::Lambda::EventInvokeConfig` and `AWS::SQS::Queue`.

**`AWS::Lambda::EventInvokeConfig`**  
*`LogicalId`: *`<function‑LogicalId>EventInvokeConfig`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

**`AWS::SQS::Queue`**  
*`LogicalId`: *`<function‑LogicalId>OnSuccessQueue` (or `<function‑LogicalId>OnFailureQueue`)  
*Referenceable property: *`<function‑LogicalId>.DestinationQueue`  
If both `OnSuccess` and `OnFailure` are specified for an Amazon SQS event, to distinguish between the generated resources, you must use the `LogicalId`.

# CloudFormation resources generated when AWS::Serverless::GraphQLApi is specified
<a name="sam-specification-generated-resources-graphqlapi"></a>

When you specify an `AWS::Serverless::GraphQLApi` resource in an AWS Serverless Application Model (AWS SAM) template, AWS SAM always creates the following base AWS CloudFormation resources.

**`AWS::AppSync::DataSource`**  
*`LogicalId`: *`<graphqlapi-LogicalId><datasource-RelativeId><datasource-Type>DataSource`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

**`AWS::AppSync::FunctionConfiguration`**  
*`LogicalId`: *`<graphqlapi-LogicalId><function-RelativeId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

**`AWS::AppSync::GraphQLApi`**  
*`LogicalId`: *`<graphqlapi-LogicalId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

**`AWS::AppSync::GraphQLSchema`**  
*`LogicalId`: *`<graphqlapi-LogicalId>Schema`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

**`AWS::AppSync::Resolver`**  
*`LogicalId`: *`<graphqlapi-LogicalId><OperationType><resolver-RelativeId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

In addition to these CloudFormation resources, when `AWS::Serverless::GraphQLApi` is specified, AWS SAM may also generate the following CloudFormation resources.

`AWS::AppSync::ApiCache`  
*`LogicalId`: *`<graphqlapi-LogicalId>ApiCache`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

`AWS::AppSync::ApiKey`  
*`LogicalId`: *`<graphqlapi-LogicalId><apikey-RelativeId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

`AWS::AppSync::DomainName`  
*`LogicalId`: *`<graphqlapi-LogicalId>DomainName`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

`AWS::AppSync::DomainNameApiAssociation`  
*`LogicalId`: *`<graphqlapi-LogicalId>DomainNameApiAssociation`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

AWS SAM may also use the `AWS::Serverless::Connector` resource to provision permissions. For more information, see [CloudFormation resources generated when you specify AWS::Serverless::Connector](sam-specification-generated-resources-connector.md).

# CloudFormation resources generated when AWS::Serverless::HttpApi is specified
<a name="sam-specification-generated-resources-httpapi"></a>

When an `AWS::Serverless::HttpApi` is specified, AWS Serverless Application Model (AWS SAM) generates an `AWS::ApiGatewayV2::Api` base CloudFormation resource.

**`AWS::ApiGatewayV2::Api`**  
*`LogicalId`: *`<httpapi‑LogicalId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

In addition to this CloudFormation resource, when `AWS::Serverless::HttpApi` is specified, AWS SAM also generates CloudFormation resources for the following scenarios:

**Topics**
+ [

## StageName property is specified
](#sam-specification-generated-resources-httpapi-stage-name)
+ [

## StageName property is *not* specified
](#sam-specification-generated-resources-httpapi-not-stage-name)
+ [

## DomainName property is specified
](#sam-specification-generated-resources-httpapi-domain-name)

## StageName property is specified
<a name="sam-specification-generated-resources-httpapi-stage-name"></a>

When the `StageName` property of an `AWS::Serverless::HttpApi` is specified, AWS SAM generates the `AWS::ApiGatewayV2::Stage` CloudFormation resource.

**`AWS::ApiGatewayV2::Stage`**  
*`LogicalId`: *`<httpapi‑LogicalId><stage‑name>Stage`  
`<stage‑name>` is the string that the `StageName` property is set to. For example, if you set `StageName` to `Gamma`, the `LogicalId` is: *MyHttpApiGamma*Stage.  
*Referenceable property: *`<httpapi‑LogicalId>.Stage`

## StageName property is *not* specified
<a name="sam-specification-generated-resources-httpapi-not-stage-name"></a>

When the `StageName` property of an `AWS::Serverless::HttpApi` is *not* specified, AWS SAM generates the `AWS::ApiGatewayV2::Stage` CloudFormation resource.

**`AWS::ApiGatewayV2::Stage`**  
*`LogicalId`: *`<httpapi‑LogicalId>ApiGatewayDefaultStage`  
*Referenceable property: *`<httpapi‑LogicalId>.Stage`

## DomainName property is specified
<a name="sam-specification-generated-resources-httpapi-domain-name"></a>

When the `DomainName` property of the `Domain` property of an `AWS::Serverless::HttpApi` is specified, AWS SAM generates the `AWS::ApiGatewayV2::DomainName` CloudFormation resource.

**`AWS::ApiGatewayV2::DomainName`**  
*`LogicalId`: *`ApiGatewayDomainNameV2<sha>`  
`<sha>` is a unique hash value that is generated when the stack is created. For example, `ApiGatewayDomainNameV2`*926eeb5ff1*.  
*Referenceable property: *`<httpapi‑LogicalId>.DomainName`

# CloudFormation resources generated when AWS::Serverless::LayerVersion is specified
<a name="sam-specification-generated-resources-layerversion"></a>

When an `AWS::Serverless::LayerVersion` is specified, AWS Serverless Application Model (AWS SAM) generates an `AWS::Lambda::LayerVersion` base CloudFormation resource.

**`AWS::Lambda::LayerVersion`**  
*`LogicalId`: *`<layerversion‑LogicalId>`   
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

# CloudFormation resources generated when AWS::Serverless::SimpleTable is specified
<a name="sam-specification-generated-resources-simpletable"></a>

When an `AWS::Serverless::SimpleTable` is specified, AWS Serverless Application Model (AWS SAM) generates an `AWS::DynamoDB::Table` base CloudFormation resource.

**`AWS::DynamoDB::Table`**  
*`LogicalId`: *`<simpletable‑LogicalId>`   
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

# CloudFormation resources generated when AWS::Serverless::StateMachine is specified
<a name="sam-specification-generated-resources-statemachine"></a>

When an `AWS::Serverless::StateMachine` is specified, AWS Serverless Application Model (AWS SAM) generates an `AWS::StepFunctions::StateMachine` base CloudFormation resource.

**`AWS::StepFunctions::StateMachine`**  
*`LogicalId`: *`<statemachine‑LogicalId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

In addition to this CloudFormation resource, when `AWS::Serverless::StateMachine` is specified, AWS SAM also generates CloudFormation resources for the following scenarios:

**Topics**
+ [

## Role property is not specified
](#sam-specification-generated-resources-statemachine-not-role)
+ [

## An API event source is specified
](#sam-specification-generated-resources-statemachine-api)
+ [

## An event bridge (or event bus) event source is specified
](#sam-specification-generated-resources-statemachine-eventbridge)

## Role property is not specified
<a name="sam-specification-generated-resources-statemachine-not-role"></a>

When the `Role` property of an `AWS::Serverless::StateMachine` is *not* specified, AWS SAM generates an `AWS::IAM::Role` CloudFormation resource.

**`AWS::IAM::Role`**  
*`LogicalId`: *`<statemachine‑LogicalId>Role`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

## An API event source is specified
<a name="sam-specification-generated-resources-statemachine-api"></a>

When the `Event` property of an `AWS::Serverless::StateMachine` is set to `Api`, but the `RestApiId` property is *not* specified, AWS SAM generates the `AWS::ApiGateway::RestApi` CloudFormation resource.

**`AWS::ApiGateway::RestApi`**  
*`LogicalId`: *`ServerlessRestApi`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

## An event bridge (or event bus) event source is specified
<a name="sam-specification-generated-resources-statemachine-eventbridge"></a>

When the `Event` property of an `AWS::Serverless::StateMachine` is set to one of the event bridge (or event bus) types, AWS SAM generates the `AWS::Events::Rule` CloudFormation resource. This applies to the following types: `EventBridgeRule`, `Schedule`, and `CloudWatchEvents`.

**`AWS::Events::Rule`**  
*`LogicalId`: *`<statemachine‑LogicalId><event‑LogicalId>`  
*Referenceable property: *N/A (you must use the `LogicalId` to reference this CloudFormation resource)

# Resource attributes supported by AWS SAM
<a name="sam-specification-resource-attributes"></a>

Resource attributes are attributes that you can add to AWS SAM and CloudFormation resources to control additional behaviors and relationships. For more information about resource attributes, see [Resource Attribute Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-product-attribute-reference.html) in the *AWS CloudFormation User Guide*.

AWS SAM support a subset of resource attributes that are defined by CloudFormation. Of the supported resource attributes, some are copied to only the base generated CloudFormation resource of the corresponding AWS SAM resource, and some are copied to all generated CloudFormation resources resulting from the corresponding AWS SAM resource. For more information about CloudFormation resources generated from corresponding AWS SAM resources, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).

The following table summarizes resource attribute support by AWS SAM, subject to the [Exceptions](#sam-specification-resource-attributes-exceptions) listed below.


| Resource attributes | Destination generated resource(s) | 
| --- | --- | 
|  ** [DependsOn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) ** ** [Metadata](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-metadata.html) **1, 2  |  Base CloudFormation generated resource only. For information about the mapping between AWS SAM resources and base CloudFormation resources, see [Generated CloudFormation resource scenarios](sam-specification-generated-resources.md#sam-specification-generated-resources-scenarios).  | 
| ** [Condition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/conditions-section-structure.html) ** ** [DeletionPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) ** ** [UpdateReplacePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html) **  |  All generated CloudFormation resources from the corresponding AWS SAM resource. For information about scenarios for generated CloudFormation resources, see [Generated CloudFormation resource scenarios](sam-specification-generated-resources.md#sam-specification-generated-resources-scenarios).  | 

**Notes:**

1. For more information about using the `Metadata` resource attribute with the `AWS::Serverless::Function` resource type, see [Building Lambda functions with custom runtimes in AWS SAM](building-custom-runtimes.md).

1. For more information about using the `Metadata` resource attribute with the `AWS::Serverless::LayerVersion` resource type, see [Building Lambda layers in AWS SAM](building-layers.md).

## Exceptions
<a name="sam-specification-resource-attributes-exceptions"></a>

There are a number of exceptions to the resource attribute rules described previously:
+ For `AWS::Lambda::LayerVersion`, the AWS SAM-only custom field `RetentionPolicy` sets the `DeletionPolicy` for the generated CloudFormation resources. This has a higher precedence than `DeletionPolicy` itself. If neither is set, then by default `DeletionPolicy` is set to `Retain`.
+ For `AWS::Lambda::Version`, if `DeletionPolicy` is not specified, the default is `Retain`.
+ For the scenario where `DeploymentPreferences` is specified for a serverless function, resource attributes are not copied to the following generated CloudFormation resources:
  + `AWS::CodeDeploy::Application`
  + `AWS::CodeDeploy::DeploymentGroup`
  + The `AWS::IAM::Role` named `CodeDeployServiceRole` that is created for this scenario
+ If your AWS SAM template contains multiple functions with API event sources that are implicitly created, then the functions will share the generated `AWS::ApiGateway::RestApi` resource. In this scenario, if the functions have different resource attributes, then for the generated `AWS::ApiGateway::RestApi` resource, AWS SAM copies the resource attributes according to the following prioritized lists:
  + `UpdateReplacePolicy`:

    1. `Retain`

    1. `Snapshot`

    1. `Delete`
  + `DeletionPolicy`:

    1. `Retain`

    1. `Delete`

# API Gateway extensions for AWS SAM
<a name="sam-specification-api-gateway-extensions"></a>

API Gateway extensions, specifically designed for AWS, provide additional customizations and functionality for designing and managing APIs. API Gateway extensions are extensions to the OpenAPI specification that support the AWS-specific authorization and API Gateway-specific API integrations. For more information about API Gateway extensions, refer to [API Gateway Extensions to OpenAPI](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions.html).

AWS SAM supports a subset of API Gateway extensions. To see which API Gateway extensions are supported by AWS SAM, refer to the following table.


|  |  | 
| --- |--- |
|  API Gateway Extension  |  Supported by AWS SAM  | 
| [x-amazon-apigateway-any-method Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-any-method.html) | Yes | 
| [x-amazon-apigateway-api-key-source Property](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-api-key-source.html) | No | 
| [x-amazon-apigateway-auth Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-auth.html) | Yes | 
| [x-amazon-apigateway-authorizer Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-authorizer.html) | Yes | 
| [x-amazon-apigateway-authtype Property](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-authtype.html) | Yes | 
| [x-amazon-apigateway-binary-media-types Property](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-binary-media-types.html) | Yes | 
| [x-amazon-apigateway-documentation Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-documentation.html) | No | 
| [x-amazon-apigateway-endpoint-configuration Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html) | No | 
| [x-amazon-apigateway-gateway-responses Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-gateway-responses.html) | Yes | 
| [x-amazon-apigateway-gateway-responses.gatewayResponse Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-gateway-responses.gatewayResponse.html) | Yes | 
| [x-amazon-apigateway-gateway-responses.responseParameters Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-gateway-responses.responseParameters.html) | Yes | 
| [x-amazon-apigateway-gateway-responses.responseTemplates Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-gateway-responses.responseTemplates.html) | Yes | 
| [x-amazon-apigateway-integration Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-integration.html) | Yes | 
| [x-amazon-apigateway-integration.requestTemplates Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-integration-requestTemplates.html) | Yes | 
| [x-amazon-apigateway-integration.requestParameters Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-integration-requestParameters.html) | No | 
| [x-amazon-apigateway-integration.responses Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-integration-responses.html) | Yes | 
| [x-amazon-apigateway-integration.response Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-integration-response.html) | Yes | 
| [x-amazon-apigateway-integration.responseTemplates Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-integration-responseTemplates.html) | Yes | 
| [x-amazon-apigateway-integration.responseParameters Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-integration-responseParameters.html) | Yes | 
| [x-amazon-apigateway-request-validator Property](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-request-validator.html) | No | 
| [x-amazon-apigateway-request-validators Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-request-validators.html) | No | 
| [x-amazon-apigateway-request-validators.requestValidator Object](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-request-validators.requestValidator.html) | No | 

# Intrinsic functions for AWS SAM
<a name="sam-specification-intrinsic-functions"></a>

Intrinsic functions are built-in functions that enable you to assign values to properties that are only available at runtime. AWS SAM has limited support for certain intrinsic function properties, so it is unable to resolve some intrinsic functions. Consequently, we recommend adding the `AWS::LanguageExtensions` transform to resolve this. The `AWS::LanguageExtensions` is a macro hosted by CloudFormation that lets you use intrinsic functions and other functionalities that are by default not included in CloudFormation.

```
Transform:
  - AWS::LanguageExtensions
  - AWS::Serverless-2016-10-31
```

**Note**  
If you use intrinsic functions in CodeUri property, AWS SAM will not be able to correctly parse the values. Consider using `AWS::LanguageExtensions` transform instead.  
For more information, refer to [Properties section of AWS::Serverless::Function](sam-resource-function.md#sam-resource-function-properties).

For more information about intrinsic functions, see [Intrinsic Function Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html) in the *AWS CloudFormation User Guide*.