FunctionProps — AWS Cloud Development Kit 1.204.0 documentation (original) (raw)

AWS Cloud Development Kit

class aws_cdk.aws_lambda.FunctionProps(*, max_event_age=None, on_failure=None, on_success=None, retry_attempts=None, allow_all_outbound=None, allow_public_subnet=None, architecture=None, architectures=None, code_signing_config=None, current_version_options=None, dead_letter_queue=None, dead_letter_queue_enabled=None, dead_letter_topic=None, description=None, environment=None, environment_encryption=None, ephemeral_storage_size=None, events=None, filesystem=None, function_name=None, initial_policy=None, insights_version=None, layers=None, log_retention=None, log_retention_retry_options=None, log_retention_role=None, memory_size=None, profiling=None, profiling_group=None, reserved_concurrent_executions=None, role=None, security_group=None, security_groups=None, timeout=None, tracing=None, vpc=None, vpc_subnets=None, code, handler, runtime)

Bases: FunctionOptions

Parameters:

ExampleMetadata:

infused

Example:

import aws_cdk.aws_lambda as lambda_

fn = lambda_.Function(self, "MyFunc", runtime=lambda_.Runtime.NODEJS_14_X, handler="index.handler", code=lambda_.Code.from_inline("exports.handler = handler.toString()") )

rule = events.Rule(self, "rule", event_pattern=events.EventPattern( source=["aws.ec2"] ) )

queue = sqs.Queue(self, "Queue")

rule.add_target(targets.LambdaFunction(fn, dead_letter_queue=queue, # Optional: add a dead letter queue max_event_age=cdk.Duration.hours(2), # Optional: set the maxEventAge retry policy retry_attempts=2 ))

Attributes

allow_all_outbound

Whether to allow the Lambda to send all network traffic.

If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets.

Default:

true

allow_public_subnet

Lambda Functions in a public subnet can NOT access the internet.

Use this property to acknowledge this limitation and still place the function in a public subnet.

Default:

false

See:

https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the/52994841#52994841

architecture

The system architectures compatible with this lambda function.

Default:

Architecture.X86_64

architectures

(deprecated) DEPRECATED.

Default:

[Architecture.X86_64]

Deprecated:

use architecture

Stability:

deprecated

code

The source code of your Lambda function.

You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text.

code_signing_config

Code signing config associated with this function.

Default:

current_version_options

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

Default:

dead_letter_queue

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

Default:

dead_letter_queue_enabled

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

Default:

dead_letter_topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

Default:

description

A description of the function.

Default:

environment

Key-value pairs that Lambda caches and makes available for your Lambda functions.

Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code.

Default:

environment_encryption

The AWS KMS key that’s used to encrypt your function’s environment variables.

Default:

ephemeral_storage_size

The size of the function’s /tmp directory in MiB.

Default:

512 MiB

events

Event sources for this function.

You can also add event sources using addEventSource.

Default:

filesystem

The filesystem configuration for the lambda function.

Default:

function_name

A name for the function.

Default:

ID for the function’s name. For more information, see Name Type.

handler

The name of the method within your code that Lambda calls to execute your function.

The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-features.html#gettingstarted-features-programmingmodel.

Use Handler.FROM_IMAGE when defining a function from a Docker image.

NOTE: If you specify your source code as inline text by specifying the ZipFile property within the Code property, specify index.function_name as the handler.

initial_policy

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

Default:

insights_version

Specify the version of CloudWatch Lambda insights to use for monitoring.

Default:

See:

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-Getting-Started-docker.html

layers

A list of layers to add to the function’s execution environment.

You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions.

Default:

log_retention

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn’t remove the log retention policy. To remove the retention policy, set the value to INFINITE.

Default:

logs.RetentionDays.INFINITE

log_retention_retry_options

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

Default:

log_retention_role

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

Default:

max_event_age

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

Default:

Duration.hours(6)

memory_size

The amount of memory, in MB, that is allocated to your Lambda function.

Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide.

Default:

128

on_failure

The destination for failed invocations.

Default:

on_success

The destination for successful invocations.

Default:

profiling

Enable profiling.

Default:

See:

https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html

profiling_group

Profiling Group.

Default:

See:

https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html

reserved_concurrent_executions

The maximum of concurrent executions you want to reserve for the function.

Default:

See:

https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html

retry_attempts

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

Default:

2

role

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the ‘lambda.amazonaws.com’ service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are “service-role/AWSLambdaBasicExecutionRole” and “service-role/AWSLambdaVPCAccessExecutionRole”.

Default:

Both supplied and generated roles can always be changed by calling addToRolePolicy.

runtime

The runtime environment for the Lambda function that you are uploading.

For valid values, see the Runtime property in the AWS Lambda Developer Guide.

Use Runtime.FROM_IMAGE when when defining a function from a Docker image.

security_group

(deprecated) What security group to associate with the Lambda’s network interfaces. This property is being deprecated, consider using securityGroups instead.

Only used if ‘vpc’ is supplied.

Use securityGroups property instead. Function constructor will throw an error if both are specified.

Default:

not specified, either by this or securityGroups prop, a dedicated security group will be created for this function.

Deprecated:

Stability:

deprecated

security_groups

The list of security groups to associate with the Lambda’s network interfaces.

Only used if ‘vpc’ is supplied.

Default:

not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

timeout

The function execution time (in seconds) after which Lambda terminates the function.

Because the execution time affects cost, set this value based on the function’s expected execution time.

Default:

Duration.seconds(3)

tracing

Enable AWS X-Ray Tracing for Lambda Function.

Default:

Tracing.Disabled

vpc

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC.

Default:

vpc_subnets

Where to place the network interfaces within the VPC.

Only used if ‘vpc’ is supplied. Note: internet access for Lambdas requires a NAT gateway, so picking Public subnets is not allowed.

Default: