@pulumi/aws

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; import * as enums from "../types/enums"; /** * Manages an AWS Lambda Function. Use this resource to create serverless functions that run code in response to events without provisioning or managing servers. * * For information about Lambda and how to use it, see [What is AWS Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html). For a detailed example of setting up Lambda and API Gateway, see Serverless Applications with AWS Lambda and API Gateway. * * > **Note:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete. Pulumi AWS Provider version 2.31.0 and later automatically handles this increased timeout, however prior versions require setting the customizable deletion timeouts of those Pulumi resources to 45 minutes (`delete = "45m"`). AWS and HashiCorp are working together to reduce the amount of time required for resource deletion and updates can be tracked in this GitHub issue. * * > **Note:** If you get a `KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was denied` error when invoking an `aws.lambda.Function` with environment variables, the IAM role associated with the function may have been deleted and recreated after the function was created. You can fix the problem two ways: 1) updating the function's role to another role and then updating it back again to the recreated role. (When you create a function, Lambda grants permissions on the KMS key to the function's IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function's role or recreating the function causes Lambda to update the grant.) * * > **Tip:** To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the `aws.lambda.Permission` resource. See [Lambda Permission Model](https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html) for more details. On the other hand, the `role` argument of this resource is the function's execution role for identity and access to AWS services and resources. * * ## Example Usage * * ### Container Image Function * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.lambda.Function("example", { * name: "example_container_function", * role: exampleAwsIamRole.arn, * packageType: "Image", * imageUri: `${exampleAwsEcrRepository.repositoryUrl}:latest`, * imageConfig: { * entryPoints: ["/lambda-entrypoint.sh"], * commands: ["app.handler"], * }, * memorySize: 512, * timeout: 30, * architectures: ["arm64"], * }); * ``` * * ### Function with Lambda Layers * * > **Note:** The `aws.lambda.LayerVersion` attribute values for `arn` and `layerArn` were swapped in version 2.0.0 of the Pulumi AWS Provider. For version 2.x, use `arn` references. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * // Common dependencies layer * const example = new aws.lambda.LayerVersion("example", { * code: new pulumi.asset.FileArchive("layer.zip"), * layerName: "example_dependencies_layer", * description: "Common dependencies for Lambda functions", * compatibleRuntimes: [ * "nodejs20.x", * "python3.12", * ], * compatibleArchitectures: [ * "x86_64", * "arm64", * ], * }); * // Function using the layer * const exampleFunction = new aws.lambda.Function("example", { * code: new pulumi.asset.FileArchive("function.zip"), * name: "example_layered_function", * role: exampleAwsIamRole.arn, * handler: "index.handler", * runtime: aws.lambda.Runtime.NodeJS20dX, * layers: [example.arn], * tracingConfig: { * mode: "Active", * }, * }); * ``` * * ### VPC Function with Enhanced Networking * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.lambda.Function("example", { * code: new pulumi.asset.FileArchive("function.zip"), * name: "example_vpc_function", * role: exampleAwsIamRole.arn, * handler: "app.handler", * runtime: aws.lambda.Runtime.Python3d12, * memorySize: 1024, * timeout: 30, * vpcConfig: { * subnetIds: [ * examplePrivate1.id, * examplePrivate2.id, * ], * securityGroupIds: [exampleLambda.id], * ipv6AllowedForDualStack: true, * }, * ephemeralStorage: { * size: 5120, * }, * snapStart: { * applyOn: "PublishedVersions", * }, * }); * ``` * * ### Function with EFS Integration * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * // EFS file system for Lambda * const example = new aws.efs.FileSystem("example", { * encrypted: true, * tags: { * Name: "lambda-efs", * }, * }); * const config = new pulumi.Config(); * // List of subnet IDs for EFS mount targets * const subnetIds = config.getObject<Array<string>>("subnetIds") || [ * "subnet-12345678", * "subnet-87654321", * ]; * // Mount target in each subnet * const exampleMountTarget: aws.efs.MountTarget[] = []; * for (const range = {value: 0}; range.value < subnetIds.length; range.value++) { * exampleMountTarget.push(new aws.efs.MountTarget(`example-${range.value}`, { * fileSystemId: example.id, * subnetId: subnetIds[range.value], * securityGroups: [efs.id], * })); * } * // Access point for Lambda * const exampleAccessPoint = new aws.efs.AccessPoint("example", { * fileSystemId: example.id, * rootDirectory: { * path: "/lambda", * creationInfo: { * ownerGid: 1000, * ownerUid: 1000, * permissions: "755", * }, * }, * posixUser: { * gid: 1000, * uid: 1000, * }, * }); * // Lambda function with EFS * const exampleFunction = new aws.lambda.Function("example", { * code: new pulumi.asset.FileArchive("function.zip"), * name: "example_efs_function", * role: exampleAwsIamRole.arn, * handler: "index.handler", * runtime: aws.lambda.Runtime.NodeJS20dX, * vpcConfig: { * subnetIds: subnetIds, * securityGroupIds: [lambda.id], * }, * fileSystemConfig: { * arn: exampleAccessPoint.arn, * localMountPath: "/mnt/data", * }, * }, { * dependsOn: [exampleMountTarget], * }); * ``` * * ### Function with Advanced Logging * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.cloudwatch.LogGroup("example", { * name: "/aws/lambda/example_function", * retentionInDays: 14, * tags: { * Environment: "production", * Application: "example", * }, * }); * const exampleFunction = new aws.lambda.Function("example", { * code: new pulumi.asset.FileArchive("function.zip"), * name: "example_function", * role: exampleAwsIamRole.arn, * handler: "index.handler", * runtime: aws.lambda.Runtime.NodeJS20dX, * loggingConfig: { * logFormat: "JSON", * applicationLogLevel: "INFO", * systemLogLevel: "WARN", * }, * }, { * dependsOn: [example], * }); * ``` * * ### Function with logging to S3 or Data Firehose * * #### Required Resources * * * An S3 bucket or Data Firehose delivery stream to store the logs. * * A CloudWatch Log Group with: * * * `logGroupClass = "DELIVERY"` * * A subscription filter whose `destinationArn` points to the S3 bucket or the Data Firehose delivery stream. * * * IAM roles: * * * Assumed by the `logs.amazonaws.com` service to deliver logs to the S3 bucket or Data Firehose delivery stream. * * Assumed by the `lambda.amazonaws.com` service to send logs to CloudWatch Logs * * * A Lambda function: * * * In the `loggingConfiguration`, specify the name of the Log Group created above using the `logGroup` field * * No special configuration is required to use S3 or Firehose as the log destination * * For more details, see [Sending Lambda function logs to Amazon S3](https://docs.aws.amazon.com/lambda/latest/dg/logging-with-s3.html). * * ### Example: Exporting Lambda Logs to S3 Bucket * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const lambdaFunctionName = "lambda-log-export-example"; * const lambdaLogExportBucket = new aws.s3.Bucket("lambda_log_export", {bucket: `${lambdaFunctionName}-bucket`}); * const _export = new aws.cloudwatch.LogGroup("export", { * name: `/aws/lambda/${lambdaFunctionName}`, * logGroupClass: "DELIVERY", * }); * const logsAssumeRole = aws.iam.getPolicyDocument({ * statements: [{ * actions: ["sts:AssumeRole"], * effect: "Allow", * principals: [{ * type: "Service", * identifiers: ["logs.amazonaws.com"], * }], * }], * }); * const logsLogExport = new aws.iam.Role("logs_log_export", { * name: `${lambdaFunctionName}-lambda-log-export-role`, * assumeRolePolicy: logsAssumeRole.then(logsAssumeRole => logsAssumeRole.json), * }); * const lambdaLogExport = aws.iam.getPolicyDocumentOutput({ * statements: [{ * actions: ["s3:PutObject"], * effect: "Allow", * resources: [pulumi.interpolate`${lambdaLogExportBucket.arn}/*`], * }], * }); * const lambdaLogExportRolePolicy = new aws.iam.RolePolicy("lambda_log_export", { * policy: lambdaLogExport.apply(lambdaLogExport => lambdaLogExport.json), * role: logsLogExport.name, * }); * const lambdaLogExportLogSubscriptionFilter = new aws.cloudwatch.LogSubscriptionFilter("lambda_log_export", { * name: `${lambdaFunctionName}-filter`, * logGroup: _export.name, * filterPattern: "", * destinationArn: lambdaLogExportBucket.arn, * roleArn: logsLogExport.arn, * }); * const logExport = new aws.lambda.Function("log_export", { * name: lambdaFunctionName, * handler: "index.lambda_handler", * runtime: aws.lambda.Runtime.Python3d13, * role: example.arn, * code: new pulumi.asset.FileArchive("function.zip"), * loggingConfig: { * logFormat: "Text", * logGroup: _export.name, * }, * }, { * dependsOn: [_export], * }); * ``` * * ### Function with Error Handling * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * // Main Lambda function * const example = new aws.lambda.Function("example", { * code: new pulumi.asset.FileArchive("function.zip"), * name: "example_function", * role: exampleAwsIamRole.arn, * handler: "index.handler", * runtime: aws.lambda.Runtime.NodeJS20dX, * deadLetterConfig: { * targetArn: dlq.arn, * }, * }); * // Event invoke configuration for retries * const exampleFunctionEventInvokeConfig = new aws.lambda.FunctionEventInvokeConfig("example", { * functionName: example.name, * maximumEventAgeInSeconds: 60, * maximumRetryAttempts: 2, * destinationConfig: { * onFailure: { * destination: dlq.arn, * }, * onSuccess: { * destination: success.arn, * }, * }, * }); * ``` * * ### CloudWatch Logging and Permissions * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const config = new pulumi.Config(); * // Name of the Lambda function * const functionName = config.get("functionName") || "example_function"; * // CloudWatch Log Group with retention * const example = new aws.cloudwatch.LogGroup("example", { * name: `/aws/lambda/${functionName}`, * retentionInDays: 14, * tags: { * Environment: "production", * Function: functionName, * }, * }); * // Lambda execution role * const exampleRole = new aws.iam.Role("example", { * name: "lambda_execution_role", * assumeRolePolicy: JSON.stringify({ * Version: "2012-10-17", * Statement: [{ * Action: "sts:AssumeRole", * Effect: "Allow", * Principal: { * Service: "lambda.amazonaws.com", * }, * }], * }), * }); * // CloudWatch Logs policy * const lambdaLogging = new aws.iam.Policy("lambda_logging", { * name: "lambda_logging", * path: "/", * description: "IAM policy for logging from Lambda", * policy: JSON.stringify({ * Version: "2012-10-17", * Statement: [{ * Effect: "Allow", * Action: [ * "logs:CreateLogGroup", * "logs:CreateLogStream", * "logs:PutLogEvents", * ], * Resource: ["arn:aws:logs:*:*:*"], * }], * }), * }); * // Attach logging policy to Lambda role * const lambdaLogs = new aws.iam.RolePolicyAttachment("lambda_logs", { * role: exampleRole.name, * policyArn: lambdaLogging.arn, * }); * // Lambda function with logging * const exampleFunction = new aws.lambda.Function("example", { * code: new pulumi.asset.FileArchive("function.zip"), * name: functionName, * role: exampleRole.arn, * handler: "index.handler", * runtime: aws.lambda.Runtime.NodeJS20dX, * loggingConfig: { * logFormat: "JSON", * applicationLogLevel: "INFO", * systemLogLevel: "WARN", * }, * }, { * dependsOn: [ * lambdaLogs, * example, * ], * }); * ``` * * ## Specifying the Deployment Package * * AWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which `runtime` is in use. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for the valid values of `runtime`. The expected structure of the deployment package can be found in [the AWS Lambda documentation for each runtime](https://docs.aws.amazon.com/lambda/latest/dg/deployment-package-v2.html). * * Once you have created your deployment package you can specify it either directly as a local file (using the `filename` argument) or indirectly via Amazon S3 (using the `s3Bucket`, `s3Key` and `s3ObjectVersion` arguments). When providing the deployment package via S3 it may be useful to use the `aws.s3.BucketObjectv2` resource to upload it. * * For larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently. * * ## Import * * ### Identity Schema * * #### Required * * * `function_name` (String) Name of the Lambda function. * * #### Optional * * * `account_id` (String) AWS Account where this resource is managed. * * * `region` (String) Region where this resource is managed. * * Using `pulumi import`, import Lambda Functions using the `function_name`. For example: * * console * * % pulumi import aws_lambda_function.example example */ export declare class Function extends pulumi.CustomResource { /** * Get an existing Function resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FunctionState, opts?: pulumi.CustomResourceOptions): Function; /** * Returns true if the given object is an instance of Function. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Function; /** * Instruction set architecture for your Lambda function. Valid values are `["x8664"]` and `["arm64"]`. Default is `["x8664"]`. Removing this attribute, function's architecture stays the same. */ readonly architectures: pulumi.Output<string[]>; /** * ARN identifying your Lambda Function. */ readonly arn: pulumi.Output<string>; /** * Path to the function's deployment package within the local filesystem. Conflicts with `imageUri` and `s3Bucket`. One of `filename`, `imageUri`, or `s3Bucket` must be specified. */ readonly code: pulumi.Output<pulumi.asset.Archive | undefined>; /** * Base64-encoded representation of raw SHA-256 sum of the zip file. */ readonly codeSha256: pulumi.Output<string>; /** * ARN of a code-signing configuration to enable code signing for this function. */ readonly codeSigningConfigArn: pulumi.Output<string | undefined>; /** * Configuration block for dead letter queue. See below. */ readonly deadLetterConfig: pulumi.Output<outputs.lambda.FunctionDeadLetterConfig | undefined>; /** * Description of what your Lambda Function does. */ readonly description: pulumi.Output<string | undefined>; /** * Configuration block for environment variables. See below. */ readonly environment: pulumi.Output<outputs.lambda.FunctionEnvironment | undefined>; /** * Amount of ephemeral storage (`/tmp`) to allocate for the Lambda Function. See below. */ readonly ephemeralStorage: pulumi.Output<outputs.lambda.FunctionEphemeralStorage>; /** * Configuration block for EFS file system. See below. */ readonly fileSystemConfig: pulumi.Output<outputs.lambda.FunctionFileSystemConfig | undefined>; /** * Function entry point in your code. Required if `packageType` is `Zip`. */ readonly handler: pulumi.Output<string | undefined>; /** * Container image configuration values. See below. */ readonly imageConfig: pulumi.Output<outputs.lambda.FunctionImageConfig | undefined>; /** * ECR image URI containing the function's deployment package. Conflicts with `filename` and `s3Bucket`. One of `filename`, `imageUri`, or `s3Bucket` must be specified. */ readonly imageUri: pulumi.Output<string | undefined>; /** * ARN to be used for invoking Lambda Function from API Gateway - to be used in `aws.apigateway.Integration`'s `uri`. */ readonly invokeArn: pulumi.Output<string>; /** * ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration. */ readonly kmsKeyArn: pulumi.Output<string | undefined>; /** * Date this resource was last modified. */ readonly lastModified: pulumi.Output<string>; /** * List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. */ readonly layers: pulumi.Output<string[] | undefined>; /** * Configuration block for advanced logging settings. See below. */ readonly loggingConfig: pulumi.Output<outputs.lambda.FunctionLoggingConfig>; /** * Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128. */ readonly memorySize: pulumi.Output<number | undefined>; /** * Unique name for your Lambda Function. */ readonly name: pulumi.Output<string>; /** * Lambda deployment package type. Valid values are `Zip` and `Image`. Defaults to `Zip`. */ readonly packageType: pulumi.Output<string | undefined>; /** * Whether to publish creation/change as new Lambda Function Version. Defaults to `false`. */ readonly publish: pulumi.Output<boolean | undefined>; /** * ARN identifying your Lambda Function Version (if versioning is enabled via `publish = true`). */ readonly qualifiedArn: pulumi.Output<string>; /** * Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in `aws.apigateway.Integration`'s `uri`. */ readonly qualifiedInvokeArn: pulumi.Output<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ readonly region: pulumi.Output<string>; /** * Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is `false`. */ readonly replaceSecurityGroupsOnDestroy: pulumi.Output<boolean | undefined>; /** * List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if `replaceSecurityGroupsOnDestroy` is `true`. */ readonly replacementSecurityGroupIds: pulumi.Output<string[] | undefined>; /** * Amount of reserved concurrent executions for this lambda function. A value of `0` disables lambda from being triggered and `-1` removes any concurrency limitations. Defaults to Unreserved Concurrency Limits `-1`. */ readonly reservedConcurrentExecutions: pulumi.Output<number | undefined>; /** * ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources. * * The following arguments are optional: */ readonly role: pulumi.Output<string>; /** * Identifier of the function's runtime. Required if `packageType` is `Zip`. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for valid values. */ readonly runtime: pulumi.Output<string | undefined>; /** * S3 bucket location containing the function's deployment package. Conflicts with `filename` and `imageUri`. One of `filename`, `imageUri`, or `s3Bucket` must be specified. */ readonly s3Bucket: pulumi.Output<string | undefined>; /** * S3 key of an object containing the function's deployment package. Required if `s3Bucket` is set. */ readonly s3Key: pulumi.Output<string | undefined>; /** * Object version containing the function's deployment package. Conflicts with `filename` and `imageUri`. */ readonly s3ObjectVersion: pulumi.Output<string | undefined>; /** * ARN of the signing job. */ readonly signingJobArn: pulumi.Output<string>; /** * ARN of the signing profile version. */ readonly signingProfileVersionArn: pulumi.Output<string>; /** * Whether to retain the old version of a previously deployed Lambda Layer. Default is `false`. */ readonly skipDestroy: pulumi.Output<boolean | undefined>; /** * Configuration block for snap start settings. See below. */ readonly snapStart: pulumi.Output<outputs.lambda.FunctionSnapStart | undefined>; /** * Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes. */ readonly sourceCodeHash: pulumi.Output<string>; /** * Size in bytes of the function .zip file. */ readonly sourceCodeSize: pulumi.Output<number>; /** * ARN of the AWS Key Management Service key used to encrypt the function's `.zip` deployment package. Conflicts with `imageUri`. */ readonly sourceKmsKeyArn: pulumi.Output<string | undefined>; /** * Key-value map of tags for the Lambda function. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ readonly tagsAll: pulumi.Output<{ [key: string]: string; }>; /** * Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900. */ readonly timeout: pulumi.Output<number | undefined>; /** * Configuration block for X-Ray tracing. See below. */ readonly tracingConfig: pulumi.Output<outputs.lambda.FunctionTracingConfig>; /** * Latest published version of your Lambda Function. */ readonly version: pulumi.Output<string>; /** * Configuration block for VPC. See below. */ readonly vpcConfig: pulumi.Output<outputs.lambda.FunctionVpcConfig | undefined>; /** * Create a Function resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FunctionArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Function resources. */ export interface FunctionState { /** * Instruction set architecture for your Lambda function. Valid values are `["x8664"]` and `["arm64"]`. Default is `["x8664"]`. Removing this attribute, function's architecture stays the same. */ architectures?: pulumi.Input<pulumi.Input<string>[]>; /** * ARN identifying your Lambda Function. */ arn?: pulumi.Input<string>; /** * Path to the function's deployment package within the local filesystem. Conflicts with `imageUri` and `s3Bucket`. One of `filename`, `imageUri`, or `s3Bucket` must be specified. */ code?: pulumi.Input<pulumi.asset.Archive>; /** * Base64-encoded representation of raw SHA-256 sum of the zip file. */ codeSha256?: pulumi.Input<string>; /** * ARN of a code-signing configuration to enable code signing for this function. */ codeSigningConfigArn?: pulumi.Input<string>; /** * Configuration block for dead letter queue. See below. */ deadLetterConfig?: pulumi.Input<inputs.lambda.FunctionDeadLetterConfig>; /** * Description of what your Lambda Function does. */ description?: pulumi.Input<string>; /** * Configuration block for environment variables. See below. */ environment?: pulumi.Input<inputs.lambda.FunctionEnvironment>; /** * Amount of ephemeral storage (`/tmp`) to allocate for the Lambda Function. See below. */ ephemeralStorage?: pulumi.Input<inputs.lambda.FunctionEphemeralStorage>; /** * Configuration block for EFS file system. See below. */ fileSystemConfig?: pulumi.Input<inputs.lambda.FunctionFileSystemConfig>; /** * Function entry point in your code. Required if `packageType` is `Zip`. */ handler?: pulumi.Input<string>; /** * Container image configuration values. See below. */ imageConfig?: pulumi.Input<inputs.lambda.FunctionImageConfig>; /** * ECR image URI containing the function's deployment package. Conflicts with `filename` and `s3Bucket`. One of `filename`, `imageUri`, or `s3Bucket` must be specified. */ imageUri?: pulumi.Input<string>; /** * ARN to be used for invoking Lambda Function from API Gateway - to be used in `aws.apigateway.Integration`'s `uri`. */ invokeArn?: pulumi.Input<string>; /** * ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration. */ kmsKeyArn?: pulumi.Input<string>; /** * Date this resource was last modified. */ lastModified?: pulumi.Input<string>; /** * List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. */ layers?: pulumi.Input<pulumi.Input<string>[]>; /** * Configuration block for advanced logging settings. See below. */ loggingConfig?: pulumi.Input<inputs.lambda.FunctionLoggingConfig>; /** * Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128. */ memorySize?: pulumi.Input<number>; /** * Unique name for your Lambda Function. */ name?: pulumi.Input<string>; /** * Lambda deployment package type. Valid values are `Zip` and `Image`. Defaults to `Zip`. */ packageType?: pulumi.Input<string>; /** * Whether to publish creation/change as new Lambda Function Version. Defaults to `false`. */ publish?: pulumi.Input<boolean>; /** * ARN identifying your Lambda Function Version (if versioning is enabled via `publish = true`). */ qualifiedArn?: pulumi.Input<string>; /** * Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in `aws.apigateway.Integration`'s `uri`. */ qualifiedInvokeArn?: pulumi.Input<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is `false`. */ replaceSecurityGroupsOnDestroy?: pulumi.Input<boolean>; /** * List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if `replaceSecurityGroupsOnDestroy` is `true`. */ replacementSecurityGroupIds?: pulumi.Input<pulumi.Input<string>[]>; /** * Amount of reserved concurrent executions for this lambda function. A value of `0` disables lambda from being triggered and `-1` removes any concurrency limitations. Defaults to Unreserved Concurrency Limits `-1`. */ reservedConcurrentExecutions?: pulumi.Input<number>; /** * ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources. * * The following arguments are optional: */ role?: pulumi.Input<string>; /** * Identifier of the function's runtime. Required if `packageType` is `Zip`. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for valid values. */ runtime?: pulumi.Input<string | enums.lambda.Runtime>; /** * S3 bucket location containing the function's deployment package. Conflicts with `filename` and `imageUri`. One of `filename`, `imageUri`, or `s3Bucket` must be specified. */ s3Bucket?: pulumi.Input<string>; /** * S3 key of an object containing the function's deployment package. Required if `s3Bucket` is set. */ s3Key?: pulumi.Input<string>; /** * Object version containing the function's deployment package. Conflicts with `filename` and `imageUri`. */ s3ObjectVersion?: pulumi.Input<string>; /** * ARN of the signing job. */ signingJobArn?: pulumi.Input<string>; /** * ARN of the signing profile version. */ signingProfileVersionArn?: pulumi.Input<string>; /** * Whether to retain the old version of a previously deployed Lambda Layer. Default is `false`. */ skipDestroy?: pulumi.Input<boolean>; /** * Configuration block for snap start settings. See below. */ snapStart?: pulumi.Input<inputs.lambda.FunctionSnapStart>; /** * Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes. */ sourceCodeHash?: pulumi.Input<string>; /** * Size in bytes of the function .zip file. */ sourceCodeSize?: pulumi.Input<number>; /** * ARN of the AWS Key Management Service key used to encrypt the function's `.zip` deployment package. Conflicts with `imageUri`. */ sourceKmsKeyArn?: pulumi.Input<string>; /** * Key-value map of tags for the Lambda function. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900. */ timeout?: pulumi.Input<number>; /** * Configuration block for X-Ray tracing. See below. */ tracingConfig?: pulumi.Input<inputs.lambda.FunctionTracingConfig>; /** * Latest published version of your Lambda Function. */ version?: pulumi.Input<string>; /** * Configuration block for VPC. See below. */ vpcConfig?: pulumi.Input<inputs.lambda.FunctionVpcConfig>; } /** * The set of arguments for constructing a Function resource. */ export interface FunctionArgs { /** * Instruction set architecture for your Lambda function. Valid values are `["x8664"]` and `["arm64"]`. Default is `["x8664"]`. Removing this attribute, function's architecture stays the same. */ architectures?: pulumi.Input<pulumi.Input<string>[]>; /** * Path to the function's deployment package within the local filesystem. Conflicts with `imageUri` and `s3Bucket`. One of `filename`, `imageUri`, or `s3Bucket` must be specified. */ code?: pulumi.Input<pulumi.asset.Archive>; /** * ARN of a code-signing configuration to enable code signing for this function. */ codeSigningConfigArn?: pulumi.Input<string>; /** * Configuration block for dead letter queue. See below. */ deadLetterConfig?: pulumi.Input<inputs.lambda.FunctionDeadLetterConfig>; /** * Description of what your Lambda Function does. */ description?: pulumi.Input<string>; /** * Configuration block for environment variables. See below. */ environment?: pulumi.Input<inputs.lambda.FunctionEnvironment>; /** * Amount of ephemeral storage (`/tmp`) to allocate for the Lambda Function. See below. */ ephemeralStorage?: pulumi.Input<inputs.lambda.FunctionEphemeralStorage>; /** * Configuration block for EFS file system. See below. */ fileSystemConfig?: pulumi.Input<inputs.lambda.FunctionFileSystemConfig>; /** * Function entry point in your code. Required if `packageType` is `Zip`. */ handler?: pulumi.Input<string>; /** * Container image configuration values. See below. */ imageConfig?: pulumi.Input<inputs.lambda.FunctionImageConfig>; /** * ECR image URI containing the function's deployment package. Conflicts with `filename` and `s3Bucket`. One of `filename`, `imageUri`, or `s3Bucket` must be specified. */ imageUri?: pulumi.Input<string>; /** * ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration. */ kmsKeyArn?: pulumi.Input<string>; /** * List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. */ layers?: pulumi.Input<pulumi.Input<string>[]>; /** * Configuration block for advanced logging settings. See below. */ loggingConfig?: pulumi.Input<inputs.lambda.FunctionLoggingConfig>; /** * Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128. */ memorySize?: pulumi.Input<number>; /** * Unique name for your Lambda Function. */ name?: pulumi.Input<string>; /** * Lambda deployment package type. Valid values are `Zip` and `Image`. Defaults to `Zip`. */ packageType?: pulumi.Input<string>; /** * Whether to publish creation/change as new Lambda Function Version. Defaults to `false`. */ publish?: pulumi.Input<boolean>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is `false`. */ replaceSecurityGroupsOnDestroy?: pulumi.Input<boolean>; /** * List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if `replaceSecurityGroupsOnDestroy` is `true`. */ replacementSecurityGroupIds?: pulumi.Input<pulumi.Input<string>[]>; /** * Amount of reserved concurrent executions for this lambda function. A value of `0` disables lambda from being triggered and `-1` removes any concurrency limitations. Defaults to Unreserved Concurrency Limits `-1`. */ reservedConcurrentExecutions?: pulumi.Input<number>; /** * ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources. * * The following arguments are optional: */ role: pulumi.Input<string>; /** * Identifier of the function's runtime. Required if `packageType` is `Zip`. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for valid values. */ runtime?: pulumi.Input<string | enums.lambda.Runtime>; /** * S3 bucket location containing the function's deployment package. Conflicts with `filename` and `imageUri`. One of `filename`, `imageUri`, or `s3Bucket` must be specified. */ s3Bucket?: pulumi.Input<string>; /** * S3 key of an object containing the function's deployment package. Required if `s3Bucket` is set. */ s3Key?: pulumi.Input<string>; /** * Object version containing the function's deployment package. Conflicts with `filename` and `imageUri`. */ s3ObjectVersion?: pulumi.Input<string>; /** * Whether to retain the old version of a previously deployed Lambda Layer. Default is `false`. */ skipDestroy?: pulumi.Input<boolean>; /** * Configuration block for snap start settings. See below. */ snapStart?: pulumi.Input<inputs.lambda.FunctionSnapStart>; /** * Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes. */ sourceCodeHash?: pulumi.Input<string>; /** * ARN of the AWS Key Management Service key used to encrypt the function's `.zip` deployment package. Conflicts with `imageUri`. */ sourceKmsKeyArn?: pulumi.Input<string>; /** * Key-value map of tags for the Lambda function. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900. */ timeout?: pulumi.Input<number>; /** * Configuration block for X-Ray tracing. See below. */ tracingConfig?: pulumi.Input<inputs.lambda.FunctionTracingConfig>; /** * Configuration block for VPC. See below. */ vpcConfig?: pulumi.Input<inputs.lambda.FunctionVpcConfig>; }