awscc_lambda_function (Resource)

The AWS::Lambda::Function resource creates a Lambda function. To create a function, you need a deployment package and an execution role. The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing. You set the package type to Image if the deployment package is a container image. For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties. You set the package type to Zip if the deployment package is a .zip file archive. For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. For a Python example, see Deploy Python Lambda functions with .zip file archives. You can use code signing if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with UpdateFunctionCode, Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. Note that you configure provisioned concurrency on a AWS::Lambda::Version or a AWS::Lambda::Alias. For a complete introduction to Lambda functions, see What is Lambda? in the Lambda developer guide.

Example Usage

Basic example

To create a AWS lambda function with basic details

resource "awscc_iam_role" "main" {
  description = "AWS IAM role for lambda function"
  assume_role_policy_document = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "lambda.amazonaws.com"
        }
      },
    ]
  })
}

data "archive_file" "main" {
  type        = "zip"
  source_file = "main.py"
  output_path = "lambda_function_payload.zip"
}

resource "awscc_lambda_function" "main" {
  function_name = "lambda_function_name"
  description   = "AWS Lambda function"
  code = {
    zip_file = data.archive_file.main.output_path
  }
  package_type  = "Zip"
  handler       = "main.lambda_handler"
  runtime       = "python3.10"
  timeout       = "300"
  memory_size   = "128"
  role          = awscc_iam_role.main.arn
  architectures = ["arm64"]
  environment = {
    variables = {
      MY_KEY_1 = "MY_VALUE_1"
      MY_KEY_2 = "MY_VALUE_2"
    }
  }
}

Lambda Layer example

To create a AWS lambda function using lambda layers

resource "awscc_iam_role" "main" {
  description = "AWS IAM role for lambda function"
  assume_role_policy_document = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "lambda.amazonaws.com"
        }
      },
    ]
  })
}

data "archive_file" "main" {
  type        = "zip"
  source_file = "main.py"
  output_path = "lambda_function_payload.zip"
}

resource "aws_lambda_layer_version" "lambda_layer" {
  filename   = "lambda_layer_payload.zip"
  layer_name = "lambda_layer_name"

  compatible_runtimes = ["python3.10"]
}

resource "awscc_lambda_function" "main" {
  function_name = "lambda_function_name"
  description   = "AWS Lambda function"
  code = {
    zip_file = data.archive_file.main.output_path
  }
  handler       = "main.lambda_handler"
  runtime       = "python3.10"
  layers        = [aws_lambda_layer_version.lambda_layer.arn]
  timeout       = "300"
  memory_size   = "128"
  role          = awscc_iam_role.main.arn
  architectures = ["arm64"]
  environment = {
    variables = {
      MY_KEY_1 = "MY_VALUE_1"
      MY_KEY_2 = "MY_VALUE_2"
    }
  }
}

Ephemeral storage example

To create a AWS lambda function using Ephemeral storage

resource "awscc_iam_role" "main" {
  description = "AWS IAM role for lambda function"
  assume_role_policy_document = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "lambda.amazonaws.com"
        }
      },
    ]
  })
}

data "archive_file" "main" {
  type        = "zip"
  source_file = "main.py"
  output_path = "lambda_function_payload.zip"
}

resource "awscc_lambda_function" "main" {
  function_name = "lambda_function_name"
  description   = "AWS Lambda function"
  code = {
    zip_file = data.archive_file.main.output_path
  }
  handler       = "main.lambda_handler"
  runtime       = "python3.10"
  timeout       = "300"
  memory_size   = "128"
  role          = awscc_iam_role.main.arn
  architectures = ["arm64"]
  environment = {
    variables = {
      MY_KEY_1 = "MY_VALUE_1"
      MY_KEY_2 = "MY_VALUE_2"
    }
  }
  ephemeral_storage = {
    size = 10240 # Min 512 MB and the Max 10240 MB
  }
}

Schema

Required

Optional

Read-Only

Nested Schema for code

Optional:

Nested Schema for dead_letter_config

Optional:

Nested Schema for environment

Optional:

Nested Schema for ephemeral_storage

Required:

Nested Schema for file_system_configs

Required:

Nested Schema for image_config

Optional:

Nested Schema for logging_config

Optional:

Nested Schema for runtime_management_config

Required:

Optional:

Nested Schema for snap_start

Required:

Nested Schema for tags

Required:

Optional:

Nested Schema for tracing_config

Optional:

Nested Schema for vpc_config

Optional:

Nested Schema for snap_start_response

Read-Only:

Import

Import is supported using the following syntax:

$ terraform import awscc_lambda_function.example <resource ID>