@aws-cdk/aws-lambda

@aws-cdk/aws-lambda

Version 1.204.0
Published 1 year ago
3.26 MB
20 dependencies
Apache-2.0 license

Install

npm i @aws-cdk/aws-lambda

yarn add @aws-cdk/aws-lambda

pnpm add @aws-cdk/aws-lambda

Overview

The CDK Construct Library for AWS::Lambda

Index

Functions

function extractQualifierFromArn

extractQualifierFromArn: (arn: string) => string;

Given an opaque (token) ARN, returns a CloudFormation expression that extracts the qualifier (= version or alias) from the ARN.
Version ARNs look like this:
arn:aws:lambda:region:account-id:function:function-name:qualifier
..which means that in order to extract the qualifier component from the ARN, we can split the ARN using ":" and select the component in index 7.
Returns
FnSelect(7, FnSplit(':', arn))

function verifyCodeConfig

verifyCodeConfig: (code: CodeConfig, props: FunctionProps) => void;

Classes

class Alias

class Alias extends QualifiedFunctionBase implements IAlias {}

A new alias to a particular version of a Lambda function.

constructor

constructor(scope: Construct, id: string, props: AliasProps);

property aliasName

readonly aliasName: string;

Name of this alias.

property architecture

readonly architecture: Architecture;

property canCreatePermissions

protected readonly canCreatePermissions: boolean;

property functionArn

readonly functionArn: string;

ARN of this alias
Used to be able to use Alias in place of a regular Lambda. Lambda accepts ARNs everywhere it accepts function names.

property functionName

readonly functionName: string;

ARN of this alias
Used to be able to use Alias in place of a regular Lambda. Lambda accepts ARNs everywhere it accepts function names.

property grantPrincipal

readonly grantPrincipal: iam.IPrincipal;

property lambda

readonly lambda: IFunction;

property qualifier

protected readonly qualifier: string;

property role

readonly role: any;

property version

readonly version: IVersion;

method addAutoScaling

addAutoScaling: (options: AutoScalingOptions) => IScalableFunctionAttribute;

Configure provisioned concurrency autoscaling on a function alias. Returns a scalable attribute that can call scaleOnUtilization() and scaleOnSchedule().
Parameter options
Autoscaling options

method fromAliasAttributes

static fromAliasAttributes: (
    scope: Construct,
    id: string,
    attrs: AliasAttributes
) => IAlias;

method metric

metric: (
    metricName: string,
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

class Architecture

class Architecture {}

Architectures supported by AWS Lambda

property ARM_64

static readonly ARM_64: Architecture;

64 bit architecture with the ARM instruction set.

property dockerPlatform

readonly dockerPlatform: string;

The platform to use for this architecture when building with Docker.

property name

readonly name: string;

The name of the architecture as recognized by the AWS Lambda service APIs.

property X86_64

static readonly X86_64: Architecture;

64 bit architecture with x86 instruction set.

method custom

static custom: (name: string, dockerPlatform?: string) => Architecture;

Used to specify a custom architecture name. Use this if the architecture name is not yet supported by the CDK.
Parameter name
the architecture name as recognized by AWS Lambda.
Parameter dockerPlatform
the platform to use for this architecture when building with Docker

class AssetCode

class AssetCode extends Code {}

Lambda code from a local directory.

constructor

constructor(path: string, options?: s3_assets.AssetOptions);

Parameter path
The path to the asset file or directory.

property isInline

readonly isInline: boolean;

property path

readonly path: string;

method bind

bind: (scope: Construct) => CodeConfig;

method bindToResource

bindToResource: (
    resource: cdk.CfnResource,
    options?: ResourceBindOptions
) => void;

class AssetImageCode

class AssetImageCode extends Code {}

Represents an ECR image that will be constructed from the specified asset and can be bound as Lambda code.

constructor

constructor(directory: string, props: AssetImageCodeProps);

property isInline

readonly isInline: boolean;

method bind

bind: (scope: Construct) => CodeConfig;

method bindToResource

bindToResource: (
    resource: cdk.CfnResource,
    options?: ResourceBindOptions
) => void;

class CfnAlias

class CfnAlias extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::Lambda::Alias
The AWS::Lambda::Alias resource creates an [alias](https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html) for a Lambda function version. Use aliases to provide clients with a function identifier that you can update to invoke a different version.
You can also map an alias to split invocation requests between two versions. Use the RoutingConfig parameter to specify a second version and the percentage of invocation requests that it receives.
AWS::Lambda::Alias external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnAliasProps);

Create a new AWS::Lambda::Alias.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property description

description: string;

A description of the alias.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-description

property functionName

functionName: string;

The name of the Lambda function.
**Name formats** - *Function name* - MyFunction . - *Function ARN* - arn:aws:lambda:us-west-2:123456789012:function:MyFunction . - *Partial ARN* - 123456789012:function:MyFunction .
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-functionname

property functionVersion

functionVersion: string;

The function version that the alias invokes.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-functionversion

property name

name: string;

The name of the alias.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-name

property provisionedConcurrencyConfig

provisionedConcurrencyConfig: any;

Specifies a [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html) configuration for a function's alias.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-provisionedconcurrencyconfig

property routingConfig

routingConfig: any;

The [routing configuration](https://docs.aws.amazon.com/lambda/latest/dg/lambda-traffic-shifting-using-aliases.html) of the alias.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-routingconfig

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnCodeSigningConfig

class CfnCodeSigningConfig extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::Lambda::CodeSigningConfig
Details about a [Code signing configuration](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) .
AWS::Lambda::CodeSigningConfig external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnCodeSigningConfigProps);

Create a new AWS::Lambda::CodeSigningConfig.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property allowedPublishers

allowedPublishers: any;

List of allowed publishers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html#cfn-lambda-codesigningconfig-allowedpublishers

property attrCodeSigningConfigArn

readonly attrCodeSigningConfigArn: string;

The Amazon Resource Name (ARN) of the code signing configuration. CodeSigningConfigArn

property attrCodeSigningConfigId

readonly attrCodeSigningConfigId: string;

The code signing configuration ID. CodeSigningConfigId

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property codeSigningPolicies

codeSigningPolicies: any;

The code signing policy controls the validation failure action for signature mismatch or expiry.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html#cfn-lambda-codesigningconfig-codesigningpolicies

property description

description: string;

Code signing configuration description.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html#cfn-lambda-codesigningconfig-description

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnEventInvokeConfig

class CfnEventInvokeConfig extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::Lambda::EventInvokeConfig
The AWS::Lambda::EventInvokeConfig resource configures options for [asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html) on a version or an alias.
By default, Lambda retries an asynchronous invocation twice if the function returns an error. It retains events in a queue for up to six hours. When an event fails all processing attempts or stays in the asynchronous invocation queue for too long, Lambda discards it.
AWS::Lambda::EventInvokeConfig external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnEventInvokeConfigProps);

Create a new AWS::Lambda::EventInvokeConfig.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property destinationConfig

destinationConfig: any;

A destination for events after they have been sent to a function for processing.
**Destinations** - *Function* - The Amazon Resource Name (ARN) of a Lambda function. - *Queue* - The ARN of a standard SQS queue. - *Topic* - The ARN of a standard SNS topic. - *Event Bus* - The ARN of an Amazon EventBridge event bus.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-destinationconfig

property functionName

functionName: string;

The name of the Lambda function.
*Minimum* : 1
*Maximum* : 64
*Pattern* : ([a-zA-Z0-9-_]+)
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-functionname

property maximumEventAgeInSeconds

maximumEventAgeInSeconds: number;

The maximum age of a request that Lambda sends to a function for processing.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-maximumeventageinseconds

property maximumRetryAttempts

maximumRetryAttempts: number;

The maximum number of times to retry when the function returns an error.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-maximumretryattempts

property qualifier

qualifier: string;

The identifier of a version or alias.
- *Version* - A version number. - *Alias* - An alias name. - *Latest* - To specify the unpublished version, use $LATEST .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-qualifier

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnEventSourceMapping

class CfnEventSourceMapping extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::Lambda::EventSourceMapping
The AWS::Lambda::EventSourceMapping resource creates a mapping between an event source and an AWS Lambda function. Lambda reads items from the event source and triggers the function.
For details about each event source type, see the following topics. In particular, each of the topics describes the required and optional parameters for the specific event source.
- [Configuring a Dynamo DB stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping) - [Configuring a Kinesis stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping) - [Configuring an SQS queue as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource) - [Configuring an MQ broker as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping) - [Configuring MSK as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html) - [Configuring Self-Managed Apache Kafka as an event source](https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html) - [Configuring Amazon DocumentDB as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html)
AWS::Lambda::EventSourceMapping external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnEventSourceMappingProps);

Create a new AWS::Lambda::EventSourceMapping.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property amazonManagedKafkaEventSourceConfig

amazonManagedKafkaEventSourceConfig: any;

Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig

property attrId

readonly attrId: string;

The event source mapping's ID. Id

property batchSize

batchSize: number;

The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).
- *Amazon Kinesis* – Default 100. Max 10,000. - *Amazon DynamoDB Streams* – Default 100. Max 10,000. - *Amazon Simple Queue Service* – Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10. - *Amazon Managed Streaming for Apache Kafka* – Default 100. Max 10,000. - *Self-managed Apache Kafka* – Default 100. Max 10,000. - *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000. - *DocumentDB* – Default 100. Max 10,000.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize

property bisectBatchOnFunctionError

bisectBatchOnFunctionError: any;

(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-bisectbatchonfunctionerror

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property destinationConfig

destinationConfig: any;

(Kinesis and DynamoDB Streams only) An Amazon SQS queue or Amazon SNS topic destination for discarded records.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig

property documentDbEventSourceConfig

documentDbEventSourceConfig: any;

Specific configuration settings for a DocumentDB event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig

property enabled

enabled: any;

When true, the event source mapping is active. When false, Lambda pauses polling and invocation.
Default: True
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled

property eventSourceArn

eventSourceArn: string;

The Amazon Resource Name (ARN) of the event source.
- *Amazon Kinesis* – The ARN of the data stream or a stream consumer. - *Amazon DynamoDB Streams* – The ARN of the stream. - *Amazon Simple Queue Service* – The ARN of the queue. - *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster. - *Amazon MQ* – The ARN of the broker. - *Amazon DocumentDB* – The ARN of the DocumentDB change stream.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn

property filterCriteria

filterCriteria: any;

An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-filtercriteria

property functionName

functionName: string;

The name of the Lambda function.
**Name formats** - *Function name* – MyFunction . - *Function ARN* – arn:aws:lambda:us-west-2:123456789012:function:MyFunction . - *Version or Alias ARN* – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD . - *Partial ARN* – 123456789012:function:MyFunction .
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionname

property functionResponseTypes

functionResponseTypes: string[];

(Streams and SQS) A list of current response type enums applied to the event source mapping.
Valid Values: ReportBatchItemFailures
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes

property maximumBatchingWindowInSeconds

maximumBatchingWindowInSeconds: number;

The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function.
*Default ( Kinesis , DynamoDB , Amazon SQS event sources)* : 0
*Default ( Amazon MSK , Kafka, Amazon MQ , Amazon DocumentDB event sources)* : 500 ms
*Related setting:* For Amazon SQS event sources, when you set BatchSize to a value greater than 10, you must set MaximumBatchingWindowInSeconds to at least 1.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds

property maximumRecordAgeInSeconds

maximumRecordAgeInSeconds: number;

(Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records.
> The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds

property maximumRetryAttempts

maximumRetryAttempts: number;

(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts

property parallelizationFactor

parallelizationFactor: number;

(Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-parallelizationfactor

property queues

queues: string[];

(Amazon MQ) The name of the Amazon MQ broker destination queue to consume.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-queues

property scalingConfig

scalingConfig: any;

(Amazon SQS only) The scaling configuration for the event source. For more information, see [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-scalingconfig

property selfManagedEventSource

selfManagedEventSource: any;

The self-managed Apache Kafka cluster for your event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-selfmanagedeventsource

property selfManagedKafkaEventSourceConfig

selfManagedKafkaEventSourceConfig: any;

Specific configuration settings for a self-managed Apache Kafka event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig

property sourceAccessConfigurations

sourceAccessConfigurations: any;

An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations

property startingPosition

startingPosition: string;

The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB.
- *LATEST* - Read only new records. - *TRIM_HORIZON* - Process all available records. - *AT_TIMESTAMP* - Specify a time from which to start reading records.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition

property startingPositionTimestamp

startingPositionTimestamp: number;

With StartingPosition set to AT_TIMESTAMP , the time from which to start reading, in Unix time seconds.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp

property topics

topics: string[];

The name of the Kafka topic.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-topics

property tumblingWindowInSeconds

tumblingWindowInSeconds: number;

(Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-tumblingwindowinseconds

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnFunction

class CfnFunction extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::Lambda::Function
The AWS::Lambda::Function resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html) . The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing.
You set the package type to Image if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) . For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties.
You set the package type to Zip if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip) . For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. For a Python example, see [Deploy Python Lambda functions with .zip file archives](https://docs.aws.amazon.com/lambda/latest/dg/python-package.html) .
You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with UpdateFunctionCode , Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a AWS::Lambda::Version or a AWS::Lambda::Alias .
For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.*
AWS::Lambda::Function external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnFunctionProps);

Create a new AWS::Lambda::Function.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property architectures

architectures: string[];

The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is x86_64 .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-architectures

property attrArn

readonly attrArn: string;

The Amazon Resource Name (ARN) of the function. Arn

property attrSnapStartResponseApplyOn

readonly attrSnapStartResponseApplyOn: string;

SnapStartResponse.ApplyOn

property attrSnapStartResponseOptimizationStatus

readonly attrSnapStartResponseOptimizationStatus: string;

SnapStartResponse.OptimizationStatus

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property code

code: any;

The code for the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code

property codeSigningConfigArn

codeSigningConfigArn: string;

To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-codesigningconfigarn

property deadLetterConfig

deadLetterConfig: any;

A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-deadletterconfig

property description

description: string;

A description of the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-description

property environment

environment: any;

Environment variables that are accessible from function code during execution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-environment

property ephemeralStorage

ephemeralStorage: any;

The size of the function's /tmp directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-ephemeralstorage

property fileSystemConfigs

fileSystemConfigs: any;

Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an [AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html) resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function.
For more information about using the DependsOn attribute, see [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-filesystemconfigs

property functionName

functionName: string;

The name of the Lambda function, up to 64 characters in length. If you don't specify a name, AWS CloudFormation generates one.
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionname

property handler

handler: string;

The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see [Lambda programming model](https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-handler

property imageConfig

imageConfig: any;

Configuration values that override the container image Dockerfile settings. For more information, see [Container image settings](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-imageconfig

property kmsKeyArn

kmsKeyArn: string;

The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption) . When [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-kmskeyarn

property layers

layers: string[];

A list of [function layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) to add to the function's execution environment. Specify each layer by its ARN, including the version.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-layers

property memorySize

memorySize: number;

The amount of [memory available to the function](https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console) at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-memorysize

property packageType

packageType: string;

The type of deployment package. Set to Image for container image and set Zip for .zip file archive.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-packagetype

property reservedConcurrentExecutions

reservedConcurrentExecutions: number;

The number of simultaneous executions to reserve for the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-reservedconcurrentexecutions

property role

role: string;

The Amazon Resource Name (ARN) of the function's execution role.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-role

property runtime

runtime: string;

The identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) . Runtime is required if the deployment package is a .zip file archive.
The following list includes deprecated runtimes. For more information, see [Runtime deprecation policy](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-runtime

property runtimeManagementConfig

runtimeManagementConfig: any;

Sets the runtime management configuration for a function's version. For more information, see [Runtime updates](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-runtimemanagementconfig

property snapStart

snapStart: any;

The function's [AWS Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) setting.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-snapstart

property tags

readonly tags: cdk.TagManager;

A list of [tags](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tags

property timeout

timeout: number;

The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see [Lambda execution environment](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-timeout

property tracingConfig

tracingConfig: any;

Set Mode to Active to sample and trace a subset of incoming requests with [X-Ray](https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tracingconfig

property vpcConfig

vpcConfig: any;

For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see [Configuring a Lambda function to access resources in a VPC](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-vpcconfig

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnLayerVersion

class CfnLayerVersion extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::Lambda::LayerVersion
The AWS::Lambda::LayerVersion resource creates a [Lambda layer](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) from a ZIP archive.
AWS::Lambda::LayerVersion external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnLayerVersionProps);

Create a new AWS::Lambda::LayerVersion.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property compatibleArchitectures

compatibleArchitectures: string[];

A list of compatible [instruction set architectures](https://docs.aws.amazon.com/lambda/latest/dg/foundation-arch.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-compatiblearchitectures

property compatibleRuntimes

compatibleRuntimes: string[];

A list of compatible [function runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) . Used for filtering with [ListLayers](https://docs.aws.amazon.com/lambda/latest/dg/API_ListLayers.html) and [ListLayerVersions](https://docs.aws.amazon.com/lambda/latest/dg/API_ListLayerVersions.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-compatibleruntimes

property content

content: any;

The function layer archive.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-content

property description

description: string;

The description of the version.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-description

property layerName

layerName: string;

The name or Amazon Resource Name (ARN) of the layer.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-layername

property licenseInfo

licenseInfo: string;

The layer's software license. It can be any of the following:
- An [SPDX license identifier](https://docs.aws.amazon.com/https://spdx.org/licenses/) . For example, MIT . - The URL of a license hosted on the internet. For example, https://opensource.org/licenses/MIT . - The full text of the license.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-licenseinfo

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnLayerVersionPermission

class CfnLayerVersionPermission
    extends cdk.CfnResource
    implements cdk.IInspectable {}

A CloudFormation AWS::Lambda::LayerVersionPermission
The AWS::Lambda::LayerVersionPermission resource adds permissions to the resource-based policy of a version of an [Lambda layer](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) . Use this action to grant layer usage permission to other accounts. You can grant permission to a single account, all AWS accounts, or all accounts in an organization.
> Since the release of the [UpdateReplacePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html) both UpdateReplacePolicy and DeletionPolicy are required to protect your Resources/LayerPermissions from deletion.
AWS::Lambda::LayerVersionPermission external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversionpermission.html

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnLayerVersionPermissionProps
);

Create a new AWS::Lambda::LayerVersionPermission.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property action

action: string;

The API action that grants access to the layer. For example, lambda:GetLayerVersion .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversionpermission.html#cfn-lambda-layerversionpermission-action

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property layerVersionArn

layerVersionArn: string;

The name or Amazon Resource Name (ARN) of the layer.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversionpermission.html#cfn-lambda-layerversionpermission-layerversionarn

property organizationId

organizationId: string;

With the principal set to * , grant permission to all accounts in the specified organization.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversionpermission.html#cfn-lambda-layerversionpermission-organizationid

property principal

principal: string;

An account ID, or * to grant layer usage permission to all accounts in an organization, or all AWS accounts (if organizationId is not specified). For the last case, make sure that you really do want all AWS accounts to have usage permission to this layer.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversionpermission.html#cfn-lambda-layerversionpermission-principal

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnParametersCode

class CfnParametersCode extends Code {}

Lambda code defined using 2 CloudFormation parameters. Useful when you don't have access to the code of your Lambda from your CDK code, so you can't use Assets, and you want to deploy the Lambda in a CodePipeline, using CloudFormation Actions - you can fill the parameters using the method.

constructor

constructor(props?: CfnParametersCodeProps);

property bucketNameParam

readonly bucketNameParam: string;

property isInline

readonly isInline: boolean;

property objectKeyParam

readonly objectKeyParam: string;

method assign

assign: (location: s3.Location) => { [name: string]: any };

Create a parameters map from this instance's CloudFormation parameters.
It returns a map with 2 keys that correspond to the names of the parameters defined in this Lambda code, and as values it contains the appropriate expressions pointing at the provided S3 location (most likely, obtained from a CodePipeline Artifact by calling the artifact.s3Location method). The result should be provided to the CloudFormation Action that is deploying the Stack that the Lambda with this code is part of, in the parameterOverrides property.
Parameter location
the location of the object in S3 that represents the Lambda code

method bind

bind: (scope: Construct) => CodeConfig;

class CfnPermission

class CfnPermission extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::Lambda::Permission
The AWS::Lambda::Permission resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.
To grant permission to another account, specify the account ID as the Principal . To grant permission to an organization defined in AWS Organizations , specify the organization ID as the PrincipalOrgID . For AWS services, the principal is a domain-style identifier defined by the service, like s3.amazonaws.com or sns.amazonaws.com . For AWS services, you can also specify the ARN of the associated resource as the SourceArn . If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.
If your function has a function URL, you can specify the FunctionUrlAuthType parameter. This adds a condition to your permission that only applies when your function URL's AuthType matches the specified FunctionUrlAuthType . For more information about the AuthType parameter, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .
This resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html) .
AWS::Lambda::Permission external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnPermissionProps);

Create a new AWS::Lambda::Permission.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property action

action: string;

The action that the principal can use on the function. For example, lambda:InvokeFunction or lambda:GetFunction .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-action

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property eventSourceToken

eventSourceToken: string;

For Alexa Smart Home functions, a token that the invoker must supply.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-eventsourcetoken

property functionName

functionName: string;

The name of the Lambda function, version, or alias.
**Name formats** - *Function name* – my-function (name-only), my-function:v1 (with alias). - *Function ARN* – arn:aws:lambda:us-west-2:123456789012:function:my-function . - *Partial ARN* – 123456789012:function:my-function .
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-functionname

property functionUrlAuthType

functionUrlAuthType: string;

The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-functionurlauthtype

property principal

principal: string;

The AWS service or AWS account that invokes the function. If you specify a service, use SourceArn or SourceAccount to limit who can invoke the function through that service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-principal

property principalOrgId

principalOrgId: string;

The identifier for your organization in AWS Organizations . Use this to grant permissions to all the AWS accounts under this organization.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-principalorgid

property sourceAccount

sourceAccount: string;

For AWS service , the ID of the AWS account that owns the resource. Use this together with SourceArn to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-sourceaccount

property sourceArn

sourceArn: string;

For AWS services , the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic.
Note that Lambda configures the comparison using the StringLike operator.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-sourcearn

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnUrl

class CfnUrl extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::Lambda::Url
The AWS::Lambda::Url resource creates a function URL with the specified configuration parameters. A [function URL](https://docs.aws.amazon.com/lambda/latest/dg/lambda-urls.html) is a dedicated HTTP(S) endpoint that you can use to invoke your function.
AWS::Lambda::Url external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnUrlProps);

Create a new AWS::Lambda::Url.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrFunctionArn

readonly attrFunctionArn: string;

The Amazon Resource Name (ARN) of the function. FunctionArn

property attrFunctionUrl

readonly attrFunctionUrl: string;

The HTTP URL endpoint for your function. FunctionUrl

property authType

authType: string;

The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-authtype

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property cors

cors: any;

The [Cross-Origin Resource Sharing (CORS)](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) settings for your function URL.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-cors

property invokeMode

invokeMode: string;

Use one of the following options:
- BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB. - RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 20 MB, however, you can [request a quota increase](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-invokemode

property qualifier

qualifier: string;

The alias name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-qualifier

property targetFunctionArn

targetFunctionArn: string;

The name of the Lambda function.
**Name formats** - *Function name* - my-function . - *Function ARN* - arn:aws:lambda:us-west-2:123456789012:function:my-function . - *Partial ARN* - 123456789012:function:my-function .
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-targetfunctionarn

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnVersion

class CfnVersion extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::Lambda::Version
The AWS::Lambda::Version resource creates a [version](https://docs.aws.amazon.com/lambda/latest/dg/versioning-aliases.html) from the current code and configuration of a function. Use versions to create a snapshot of your function code and configuration that doesn't change.
AWS::Lambda::Version external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnVersionProps);

Create a new AWS::Lambda::Version.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrVersion

readonly attrVersion: string;

The version number. Version

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property codeSha256

codeSha256: string;

Only publish a version if the hash value matches the value that's specified. Use this option to avoid publishing a version if the function code has changed since you last updated it. Updates are not supported for this property.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html#cfn-lambda-version-codesha256

property description

description: string;

A description for the version to override the description in the function configuration. Updates are not supported for this property.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html#cfn-lambda-version-description

property functionName

functionName: string;

The name of the Lambda function.
**Name formats** - *Function name* - MyFunction . - *Function ARN* - arn:aws:lambda:us-west-2:123456789012:function:MyFunction . - *Partial ARN* - 123456789012:function:MyFunction .
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html#cfn-lambda-version-functionname

property provisionedConcurrencyConfig

provisionedConcurrencyConfig: any;

Specifies a provisioned concurrency configuration for a function's version. Updates are not supported for this property.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html#cfn-lambda-version-provisionedconcurrencyconfig

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class Code

abstract class Code {}

Represents the Lambda Handler Code.

property isInline

abstract readonly isInline: boolean;

Determines whether this Code is inline code or not.
Deprecated
this value is ignored since inline is now determined based on the the inlineCode field of CodeConfig returned from bind().

method asset

static asset: (path: string) => AssetCode;

DEPRECATED
Deprecated
use fromAsset

method bind

abstract bind: (scope: Construct) => CodeConfig;

Called when the lambda or layer is initialized to allow this object to bind to the stack, add resources and have fun.
Parameter scope
The binding scope. Don't be smart about trying to down-cast or assume it's initialized. You may just use it as a construct scope.

method bindToResource

bindToResource: (
    _resource: cdk.CfnResource,
    _options?: ResourceBindOptions
) => void;

Called after the CFN function resource has been created to allow the code class to bind to it. Specifically it's required to allow assets to add metadata for tooling like SAM CLI to be able to find their origins.

method bucket

static bucket: (
    bucket: s3.IBucket,
    key: string,
    objectVersion?: string
) => S3Code;

DEPRECATED
Deprecated
use fromBucket

method cfnParameters

static cfnParameters: (props?: CfnParametersCodeProps) => CfnParametersCode;

DEPRECATED
Deprecated
use fromCfnParameters

method fromAsset

static fromAsset: (path: string, options?: s3_assets.AssetOptions) => AssetCode;

Loads the function code from a local disk path.
Parameter path
Either a directory with the Lambda code bundle or a .zip file

method fromAssetImage

static fromAssetImage: (
    directory: string,
    props?: AssetImageCodeProps
) => AssetImageCode;

Create an ECR image from the specified asset and bind it as the Lambda code.
Parameter directory
the directory from which the asset must be created
Parameter props
properties to further configure the selected image

method fromBucket

static fromBucket: (
    bucket: s3.IBucket,
    key: string,
    objectVersion?: string
) => S3Code;

Lambda handler code as an S3 object.
Parameter bucket
The S3 bucket
Parameter key
The object key
Parameter objectVersion
Optional S3 object version

method fromCfnParameters

static fromCfnParameters: (props?: CfnParametersCodeProps) => CfnParametersCode;

Creates a new Lambda source defined using CloudFormation parameters.
Parameter props
optional construction properties of CfnParametersCode
Returns
a new instance of CfnParametersCode

method fromDockerBuild

static fromDockerBuild: (
    path: string,
    options?: DockerBuildAssetOptions
) => AssetCode;

Loads the function code from an asset created by a Docker build.
By default, the asset is expected to be located at /asset in the image.
Parameter path
The path to the directory containing the Docker file
Parameter options
Docker build options

method fromEcrImage

static fromEcrImage: (
    repository: ecr.IRepository,
    props?: EcrImageCodeProps
) => EcrImageCode;

Use an existing ECR image as the Lambda code.
Parameter repository
the ECR repository that the image is in
Parameter props
properties to further configure the selected image

method fromInline

static fromInline: (code: string) => InlineCode;

Inline code for Lambda handler
Parameter code
The actual handler code (limited to 4KiB)
Returns
LambdaInlineCode with inline code.

method inline

static inline: (code: string) => InlineCode;

DEPRECATED
Deprecated
use fromInline

class CodeSigningConfig

class CodeSigningConfig extends Resource implements ICodeSigningConfig {}

Defines a Code Signing Config.
AWS::Lambda::CodeSigningConfig

constructor

constructor(scope: Construct, id: string, props: CodeSigningConfigProps);

property codeSigningConfigArn

readonly codeSigningConfigArn: string;

property codeSigningConfigId

readonly codeSigningConfigId: string;

method fromCodeSigningConfigArn

static fromCodeSigningConfigArn: (
    scope: Construct,
    id: string,
    codeSigningConfigArn: string
) => ICodeSigningConfig;

Creates a Signing Profile construct that represents an external Signing Profile.
Parameter scope
The parent creating construct (usually this).
Parameter id
The construct's name.
Parameter codeSigningConfigArn
The ARN of code signing config.

class DockerImageCode

abstract class DockerImageCode {}

Code property for the DockerImageFunction construct

method fromEcr

static fromEcr: (
    repository: ecr.IRepository,
    props?: EcrImageCodeProps
) => DockerImageCode;

Use an existing ECR image as the Lambda code.
Parameter repository
the ECR repository that the image is in
Parameter props
properties to further configure the selected image

method fromImageAsset

static fromImageAsset: (
    directory: string,
    props?: AssetImageCodeProps
) => DockerImageCode;

Create an ECR image from the specified asset and bind it as the Lambda code.
Parameter directory
the directory from which the asset must be created
Parameter props
properties to further configure the selected image

class DockerImageFunction

class DockerImageFunction extends Function {}

Create a lambda function where the handler is a docker image

constructor

constructor(scope: Construct, id: string, props: DockerImageFunctionProps);

class EcrImageCode

class EcrImageCode extends Code {}

Represents a Docker image in ECR that can be bound as Lambda Code.

constructor

constructor(repository: ecr.IRepository, props?: EcrImageCodeProps);

property isInline

readonly isInline: boolean;

method bind

bind: (_: Construct) => CodeConfig;

class EventInvokeConfig

class EventInvokeConfig extends Resource {}

Configure options for asynchronous invocation on a version or an alias
By default, Lambda retries an asynchronous invocation twice if the function returns an error. It retains events in a queue for up to six hours. When an event fails all processing attempts or stays in the asynchronous invocation queue for too long, Lambda discards it.

constructor

constructor(scope: Construct, id: string, props: EventInvokeConfigProps);

class EventSourceMapping

class EventSourceMapping extends cdk.Resource implements IEventSourceMapping {}

Defines a Lambda EventSourceMapping resource.
Usually, you won't need to define the mapping yourself. This will usually be done by event sources. For example, to add an SQS event source to a function:
import { SqsEventSource } from '@aws-cdk/aws-lambda-event-sources'; lambda.addEventSource(new SqsEventSource(sqs));
The SqsEventSource class will automatically create the mapping, and will also modify the Lambda's execution role so it can consume messages from the queue.

constructor

constructor(scope: Construct, id: string, props: EventSourceMappingProps);

property eventSourceMappingId

readonly eventSourceMappingId: string;

method fromEventSourceMappingId

static fromEventSourceMappingId: (
    scope: Construct,
    id: string,
    eventSourceMappingId: string
) => IEventSourceMapping;

Import an event source into this stack from its event source id.

class FileSystem

class FileSystem {}

Represents the filesystem for the Lambda function

constructor

protected constructor(config: FileSystemConfig);

Parameter config
the FileSystem configurations for the Lambda function

property config

readonly config: FileSystemConfig;

method fromEfsAccessPoint

static fromEfsAccessPoint: (
    ap: efs.IAccessPoint,
    mountPath: string
) => FileSystem;

mount the filesystem from Amazon EFS
Parameter ap
the Amazon EFS access point
Parameter mountPath
the target path in the lambda runtime environment

class Function

class Function extends FunctionBase {}

Deploys a file from inside the construct library as a function.
The supplied file is subject to the 4096 bytes limit of being embedded in a CloudFormation template.
The construct includes an associated role with the lambda.
This construct does not yet reproduce all features from the underlying resource library.

constructor

constructor(scope: Construct, id: string, props: FunctionProps);

property architecture

readonly architecture: Architecture;

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

property canCreatePermissions

protected readonly canCreatePermissions: boolean;

property currentVersion

readonly currentVersion: Version;

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

property deadLetterQueue

readonly deadLetterQueue?: sqs.IQueue;

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

property deadLetterTopic

readonly deadLetterTopic?: sns.ITopic;

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

property functionArn

readonly functionArn: string;

ARN of this function

property functionName

readonly functionName: string;

Name of this function

property grantPrincipal

readonly grantPrincipal: iam.IPrincipal;

The principal this Lambda Function is running as

property logGroup

readonly logGroup: logs.ILogGroup;

The LogGroup where the Lambda function's logs are made available.
If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).
Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

property permissionsNode

readonly permissionsNode: any;

property resourceArnsForGrantInvoke

readonly resourceArnsForGrantInvoke: string[];

property role

readonly role?: iam.IRole;

Execution role associated with this function

property runtime

readonly runtime: Runtime;

The runtime configured for this lambda.

property timeout

readonly timeout?: Duration;

The timeout configured for this lambda.

method addAlias

addAlias: (aliasName: string, options?: AliasOptions) => Alias;

Defines an alias for this function.
The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.
```ts declare const fn: lambda.Function;
fn.addAlias('Live');
// Is equivalent to
new lambda.Alias(this, 'AliasLive', { aliasName: 'Live', version: fn.currentVersion, });
Parameter aliasName
The name of the alias
Parameter options
Alias options

method addEnvironment

addEnvironment: (
    key: string,
    value: string,
    options?: EnvironmentOptions
) => this;

Adds an environment variable to this Lambda function. If this is a ref to a Lambda function, this operation results in a no-op.
Parameter key
The environment variable key.
Parameter value
The environment variable's value.
Parameter options
Environment variable options.

method addLayers

addLayers: (...layers: ILayerVersion[]) => void;

Adds one or more Lambda Layers to this Lambda function.
Parameter layers
the layers to be added.
Throws
if there are already 5 layers on this function, or the layer is incompatible with this function's runtime.

method addVersion

addVersion: (
    name: string,
    codeSha256?: string,
    description?: string,
    provisionedExecutions?: number,
    asyncInvokeConfig?: EventInvokeConfigOptions
) => Version;

Add a new version for this Lambda
If you want to deploy through CloudFormation and use aliases, you need to add a new version (with a new name) to your Lambda every time you want to deploy an update. An alias can then refer to the newly created Version.
All versions should have distinct names, and you should not delete versions as long as your Alias needs to refer to them.
Parameter name
A unique name for this version.
Parameter codeSha256
The SHA-256 hash of the most recently deployed Lambda source code, or omit to skip validation.
Parameter description
A description for this version.
Parameter provisionedExecutions
A provisioned concurrency configuration for a function's version.
Parameter asyncInvokeConfig
configuration for this version when it is invoked asynchronously.
Returns
A new Version object.
Deprecated
This method will create an AWS::Lambda::Version resource which snapshots the AWS Lambda function *at the time of its creation* and it won't get updated when the function changes. Instead, use this.currentVersion to obtain a reference to a version resource that gets automatically recreated when the function configuration (or code) changes.

method classifyVersionProperty

static classifyVersionProperty: (propertyName: string, locked: boolean) => void;

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource. See 'currentVersion' section in the module README for more details.
Parameter propertyName
The property to classify
Parameter locked
whether the property should be associated to the version or not.

method fromFunctionArn

static fromFunctionArn: (
    scope: Construct,
    id: string,
    functionArn: string
) => IFunction;

Import a lambda function into the CDK using its ARN

method fromFunctionAttributes

static fromFunctionAttributes: (
    scope: Construct,
    id: string,
    attrs: FunctionAttributes
) => IFunction;

Creates a Lambda function object which represents a function not defined within this stack.
Parameter scope
The parent construct
Parameter id
The name of the lambda construct
Parameter attrs
the attributes of the function to import

method fromFunctionName

static fromFunctionName: (
    scope: Construct,
    id: string,
    functionName: string
) => IFunction;

Import a lambda function into the CDK using its name

method metricAll

static metricAll: (
    metricName: string,
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

Return the given named metric for this Lambda

method metricAllConcurrentExecutions

static metricAllConcurrentExecutions: (
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

Metric for the number of concurrent executions across all Lambdas
max over 5 minutes

method metricAllDuration

static metricAllDuration: (
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

Metric for the Duration executing all Lambdas
average over 5 minutes

method metricAllErrors

static metricAllErrors: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

Metric for the number of Errors executing all Lambdas
sum over 5 minutes

method metricAllInvocations

static metricAllInvocations: (
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

Metric for the number of invocations of all Lambdas
sum over 5 minutes

method metricAllThrottles

static metricAllThrottles: (
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

Metric for the number of throttled invocations of all Lambdas
sum over 5 minutes

method metricAllUnreservedConcurrentExecutions

static metricAllUnreservedConcurrentExecutions: (
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

Metric for the number of unreserved concurrent executions across all Lambdas
max over 5 minutes

class FunctionBase

abstract class FunctionBase
    extends Resource
    implements IFunction, ec2.IClientVpnConnectionHandler {}

property architecture

abstract readonly architecture: Architecture;

The architecture of this Lambda Function.

property canCreatePermissions

protected abstract readonly canCreatePermissions: boolean;

Whether the addPermission() call adds any permissions
True for new Lambdas, false for version $LATEST and imported Lambdas from different accounts.

property connections

readonly connections: ec2.Connections;

Access the Connections object
Will fail if not a VPC-enabled Lambda Function

property functionArn

abstract readonly functionArn: string;

The ARN fo the function.

property functionName

abstract readonly functionName: string;

The name of the function.

property grantPrincipal

abstract readonly grantPrincipal: iam.IPrincipal;

The principal this Lambda Function is running as

property isBoundToVpc

readonly isBoundToVpc: boolean;

Whether or not this Lambda function was bound to a VPC
If this is is false, trying to access the connections object will fail.

property latestVersion

readonly latestVersion: IVersion;

property permissionsNode

abstract readonly permissionsNode: ConstructNode;

The construct node where permissions are attached.

property resourceArnsForGrantInvoke

abstract readonly resourceArnsForGrantInvoke: string[];

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke()

property role

abstract readonly role?: iam.IRole;

The IAM role associated with this function.
Undefined if the function was imported without a role.

method addEventSource

addEventSource: (source: IEventSource) => void;

method addEventSourceMapping

addEventSourceMapping: (
    id: string,
    options: EventSourceMappingOptions
) => EventSourceMapping;

method addFunctionUrl

addFunctionUrl: (options?: FunctionUrlOptions) => FunctionUrl;

method addPermission

addPermission: (id: string, permission: Permission) => void;

Adds a permission to the Lambda resource policy.
Parameter id
The id for the permission construct
Parameter permission
The permission to grant to this Lambda function.
See Also
- Permission for details.

method addToRolePolicy

addToRolePolicy: (statement: iam.PolicyStatement) => void;

Adds a statement to the IAM role assumed by the instance.

method configureAsyncInvoke

configureAsyncInvoke: (options: EventInvokeConfigOptions) => void;

method considerWarningOnInvokeFunctionPermissions

considerWarningOnInvokeFunctionPermissions: (
    scope: Construct,
    action: string
) => void;

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function. - function.currentVersion is invoked before or after the permission is created.
This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

method grantInvoke

grantInvoke: (grantee: iam.IGrantable) => iam.Grant;

Grant the given identity permissions to invoke this Lambda

method grantInvokeUrl

grantInvokeUrl: (grantee: iam.IGrantable) => iam.Grant;

Grant the given identity permissions to invoke this Lambda Function URL

method warnInvokeFunctionPermissions

protected warnInvokeFunctionPermissions: (scope: Construct) => void;

class FunctionUrl

class FunctionUrl extends Resource implements IFunctionUrl {}

Defines a Lambda function url
AWS::Lambda::Url

constructor

constructor(scope: Construct, id: string, props: FunctionUrlProps);

property functionArn

readonly functionArn: string;

The ARN of the function this URL refers to

property url

readonly url: string;

The url of the Lambda function.

method grantInvokeUrl

grantInvokeUrl: (grantee: iam.IGrantable) => iam.Grant;

class FunctionVersionUpgrade

class FunctionVersionUpgrade implements IAspect {}

Aspect for upgrading function versions when the feature flag provided feature flag present. This can be necessary when the feature flag changes the function hash, as such changes must be associated with a new version. This aspect will change the function description in these cases, which "validates" the new function hash.

constructor

constructor(featureFlag: string, enabled?: boolean);

method visit

visit: (node: IConstruct) => void;

class Handler

class Handler {}

Lambda function handler

property FROM_IMAGE

static readonly FROM_IMAGE: string;

A special handler when the function handler is part of a Docker image.

class InlineCode

class InlineCode extends Code {}

Lambda code from an inline string (limited to 4KiB).

constructor

constructor(code: string);

property isInline

readonly isInline: boolean;

method bind

bind: (_scope: Construct) => CodeConfig;

class LambdaInsightsVersion

abstract class LambdaInsightsVersion {}

Version of CloudWatch Lambda Insights

property layerVersionArn

readonly layerVersionArn: string;

The arn of the Lambda Insights extension

property VERSION_1_0_119_0

static readonly VERSION_1_0_119_0: LambdaInsightsVersion;

Version 1.0.119.0

property VERSION_1_0_135_0

static readonly VERSION_1_0_135_0: LambdaInsightsVersion;

Version 1.0.135.0

property VERSION_1_0_54_0

static readonly VERSION_1_0_54_0: LambdaInsightsVersion;

Version 1.0.54.0

property VERSION_1_0_86_0

static readonly VERSION_1_0_86_0: LambdaInsightsVersion;

Version 1.0.86.0

property VERSION_1_0_89_0

static readonly VERSION_1_0_89_0: LambdaInsightsVersion;

Version 1.0.89.0

property VERSION_1_0_98_0

static readonly VERSION_1_0_98_0: LambdaInsightsVersion;

Version 1.0.98.0

method fromInsightVersionArn

static fromInsightVersionArn: (arn: string) => LambdaInsightsVersion;

Use the insights extension associated with the provided ARN. Make sure the ARN is associated with same region as your function
See Also
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versions.html

class LayerVersion

class LayerVersion extends LayerVersionBase {}

Defines a new Lambda Layer version.

constructor

constructor(scope: Construct, id: string, props: LayerVersionProps);

property compatibleRuntimes

readonly compatibleRuntimes?: Runtime[];

property layerVersionArn

readonly layerVersionArn: string;

method fromLayerVersionArn

static fromLayerVersionArn: (
    scope: Construct,
    id: string,
    layerVersionArn: string
) => ILayerVersion;

Imports a layer version by ARN. Assumes it is compatible with all Lambda runtimes.

method fromLayerVersionAttributes

static fromLayerVersionAttributes: (
    scope: Construct,
    id: string,
    attrs: LayerVersionAttributes
) => ILayerVersion;

Imports a Layer that has been defined externally.
Parameter scope
the parent Construct that will use the imported layer.
Parameter id
the id of the imported layer in the construct tree.
Parameter attrs
the properties of the imported layer.

class LogRetention

class LogRetention extends logs.LogRetention {}

Creates a custom resource to control the retention policy of a CloudWatch Logs log group. The log group is created if it doesn't already exist. The policy is removed when retentionDays is undefined or equal to Infinity.
Deprecated
use LogRetention from '@aws-cdk/aws-logs' instead

constructor

constructor(scope: Construct, id: string, props: LogRetentionProps);

class QualifiedFunctionBase

abstract class QualifiedFunctionBase extends FunctionBase {}

property lambda

abstract readonly lambda: IFunction;

property latestVersion

readonly latestVersion: IVersion;

property permissionsNode

readonly permissionsNode: ConstructNode;

property qualifier

protected abstract readonly qualifier: string;

The qualifier of the version or alias of this function. A qualifier is the identifier that's appended to a version or alias ARN.
See Also
- https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionConfiguration.html#API_GetFunctionConfiguration_RequestParameters

property resourceArnsForGrantInvoke

readonly resourceArnsForGrantInvoke: string[];

method configureAsyncInvoke

configureAsyncInvoke: (options: EventInvokeConfigOptions) => void;

method considerWarningOnInvokeFunctionPermissions

considerWarningOnInvokeFunctionPermissions: (
    _scope: Construct,
    _action: string
) => void;

class Runtime

class Runtime {}

Lambda function runtime environment.
If you need to use a runtime name that doesn't exist as a static member, you can instantiate a Runtime object, e.g: new Runtime('nodejs99.99').

constructor

constructor(name: string, family?: RuntimeFamily, props?: LambdaRuntimeProps);

property ALL

static readonly ALL: Runtime[];

A list of all known Runtime's.

property bundlingDockerImage

readonly bundlingDockerImage: BundlingDockerImage;

DEPRECATED
Deprecated
use bundlingImage

property bundlingImage

readonly bundlingImage: DockerImage;

The bundling Docker image for this runtime.

property DOTNET_6

static readonly DOTNET_6: Runtime;

The .NET 6 runtime (dotnet6)

property DOTNET_CORE_1

static readonly DOTNET_CORE_1: Runtime;

The .NET Core 1.0 runtime (dotnetcore1.0) Legacy runtime no longer supported by AWS Lambda. Migrate to the latest .NET Core runtime.

property DOTNET_CORE_2

static readonly DOTNET_CORE_2: Runtime;

The .NET Core 2.0 runtime (dotnetcore2.0) Legacy runtime no longer supported by AWS Lambda. Migrate to the latest .NET Core runtime.

property DOTNET_CORE_2_1

static readonly DOTNET_CORE_2_1: Runtime;

The .NET Core 2.1 runtime (dotnetcore2.1) Legacy runtime no longer supported by AWS Lambda. Migrate to the latest .NET Core runtime.

property DOTNET_CORE_3_1

static readonly DOTNET_CORE_3_1: Runtime;

The .NET Core 3.1 runtime (dotnetcore3.1)

property family

readonly family?: RuntimeFamily;

The runtime family.

property FROM_IMAGE

static readonly FROM_IMAGE: Runtime;

A special runtime entry to be used when function is using a docker image.

property GO_1_X

static readonly GO_1_X: Runtime;

The Go 1.x runtime (go1.x)

property JAVA_11

static readonly JAVA_11: Runtime;

The Java 11 runtime (java11)

property JAVA_8

static readonly JAVA_8: Runtime;

The Java 8 runtime (java8)

property JAVA_8_CORRETTO

static readonly JAVA_8_CORRETTO: Runtime;

The Java 8 Corretto runtime (java8.al2)

property name

readonly name: string;

The name of this runtime, as expected by the Lambda resource.

property NODEJS

static readonly NODEJS: Runtime;

The NodeJS runtime (nodejs)
Deprecated
Legacy runtime no longer supported by AWS Lambda. Migrate to the latest NodeJS runtime.

property NODEJS_10_X

static readonly NODEJS_10_X: Runtime;

The NodeJS 10.x runtime (nodejs10.x)
Deprecated
Legacy runtime no longer supported by AWS Lambda. Migrate to the latest NodeJS runtime.

property NODEJS_12_X

static readonly NODEJS_12_X: Runtime;

The NodeJS 12.x runtime (nodejs12.x)

property NODEJS_14_X

static readonly NODEJS_14_X: Runtime;

The NodeJS 14.x runtime (nodejs14.x)

property NODEJS_16_X

static readonly NODEJS_16_X: Runtime;

The NodeJS 16.x runtime (nodejs16.x)

property NODEJS_4_3

static readonly NODEJS_4_3: Runtime;

The NodeJS 4.3 runtime (nodejs4.3)
Deprecated
Legacy runtime no longer supported by AWS Lambda. Migrate to the latest NodeJS runtime.

property NODEJS_6_10

static readonly NODEJS_6_10: Runtime;

The NodeJS 6.10 runtime (nodejs6.10)
Deprecated
Legacy runtime no longer supported by AWS Lambda. Migrate to the latest NodeJS runtime.

property NODEJS_8_10

static readonly NODEJS_8_10: Runtime;

The NodeJS 8.10 runtime (nodejs8.10)
Deprecated
Legacy runtime no longer supported by AWS Lambda. Migrate to the latest NodeJS runtime.

property PROVIDED

static readonly PROVIDED: Runtime;

The custom provided runtime (provided)

property PROVIDED_AL2

static readonly PROVIDED_AL2: Runtime;

The custom provided runtime (provided)

property PYTHON_2_7

static readonly PYTHON_2_7: Runtime;

The Python 2.7 runtime (python2.7)
Deprecated
Legacy runtime no longer supported by AWS Lambda. Migrate to the latest Python runtime.

property PYTHON_3_6

static readonly PYTHON_3_6: Runtime;

The Python 3.6 runtime (python3.6) (not recommended)
The Python 3.6 runtime is deprecated as of July 2022.
Deprecated
Legacy runtime no longer supported by AWS Lambda. Migrate to the latest Python runtime.

property PYTHON_3_7

static readonly PYTHON_3_7: Runtime;

The Python 3.7 runtime (python3.7)

property PYTHON_3_8

static readonly PYTHON_3_8: Runtime;

The Python 3.8 runtime (python3.8)

property PYTHON_3_9

static readonly PYTHON_3_9: Runtime;

The Python 3.9 runtime (python3.9)

property RUBY_2_5

static readonly RUBY_2_5: Runtime;

The Ruby 2.5 runtime (ruby2.5) Legacy runtime no longer supported by AWS Lambda. Migrate to the latest Ruby runtime.

property RUBY_2_7

static readonly RUBY_2_7: Runtime;

The Ruby 2.7 runtime (ruby2.7)

property supportsCodeGuruProfiling

readonly supportsCodeGuruProfiling: boolean;

Whether this runtime is integrated with and supported for profiling using Amazon CodeGuru Profiler.

property supportsInlineCode

readonly supportsInlineCode: boolean;

Whether the ``ZipFile`` (aka inline code) property can be used with this runtime.

method runtimeEquals

runtimeEquals: (other: Runtime) => boolean;

method toString

toString: () => string;

class S3Code

class S3Code extends Code {}

Lambda code from an S3 archive.

constructor

constructor(bucket: s3.IBucket, key: string, objectVersion?: string);

property isInline

readonly isInline: boolean;

method bind

bind: (_scope: Construct) => CodeConfig;

class SingletonFunction

class SingletonFunction extends FunctionBase {}

A Lambda that will only ever be added to a stack once.
This construct is a way to guarantee that the lambda function will be guaranteed to be part of the stack, once and only once, irrespective of how many times the construct is declared to be part of the stack. This is guaranteed as long as the uuid property and the optional lambdaPurpose property stay the same whenever they're declared into the stack.
AWS::Lambda::Function

constructor

constructor(scope: Construct, id: string, props: SingletonFunctionProps);

property architecture

readonly architecture: Architecture;

property canCreatePermissions

protected readonly canCreatePermissions: boolean;

property connections

readonly connections: ec2.Connections;

property currentVersion

readonly currentVersion: Version;

Returns a lambda.Version which represents the current version of this singleton Lambda function. A new version will be created every time the function's configuration changes.
You can specify options for this version using the currentVersionOptions prop when initializing the lambda.SingletonFunction.

property functionArn

readonly functionArn: string;

property functionName

readonly functionName: string;

property grantPrincipal

readonly grantPrincipal: iam.IPrincipal;

property isBoundToVpc

readonly isBoundToVpc: boolean;

property logGroup

readonly logGroup: logs.ILogGroup;

The LogGroup where the Lambda function's logs are made available.
If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).
Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

property permissionsNode

readonly permissionsNode: cdk.ConstructNode;

property resourceArnsForGrantInvoke

readonly resourceArnsForGrantInvoke: string[];

property role

readonly role?: iam.IRole;

property runtime

readonly runtime: Runtime;

The runtime environment for the Lambda function.

method addDependency

addDependency: (...up: cdk.IDependable[]) => void;

Using node.addDependency() does not work on this method as the underlying lambda function is modeled as a singleton across the stack. Use this method instead to declare dependencies.

method addEnvironment

addEnvironment: (
    key: string,
    value: string,
    options?: EnvironmentOptions
) => LambdaFunction;

Adds an environment variable to this Lambda function. If this is a ref to a Lambda function, this operation results in a no-op.
Parameter key
The environment variable key.
Parameter value
The environment variable's value.
Parameter options
Environment variable options.

method addLayers

addLayers: (...layers: ILayerVersion[]) => void;

Adds one or more Lambda Layers to this Lambda function.
Parameter layers
the layers to be added.
Throws
if there are already 5 layers on this function, or the layer is incompatible with this function's runtime.

method addPermission

addPermission: (name: string, permission: Permission) => void;

method dependOn

dependOn: (down: cdk.IConstruct) => void;

The SingletonFunction construct cannot be added as a dependency of another construct using node.addDependency(). Use this method instead to declare this as a dependency of another construct.

class SourceAccessConfigurationType

class SourceAccessConfigurationType {}

The type of authentication protocol or the VPC components for your event source's SourceAccessConfiguration
See Also
- https://docs.aws.amazon.com/lambda/latest/dg/API_SourceAccessConfiguration.html#SSS-Type-SourceAccessConfiguration-Type

property BASIC_AUTH

static readonly BASIC_AUTH: SourceAccessConfigurationType;

(MQ) The Secrets Manager secret that stores your broker credentials.

property CLIENT_CERTIFICATE_TLS_AUTH

static readonly CLIENT_CERTIFICATE_TLS_AUTH: SourceAccessConfigurationType;

The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers.

property SASL_SCRAM_256_AUTH

static readonly SASL_SCRAM_256_AUTH: SourceAccessConfigurationType;

The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your Self-Managed Apache Kafka brokers.

property SASL_SCRAM_512_AUTH

static readonly SASL_SCRAM_512_AUTH: SourceAccessConfigurationType;

The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your Self-Managed Apache Kafka brokers.

property type

readonly type: string;

The key to use in SourceAccessConfigurationProperty.Type property in CloudFormation
See Also
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html#cfn-lambda-eventsourcemapping-sourceaccessconfiguration-type

property VPC_SECURITY_GROUP

static readonly VPC_SECURITY_GROUP: SourceAccessConfigurationType;

The VPC security group used to manage access to your Self-Managed Apache Kafka brokers.

property VPC_SUBNET

static readonly VPC_SUBNET: SourceAccessConfigurationType;

The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your Self-Managed Apache Kafka cluster.

method of

static of: (name: string) => SourceAccessConfigurationType;

A custom source access configuration property

class Version

class Version extends QualifiedFunctionBase implements IVersion {}

Tag the current state of a Function with a Version number
Avoid using this resource directly. If you need a Version object, use function.currentVersion instead. That will add a Version object to your template, and make sure the Version is invalidated whenever the Function object changes. If you use the Version resource directly, you are responsible for making sure it is invalidated (by changing its logical ID) whenever necessary.
Version resources can then be used in Alias resources to refer to a particular deployment of a Lambda.
If you want to ensure that you're associating the right version with the right deployment, specify the codeSha256 property while creating the `Version.

constructor

constructor(scope: Construct, id: string, props: VersionProps);

property architecture

readonly architecture: Architecture;

property canCreatePermissions

protected readonly canCreatePermissions: boolean;

property edgeArn

readonly edgeArn: string;

property functionArn

readonly functionArn: string;

property functionName

readonly functionName: string;

property grantPrincipal

readonly grantPrincipal: any;

property lambda

readonly lambda: IFunction;

property qualifier

protected readonly qualifier: string;

property role

readonly role: any;

property version

readonly version: string;

method addAlias

addAlias: (aliasName: string, options?: AliasOptions) => Alias;

Defines an alias for this version.
Parameter aliasName
The name of the alias (e.g. "live")
Parameter options
Alias options
Deprecated
Calling addAlias on a Version object will cause the Alias to be replaced on every function update. Call function.addAlias() or new Alias() instead.

method fromVersionArn

static fromVersionArn: (
    scope: Construct,
    id: string,
    versionArn: string
) => IVersion;

Construct a Version object from a Version ARN.
Parameter scope
The cdk scope creating this resource
Parameter id
The cdk id of this resource
Parameter versionArn
The version ARN to create this version from

method fromVersionAttributes

static fromVersionAttributes: (
    scope: Construct,
    id: string,
    attrs: VersionAttributes
) => IVersion;

method metric

metric: (
    metricName: string,
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

Interfaces

interface AliasAttributes

interface AliasAttributes {}

property aliasName

readonly aliasName: string;

property aliasVersion

readonly aliasVersion: IVersion;

interface AliasOptions

interface AliasOptions extends EventInvokeConfigOptions {}

Options for lambda.Alias.

property additionalVersions

readonly additionalVersions?: VersionWeight[];

Additional versions with individual weights this alias points to
Individual additional version weights specified here should add up to (less than) one. All remaining weight is routed to the default version.
For example, the config is
version: "1" additionalVersions: [{ version: "2", weight: 0.05 }]
Then 5% of traffic will be routed to function version 2, while the remaining 95% of traffic will be routed to function version 1.
No additional versions

property description

readonly description?: string;

Description for the alias
No description

property provisionedConcurrentExecutions

readonly provisionedConcurrentExecutions?: number;

Specifies a provisioned concurrency configuration for a function's alias.
No provisioned concurrency

interface AliasProps

interface AliasProps extends AliasOptions {}

Properties for a new Lambda alias

property aliasName

readonly aliasName: string;

Name of this alias

property version

readonly version: IVersion;

Function version this alias refers to
Use lambda.currentVersion to reference a version with your latest changes.

interface AssetImageCodeProps

interface AssetImageCodeProps extends ecr_assets.DockerImageAssetOptions {}

Properties to initialize a new AssetImage

property cmd

readonly cmd?: string[];

Specify or override the CMD on the specified Docker image or Dockerfile. This needs to be in the 'exec form', viz., [ 'executable', 'param1', 'param2' ].
See Also
- https://docs.docker.com/engine/reference/builder/#cmd - use the CMD specified in the docker image or Dockerfile.

property entrypoint

readonly entrypoint?: string[];

Specify or override the ENTRYPOINT on the specified Docker image or Dockerfile. An ENTRYPOINT allows you to configure a container that will run as an executable. This needs to be in the 'exec form', viz., [ 'executable', 'param1', 'param2' ].
See Also
- https://docs.docker.com/engine/reference/builder/#entrypoint - use the ENTRYPOINT in the docker image or Dockerfile.

property workingDirectory

readonly workingDirectory?: string;

Specify or override the WORKDIR on the specified Docker image or Dockerfile. A WORKDIR allows you to configure the working directory the container will use.
See Also
- https://docs.docker.com/engine/reference/builder/#workdir - use the WORKDIR in the docker image or Dockerfile.

interface AutoScalingOptions

interface AutoScalingOptions {}

Properties for enabling Lambda autoscaling

property maxCapacity

readonly maxCapacity: number;

Maximum capacity to scale to

property minCapacity

readonly minCapacity?: number;

Minimum capacity to scale to
1

interface CfnAliasProps

interface CfnAliasProps {}

Properties for defining a CfnAlias
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html

property description

readonly description?: string;

A description of the alias.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-description

property functionName

readonly functionName: string;

The name of the Lambda function.
**Name formats** - *Function name* - MyFunction . - *Function ARN* - arn:aws:lambda:us-west-2:123456789012:function:MyFunction . - *Partial ARN* - 123456789012:function:MyFunction .
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-functionname

property functionVersion

readonly functionVersion: string;

The function version that the alias invokes.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-functionversion

property name

readonly name: string;

The name of the alias.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-name

property provisionedConcurrencyConfig

readonly provisionedConcurrencyConfig?:
    | CfnAlias.ProvisionedConcurrencyConfigurationProperty
    | cdk.IResolvable;

Specifies a [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html) configuration for a function's alias.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-provisionedconcurrencyconfig

property routingConfig

readonly routingConfig?:
    | CfnAlias.AliasRoutingConfigurationProperty
    | cdk.IResolvable;

The [routing configuration](https://docs.aws.amazon.com/lambda/latest/dg/lambda-traffic-shifting-using-aliases.html) of the alias.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-alias.html#cfn-lambda-alias-routingconfig

interface CfnCodeSigningConfigProps

interface CfnCodeSigningConfigProps {}

Properties for defining a CfnCodeSigningConfig
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html

property allowedPublishers

readonly allowedPublishers:
    | CfnCodeSigningConfig.AllowedPublishersProperty
    | cdk.IResolvable;

List of allowed publishers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html#cfn-lambda-codesigningconfig-allowedpublishers

property codeSigningPolicies

readonly codeSigningPolicies?:
    | CfnCodeSigningConfig.CodeSigningPoliciesProperty
    | cdk.IResolvable;

The code signing policy controls the validation failure action for signature mismatch or expiry.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html#cfn-lambda-codesigningconfig-codesigningpolicies

property description

readonly description?: string;

Code signing configuration description.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html#cfn-lambda-codesigningconfig-description

interface CfnEventInvokeConfigProps

interface CfnEventInvokeConfigProps {}

Properties for defining a CfnEventInvokeConfig
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html

property destinationConfig

readonly destinationConfig?:
    | CfnEventInvokeConfig.DestinationConfigProperty
    | cdk.IResolvable;

A destination for events after they have been sent to a function for processing.
**Destinations** - *Function* - The Amazon Resource Name (ARN) of a Lambda function. - *Queue* - The ARN of a standard SQS queue. - *Topic* - The ARN of a standard SNS topic. - *Event Bus* - The ARN of an Amazon EventBridge event bus.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-destinationconfig

property functionName

readonly functionName: string;

The name of the Lambda function.
*Minimum* : 1
*Maximum* : 64
*Pattern* : ([a-zA-Z0-9-_]+)
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-functionname

property maximumEventAgeInSeconds

readonly maximumEventAgeInSeconds?: number;

The maximum age of a request that Lambda sends to a function for processing.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-maximumeventageinseconds

property maximumRetryAttempts

readonly maximumRetryAttempts?: number;

The maximum number of times to retry when the function returns an error.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-maximumretryattempts

property qualifier

readonly qualifier: string;

The identifier of a version or alias.
- *Version* - A version number. - *Alias* - An alias name. - *Latest* - To specify the unpublished version, use $LATEST .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventinvokeconfig.html#cfn-lambda-eventinvokeconfig-qualifier

interface CfnEventSourceMappingProps

interface CfnEventSourceMappingProps {}

Properties for defining a CfnEventSourceMapping
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html

property amazonManagedKafkaEventSourceConfig

readonly amazonManagedKafkaEventSourceConfig?:
    | CfnEventSourceMapping.AmazonManagedKafkaEventSourceConfigProperty
    | cdk.IResolvable;

Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig

property batchSize

readonly batchSize?: number;

The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).
- *Amazon Kinesis* – Default 100. Max 10,000. - *Amazon DynamoDB Streams* – Default 100. Max 10,000. - *Amazon Simple Queue Service* – Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10. - *Amazon Managed Streaming for Apache Kafka* – Default 100. Max 10,000. - *Self-managed Apache Kafka* – Default 100. Max 10,000. - *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000. - *DocumentDB* – Default 100. Max 10,000.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize

property bisectBatchOnFunctionError

readonly bisectBatchOnFunctionError?: boolean | cdk.IResolvable;

(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-bisectbatchonfunctionerror

property destinationConfig

readonly destinationConfig?:
    | CfnEventSourceMapping.DestinationConfigProperty
    | cdk.IResolvable;

(Kinesis and DynamoDB Streams only) An Amazon SQS queue or Amazon SNS topic destination for discarded records.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig

property documentDbEventSourceConfig

readonly documentDbEventSourceConfig?:
    | CfnEventSourceMapping.DocumentDBEventSourceConfigProperty
    | cdk.IResolvable;

Specific configuration settings for a DocumentDB event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig

property enabled

readonly enabled?: boolean | cdk.IResolvable;

When true, the event source mapping is active. When false, Lambda pauses polling and invocation.
Default: True
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled

property eventSourceArn

readonly eventSourceArn?: string;

The Amazon Resource Name (ARN) of the event source.
- *Amazon Kinesis* – The ARN of the data stream or a stream consumer. - *Amazon DynamoDB Streams* – The ARN of the stream. - *Amazon Simple Queue Service* – The ARN of the queue. - *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster. - *Amazon MQ* – The ARN of the broker. - *Amazon DocumentDB* – The ARN of the DocumentDB change stream.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn

property filterCriteria

readonly filterCriteria?:
    | CfnEventSourceMapping.FilterCriteriaProperty
    | cdk.IResolvable;

An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-filtercriteria

property functionName

readonly functionName: string;

The name of the Lambda function.
**Name formats** - *Function name* – MyFunction . - *Function ARN* – arn:aws:lambda:us-west-2:123456789012:function:MyFunction . - *Version or Alias ARN* – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD . - *Partial ARN* – 123456789012:function:MyFunction .
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionname

property functionResponseTypes

readonly functionResponseTypes?: string[];

(Streams and SQS) A list of current response type enums applied to the event source mapping.
Valid Values: ReportBatchItemFailures
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes

property maximumBatchingWindowInSeconds

readonly maximumBatchingWindowInSeconds?: number;

The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function.
*Default ( Kinesis , DynamoDB , Amazon SQS event sources)* : 0
*Default ( Amazon MSK , Kafka, Amazon MQ , Amazon DocumentDB event sources)* : 500 ms
*Related setting:* For Amazon SQS event sources, when you set BatchSize to a value greater than 10, you must set MaximumBatchingWindowInSeconds to at least 1.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds

property maximumRecordAgeInSeconds

readonly maximumRecordAgeInSeconds?: number;

(Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records.
> The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds

property maximumRetryAttempts

readonly maximumRetryAttempts?: number;

(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts

property parallelizationFactor

readonly parallelizationFactor?: number;

(Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-parallelizationfactor

property queues

readonly queues?: string[];

(Amazon MQ) The name of the Amazon MQ broker destination queue to consume.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-queues

property scalingConfig

readonly scalingConfig?:
    | CfnEventSourceMapping.ScalingConfigProperty
    | cdk.IResolvable;

(Amazon SQS only) The scaling configuration for the event source. For more information, see [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-scalingconfig

property selfManagedEventSource

readonly selfManagedEventSource?:
    | CfnEventSourceMapping.SelfManagedEventSourceProperty
    | cdk.IResolvable;

The self-managed Apache Kafka cluster for your event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-selfmanagedeventsource

property selfManagedKafkaEventSourceConfig

readonly selfManagedKafkaEventSourceConfig?:
    | CfnEventSourceMapping.SelfManagedKafkaEventSourceConfigProperty
    | cdk.IResolvable;

Specific configuration settings for a self-managed Apache Kafka event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig

property sourceAccessConfigurations

readonly sourceAccessConfigurations?:
    | Array<
          | CfnEventSourceMapping.SourceAccessConfigurationProperty
          | cdk.IResolvable
      >
    | cdk.IResolvable;

An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations

property startingPosition

readonly startingPosition?: string;

The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB.
- *LATEST* - Read only new records. - *TRIM_HORIZON* - Process all available records. - *AT_TIMESTAMP* - Specify a time from which to start reading records.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition

property startingPositionTimestamp

readonly startingPositionTimestamp?: number;

With StartingPosition set to AT_TIMESTAMP , the time from which to start reading, in Unix time seconds.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp

property topics

readonly topics?: string[];

The name of the Kafka topic.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-topics

property tumblingWindowInSeconds

readonly tumblingWindowInSeconds?: number;

(Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-tumblingwindowinseconds

interface CfnFunctionProps

interface CfnFunctionProps {}

Properties for defining a CfnFunction
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html

property architectures

readonly architectures?: string[];

The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is x86_64 .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-architectures

property code

readonly code: CfnFunction.CodeProperty | cdk.IResolvable;

The code for the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code

property codeSigningConfigArn

readonly codeSigningConfigArn?: string;

To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-codesigningconfigarn

property deadLetterConfig

readonly deadLetterConfig?:
    | CfnFunction.DeadLetterConfigProperty
    | cdk.IResolvable;

A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-deadletterconfig

property description

readonly description?: string;

A description of the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-description

property environment

readonly environment?: CfnFunction.EnvironmentProperty | cdk.IResolvable;

Environment variables that are accessible from function code during execution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-environment

property ephemeralStorage

readonly ephemeralStorage?:
    | CfnFunction.EphemeralStorageProperty
    | cdk.IResolvable;

The size of the function's /tmp directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-ephemeralstorage

property fileSystemConfigs

readonly fileSystemConfigs?:
    | Array<CfnFunction.FileSystemConfigProperty | cdk.IResolvable>
    | cdk.IResolvable;

Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an [AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html) resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function.
For more information about using the DependsOn attribute, see [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-filesystemconfigs

property functionName

readonly functionName?: string;

The name of the Lambda function, up to 64 characters in length. If you don't specify a name, AWS CloudFormation generates one.
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionname

property handler

readonly handler?: string;

The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see [Lambda programming model](https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-handler

property imageConfig

readonly imageConfig?: CfnFunction.ImageConfigProperty | cdk.IResolvable;

Configuration values that override the container image Dockerfile settings. For more information, see [Container image settings](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-imageconfig

property kmsKeyArn

readonly kmsKeyArn?: string;

The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption) . When [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-kmskeyarn

property layers

readonly layers?: string[];

A list of [function layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) to add to the function's execution environment. Specify each layer by its ARN, including the version.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-layers

property memorySize

readonly memorySize?: number;

The amount of [memory available to the function](https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console) at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-memorysize

property packageType

readonly packageType?: string;

The type of deployment package. Set to Image for container image and set Zip for .zip file archive.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-packagetype

property reservedConcurrentExecutions

readonly reservedConcurrentExecutions?: number;

The number of simultaneous executions to reserve for the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-reservedconcurrentexecutions

property role

readonly role: string;

The Amazon Resource Name (ARN) of the function's execution role.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-role

property runtime

readonly runtime?: string;

The identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) . Runtime is required if the deployment package is a .zip file archive.
The following list includes deprecated runtimes. For more information, see [Runtime deprecation policy](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-runtime

property runtimeManagementConfig

readonly runtimeManagementConfig?:
    | CfnFunction.RuntimeManagementConfigProperty
    | cdk.IResolvable;

Sets the runtime management configuration for a function's version. For more information, see [Runtime updates](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-runtimemanagementconfig

property snapStart

readonly snapStart?: CfnFunction.SnapStartProperty | cdk.IResolvable;

The function's [AWS Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) setting.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-snapstart

property tags

readonly tags?: cdk.CfnTag[];

A list of [tags](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tags

property timeout

readonly timeout?: number;

The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see [Lambda execution environment](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-timeout

property tracingConfig

readonly tracingConfig?: CfnFunction.TracingConfigProperty | cdk.IResolvable;

Set Mode to Active to sample and trace a subset of incoming requests with [X-Ray](https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tracingconfig

property vpcConfig

readonly vpcConfig?: CfnFunction.VpcConfigProperty | cdk.IResolvable;

For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see [Configuring a Lambda function to access resources in a VPC](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-vpcconfig

interface CfnLayerVersionPermissionProps

interface CfnLayerVersionPermissionProps {}

Properties for defining a CfnLayerVersionPermission
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversionpermission.html

property action

readonly action: string;

The API action that grants access to the layer. For example, lambda:GetLayerVersion .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversionpermission.html#cfn-lambda-layerversionpermission-action

property layerVersionArn

readonly layerVersionArn: string;

The name or Amazon Resource Name (ARN) of the layer.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversionpermission.html#cfn-lambda-layerversionpermission-layerversionarn

property organizationId

readonly organizationId?: string;

With the principal set to * , grant permission to all accounts in the specified organization.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversionpermission.html#cfn-lambda-layerversionpermission-organizationid

property principal

readonly principal: string;

An account ID, or * to grant layer usage permission to all accounts in an organization, or all AWS accounts (if organizationId is not specified). For the last case, make sure that you really do want all AWS accounts to have usage permission to this layer.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversionpermission.html#cfn-lambda-layerversionpermission-principal

interface CfnLayerVersionProps

interface CfnLayerVersionProps {}

Properties for defining a CfnLayerVersion
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html

property compatibleArchitectures

readonly compatibleArchitectures?: string[];

A list of compatible [instruction set architectures](https://docs.aws.amazon.com/lambda/latest/dg/foundation-arch.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-compatiblearchitectures

property compatibleRuntimes

readonly compatibleRuntimes?: string[];

A list of compatible [function runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) . Used for filtering with [ListLayers](https://docs.aws.amazon.com/lambda/latest/dg/API_ListLayers.html) and [ListLayerVersions](https://docs.aws.amazon.com/lambda/latest/dg/API_ListLayerVersions.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-compatibleruntimes

property content

readonly content: CfnLayerVersion.ContentProperty | cdk.IResolvable;

The function layer archive.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-content

property description

readonly description?: string;

The description of the version.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-description

property layerName

readonly layerName?: string;

The name or Amazon Resource Name (ARN) of the layer.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-layername

property licenseInfo

readonly licenseInfo?: string;

The layer's software license. It can be any of the following:
- An [SPDX license identifier](https://docs.aws.amazon.com/https://spdx.org/licenses/) . For example, MIT . - The URL of a license hosted on the internet. For example, https://opensource.org/licenses/MIT . - The full text of the license.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-layerversion.html#cfn-lambda-layerversion-licenseinfo

interface CfnParametersCodeProps

interface CfnParametersCodeProps {}

Construction properties for CfnParametersCode.

property bucketNameParam

readonly bucketNameParam?: cdk.CfnParameter;

The CloudFormation parameter that represents the name of the S3 Bucket where the Lambda code will be located in. Must be of type 'String'.
a new parameter will be created

property objectKeyParam

readonly objectKeyParam?: cdk.CfnParameter;

The CloudFormation parameter that represents the path inside the S3 Bucket where the Lambda code will be located at. Must be of type 'String'.
a new parameter will be created

interface CfnPermissionProps

interface CfnPermissionProps {}

Properties for defining a CfnPermission
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html

property action

readonly action: string;

The action that the principal can use on the function. For example, lambda:InvokeFunction or lambda:GetFunction .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-action

property eventSourceToken

readonly eventSourceToken?: string;

For Alexa Smart Home functions, a token that the invoker must supply.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-eventsourcetoken

property functionName

readonly functionName: string;

The name of the Lambda function, version, or alias.
**Name formats** - *Function name* – my-function (name-only), my-function:v1 (with alias). - *Function ARN* – arn:aws:lambda:us-west-2:123456789012:function:my-function . - *Partial ARN* – 123456789012:function:my-function .
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-functionname

property functionUrlAuthType

readonly functionUrlAuthType?: string;

The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-functionurlauthtype

property principal

readonly principal: string;

The AWS service or AWS account that invokes the function. If you specify a service, use SourceArn or SourceAccount to limit who can invoke the function through that service.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-principal

property principalOrgId

readonly principalOrgId?: string;

The identifier for your organization in AWS Organizations . Use this to grant permissions to all the AWS accounts under this organization.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-principalorgid

property sourceAccount

readonly sourceAccount?: string;

For AWS service , the ID of the AWS account that owns the resource. Use this together with SourceArn to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-sourceaccount

property sourceArn

readonly sourceArn?: string;

For AWS services , the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic.
Note that Lambda configures the comparison using the StringLike operator.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html#cfn-lambda-permission-sourcearn

interface CfnUrlProps

interface CfnUrlProps {}

Properties for defining a CfnUrl
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html

property authType

readonly authType: string;

The type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-authtype

property cors

readonly cors?: CfnUrl.CorsProperty | cdk.IResolvable;

The [Cross-Origin Resource Sharing (CORS)](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) settings for your function URL.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-cors

property invokeMode

readonly invokeMode?: string;

Use one of the following options:
- BUFFERED – This is the default option. Lambda invokes your function using the Invoke API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB. - RESPONSE_STREAM – Your function streams payload results as they become available. Lambda invokes your function using the InvokeWithResponseStream API operation. The maximum response payload size is 20 MB, however, you can [request a quota increase](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-invokemode

property qualifier

readonly qualifier?: string;

The alias name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-qualifier

property targetFunctionArn

readonly targetFunctionArn: string;

The name of the Lambda function.
**Name formats** - *Function name* - my-function . - *Function ARN* - arn:aws:lambda:us-west-2:123456789012:function:my-function . - *Partial ARN* - 123456789012:function:my-function .
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-targetfunctionarn

interface CfnVersionProps

interface CfnVersionProps {}

Properties for defining a CfnVersion
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html

property codeSha256

readonly codeSha256?: string;

Only publish a version if the hash value matches the value that's specified. Use this option to avoid publishing a version if the function code has changed since you last updated it. Updates are not supported for this property.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html#cfn-lambda-version-codesha256

property description

readonly description?: string;

A description for the version to override the description in the function configuration. Updates are not supported for this property.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html#cfn-lambda-version-description

property functionName

readonly functionName: string;

The name of the Lambda function.
**Name formats** - *Function name* - MyFunction . - *Function ARN* - arn:aws:lambda:us-west-2:123456789012:function:MyFunction . - *Partial ARN* - 123456789012:function:MyFunction .
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html#cfn-lambda-version-functionname

property provisionedConcurrencyConfig

readonly provisionedConcurrencyConfig?:
    | CfnVersion.ProvisionedConcurrencyConfigurationProperty
    | cdk.IResolvable;

Specifies a provisioned concurrency configuration for a function's version. Updates are not supported for this property.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html#cfn-lambda-version-provisionedconcurrencyconfig

interface CodeConfig

interface CodeConfig {}

Result of binding Code into a Function.

property image

readonly image?: CodeImageConfig;

Docker image configuration (mutually exclusive with s3Location and inlineCode). - code is not an ECR container image

property inlineCode

readonly inlineCode?: string;

Inline code (mutually exclusive with s3Location and image). - code is not inline code

property s3Location

readonly s3Location?: s3.Location;

The location of the code in S3 (mutually exclusive with inlineCode and image). - code is not an s3 location

interface CodeImageConfig

interface CodeImageConfig {}

Result of the bind when an ECR image is used.

property cmd

readonly cmd?: string[];

Specify or override the CMD on the specified Docker image or Dockerfile. This needs to be in the 'exec form', viz., [ 'executable', 'param1', 'param2' ].
See Also
- https://docs.docker.com/engine/reference/builder/#cmd - use the CMD specified in the docker image or Dockerfile.

property entrypoint

readonly entrypoint?: string[];

Specify or override the ENTRYPOINT on the specified Docker image or Dockerfile. An ENTRYPOINT allows you to configure a container that will run as an executable. This needs to be in the 'exec form', viz., [ 'executable', 'param1', 'param2' ].
See Also
- https://docs.docker.com/engine/reference/builder/#entrypoint - use the ENTRYPOINT in the docker image or Dockerfile.

property imageUri

readonly imageUri: string;

URI to the Docker image.

property workingDirectory

readonly workingDirectory?: string;

Specify or override the WORKDIR on the specified Docker image or Dockerfile. A WORKDIR allows you to configure the working directory the container will use.
See Also
- https://docs.docker.com/engine/reference/builder/#workdir - use the WORKDIR in the docker image or Dockerfile.

interface CodeSigningConfigProps

interface CodeSigningConfigProps {}

Construction properties for a Code Signing Config object

property description

readonly description?: string;

Code signing configuration description.
- No description.

property signingProfiles

readonly signingProfiles: ISigningProfile[];

List of signing profiles that defines a trusted user who can sign a code package.

property untrustedArtifactOnDeployment

readonly untrustedArtifactOnDeployment?: UntrustedArtifactOnDeployment;

Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log.
UntrustedArtifactOnDeployment.WARN

interface DestinationConfig

interface DestinationConfig {}

A destination configuration

property destination

readonly destination: string;

The Amazon Resource Name (ARN) of the destination resource

interface DestinationOptions

interface DestinationOptions {}

Options when binding a destination to a function

property type

readonly type: DestinationType;

The destination type

interface DlqDestinationConfig

interface DlqDestinationConfig {}

A destination configuration

property destination

readonly destination: string;

The Amazon Resource Name (ARN) of the destination resource

interface DockerBuildAssetOptions

interface DockerBuildAssetOptions extends cdk.DockerBuildOptions {}

Options when creating an asset from a Docker build.

property imagePath

readonly imagePath?: string;

The path in the Docker image where the asset is located after the build operation.
/asset

property outputPath

readonly outputPath?: string;

The path on the local filesystem where the asset will be copied using docker cp.
- a unique temporary directory in the system temp directory

interface DockerImageFunctionProps

interface DockerImageFunctionProps extends FunctionOptions {}

Properties to configure a new DockerImageFunction construct.

property code

readonly code: DockerImageCode;

The source code of your Lambda function. You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text.

interface EcrImageCodeProps

interface EcrImageCodeProps {}

Properties to initialize a new EcrImageCode

property cmd

readonly cmd?: string[];

Specify or override the CMD on the specified Docker image or Dockerfile. This needs to be in the 'exec form', viz., [ 'executable', 'param1', 'param2' ].
See Also
- https://docs.docker.com/engine/reference/builder/#cmd - use the CMD specified in the docker image or Dockerfile.

property entrypoint

readonly entrypoint?: string[];

Specify or override the ENTRYPOINT on the specified Docker image or Dockerfile. An ENTRYPOINT allows you to configure a container that will run as an executable. This needs to be in the 'exec form', viz., [ 'executable', 'param1', 'param2' ].
See Also
- https://docs.docker.com/engine/reference/builder/#entrypoint - use the ENTRYPOINT in the docker image or Dockerfile.

property tag

readonly tag?: string;

The image tag to use when pulling the image from ECR. 'latest'
Deprecated
use tagOrDigest

property tagOrDigest

readonly tagOrDigest?: string;

The image tag or digest to use when pulling the image from ECR (digests must start with sha256:). 'latest'

property workingDirectory

readonly workingDirectory?: string;

Specify or override the WORKDIR on the specified Docker image or Dockerfile. A WORKDIR allows you to configure the working directory the container will use.
See Also
- https://docs.docker.com/engine/reference/builder/#workdir - use the WORKDIR in the docker image or Dockerfile.

interface EnvironmentOptions

interface EnvironmentOptions {}

Environment variables options

property removeInEdge

readonly removeInEdge?: boolean;

When used in Lambda@Edge via edgeArn() API, these environment variables will be removed. If not set, an error will be thrown.
See Also
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-requirements-limits.html#lambda-requirements-lambda-function-configuration
  false - using the function in Lambda@Edge will throw

interface EventInvokeConfigOptions

interface EventInvokeConfigOptions {}

Options to add an EventInvokeConfig to a function.

property maxEventAge

readonly maxEventAge?: Duration;

The maximum age of a request that Lambda sends to a function for processing.
Minimum: 60 seconds Maximum: 6 hours
Duration.hours(6)

property onFailure

readonly onFailure?: IDestination;

The destination for failed invocations.
- no destination

property onSuccess

readonly onSuccess?: IDestination;

The destination for successful invocations.
- no destination

property retryAttempts

readonly retryAttempts?: number;

The maximum number of times to retry when the function returns an error.
Minimum: 0 Maximum: 2
2

interface EventInvokeConfigProps

interface EventInvokeConfigProps extends EventInvokeConfigOptions {}

Properties for an EventInvokeConfig

property function

readonly function: IFunction;

The Lambda function

property qualifier

readonly qualifier?: string;

The qualifier
- latest version

interface EventSourceMappingOptions

interface EventSourceMappingOptions {}

property batchSize

readonly batchSize?: number;

The largest number of records that AWS Lambda will retrieve from your event source at the time of invoking your function. Your function receives an event with all the retrieved records.
Valid Range: Minimum value of 1. Maximum value of 10000.
- Amazon Kinesis, Amazon DynamoDB, and Amazon MSK is 100 records. The default for Amazon SQS is 10 messages. For standard SQS queues, the maximum is 10,000. For FIFO SQS queues, the maximum is 10.

property bisectBatchOnError

readonly bisectBatchOnError?: boolean;

If the function returns an error, split the batch in two and retry.
false

property enabled

readonly enabled?: boolean;

Set to false to disable the event source upon creation.
true

property eventSourceArn

readonly eventSourceArn?: string;

The Amazon Resource Name (ARN) of the event source. Any record added to this stream can invoke the Lambda function.
- not set if using a self managed Kafka cluster, throws an error otherwise

property kafkaBootstrapServers

readonly kafkaBootstrapServers?: string[];

A list of host and port pairs that are the addresses of the Kafka brokers in a self managed "bootstrap" Kafka cluster that a Kafka client connects to initially to bootstrap itself. They are in the format abc.example.com:9096.
- none

property kafkaTopic

readonly kafkaTopic?: string;

The name of the Kafka topic.
- no topic

property maxBatchingWindow

readonly maxBatchingWindow?: cdk.Duration;

The maximum amount of time to gather records before invoking the function. Maximum of Duration.minutes(5)
Duration.seconds(0)

property maxRecordAge

readonly maxRecordAge?: cdk.Duration;

The maximum age of a record that Lambda sends to a function for processing. Valid Range: * Minimum value of 60 seconds * Maximum value of 7 days
- infinite or until the record expires.

property onFailure

readonly onFailure?: IEventSourceDlq;

An Amazon SQS queue or Amazon SNS topic destination for discarded records.
discarded records are ignored

property parallelizationFactor

readonly parallelizationFactor?: number;

The number of batches to process from each shard concurrently. Valid Range: * Minimum value of 1 * Maximum value of 10
1

property reportBatchItemFailures

readonly reportBatchItemFailures?: boolean;

Allow functions to return partially successful responses for a batch of records.
See Also
- https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-ddb-batchfailurereporting
  false

property retryAttempts

readonly retryAttempts?: number;

The maximum number of times to retry when the function returns an error. Set to undefined if you want lambda to keep retrying infinitely or until the record expires.
Valid Range: * Minimum value of 0 * Maximum value of 10000
- infinite or until the record expires.

property sourceAccessConfigurations

readonly sourceAccessConfigurations?: SourceAccessConfiguration[];

Specific settings like the authentication protocol or the VPC components to secure access to your event source.
See Also
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html
  - none

property startingPosition

readonly startingPosition?: StartingPosition;

The position in the DynamoDB, Kinesis or MSK stream where AWS Lambda should start reading.
See Also
- https://docs.aws.amazon.com/kinesis/latest/APIReference/API_GetShardIterator.html#Kinesis-GetShardIterator-request-ShardIteratorType
  - Required for Amazon Kinesis, Amazon DynamoDB, and Amazon MSK Streams sources.

property tumblingWindow

readonly tumblingWindow?: cdk.Duration;

The size of the tumbling windows to group records sent to DynamoDB or Kinesis
See Also
- https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-ddb-windows
  Valid Range: 0 - 15 minutes
  - None

interface EventSourceMappingProps

interface EventSourceMappingProps extends EventSourceMappingOptions {}

Properties for declaring a new event source mapping.

property target

readonly target: IFunction;

The target AWS Lambda function.

interface FileSystemConfig

interface FileSystemConfig {}

FileSystem configurations for the Lambda function

property arn

readonly arn: string;

ARN of the access point

property connections

readonly connections?: Connections;

connections object used to allow ingress traffic from lambda function
- no connections required to add extra ingress rules for Lambda function

property dependency

readonly dependency?: IDependable[];

array of IDependable that lambda function depends on
- no dependency

property localMountPath

readonly localMountPath: string;

mount path in the lambda runtime environment

property policies

readonly policies?: iam.PolicyStatement[];

additional IAM policies required for the lambda function
- no additional policies required

interface FunctionAttributes

interface FunctionAttributes {}

Represents a Lambda function defined outside of this stack.

property architecture

readonly architecture?: Architecture;

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64). - Architecture.X86_64

property functionArn

readonly functionArn: string;

The ARN of the Lambda function.
Format: arn::lambda:::function:

property role

readonly role?: iam.IRole;

The IAM execution role associated with this function.
If the role is not specified, any role-related operations will no-op.

property sameEnvironment

readonly sameEnvironment?: boolean;

Setting this property informs the CDK that the imported function is in the same environment as the stack. This affects certain behaviours such as, whether this function's permission can be modified. When not configured, the CDK attempts to auto-determine this. For environment agnostic stacks, i.e., stacks where the account is not specified with the env property, this is determined to be false.
Set this to property *ONLY IF* the imported function is in the same account as the stack it's imported in. - depends: true, if the Stack is configured with an explicit env (account and region) and the account is the same as this function. For environment-agnostic stacks this will default to false.

property securityGroup

readonly securityGroup?: ec2.ISecurityGroup;

The security group of this Lambda, if in a VPC.
This needs to be given in order to support allowing connections to this Lambda.

property securityGroupId

readonly securityGroupId?: string;

Id of the security group of this Lambda, if in a VPC.
This needs to be given in order to support allowing connections to this Lambda.
Deprecated
use securityGroup instead

property skipPermissions

readonly skipPermissions?: boolean;

Setting this property informs the CDK that the imported function ALREADY HAS the necessary permissions for what you are trying to do. When not configured, the CDK attempts to auto-determine whether or not additional permissions are necessary on the function when grant APIs are used. If the CDK tried to add permissions on an imported lambda, it will fail.
Set this property *ONLY IF* you are committing to manage the imported function's permissions outside of CDK. You are acknowledging that your CDK code alone will have insufficient permissions to access the imported function.
false

interface FunctionBase

interface FunctionBase {}

method metric

metric: (
    metricName: string,
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

Return the given named metric for this Function

method metricDuration

metricDuration: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

How long execution of this Lambda takes
Average over 5 minutes

method metricErrors

metricErrors: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

How many invocations of this Lambda fail
Sum over 5 minutes

method metricInvocations

metricInvocations: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

How often this Lambda is invoked
Sum over 5 minutes

method metricThrottles

metricThrottles: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

How often this Lambda is throttled
Sum over 5 minutes

interface FunctionOptions

interface FunctionOptions extends EventInvokeConfigOptions {}

Non runtime options

property allowAllOutbound

readonly allowAllOutbound?: boolean;

Whether to allow the Lambda to send all network traffic
If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets.
true

property allowPublicSubnet

readonly allowPublicSubnet?: boolean;

Lambda Functions in a public subnet can NOT access the internet. Use this property to acknowledge this limitation and still place the function in a public subnet.
See Also
- https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the/52994841#52994841
  false

property architecture

readonly architecture?: Architecture;

The system architectures compatible with this lambda function. Architecture.X86_64

property architectures

readonly architectures?: Architecture[];

DEPRECATED [Architecture.X86_64]
Deprecated
use architecture

property codeSigningConfig

readonly codeSigningConfig?: ICodeSigningConfig;

Code signing config associated with this function
- Not Sign the Code

property currentVersionOptions

readonly currentVersionOptions?: VersionOptions;

Options for the lambda.Version resource automatically created by the fn.currentVersion method. - default options as described in VersionOptions

property deadLetterQueue

readonly deadLetterQueue?: sqs.IQueue;

The SQS queue to use if DLQ is enabled. If SNS topic is desired, specify deadLetterTopic property instead.
- SQS queue with 14 day retention period if deadLetterQueueEnabled is true

property deadLetterQueueEnabled

readonly deadLetterQueueEnabled?: boolean;

Enabled DLQ. If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.
- false unless deadLetterQueue is set, which implies DLQ is enabled.

property deadLetterTopic

readonly deadLetterTopic?: sns.ITopic;

The SNS topic to use as a DLQ. Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.
- no SNS topic

property description

readonly description?: string;

A description of the function.
- No description.

property environment

readonly environment?: {
    [key: string]: string;
};

Key-value pairs that Lambda caches and makes available for your Lambda functions. Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code.
- No environment variables.

property environmentEncryption

readonly environmentEncryption?: kms.IKey;

The AWS KMS key that's used to encrypt your function's environment variables.
- AWS Lambda creates and uses an AWS managed customer master key (CMK).

property ephemeralStorageSize

readonly ephemeralStorageSize?: Size;

The size of the function’s /tmp directory in MiB.
512 MiB

property events

readonly events?: IEventSource[];

Event sources for this function.
You can also add event sources using addEventSource.
- No event sources.

property filesystem

readonly filesystem?: FileSystem;

The filesystem configuration for the lambda function
- will not mount any filesystem

property functionName

readonly functionName?: string;

A name for the function.
- AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

property initialPolicy

readonly initialPolicy?: iam.PolicyStatement[];

Initial policy statements to add to the created Lambda Role.
You can call addToRolePolicy to the created lambda to add statements post creation.
- No policy statements are added to the created Lambda role.

property insightsVersion

readonly insightsVersion?: LambdaInsightsVersion;

Specify the version of CloudWatch Lambda insights to use for monitoring
See Also
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights.html
  When used with DockerImageFunction or DockerImageCode, the Docker image should have the Lambda insights agent installed.
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-Getting-Started-docker.html
  - No Lambda Insights

property layers

readonly layers?: ILayerVersion[];

A list of layers to add to the function's execution environment. You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions.
- No layers.

property logRetention

readonly logRetention?: logs.RetentionDays;

The number of days log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.
logs.RetentionDays.INFINITE

property logRetentionRetryOptions

readonly logRetentionRetryOptions?: LogRetentionRetryOptions;

When log retention is specified, a custom resource attempts to create the CloudWatch log group. These options control the retry policy when interacting with CloudWatch APIs.
- Default AWS SDK retry options.

property logRetentionRole

readonly logRetentionRole?: iam.IRole;

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
- A new role is created.

property memorySize

readonly memorySize?: number;

The amount of memory, in MB, that is allocated to your Lambda function. Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide.
128

property profiling

readonly profiling?: boolean;

Enable profiling.
See Also
- https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html
  - No profiling.

property profilingGroup

readonly profilingGroup?: IProfilingGroup;

Profiling Group.
See Also
- https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html
  - A new profiling group will be created if profiling is set.

property reservedConcurrentExecutions

readonly reservedConcurrentExecutions?: number;

The maximum of concurrent executions you want to reserve for the function.
- No specific limit - account limit.
See Also
- https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html

property role

readonly role?: iam.IRole;

Lambda execution role.
This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.
The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.
The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".
- A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

property securityGroup

readonly securityGroup?: ec2.ISecurityGroup;

What security group to associate with the Lambda's network interfaces. This property is being deprecated, consider using securityGroups instead.
Only used if 'vpc' is supplied.
Use securityGroups property instead. Function constructor will throw an error if both are specified.
- If the function is placed within a VPC and a security group is not specified, either by this or securityGroups prop, a dedicated security group will be created for this function.
Deprecated
- This property is deprecated, use securityGroups instead

property securityGroups

readonly securityGroups?: ec2.ISecurityGroup[];

The list of security groups to associate with the Lambda's network interfaces.
Only used if 'vpc' is supplied.
- If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

property timeout

readonly timeout?: Duration;

The function execution time (in seconds) after which Lambda terminates the function. Because the execution time affects cost, set this value based on the function's expected execution time.
Duration.seconds(3)

property tracing

readonly tracing?: Tracing;

Enable AWS X-Ray Tracing for Lambda Function.
Tracing.Disabled

property vpc

readonly vpc?: ec2.IVpc;

VPC network to place Lambda network interfaces
Specify this if the Lambda function needs to access resources in a VPC.
- Function is not placed within a VPC.

property vpcSubnets

readonly vpcSubnets?: ec2.SubnetSelection;

Where to place the network interfaces within the VPC.
Only used if 'vpc' is supplied. Note: internet access for Lambdas requires a NAT gateway, so picking Public subnets is not allowed.
- the Vpc default strategy if not specified

interface FunctionProps

interface FunctionProps extends FunctionOptions {}

property code

readonly code: Code;

The source code of your Lambda function. You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text.

property handler

readonly handler: string;

The name of the method within your code that Lambda calls to execute your function. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-features.html#gettingstarted-features-programmingmodel.
Use Handler.FROM_IMAGE when defining a function from a Docker image.
NOTE: If you specify your source code as inline text by specifying the ZipFile property within the Code property, specify index.function_name as the handler.

property runtime

readonly runtime: Runtime;

The runtime environment for the Lambda function that you are uploading. For valid values, see the Runtime property in the AWS Lambda Developer Guide.
Use Runtime.FROM_IMAGE when when defining a function from a Docker image.

interface FunctionUrlCorsOptions

interface FunctionUrlCorsOptions {}

Specifies a cross-origin access property for a function URL

property allowCredentials

readonly allowCredentials?: boolean;

Whether to allow cookies or other credentials in requests to your function URL.
false

property allowedHeaders

readonly allowedHeaders?: string[];

Headers that are specified in the Access-Control-Request-Headers header.
- No headers allowed.

property allowedMethods

readonly allowedMethods?: HttpMethod[];

An HTTP method that you allow the origin to execute.
- [HttpMethod.ALL]

property allowedOrigins

readonly allowedOrigins?: string[];

One or more origins you want customers to be able to access the bucket from.
- No origins allowed.

property exposedHeaders

readonly exposedHeaders?: string[];

One or more headers in the response that you want customers to be able to access from their applications.
- No headers exposed.

property maxAge

readonly maxAge?: Duration;

The time in seconds that your browser is to cache the preflight response for the specified resource.
- Browser default of 5 seconds.

interface FunctionUrlOptions

interface FunctionUrlOptions {}

Options to add a url to a Lambda function

property authType

readonly authType?: FunctionUrlAuthType;

The type of authentication that your function URL uses.
FunctionUrlAuthType.AWS_IAM

property cors

readonly cors?: FunctionUrlCorsOptions;

The cross-origin resource sharing (CORS) settings for your function URL.
- No CORS configuration.

interface FunctionUrlProps

interface FunctionUrlProps extends FunctionUrlOptions {}

Properties for a FunctionUrl

property function

readonly function: IFunction;

The function to which this url refers. It can also be an Alias but not a Version.

interface IAlias

interface IAlias extends IFunction {}

property aliasName

readonly aliasName: string;

Name of this alias.

property version

readonly version: IVersion;

The underlying Lambda function version.

interface ICodeSigningConfig

interface ICodeSigningConfig extends IResource {}

A Code Signing Config

property codeSigningConfigArn

readonly codeSigningConfigArn: string;

The ARN of Code Signing Config

property codeSigningConfigId

readonly codeSigningConfigId: string;

The id of Code Signing Config

interface IDestination

interface IDestination {}

A Lambda destination

method bind

bind: (
    scope: Construct,
    fn: IFunction,
    options?: DestinationOptions
) => DestinationConfig;

Binds this destination to the Lambda function

interface IEventSource

interface IEventSource {}

An abstract class which represents an AWS Lambda event source.

method bind

bind: (target: IFunction) => void;

Called by lambda.addEventSource to allow the event source to bind to this function.
Parameter target
That lambda function to bind to.

interface IEventSourceDlq

interface IEventSourceDlq {}

A DLQ for an event source

method bind

bind: (
    target: IEventSourceMapping,
    targetHandler: IFunction
) => DlqDestinationConfig;

Returns the DLQ destination config of the DLQ

interface IEventSourceMapping

interface IEventSourceMapping extends cdk.IResource {}

Represents an event source mapping for a lambda function.
See Also
- https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html

property eventSourceMappingId

readonly eventSourceMappingId: string;

The identifier for this EventSourceMapping

interface IFunction

interface IFunction extends IResource, ec2.IConnectable, iam.IGrantable {}

property architecture

readonly architecture: Architecture;

The system architectures compatible with this lambda function.

property functionArn

readonly functionArn: string;

The ARN of the function.

property functionName

readonly functionName: string;

The name of the function.

property isBoundToVpc

readonly isBoundToVpc: boolean;

Whether or not this Lambda function was bound to a VPC
If this is is false, trying to access the connections object will fail.

property latestVersion

readonly latestVersion: IVersion;

The $LATEST version of this function.
Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.
To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

property permissionsNode

readonly permissionsNode: ConstructNode;

The construct node where permissions are attached.

property resourceArnsForGrantInvoke

readonly resourceArnsForGrantInvoke: string[];

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
This property is for cdk modules to consume only. You should not need to use this property. Instead, use grantInvoke() directly.

property role

readonly role?: iam.IRole;

The IAM role associated with this function.

method addEventSource

addEventSource: (source: IEventSource) => void;

Adds an event source to this function.
Event sources are implemented in the @aws-cdk/aws-lambda-event-sources module.
The following example adds an SQS Queue as an event source:
import { SqsEventSource } from '@aws-cdk/aws-lambda-event-sources'; myFunction.addEventSource(new SqsEventSource(myQueue));

method addEventSourceMapping

addEventSourceMapping: (
    id: string,
    options: EventSourceMappingOptions
) => EventSourceMapping;

Adds an event source that maps to this AWS Lambda function.
Parameter id
construct ID
Parameter options
mapping options

method addFunctionUrl

addFunctionUrl: (options?: FunctionUrlOptions) => FunctionUrl;

Adds a url to this lambda function.

method addPermission

addPermission: (id: string, permission: Permission) => void;

Adds a permission to the Lambda resource policy.
Parameter id
The id for the permission construct
Parameter permission
The permission to grant to this Lambda function.
See Also
- Permission for details.

method addToRolePolicy

addToRolePolicy: (statement: iam.PolicyStatement) => void;

Adds a statement to the IAM role assumed by the instance.

method configureAsyncInvoke

configureAsyncInvoke: (options: EventInvokeConfigOptions) => void;

Configures options for asynchronous invocation.

method grantInvoke

grantInvoke: (identity: iam.IGrantable) => iam.Grant;

Grant the given identity permissions to invoke this Lambda

method grantInvokeUrl

grantInvokeUrl: (identity: iam.IGrantable) => iam.Grant;

Grant the given identity permissions to invoke this Lambda Function URL

method metric

metric: {
    (metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
    (metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
};

Return the given named metric for this Lambda

method metricDuration

metricDuration: {
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
};

Metric for the Duration of this Lambda
average over 5 minutes

method metricInvocations

metricInvocations: {
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
};

Metric for the number of invocations of this Lambda
sum over 5 minutes

method metricThrottles

metricThrottles: {
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
};

Metric for the number of throttled invocations of this Lambda
sum over 5 minutes

interface IFunction

interface IFunction {}

method metric

metric: {
    (metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
    (metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
};

Return the given named metric for this Function

method metricDuration

metricDuration: {
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
};

How long execution of this Lambda takes
Average over 5 minutes

method metricErrors

metricErrors: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

How many invocations of this Lambda fail
Sum over 5 minutes

method metricInvocations

metricInvocations: {
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
};

How often this Lambda is invoked
Sum over 5 minutes

method metricThrottles

metricThrottles: {
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
    (props?: cloudwatch.MetricOptions): cloudwatch.Metric;
};

How often this Lambda is throttled
Sum over 5 minutes

interface IFunctionUrl

interface IFunctionUrl extends IResource {}

A Lambda function Url

property functionArn

readonly functionArn: string;

The ARN of the function this URL refers to
FunctionArn

property url

readonly url: string;

The url of the Lambda function.
FunctionUrl

method grantInvokeUrl

grantInvokeUrl: (identity: iam.IGrantable) => iam.Grant;

Grant the given identity permissions to invoke this Lambda Function URL

interface ILayerVersion

interface ILayerVersion extends IResource {}

property compatibleRuntimes

readonly compatibleRuntimes?: Runtime[];

The runtimes compatible with this Layer.
Runtime.All

property layerVersionArn

readonly layerVersionArn: string;

The ARN of the Lambda Layer version that this Layer defines.

method addPermission

addPermission: (id: string, permission: LayerVersionPermission) => void;

Add permission for this layer version to specific entities. Usage within the same account where the layer is defined is always allowed and does not require calling this method. Note that the principal that creates the Lambda function using the layer (for example, a CloudFormation changeset execution role) also needs to have the ``lambda:GetLayerVersion`` permission on the layer version.
Parameter id
the ID of the grant in the construct tree.
Parameter permission
the identification of the grantee.

interface IScalableFunctionAttribute

interface IScalableFunctionAttribute extends IConstruct {}

Interface for scalable attributes

method scaleOnSchedule

scaleOnSchedule: (id: string, actions: appscaling.ScalingSchedule) => void;

Scale out or in based on schedule.

method scaleOnUtilization

scaleOnUtilization: (options: UtilizationScalingOptions) => void;

Scale out or in to keep utilization at a given level. The utilization is tracked by the LambdaProvisionedConcurrencyUtilization metric, emitted by lambda. See: https://docs.aws.amazon.com/lambda/latest/dg/monitoring-metrics.html#monitoring-metrics-concurrency

interface IVersion

interface IVersion extends IFunction {}

property edgeArn

readonly edgeArn: string;

The ARN of the version for Lambda@Edge.

property lambda

readonly lambda: IFunction;

The underlying AWS Lambda function.

property version

readonly version: string;

The most recently deployed version of this function.

method addAlias

addAlias: (aliasName: string, options?: AliasOptions) => Alias;

Defines an alias for this version.
Parameter aliasName
The name of the alias
Parameter options
Alias options
Deprecated
Calling addAlias on a Version object will cause the Alias to be replaced on every function update. Call function.addAlias() or new Alias() instead.

interface LambdaRuntimeProps

interface LambdaRuntimeProps {}

property bundlingDockerImage

readonly bundlingDockerImage?: string;

The Docker image name to be used for bundling in this runtime. - the latest docker image "amazon/public.ecr.aws/sam/build-" from https://gallery.ecr.aws

property supportsCodeGuruProfiling

readonly supportsCodeGuruProfiling?: boolean;

Whether this runtime is integrated with and supported for profiling using Amazon CodeGuru Profiler. false

property supportsInlineCode

readonly supportsInlineCode?: boolean;

Whether the ``ZipFile`` (aka inline code) property can be used with this runtime. false

interface LayerVersionAttributes

interface LayerVersionAttributes {}

Properties necessary to import a LayerVersion.

property compatibleRuntimes

readonly compatibleRuntimes?: Runtime[];

The list of compatible runtimes with this Layer.

property layerVersionArn

readonly layerVersionArn: string;

The ARN of the LayerVersion.

interface LayerVersionOptions

interface LayerVersionOptions {}

Non runtime options

property description

readonly description?: string;

The description the this Lambda Layer.
- No description.

property layerVersionName

readonly layerVersionName?: string;

The name of the layer.
- A name will be generated.

property license

readonly license?: string;

The SPDX licence identifier or URL to the license file for this layer.
- No license information will be recorded.

property removalPolicy

readonly removalPolicy?: RemovalPolicy;

Whether to retain this version of the layer when a new version is added or when the stack is deleted.
RemovalPolicy.DESTROY

interface LayerVersionPermission

interface LayerVersionPermission {}

Identification of an account (or organization) that is allowed to access a Lambda Layer Version.

property accountId

readonly accountId: string;

The AWS Account id of the account that is authorized to use a Lambda Layer Version. The wild-card ``'*'`` can be used to grant access to "any" account (or any account in an organization when ``organizationId`` is specified).

property organizationId

readonly organizationId?: string;

The ID of the AWS Organization to which the grant is restricted.
Can only be specified if ``accountId`` is ``'*'``

interface LayerVersionProps

interface LayerVersionProps extends LayerVersionOptions {}

property code

readonly code: Code;

The content of this Layer.
Using Code.fromInline is not supported.

property compatibleArchitectures

readonly compatibleArchitectures?: Architecture[];

The system architectures compatible with this layer. [Architecture.X86_64]

property compatibleRuntimes

readonly compatibleRuntimes?: Runtime[];

The runtimes compatible with this Layer.
- All runtimes are supported.

interface LogRetentionProps

interface LogRetentionProps extends logs.LogRetentionProps {}

Construction properties for a LogRetention.
Deprecated
use LogRetentionProps from '@aws-cdk/aws-logs' instead

interface LogRetentionRetryOptions

interface LogRetentionRetryOptions extends logs.LogRetentionRetryOptions {}

Retry options for all AWS API calls.

interface Permission

interface Permission {}

Represents a permission statement that can be added to a Lambda function's resource policy via the addPermission() method.

property action

readonly action?: string;

The Lambda actions that you want to allow in this statement. For example, you can specify lambda:CreateFunction to specify a certain action, or use a wildcard (``lambda:*``) to grant permission to all Lambda actions. For a list of actions, see Actions and Condition Context Keys for AWS Lambda in the IAM User Guide.
'lambda:InvokeFunction'

property eventSourceToken

readonly eventSourceToken?: string;

A unique token that must be supplied by the principal invoking the function.
The caller would not need to present a token.

property functionUrlAuthType

readonly functionUrlAuthType?: FunctionUrlAuthType;

The authType for the function URL that you are granting permissions for.
- No functionUrlAuthType

property principal

readonly principal: iam.IPrincipal;

The entity for which you are granting permission to invoke the Lambda function. This entity can be any valid AWS service principal, such as s3.amazonaws.com or sns.amazonaws.com, or, if you are granting cross-account permission, an AWS account ID. For example, you might want to allow a custom application in another AWS account to push events to Lambda by invoking your function.
The principal can be either an AccountPrincipal or a ServicePrincipal.

property scope

readonly scope?: Construct;

The scope to which the permission constructs be attached. The default is the Lambda function construct itself, but this would need to be different in cases such as cross-stack references where the Permissions would need to sit closer to the consumer of this permission (i.e., the caller).
- The instance of lambda.IFunction

property sourceAccount

readonly sourceAccount?: string;

The AWS account ID (without hyphens) of the source owner. For example, if you specify an S3 bucket in the SourceArn property, this value is the bucket owner's account ID. You can use this property to ensure that all source principals are owned by a specific account.

property sourceArn

readonly sourceArn?: string;

The ARN of a resource that is invoking your function. When granting Amazon Simple Storage Service (Amazon S3) permission to invoke your function, specify this property with the bucket ARN as its value. This ensures that events generated only from the specified bucket, not just any bucket from any AWS account that creates a mapping to your function, can invoke the function.

interface ResourceBindOptions

interface ResourceBindOptions {}

property resourceProperty

readonly resourceProperty?: string;

The name of the CloudFormation property to annotate with asset metadata.
See Also
- https://github.com/aws/aws-cdk/issues/1432 Code

interface SingletonFunctionProps

interface SingletonFunctionProps extends FunctionProps {}

Properties for a newly created singleton Lambda

property lambdaPurpose

readonly lambdaPurpose?: string;

A descriptive name for the purpose of this Lambda.
If the Lambda does not have a physical name, this string will be reflected its generated name. The combination of lambdaPurpose and uuid must be unique.
SingletonLambda

property uuid

readonly uuid: string;

A unique identifier to identify this lambda
The identifier should be unique across all custom resource providers. We recommend generating a UUID per provider.

interface SourceAccessConfiguration

interface SourceAccessConfiguration {}

Specific settings like the authentication protocol or the VPC components to secure access to your event source.

property type

readonly type: SourceAccessConfigurationType;

The type of authentication protocol or the VPC components for your event source. For example: "SASL_SCRAM_512_AUTH".

property uri

readonly uri: string;

The value for your chosen configuration in type. For example: "URI": "arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName". The exact string depends on the type.
See Also
- SourceAccessConfigurationType

interface UtilizationScalingOptions

interface UtilizationScalingOptions extends appscaling.BaseTargetTrackingProps {}

Options for enabling Lambda utilization tracking

property utilizationTarget

readonly utilizationTarget: number;

Utilization target for the attribute. For example, .5 indicates that 50 percent of allocated provisioned concurrency is in use.

interface VersionAttributes

interface VersionAttributes {}

property lambda

readonly lambda: IFunction;

The lambda function.

property version

readonly version: string;

The version.

interface VersionOptions

interface VersionOptions extends EventInvokeConfigOptions {}

Options for lambda.Version

property codeSha256

readonly codeSha256?: string;

SHA256 of the version of the Lambda source code
Specify to validate that you're deploying the right version.
No validation is performed

property description

readonly description?: string;

Description of the version
Description of the Lambda

property provisionedConcurrentExecutions

readonly provisionedConcurrentExecutions?: number;

Specifies a provisioned concurrency configuration for a function's version.
No provisioned concurrency

property removalPolicy

readonly removalPolicy?: RemovalPolicy;

Whether to retain old versions of this function when a new version is created.
RemovalPolicy.DESTROY

interface VersionProps

interface VersionProps extends VersionOptions {}

Properties for a new Lambda version

property lambda

readonly lambda: IFunction;

Function to get the value of

interface VersionWeight

interface VersionWeight {}

A version/weight pair for routing traffic to Lambda functions

property version

readonly version: IVersion;

The version to route traffic to

property weight

readonly weight: number;

How much weight to assign to this version (0..1)

Enums

enum DestinationType

enum DestinationType {
    FAILURE = 'Failure',
    SUCCESS = 'Success',
}

The type of destination

member FAILURE

FAILURE = 'Failure'

Failure

member SUCCESS

SUCCESS = 'Success'

Success

enum FunctionUrlAuthType

enum FunctionUrlAuthType {
    AWS_IAM = 'AWS_IAM',
    NONE = 'NONE',
}

The auth types for a function url

member AWS_IAM

AWS_IAM = 'AWS_IAM'

Restrict access to authenticated IAM users only

member NONE

NONE = 'NONE'

Bypass IAM authentication to create a public endpoint

enum HttpMethod

enum HttpMethod {
    GET = 'GET',
    PUT = 'PUT',
    HEAD = 'HEAD',
    POST = 'POST',
    DELETE = 'DELETE',
    PATCH = 'PATCH',
    OPTIONS = 'OPTIONS',
    ALL = '*',
}

All http request methods

member ALL

ALL = '*'

The wildcard entry to allow all methods.

member DELETE

DELETE = 'DELETE'

The DELETE method deletes the specified resource.

member GET

GET = 'GET'

The GET method requests a representation of the specified resource.

member HEAD

HEAD = 'HEAD'

The HEAD method asks for a response identical to that of a GET request, but without the response body.

member OPTIONS

OPTIONS = 'OPTIONS'

The OPTIONS method describes the communication options for the target resource.

member PATCH

PATCH = 'PATCH'

The PATCH method applies partial modifications to a resource.

member POST

POST = 'POST'

The POST method is used to submit an entity to the specified resource, often causing a change in state or side effects on the server.

member PUT

PUT = 'PUT'

The PUT method replaces all current representations of the target resource with the request payload.

enum RuntimeFamily

enum RuntimeFamily {
    NODEJS = 0,
    JAVA = 1,
    PYTHON = 2,
    DOTNET_CORE = 3,
    GO = 4,
    RUBY = 5,
    OTHER = 6,
}

member DOTNET_CORE

DOTNET_CORE = 3

member GO

GO = 4

member JAVA

JAVA = 1

member NODEJS

NODEJS = 0

member OTHER

OTHER = 6

member PYTHON

PYTHON = 2

member RUBY

RUBY = 5

enum StartingPosition

enum StartingPosition {
    TRIM_HORIZON = 'TRIM_HORIZON',
    LATEST = 'LATEST',
}

The position in the DynamoDB, Kinesis or MSK stream where AWS Lambda should start reading.

member LATEST

LATEST = 'LATEST'

Start reading just after the most recent record in the shard, so that you always read the most recent data in the shard

member TRIM_HORIZON

TRIM_HORIZON = 'TRIM_HORIZON'

Start reading at the last untrimmed record in the shard in the system, which is the oldest data record in the shard.

enum Tracing

enum Tracing {
    ACTIVE = 'Active',
    PASS_THROUGH = 'PassThrough',
    DISABLED = 'Disabled',
}

X-Ray Tracing Modes (https://docs.aws.amazon.com/lambda/latest/dg/API_TracingConfig.html)

member ACTIVE

ACTIVE = 'Active'

Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.

member DISABLED

DISABLED = 'Disabled'

Lambda will not trace any request.

member PASS_THROUGH

PASS_THROUGH = 'PassThrough'

Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1"

enum UntrustedArtifactOnDeployment

enum UntrustedArtifactOnDeployment {
    ENFORCE = 'Enforce',
    WARN = 'Warn',
}

Code signing configuration policy for deployment validation failure.

member ENFORCE

ENFORCE = 'Enforce'

Lambda blocks the deployment request if signature validation checks fail.

member WARN

WARN = 'Warn'

Lambda allows the deployment of the code package, but issues a warning. Lambda issues a new Amazon CloudWatch metric, called a signature validation error and also stores the warning in CloudTrail.

Namespaces

namespace CfnAlias

namespace CfnAlias {}

interface AliasRoutingConfigurationProperty

interface AliasRoutingConfigurationProperty {}

The [traffic-shifting](https://docs.aws.amazon.com/lambda/latest/dg/lambda-traffic-shifting-using-aliases.html) configuration of a Lambda function alias.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-alias-aliasroutingconfiguration.html

property additionalVersionWeights

readonly additionalVersionWeights:
    | Array<CfnAlias.VersionWeightProperty | cdk.IResolvable>
    | cdk.IResolvable;

The second version, and the percentage of traffic that's routed to it.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-alias-aliasroutingconfiguration.html#cfn-lambda-alias-aliasroutingconfiguration-additionalversionweights

interface ProvisionedConcurrencyConfigurationProperty

interface ProvisionedConcurrencyConfigurationProperty {}

A provisioned concurrency configuration for a function's alias.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-alias-provisionedconcurrencyconfiguration.html

property provisionedConcurrentExecutions

readonly provisionedConcurrentExecutions: number;

The amount of provisioned concurrency to allocate for the alias.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-alias-provisionedconcurrencyconfiguration.html#cfn-lambda-alias-provisionedconcurrencyconfiguration-provisionedconcurrentexecutions

interface VersionWeightProperty

interface VersionWeightProperty {}

The [traffic-shifting](https://docs.aws.amazon.com/lambda/latest/dg/lambda-traffic-shifting-using-aliases.html) configuration of a Lambda function alias.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-alias-versionweight.html

property functionVersion

readonly functionVersion: string;

The qualifier of the second version.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-alias-versionweight.html#cfn-lambda-alias-versionweight-functionversion

property functionWeight

readonly functionWeight: number;

The percentage of traffic that the alias routes to the second version.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-alias-versionweight.html#cfn-lambda-alias-versionweight-functionweight

namespace CfnCodeSigningConfig

namespace CfnCodeSigningConfig {}

interface AllowedPublishersProperty

interface AllowedPublishersProperty {}

List of signing profiles that can sign a code package.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-codesigningconfig-allowedpublishers.html

property signingProfileVersionArns

readonly signingProfileVersionArns: string[];

The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-codesigningconfig-allowedpublishers.html#cfn-lambda-codesigningconfig-allowedpublishers-signingprofileversionarns

interface CodeSigningPoliciesProperty

interface CodeSigningPoliciesProperty {}

Code signing configuration [policies](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html#config-codesigning-policies) specify the validation failure action for signature mismatch or expiry.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-codesigningconfig-codesigningpolicies.html

property untrustedArtifactOnDeployment

readonly untrustedArtifactOnDeployment: string;

Code signing configuration policy for deployment validation failure. If you set the policy to Enforce , Lambda blocks the deployment request if signature validation checks fail. If you set the policy to Warn , Lambda allows the deployment and creates a CloudWatch log.
Default value: Warn
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-codesigningconfig-codesigningpolicies.html#cfn-lambda-codesigningconfig-codesigningpolicies-untrustedartifactondeployment

namespace CfnEventInvokeConfig

namespace CfnEventInvokeConfig {}

interface DestinationConfigProperty

interface DestinationConfigProperty {}

A configuration object that specifies the destination of an event after Lambda processes it.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-destinationconfig.html

property onFailure

readonly onFailure?: CfnEventInvokeConfig.OnFailureProperty | cdk.IResolvable;

The destination configuration for failed invocations.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-destinationconfig.html#cfn-lambda-eventinvokeconfig-destinationconfig-onfailure

property onSuccess

readonly onSuccess?: CfnEventInvokeConfig.OnSuccessProperty | cdk.IResolvable;

The destination configuration for successful invocations.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-destinationconfig.html#cfn-lambda-eventinvokeconfig-destinationconfig-onsuccess

interface OnFailureProperty

interface OnFailureProperty {}

A destination for events that failed processing.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-destinationconfig-onfailure.html

property destination

readonly destination: string;

The Amazon Resource Name (ARN) of the destination resource.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-destinationconfig-onfailure.html#cfn-lambda-eventinvokeconfig-destinationconfig-onfailure-destination

interface OnSuccessProperty

interface OnSuccessProperty {}

A destination for events that were processed successfully.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-destinationconfig-onsuccess.html

property destination

readonly destination: string;

The Amazon Resource Name (ARN) of the destination resource.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventinvokeconfig-destinationconfig-onsuccess.html#cfn-lambda-eventinvokeconfig-destinationconfig-onsuccess-destination

namespace CfnEventSourceMapping

namespace CfnEventSourceMapping {}

interface AmazonManagedKafkaEventSourceConfigProperty

interface AmazonManagedKafkaEventSourceConfigProperty {}

Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig.html

property consumerGroupId

readonly consumerGroupId?: string;

The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig.html#cfn-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig-consumergroupid

interface DestinationConfigProperty

interface DestinationConfigProperty {}

A configuration object that specifies the destination of an event after Lambda processes it.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html

property onFailure

readonly onFailure?: CfnEventSourceMapping.OnFailureProperty | cdk.IResolvable;

The destination configuration for failed invocations.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html#cfn-lambda-eventsourcemapping-destinationconfig-onfailure

interface DocumentDBEventSourceConfigProperty

interface DocumentDBEventSourceConfigProperty {}

Specific configuration settings for a DocumentDB event source.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html

property collectionName

readonly collectionName?: string;

The name of the collection to consume within the database. If you do not specify a collection, Lambda consumes all collections.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-collectionname

property databaseName

readonly databaseName?: string;

The name of the database to consume within the DocumentDB cluster.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-databasename

property fullDocument

readonly fullDocument?: string;

Determines what DocumentDB sends to your event stream during document update operations. If set to UpdateLookup, DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, DocumentDB sends only a partial document that contains the changes.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-fulldocument

interface EndpointsProperty

interface EndpointsProperty {}

The list of bootstrap servers for your Kafka brokers in the following format: "KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"] .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-endpoints.html

property kafkaBootstrapServers

readonly kafkaBootstrapServers?: string[];

The list of bootstrap servers for your Kafka brokers in the following format: "KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"] .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-endpoints.html#cfn-lambda-eventsourcemapping-endpoints-kafkabootstrapservers

interface FilterCriteriaProperty

interface FilterCriteriaProperty {}

An object that contains the filters for an event source.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html

property filters

readonly filters?:
    | Array<CfnEventSourceMapping.FilterProperty | cdk.IResolvable>
    | cdk.IResolvable;

A list of filters.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html#cfn-lambda-eventsourcemapping-filtercriteria-filters

interface FilterProperty

interface FilterProperty {}

A structure within a FilterCriteria object that defines an event filtering pattern.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filter.html

property pattern

readonly pattern?: string;

A filter pattern. For more information on the syntax of a filter pattern, see [Filter rule syntax](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-syntax) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filter.html#cfn-lambda-eventsourcemapping-filter-pattern

interface OnFailureProperty

interface OnFailureProperty {}

A destination for events that failed processing.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-onfailure.html

property destination

readonly destination?: string;

The Amazon Resource Name (ARN) of the destination resource.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-onfailure.html#cfn-lambda-eventsourcemapping-onfailure-destination

interface ScalingConfigProperty

interface ScalingConfigProperty {}

(Amazon SQS only) The scaling configuration for the event source. To remove the configuration, pass an empty value.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-scalingconfig.html

property maximumConcurrency

readonly maximumConcurrency?: number;

Limits the number of concurrent instances that the Amazon SQS event source can invoke.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-scalingconfig.html#cfn-lambda-eventsourcemapping-scalingconfig-maximumconcurrency

interface SelfManagedEventSourceProperty

interface SelfManagedEventSourceProperty {}

The self-managed Apache Kafka cluster for your event source.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedeventsource.html

property endpoints

readonly endpoints?: CfnEventSourceMapping.EndpointsProperty | cdk.IResolvable;

The list of bootstrap servers for your Kafka brokers in the following format: "KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"] .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedeventsource.html#cfn-lambda-eventsourcemapping-selfmanagedeventsource-endpoints

interface SelfManagedKafkaEventSourceConfigProperty

interface SelfManagedKafkaEventSourceConfigProperty {}

Specific configuration settings for a self-managed Apache Kafka event source.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig.html

property consumerGroupId

readonly consumerGroupId?: string;

The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig.html#cfn-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig-consumergroupid

interface SourceAccessConfigurationProperty

interface SourceAccessConfigurationProperty {}

An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html

property type

readonly type?: string;

The type of authentication protocol, VPC components, or virtual host for your event source. For example: "Type":"SASL_SCRAM_512_AUTH" .
- BASIC_AUTH – (Amazon MQ) The AWS Secrets Manager secret that stores your broker credentials. - BASIC_AUTH – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers. - VPC_SUBNET – (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster. - VPC_SECURITY_GROUP – (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers. - SASL_SCRAM_256_AUTH – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers. - SASL_SCRAM_512_AUTH – (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers. - VIRTUAL_HOST –- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call. - CLIENT_CERTIFICATE_TLS_AUTH – (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers. - SERVER_ROOT_CA_CERTIFICATE – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html#cfn-lambda-eventsourcemapping-sourceaccessconfiguration-type

property uri

readonly uri?: string;

The value for your chosen configuration in Type . For example: "URI": "arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName" .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html#cfn-lambda-eventsourcemapping-sourceaccessconfiguration-uri

namespace CfnFunction

namespace CfnFunction {}

interface CodeProperty

interface CodeProperty {}

The [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.
Changes to a deployment package in Amazon S3 are not detected automatically during stack updates. To update the function code, change the object key or version in the template.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html

property imageUri

readonly imageUri?: string;

URI of a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) in the Amazon ECR registry.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-imageuri

property s3Bucket

readonly s3Bucket?: string;

An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3bucket

property s3Key

readonly s3Key?: string;

The Amazon S3 key of the deployment package.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3key

property s3ObjectVersion

readonly s3ObjectVersion?: string;

For versioned objects, the version of the deployment package object to use.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3objectversion

property zipFile

readonly zipFile?: string;

(Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, AWS CloudFormation places it in a file named index and zips it to create a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) . This zip file cannot exceed 4MB. For the Handler property, the first part of the handler identifier must be index . For example, index.handler .
For JSON, you must escape quotes and special characters such as newline ( \n ) with a backslash.
If you specify a function that interacts with an AWS CloudFormation custom resource, you don't have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module ( [cfn-response](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-lambda-function-code-cfnresponsemodule.html) ) that simplifies sending responses. See [Using AWS Lambda with AWS CloudFormation](https://docs.aws.amazon.com/lambda/latest/dg/services-cloudformation.html) for details.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile

interface DeadLetterConfigProperty

interface DeadLetterConfigProperty {}

The [dead-letter queue](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq) for failed asynchronous invocations.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-deadletterconfig.html

property targetArn

readonly targetArn?: string;

The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-deadletterconfig.html#cfn-lambda-function-deadletterconfig-targetarn

interface EnvironmentProperty

interface EnvironmentProperty {}

A function's environment variable settings. You can use environment variables to adjust your function's behavior without updating code. An environment variable is a pair of strings that are stored in a function's version-specific configuration.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html

property variables

readonly variables?:
    | {
          [key: string]: string;
      }
    | cdk.IResolvable;

Environment variable key-value pairs. For more information, see [Using Lambda environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html#cfn-lambda-function-environment-variables

interface EphemeralStorageProperty

interface EphemeralStorageProperty {}

The size of the function's /tmp directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-ephemeralstorage.html

property size

readonly size: number;

The size of the function's /tmp directory.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-ephemeralstorage.html#cfn-lambda-function-ephemeralstorage-size

interface FileSystemConfigProperty

interface FileSystemConfigProperty {}

Details about the connection between a Lambda function and an [Amazon EFS file system](https://docs.aws.amazon.com/lambda/latest/dg/configuration-filesystem.html) .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-filesystemconfig.html

property arn

readonly arn: string;

The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-filesystemconfig.html#cfn-lambda-function-filesystemconfig-arn

property localMountPath

readonly localMountPath: string;

The path where the function can access the file system, starting with /mnt/ .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-filesystemconfig.html#cfn-lambda-function-filesystemconfig-localmountpath

interface ImageConfigProperty

interface ImageConfigProperty {}

Configuration values that override the container image Dockerfile settings. For more information, see [Container image settings](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms) .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-imageconfig.html

property command

readonly command?: string[];

Specifies parameters that you want to pass in with ENTRYPOINT. You can specify a maximum of 1,500 parameters in the list.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-imageconfig.html#cfn-lambda-function-imageconfig-command

property entryPoint

readonly entryPoint?: string[];

Specifies the entry point to their application, which is typically the location of the runtime executable. You can specify a maximum of 1,500 string entries in the list.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-imageconfig.html#cfn-lambda-function-imageconfig-entrypoint

property workingDirectory

readonly workingDirectory?: string;

Specifies the working directory. The length of the directory string cannot exceed 1,000 characters.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-imageconfig.html#cfn-lambda-function-imageconfig-workingdirectory

interface RuntimeManagementConfigProperty

interface RuntimeManagementConfigProperty {}

Sets the runtime management configuration for a function's version. For more information, see [Runtime updates](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html) .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html

property runtimeVersionArn

readonly runtimeVersionArn?: string;

The ARN of the runtime version you want the function to use.
> This is only required if you're using the *Manual* runtime update mode.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html#cfn-lambda-function-runtimemanagementconfig-runtimeversionarn

property updateRuntimeOn

readonly updateRuntimeOn: string;

Specify the runtime update mode.
- *Auto (default)* - Automatically update to the most recent and secure runtime version using a [Two-phase runtime version rollout](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-two-phase) . This is the best choice for most customers to ensure they always benefit from runtime updates. - *FunctionUpdate* - Lambda updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date. - *Manual* - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see [Roll back a runtime version](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-rollback) .
*Valid Values* : Auto | FunctionUpdate | Manual
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html#cfn-lambda-function-runtimemanagementconfig-updateruntimeon

interface SnapStartProperty

interface SnapStartProperty {}

The function's [AWS Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) setting.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html

property applyOn

readonly applyOn: string;

Set ApplyOn to PublishedVersions to create a snapshot of the initialized execution environment when you publish a function version.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstart.html#cfn-lambda-function-snapstart-applyon

interface SnapStartResponseProperty

interface SnapStartResponseProperty {}

The function's [SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) setting.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstartresponse.html

property applyOn

readonly applyOn?: string;

When set to PublishedVersions , Lambda creates a snapshot of the execution environment when you publish a function version.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstartresponse.html#cfn-lambda-function-snapstartresponse-applyon

property optimizationStatus

readonly optimizationStatus?: string;

When you provide a [qualified Amazon Resource Name (ARN)](https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html#versioning-versions-using) , this response element indicates whether SnapStart is activated for the specified function version.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstartresponse.html#cfn-lambda-function-snapstartresponse-optimizationstatus

interface TracingConfigProperty

interface TracingConfigProperty {}

The function's [AWS X-Ray](https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html) tracing configuration. To sample and record incoming requests, set Mode to Active .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-tracingconfig.html

property mode

readonly mode?: string;

The tracing mode.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-tracingconfig.html#cfn-lambda-function-tracingconfig-mode

interface VpcConfigProperty

interface VpcConfigProperty {}

The VPC security groups and subnets that are attached to a Lambda function. When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see [VPC Settings](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html) .
> When you delete a function, AWS CloudFormation monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before AWS CloudFormation can delete the VPC's resources. > > To monitor network interfaces, AWS CloudFormation needs the ec2:DescribeNetworkInterfaces permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, AWS CloudFormation does not wait for network interfaces to be deleted.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html

property securityGroupIds

readonly securityGroupIds?: string[];

A list of VPC security group IDs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html#cfn-lambda-function-vpcconfig-securitygroupids

property subnetIds

readonly subnetIds?: string[];

A list of VPC subnet IDs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-vpcconfig.html#cfn-lambda-function-vpcconfig-subnetids

namespace CfnLayerVersion

namespace CfnLayerVersion {}

interface ContentProperty

interface ContentProperty {}

A ZIP archive that contains the contents of an [Lambda layer](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-layerversion-content.html

property s3Bucket

readonly s3Bucket: string;

The Amazon S3 bucket of the layer archive.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-layerversion-content.html#cfn-lambda-layerversion-content-s3bucket

property s3Key

readonly s3Key: string;

The Amazon S3 key of the layer archive.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-layerversion-content.html#cfn-lambda-layerversion-content-s3key

property s3ObjectVersion

readonly s3ObjectVersion?: string;

For versioned objects, the version of the layer archive object to use.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-layerversion-content.html#cfn-lambda-layerversion-content-s3objectversion

namespace CfnUrl

namespace CfnUrl {}

interface CorsProperty

interface CorsProperty {}

The [Cross-Origin Resource Sharing (CORS)](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) settings for your function URL. Use CORS to grant access to your function URL from any origin. You can also use CORS to control access for specific HTTP headers and methods in requests to your function URL.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html

property allowCredentials

readonly allowCredentials?: boolean | cdk.IResolvable;

Whether you want to allow cookies or other credentials in requests to your function URL. The default is false .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html#cfn-lambda-url-cors-allowcredentials

property allowHeaders

readonly allowHeaders?: string[];

The HTTP headers that origins can include in requests to your function URL. For example: Date , Keep-Alive , X-Custom-Header .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html#cfn-lambda-url-cors-allowheaders

property allowMethods

readonly allowMethods?: string[];

The HTTP methods that are allowed when calling your function URL. For example: GET , POST , DELETE , or the wildcard character ( * ).
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html#cfn-lambda-url-cors-allowmethods

property allowOrigins

readonly allowOrigins?: string[];

The origins that can access your function URL. You can list any number of specific origins, separated by a comma. For example: https://www.example.com , http://localhost:60905 .
Alternatively, you can grant access to all origins with the wildcard character ( * ).
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html#cfn-lambda-url-cors-alloworigins

property exposeHeaders

readonly exposeHeaders?: string[];

The HTTP headers in your function response that you want to expose to origins that call your function URL. For example: Date , Keep-Alive , X-Custom-Header .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html#cfn-lambda-url-cors-exposeheaders

property maxAge

readonly maxAge?: number;

The maximum amount of time, in seconds, that browsers can cache results of a preflight request. By default, this is set to 0 , which means the browser will not cache results.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-url-cors.html#cfn-lambda-url-cors-maxage

namespace CfnVersion

namespace CfnVersion {}

interface ProvisionedConcurrencyConfigurationProperty

interface ProvisionedConcurrencyConfigurationProperty {}

A [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html) configuration for a function's version.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-version-provisionedconcurrencyconfiguration.html

property provisionedConcurrentExecutions

readonly provisionedConcurrentExecutions: number;

The amount of provisioned concurrency to allocate for the version.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-version-provisionedconcurrencyconfiguration.html#cfn-lambda-version-provisionedconcurrencyconfiguration-provisionedconcurrentexecutions

Dev Dependencies (12)

Badge

To add a badge like this oneto your package's README, use the codes available below.

You may also use Shields.io to create a custom badge linking to https://www.jsdocs.io/package/@aws-cdk/aws-lambda.

Markdown

[![jsDocs.io](https://img.shields.io/badge/jsDocs.io-reference-blue)](https://www.jsdocs.io/package/@aws-cdk/aws-lambda)

HTML

<a href="https://www.jsdocs.io/package/@aws-cdk/aws-lambda"><img src="https://img.shields.io/badge/jsDocs.io-reference-blue" alt="jsDocs.io"></a>

Updated 1 year ago.
Package analyzed in 9659 ms.
Missing or incorrect documentation? Open an issue for this package.

@aws-cdk/aws-lambda

Install

Overview

Index

Functions

Classes

Interfaces

Enums

Namespaces

Functions

function extractQualifierFromArn

Returns

function verifyCodeConfig

Classes

class Alias

property aliasName

property architecture

property canCreatePermissions

property functionArn

property functionName

property grantPrincipal

property lambda

property qualifier

property role

property version

method addAutoScaling

Parameter options

method fromAliasAttributes

method metric

class Architecture

property ARM_64

property dockerPlatform

property name

property X86_64

method custom

Parameter name

Parameter dockerPlatform

class AssetCode

Parameter path

property isInline

property path

method bind

method bindToResource

class AssetImageCode

property isInline

method bind

method bindToResource

class CfnAlias

Parameter scope

Parameter id

Parameter props

property CFN_RESOURCE_TYPE_NAME

property cfnProperties

property description

property functionName

property functionVersion

property name

property provisionedConcurrencyConfig

property routingConfig

method inspect

Parameter inspector

method renderProperties

class CfnCodeSigningConfig

Parameter scope

Parameter id

Parameter props

property allowedPublishers

property attrCodeSigningConfigArn

property attrCodeSigningConfigId

property CFN_RESOURCE_TYPE_NAME

property cfnProperties

property codeSigningPolicies

property description

method inspect

Parameter inspector

method renderProperties

class CfnEventInvokeConfig

Parameter scope

Parameter id

Parameter props