aws-cdk-lib.aws_lambda.CfnFunctionProps

interface CfnFunctionProps

LanguageType name
.NETAmazon.CDK.AWS.Lambda.CfnFunctionProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awslambda#CfnFunctionProps
Javasoftware.amazon.awscdk.services.lambda.CfnFunctionProps
Pythonaws_cdk.aws_lambda.CfnFunctionProps
TypeScript aws-cdk-lib » aws_lambda » CfnFunctionProps

Properties for defining a CfnFunction.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_lambda as lambda } from 'aws-cdk-lib';
const cfnFunctionProps: lambda.CfnFunctionProps = {
  code: {
    imageUri: 'imageUri',
    s3Bucket: 's3Bucket',
    s3Key: 's3Key',
    s3ObjectVersion: 's3ObjectVersion',
    zipFile: 'zipFile',
  },
  role: 'role',

  // the properties below are optional
  architectures: ['architectures'],
  codeSigningConfigArn: 'codeSigningConfigArn',
  deadLetterConfig: {
    targetArn: 'targetArn',
  },
  description: 'description',
  environment: {
    variables: {
      variablesKey: 'variables',
    },
  },
  ephemeralStorage: {
    size: 123,
  },
  fileSystemConfigs: [{
    arn: 'arn',
    localMountPath: 'localMountPath',
  }],
  functionName: 'functionName',
  handler: 'handler',
  imageConfig: {
    command: ['command'],
    entryPoint: ['entryPoint'],
    workingDirectory: 'workingDirectory',
  },
  kmsKeyArn: 'kmsKeyArn',
  layers: ['layers'],
  memorySize: 123,
  packageType: 'packageType',
  reservedConcurrentExecutions: 123,
  runtime: 'runtime',
  runtimeManagementConfig: {
    updateRuntimeOn: 'updateRuntimeOn',

    // the properties below are optional
    runtimeVersionArn: 'runtimeVersionArn',
  },
  snapStart: {
    applyOn: 'applyOn',
  },
  tags: [{
    key: 'key',
    value: 'value',
  }],
  timeout: 123,
  tracingConfig: {
    mode: 'mode',
  },
  vpcConfig: {
    securityGroupIds: ['securityGroupIds'],
    subnetIds: ['subnetIds'],
  },
};

Properties

NameTypeDescription
codeIResolvable | CodePropertyThe code for the function.
rolestringThe Amazon Resource Name (ARN) of the function's execution role.
architectures?string[]The instruction set architecture that the function supports.
codeSigningConfigArn?stringTo enable code signing for this function, specify the ARN of a code-signing configuration.
deadLetterConfig?IResolvable | DeadLetterConfigPropertyA dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing.
description?stringA description of the function.
environment?IResolvable | EnvironmentPropertyEnvironment variables that are accessible from function code during execution.
ephemeralStorage?IResolvable | EphemeralStoragePropertyThe size of the function's /tmp directory in MB.
fileSystemConfigs?IResolvable | IResolvable | FileSystemConfigProperty[]Connection settings for an Amazon EFS file system.
functionName?stringThe name of the Lambda function, up to 64 characters in length.
handler?stringThe name of the method within your code that Lambda calls to run your function.
imageConfig?IResolvable | ImageConfigPropertyConfiguration values that override the container image Dockerfile settings.
kmsKeyArn?stringThe ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt your function's environment variables . When Lambda SnapStart is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.
layers?string[]A list of function layers to add to the function's execution environment. Specify each layer by its ARN, including the version.
memorySize?numberThe amount of memory available to the function at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB.
packageType?stringThe type of deployment package.
reservedConcurrentExecutions?numberThe number of simultaneous executions to reserve for the function.
runtime?stringThe identifier of the function's runtime . Runtime is required if the deployment package is a .zip file archive.
runtimeManagementConfig?IResolvable | RuntimeManagementConfigPropertySets the runtime management configuration for a function's version.
snapStart?IResolvable | SnapStartPropertyThe function's AWS Lambda SnapStart setting.
tags?CfnTag[]A list of tags to apply to the function.
timeout?numberThe amount of time (in seconds) that Lambda allows a function to run before stopping it.
tracingConfig?IResolvable | TracingConfigPropertySet Mode to Active to sample and trace a subset of incoming requests with X-Ray .
vpcConfig?IResolvable | VpcConfigPropertyFor network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC.

code

Type: IResolvable | CodeProperty

The code for the function.


role

Type: string

The Amazon Resource Name (ARN) of the function's execution role.


architectures?

Type: string[] (optional)

The instruction set architecture that the function supports.

Enter a string array with one of the valid values (arm64 or x86_64). The default value is x86_64 .


codeSigningConfigArn?

Type: string (optional)

To enable code signing for this function, specify the ARN of a code-signing configuration.

A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.


deadLetterConfig?

Type: IResolvable | DeadLetterConfigProperty (optional)

A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing.

For more information, see Dead-letter queues .


description?

Type: string (optional)

A description of the function.


environment?

Type: IResolvable | EnvironmentProperty (optional)

Environment variables that are accessible from function code during execution.


ephemeralStorage?

Type: IResolvable | EphemeralStorageProperty (optional)

The size of the function's /tmp directory in MB.

The default value is 512, but it can be any whole number between 512 and 10,240 MB.


fileSystemConfigs?

Type: IResolvable | IResolvable | FileSystemConfigProperty[] (optional)

Connection settings for an Amazon EFS file system.

To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an AWS::EFS::MountTarget resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function.

For more information about using the DependsOn attribute, see DependsOn Attribute .


functionName?

Type: string (optional)

The name of the Lambda function, up to 64 characters in length.

If you don't specify a name, AWS CloudFormation generates one.

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.


handler?

Type: string (optional)

The name of the method within your code that Lambda calls to run your function.

Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see Lambda programming model .


imageConfig?

Type: IResolvable | ImageConfigProperty (optional)

Configuration values that override the container image Dockerfile settings.

For more information, see Container image settings .


kmsKeyArn?

Type: string (optional)

The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt your function's environment variables . When Lambda SnapStart is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.


layers?

Type: string[] (optional)

A list of function layers to add to the function's execution environment. Specify each layer by its ARN, including the version.


memorySize?

Type: number (optional)

The amount of memory available to the function at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB.


packageType?

Type: string (optional)

The type of deployment package.

Set to Image for container image and set Zip for .zip file archive.


reservedConcurrentExecutions?

Type: number (optional)

The number of simultaneous executions to reserve for the function.


runtime?

Type: string (optional)

The identifier of the function's runtime . Runtime is required if the deployment package is a .zip file archive.

The following list includes deprecated runtimes. For more information, see Runtime deprecation policy .


runtimeManagementConfig?

Type: IResolvable | RuntimeManagementConfigProperty (optional)

Sets the runtime management configuration for a function's version.

For more information, see Runtime updates .


snapStart?

Type: IResolvable | SnapStartProperty (optional)

The function's AWS Lambda SnapStart setting.


tags?

Type: CfnTag[] (optional)

A list of tags to apply to the function.


timeout?

Type: number (optional)

The amount of time (in seconds) that Lambda allows a function to run before stopping it.

The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see Lambda execution environment .


tracingConfig?

Type: IResolvable | TracingConfigProperty (optional)

Set Mode to Active to sample and trace a subset of incoming requests with X-Ray .


vpcConfig?

Type: IResolvable | VpcConfigProperty (optional)

For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC.

When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see Configuring a Lambda function to access resources in a VPC .