Class Function

Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration.

For information about Lambda and how to use it, see What is AWS Lambda?

NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.

Example Usage

Lambda Layers

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleLayerVersion = new Aws.Lambda.LayerVersion("exampleLayerVersion", new Aws.Lambda.LayerVersionArgs
    {
    });
    var exampleFunction = new Aws.Lambda.Function("exampleFunction", new Aws.Lambda.FunctionArgs
    {
        Layers = 
        {
            exampleLayerVersion.Arn,
        },
    });
}

}

CloudWatch Logging and Permissions

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var testLambda = new Aws.Lambda.Function("testLambda", new Aws.Lambda.FunctionArgs
    {
    });
    // This is to optionally manage the CloudWatch Log Group for the Lambda Function.
    // If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
    var example = new Aws.CloudWatch.LogGroup("example", new Aws.CloudWatch.LogGroupArgs
    {
        RetentionInDays = 14,
    });
    // See also the following AWS managed policy: AWSLambdaBasicExecutionRole
    var lambdaLogging = new Aws.Iam.Policy("lambdaLogging", new Aws.Iam.PolicyArgs
    {
        Description = "IAM policy for logging from a lambda",
        Path = "/",
        Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
  ""Action"": [
    ""logs:CreateLogGroup"",
    ""logs:CreateLogStream"",
    ""logs:PutLogEvents""
  ],
  ""Resource"": ""arn:aws:logs:*:*:*"",
  ""Effect"": ""Allow""
}
]
}

",
    });
    var lambdaLogs = new Aws.Iam.RolePolicyAttachment("lambdaLogs", new Aws.Iam.RolePolicyAttachmentArgs
    {
        PolicyArn = lambdaLogging.Arn,
        Role = aws_iam_role.Iam_for_lambda.Name,
    });
}

}

Specifying the Deployment Package

AWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which runtime is in use. See Runtimes for the valid values of runtime. The expected structure of the deployment package can be found in the AWS Lambda documentation for each runtime.

Once you have created your deployment package you can specify it either directly as a local file (using the filename argument) or indirectly via Amazon S3 (using the s3_bucket, s3_key and s3_object_version arguments). When providing the deployment package via S3 it may be useful to use the aws.s3.BucketObject resource to upload it.

For larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.

Inheritance
System.Object
Resource
CustomResource
Function
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.Lambda
Assembly: Pulumi.Aws.dll
Syntax
public class Function : CustomResource

Constructors

View Source

Function(String, FunctionArgs, CustomResourceOptions)

Create a Function resource with the given unique name, arguments, and options.

Declaration
public Function(string name, FunctionArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
FunctionArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

Arn

The Amazon Resource Name (ARN) identifying your Lambda Function.

Declaration
public Output<string> Arn { get; }
Property Value
Type Description
Output<System.String>
View Source

Code

The path to the function's deployment package within the local filesystem. If defined, The s3_-prefixed options cannot be used.

Declaration
public Output<Archive> Code { get; }
Property Value
Type Description
Output<Archive>
View Source

DeadLetterConfig

Nested block to configure the function's dead letter queue. See details below.

Declaration
public Output<FunctionDeadLetterConfig> DeadLetterConfig { get; }
Property Value
Type Description
Output<FunctionDeadLetterConfig>
View Source

Description

Description of what your Lambda Function does.

Declaration
public Output<string> Description { get; }
Property Value
Type Description
Output<System.String>
View Source

Environment

The Lambda environment's configuration settings. Fields documented below.

Declaration
public Output<FunctionEnvironment> Environment { get; }
Property Value
Type Description
Output<FunctionEnvironment>
View Source

Handler

The function entrypoint in your code.

Declaration
public Output<string> Handler { get; }
Property Value
Type Description
Output<System.String>
View Source

InvokeArn

The ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri

Declaration
public Output<string> InvokeArn { get; }
Property Value
Type Description
Output<System.String>
View Source

KmsKeyArn

Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and this provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.

Declaration
public Output<string> KmsKeyArn { get; }
Property Value
Type Description
Output<System.String>
View Source

LastModified

The date this resource was last modified.

Declaration
public Output<string> LastModified { get; }
Property Value
Type Description
Output<System.String>
View Source

Layers

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers

Declaration
public Output<ImmutableArray<string>> Layers { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

MemorySize

Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits

Declaration
public Output<int?> MemorySize { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>
View Source

Name

A unique name for your Lambda Function.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

Publish

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

Declaration
public Output<bool?> Publish { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

QualifiedArn

The Amazon Resource Name (ARN) identifying your Lambda Function Version (if versioning is enabled via publish = true).

Declaration
public Output<string> QualifiedArn { get; }
Property Value
Type Description
Output<System.String>
View Source

ReservedConcurrentExecutions

The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency

Declaration
public Output<int?> ReservedConcurrentExecutions { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>
View Source

Role

IAM role attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details.

Declaration
public Output<string> Role { get; }
Property Value
Type Description
Output<System.String>
View Source

Runtime

See Runtimes for valid values.

Declaration
public Output<string> Runtime { get; }
Property Value
Type Description
Output<System.String>
View Source

S3Bucket

The S3 bucket location containing the function's deployment package. Conflicts with filename. This bucket must reside in the same AWS region where you are creating the Lambda function.

Declaration
public Output<string> S3Bucket { get; }
Property Value
Type Description
Output<System.String>
View Source

S3Key

The S3 key of an object containing the function's deployment package. Conflicts with filename.

Declaration
public Output<string> S3Key { get; }
Property Value
Type Description
Output<System.String>
View Source

S3ObjectVersion

The object version containing the function's deployment package. Conflicts with filename.

Declaration
public Output<string> S3ObjectVersion { get; }
Property Value
Type Description
Output<System.String>
View Source

SourceCodeHash

Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256(&quot;file.zip&quot;) (this provider 0.11.12 and later) or base64sha256(file(&quot;file.zip&quot;)) (this provider 0.11.11 and earlier), where "file.zip" is the local filename of the lambda function source archive.

Declaration
public Output<string> SourceCodeHash { get; }
Property Value
Type Description
Output<System.String>
View Source

SourceCodeSize

The size in bytes of the function .zip file.

Declaration
public Output<int> SourceCodeSize { get; }
Property Value
Type Description
Output<System.Int32>
View Source

Tags

A mapping of tags to assign to the object.

Declaration
public Output<ImmutableDictionary<string, object>> Tags { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>
View Source

Timeout

The amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits

Declaration
public Output<int?> Timeout { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>
View Source

TracingConfig

Declaration
public Output<FunctionTracingConfig> TracingConfig { get; }
Property Value
Type Description
Output<FunctionTracingConfig>
View Source

Version

Latest published version of your Lambda Function.

Declaration
public Output<string> Version { get; }
Property Value
Type Description
Output<System.String>
View Source

VpcConfig

Provide this to allow your function to access your VPC. Fields documented below. See Lambda in VPC

Declaration
public Output<FunctionVpcConfig> VpcConfig { get; }
Property Value
Type Description
Output<FunctionVpcConfig>

Methods

View Source

Get(String, Input<String>, FunctionState, CustomResourceOptions)

Get an existing Function resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static Function Get(string name, Input<string> id, FunctionState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
FunctionState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
Function