Skip to content

Latest commit

 

History

History
2188 lines (1350 loc) · 81.8 KB

API.md

File metadata and controls

2188 lines (1350 loc) · 81.8 KB

API Reference

Constructs

LlrtFunction

Initializers

import { LlrtFunction } from 'cdk-lambda-llrt'

new LlrtFunction(scope: Construct, id: string, props: LlrtFunctionProps)
Name Type Description
scope constructs.Construct No description.
id string No description.
props LlrtFunctionProps No description.

scopeRequired
  • Type: constructs.Construct

idRequired
  • Type: string

propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
addEventSource Adds an event source to this function.
addEventSourceMapping Adds an event source that maps to this AWS Lambda function.
addFunctionUrl Adds a url to this lambda function.
addPermission Adds a permission to the Lambda resource policy.
addToRolePolicy Adds a statement to the IAM role assumed by the instance.
configureAsyncInvoke Configures options for asynchronous invocation.
considerWarningOnInvokeFunctionPermissions A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.
grantInvoke Grant the given identity permissions to invoke this Lambda.
grantInvokeCompositePrincipal Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
grantInvokeLatestVersion Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
grantInvokeUrl Grant the given identity permissions to invoke this Lambda Function URL.
grantInvokeVersion Grant the given identity permissions to invoke the given version of this Lambda.
metric Return the given named metric for this Function.
metricDuration How long execution of this Lambda takes.
metricErrors How many invocations of this Lambda fail.
metricInvocations How often this Lambda is invoked.
metricThrottles How often this Lambda is throttled.
addAlias Defines an alias for this function.
addEnvironment Adds an environment variable to this Lambda function.
addLayers Adds one or more Lambda Layers to this Lambda function.
invalidateVersionBasedOn Mix additional information into the hash of the Version object.

toString
public toString(): string

Returns a string representation of this construct.

applyRemovalPolicy
public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: aws-cdk-lib.RemovalPolicy

addEventSource
public addEventSource(source: IEventSource): void

Adds an event source to this function.

Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));
sourceRequired
  • Type: aws-cdk-lib.aws_lambda.IEventSource

addEventSourceMapping
public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping

Adds an event source that maps to this AWS Lambda function.

idRequired
  • Type: string

optionsRequired
  • Type: aws-cdk-lib.aws_lambda.EventSourceMappingOptions

addFunctionUrl
public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl

Adds a url to this lambda function.

optionsOptional
  • Type: aws-cdk-lib.aws_lambda.FunctionUrlOptions

addPermission
public addPermission(id: string, permission: Permission): void

Adds a permission to the Lambda resource policy.

[Permission for details.](Permission for details.)

idRequired
  • Type: string

The id for the permission construct.


permissionRequired
  • Type: aws-cdk-lib.aws_lambda.Permission

The permission to grant to this Lambda function.


addToRolePolicy
public addToRolePolicy(statement: PolicyStatement): void

Adds a statement to the IAM role assumed by the instance.

statementRequired
  • Type: aws-cdk-lib.aws_iam.PolicyStatement

configureAsyncInvoke
public configureAsyncInvoke(options: EventInvokeConfigOptions): void

Configures options for asynchronous invocation.

optionsRequired
  • Type: aws-cdk-lib.aws_lambda.EventInvokeConfigOptions

considerWarningOnInvokeFunctionPermissions
public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

scopeRequired
  • Type: constructs.Construct

actionRequired
  • Type: string

grantInvoke
public grantInvoke(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda.

granteeRequired
  • Type: aws-cdk-lib.aws_iam.IGrantable

grantInvokeCompositePrincipal
public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]

Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.

compositePrincipalRequired
  • Type: aws-cdk-lib.aws_iam.CompositePrincipal

grantInvokeLatestVersion
public grantInvokeLatestVersion(grantee: IGrantable): Grant

Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.

granteeRequired
  • Type: aws-cdk-lib.aws_iam.IGrantable

grantInvokeUrl
public grantInvokeUrl(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda Function URL.

granteeRequired
  • Type: aws-cdk-lib.aws_iam.IGrantable

grantInvokeVersion
public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant

Grant the given identity permissions to invoke the given version of this Lambda.

granteeRequired
  • Type: aws-cdk-lib.aws_iam.IGrantable

versionRequired
  • Type: aws-cdk-lib.aws_lambda.IVersion

metric
public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Function.

metricNameRequired
  • Type: string

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

metricDuration
public metricDuration(props?: MetricOptions): Metric

How long execution of this Lambda takes.

Average over 5 minutes

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

metricErrors
public metricErrors(props?: MetricOptions): Metric

How many invocations of this Lambda fail.

Sum over 5 minutes

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

metricInvocations
public metricInvocations(props?: MetricOptions): Metric

How often this Lambda is invoked.

Sum over 5 minutes

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

metricThrottles
public metricThrottles(props?: MetricOptions): Metric

How often this Lambda is throttled.

Sum over 5 minutes

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

addAlias
public addAlias(aliasName: string, options?: AliasOptions): Alias

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.

declare const fn: lambda.Function;

fn.addAlias('Live');

// Is equivalent to

new lambda.Alias(this, 'AliasLive', {
  aliasName: 'Live',
  version: fn.currentVersion,
});
aliasNameRequired
  • Type: string

The name of the alias.


optionsOptional
  • Type: aws-cdk-lib.aws_lambda.AliasOptions

Alias options.


addEnvironment
public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

keyRequired
  • Type: string

The environment variable key.


valueRequired
  • Type: string

The environment variable's value.


optionsOptional
  • Type: aws-cdk-lib.aws_lambda.EnvironmentOptions

Environment variable options.


addLayers
public addLayers(layers: ...ILayerVersion[]): void

Adds one or more Lambda Layers to this Lambda function.

layersRequired
  • Type: ...aws-cdk-lib.aws_lambda.ILayerVersion[]

the layers to be added.


invalidateVersionBasedOn
public invalidateVersionBasedOn(x: string): void

Mix additional information into the hash of the Version object.

The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).

However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.

This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.

This method may be called more than once.

xRequired
  • Type: string

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
classifyVersionProperty Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.
fromFunctionArn Import a lambda function into the CDK using its ARN.
fromFunctionAttributes Creates a Lambda function object which represents a function not defined within this stack.
fromFunctionName Import a lambda function into the CDK using its name.
metricAll Return the given named metric for this Lambda.
metricAllConcurrentExecutions Metric for the number of concurrent executions across all Lambdas.
metricAllDuration Metric for the Duration executing all Lambdas.
metricAllErrors Metric for the number of Errors executing all Lambdas.
metricAllInvocations Metric for the number of invocations of all Lambdas.
metricAllThrottles Metric for the number of throttled invocations of all Lambdas.
metricAllUnreservedConcurrentExecutions Metric for the number of unreserved concurrent executions across all Lambdas.

isConstruct
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: any

Any object.


isOwnedResource
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
  • Type: constructs.IConstruct

isResource
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

constructRequired
  • Type: constructs.IConstruct

classifyVersionProperty
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.classifyVersionProperty(propertyName: string, locked: boolean)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details.

propertyNameRequired
  • Type: string

The property to classify.


lockedRequired
  • Type: boolean

whether the property should be associated to the version or not.


fromFunctionArn
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string)

Import a lambda function into the CDK using its ARN.

For Function.addPermissions() to work on this imported lambda, make sure that is in the same account and region as the stack you are importing it into.

scopeRequired
  • Type: constructs.Construct

idRequired
  • Type: string

functionArnRequired
  • Type: string

fromFunctionAttributes
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes)

Creates a Lambda function object which represents a function not defined within this stack.

For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true if this imported lambda is in the same account and region as the stack you are importing it into.

scopeRequired
  • Type: constructs.Construct

The parent construct.


idRequired
  • Type: string

The name of the lambda construct.


attrsRequired
  • Type: aws-cdk-lib.aws_lambda.FunctionAttributes

the attributes of the function to import.


fromFunctionName
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.fromFunctionName(scope: Construct, id: string, functionName: string)

Import a lambda function into the CDK using its name.

scopeRequired
  • Type: constructs.Construct

idRequired
  • Type: string

functionNameRequired
  • Type: string

metricAll
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.metricAll(metricName: string, props?: MetricOptions)

Return the given named metric for this Lambda.

metricNameRequired
  • Type: string

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

metricAllConcurrentExecutions
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.metricAllConcurrentExecutions(props?: MetricOptions)

Metric for the number of concurrent executions across all Lambdas.

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

metricAllDuration
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.metricAllDuration(props?: MetricOptions)

Metric for the Duration executing all Lambdas.

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

metricAllErrors
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.metricAllErrors(props?: MetricOptions)

Metric for the number of Errors executing all Lambdas.

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

metricAllInvocations
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.metricAllInvocations(props?: MetricOptions)

Metric for the number of invocations of all Lambdas.

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

metricAllThrottles
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.metricAllThrottles(props?: MetricOptions)

Metric for the number of throttled invocations of all Lambdas.

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

metricAllUnreservedConcurrentExecutions
import { LlrtFunction } from 'cdk-lambda-llrt'

LlrtFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions)

Metric for the number of unreserved concurrent executions across all Lambdas.

propsOptional
  • Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Properties

Name Type Description
node constructs.Node The tree node.
env aws-cdk-lib.ResourceEnvironment The environment this resource belongs to.
stack aws-cdk-lib.Stack The stack in which this resource is defined.
architecture aws-cdk-lib.aws_lambda.Architecture The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
connections aws-cdk-lib.aws_ec2.Connections Access the Connections object.
functionArn string ARN of this function.
functionName string Name of this function.
grantPrincipal aws-cdk-lib.aws_iam.IPrincipal The principal this Lambda Function is running as.
isBoundToVpc boolean Whether or not this Lambda function was bound to a VPC.
latestVersion aws-cdk-lib.aws_lambda.IVersion The $LATEST version of this function.
permissionsNode constructs.Node The construct node where permissions are attached.
resourceArnsForGrantInvoke string[] The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
role aws-cdk-lib.aws_iam.IRole Execution role associated with this function.
currentVersion aws-cdk-lib.aws_lambda.Version Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
logGroup aws-cdk-lib.aws_logs.ILogGroup The LogGroup where the Lambda function's logs are made available.
runtime aws-cdk-lib.aws_lambda.Runtime The runtime configured for this lambda.
deadLetterQueue aws-cdk-lib.aws_sqs.IQueue The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
deadLetterTopic aws-cdk-lib.aws_sns.ITopic The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
timeout aws-cdk-lib.Duration The timeout configured for this lambda.

nodeRequired
public readonly node: Node;
  • Type: constructs.Node

The tree node.


envRequired
public readonly env: ResourceEnvironment;
  • Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


stackRequired
public readonly stack: Stack;
  • Type: aws-cdk-lib.Stack

The stack in which this resource is defined.


architectureRequired
public readonly architecture: Architecture;
  • Type: aws-cdk-lib.aws_lambda.Architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).


connectionsRequired
public readonly connections: Connections;
  • Type: aws-cdk-lib.aws_ec2.Connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function


functionArnRequired
public readonly functionArn: string;
  • Type: string

ARN of this function.


functionNameRequired
public readonly functionName: string;
  • Type: string

Name of this function.


grantPrincipalRequired
public readonly grantPrincipal: IPrincipal;
  • Type: aws-cdk-lib.aws_iam.IPrincipal

The principal this Lambda Function is running as.


isBoundToVpcRequired
public readonly isBoundToVpc: boolean;
  • Type: boolean

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.


latestVersionRequired
public readonly latestVersion: IVersion;
  • Type: aws-cdk-lib.aws_lambda.IVersion

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.


permissionsNodeRequired
public readonly permissionsNode: Node;
  • Type: constructs.Node

The construct node where permissions are attached.


resourceArnsForGrantInvokeRequired
public readonly resourceArnsForGrantInvoke: string[];
  • Type: string[]

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().


roleOptional
public readonly role: IRole;
  • Type: aws-cdk-lib.aws_iam.IRole

Execution role associated with this function.


currentVersionRequired
public readonly currentVersion: Version;
  • Type: aws-cdk-lib.aws_lambda.Version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.


logGroupRequired
public readonly logGroup: ILogGroup;
  • Type: aws-cdk-lib.aws_logs.ILogGroup

The LogGroup where the Lambda function's logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.


runtimeRequired
public readonly runtime: Runtime;
  • Type: aws-cdk-lib.aws_lambda.Runtime

The runtime configured for this lambda.


deadLetterQueueOptional
public readonly deadLetterQueue: IQueue;
  • Type: aws-cdk-lib.aws_sqs.IQueue

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).


deadLetterTopicOptional
public readonly deadLetterTopic: ITopic;
  • Type: aws-cdk-lib.aws_sns.ITopic

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).


timeoutOptional
public readonly timeout: Duration;
  • Type: aws-cdk-lib.Duration

The timeout configured for this lambda.


Structs

LlrtFunctionProps

Initializer

import { LlrtFunctionProps } from 'cdk-lambda-llrt'

const llrtFunctionProps: LlrtFunctionProps = { ... }

Properties

Name Type Description
maxEventAge aws-cdk-lib.Duration The maximum age of a request that Lambda sends to a function for processing.
onFailure aws-cdk-lib.aws_lambda.IDestination The destination for failed invocations.
onSuccess aws-cdk-lib.aws_lambda.IDestination The destination for successful invocations.
retryAttempts number The maximum number of times to retry when the function returns an error.
adotInstrumentation aws-cdk-lib.aws_lambda.AdotInstrumentationConfig Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
allowAllIpv6Outbound boolean Whether to allow the Lambda to send all ipv6 network traffic.
allowAllOutbound boolean Whether to allow the Lambda to send all network traffic (except ipv6).
allowPublicSubnet boolean Lambda Functions in a public subnet can NOT access the internet.
applicationLogLevel string Sets the application log level for the function.
applicationLogLevelV2 aws-cdk-lib.aws_lambda.ApplicationLogLevel Sets the application log level for the function.
architecture aws-cdk-lib.aws_lambda.Architecture The system architectures compatible with this lambda function.
codeSigningConfig aws-cdk-lib.aws_lambda.ICodeSigningConfig Code signing config associated with this function.
currentVersionOptions aws-cdk-lib.aws_lambda.VersionOptions Options for the lambda.Version resource automatically created by the fn.currentVersion method.
deadLetterQueue aws-cdk-lib.aws_sqs.IQueue The SQS queue to use if DLQ is enabled.
deadLetterQueueEnabled boolean Enabled DLQ.
deadLetterTopic aws-cdk-lib.aws_sns.ITopic The SNS topic to use as a DLQ.
description string A description of the function.
environment {[ key: string ]: string} Key-value pairs that Lambda caches and makes available for your Lambda functions.
environmentEncryption aws-cdk-lib.aws_kms.IKey The AWS KMS key that's used to encrypt your function's environment variables.
ephemeralStorageSize aws-cdk-lib.Size The size of the function’s /tmp directory in MiB.
events aws-cdk-lib.aws_lambda.IEventSource[] Event sources for this function.
filesystem aws-cdk-lib.aws_lambda.FileSystem The filesystem configuration for the lambda function.
functionName string A name for the function.
initialPolicy aws-cdk-lib.aws_iam.PolicyStatement[] Initial policy statements to add to the created Lambda Role.
insightsVersion aws-cdk-lib.aws_lambda.LambdaInsightsVersion Specify the version of CloudWatch Lambda insights to use for monitoring.
ipv6AllowedForDualStack boolean Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
layers aws-cdk-lib.aws_lambda.ILayerVersion[] A list of layers to add to the function's execution environment.
logFormat string Sets the logFormat for the function.
loggingFormat aws-cdk-lib.aws_lambda.LoggingFormat Sets the loggingFormat for the function.
logGroup aws-cdk-lib.aws_logs.ILogGroup The log group the function sends logs to.
logRetention aws-cdk-lib.aws_logs.RetentionDays The number of days log events are kept in CloudWatch Logs.
logRetentionRetryOptions aws-cdk-lib.aws_lambda.LogRetentionRetryOptions When log retention is specified, a custom resource attempts to create the CloudWatch log group.
logRetentionRole aws-cdk-lib.aws_iam.IRole The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
memorySize number The amount of memory, in MB, that is allocated to your Lambda function.
paramsAndSecrets aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion Specify the configuration of Parameters and Secrets Extension.
profiling boolean Enable profiling.
profilingGroup aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup Profiling Group.
recursiveLoop aws-cdk-lib.aws_lambda.RecursiveLoop Sets the Recursive Loop Protection for Lambda Function.
reservedConcurrentExecutions number The maximum of concurrent executions you want to reserve for the function.
role aws-cdk-lib.aws_iam.IRole Lambda execution role.
runtimeManagementMode aws-cdk-lib.aws_lambda.RuntimeManagementMode Sets the runtime management configuration for a function's version.
securityGroups aws-cdk-lib.aws_ec2.ISecurityGroup[] The list of security groups to associate with the Lambda's network interfaces.
snapStart aws-cdk-lib.aws_lambda.SnapStartConf Enable SnapStart for Lambda Function.
systemLogLevel string Sets the system log level for the function.
systemLogLevelV2 aws-cdk-lib.aws_lambda.SystemLogLevel Sets the system log level for the function.
timeout aws-cdk-lib.Duration The function execution time (in seconds) after which Lambda terminates the function.
tracing aws-cdk-lib.aws_lambda.Tracing Enable AWS X-Ray Tracing for Lambda Function.
vpc aws-cdk-lib.aws_ec2.IVpc VPC network to place Lambda network interfaces.
vpcSubnets aws-cdk-lib.aws_ec2.SubnetSelection Where to place the network interfaces within the VPC.
awsSdkConnectionReuse boolean The AWS_NODEJS_CONNECTION_REUSE_ENABLED environment variable does not exist in the AWS SDK for JavaScript v3.
bundling aws-cdk-lib.aws_lambda_nodejs.BundlingOptions Bundling options.
code aws-cdk-lib.aws_lambda.Code The code that will be deployed to the Lambda Handler.
depsLockFilePath string The path to the dependencies lock file (yarn.lock, pnpm-lock.yaml or package-lock.json).
entry string Path to the entry file (JavaScript or TypeScript).
handler string The name of the exported handler in the entry file.
projectRoot string The path to the directory containing project config files (package.json or tsconfig.json).
runtime aws-cdk-lib.aws_lambda.Runtime The runtime environment.
llrtBinaryPath string A custom relative path to use as a local LLRT bootstrap binary.
llrtBinaryType LlrtBinaryType The type of LLRT bundle to use.
llrtVersion string The version of LLRT.

maxEventAgeOptional
public readonly maxEventAge: Duration;
  • Type: aws-cdk-lib.Duration
  • Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours


onFailureOptional
public readonly onFailure: IDestination;
  • Type: aws-cdk-lib.aws_lambda.IDestination
  • Default: no destination

The destination for failed invocations.


onSuccessOptional
public readonly onSuccess: IDestination;
  • Type: aws-cdk-lib.aws_lambda.IDestination
  • Default: no destination

The destination for successful invocations.


retryAttemptsOptional
public readonly retryAttempts: number;
  • Type: number
  • Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2


adotInstrumentationOptional
public readonly adotInstrumentation: AdotInstrumentationConfig;
  • Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
  • Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

https://aws-otel.github.io/docs/getting-started/lambda


allowAllIpv6OutboundOptional
public readonly allowAllIpv6Outbound: boolean;
  • Type: boolean
  • Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.


allowAllOutboundOptional
public readonly allowAllOutbound: boolean;
  • Type: boolean
  • Default: true

Whether to allow the Lambda to send all network traffic (except ipv6).

If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllOutbound directly on the security group.


allowPublicSubnetOptional
public readonly allowPublicSubnet: boolean;
  • Type: boolean
  • Default: false

Lambda Functions in a public subnet can NOT access the internet.

Use this property to acknowledge this limitation and still place the function in a public subnet.

https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the/52994841#52994841


applicationLogLevelOptional
  • Deprecated: Use applicationLogLevelV2 as a property instead.
public readonly applicationLogLevel: string;
  • Type: string
  • Default: "INFO"

Sets the application log level for the function.


applicationLogLevelV2Optional
public readonly applicationLogLevelV2: ApplicationLogLevel;
  • Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
  • Default: ApplicationLogLevel.INFO

Sets the application log level for the function.


architectureOptional
public readonly architecture: Architecture;
  • Type: aws-cdk-lib.aws_lambda.Architecture
  • Default: Architecture.X86_64

The system architectures compatible with this lambda function.


codeSigningConfigOptional
public readonly codeSigningConfig: ICodeSigningConfig;
  • Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
  • Default: Not Sign the Code

Code signing config associated with this function.


currentVersionOptionsOptional
public readonly currentVersionOptions: VersionOptions;
  • Type: aws-cdk-lib.aws_lambda.VersionOptions
  • Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.


deadLetterQueueOptional
public readonly deadLetterQueue: IQueue;
  • Type: aws-cdk-lib.aws_sqs.IQueue
  • Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.


deadLetterQueueEnabledOptional
public readonly deadLetterQueueEnabled: boolean;
  • Type: boolean
  • Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.


deadLetterTopicOptional
public readonly deadLetterTopic: ITopic;
  • Type: aws-cdk-lib.aws_sns.ITopic
  • Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.


descriptionOptional
public readonly description: string;
  • Type: string
  • Default: No description.

A description of the function.


environmentOptional
public readonly environment: {[ key: string ]: string};
  • Type: {[ key: string ]: string}
  • Default: No environment variables.

Key-value pairs that Lambda caches and makes available for your Lambda functions.

Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code.


environmentEncryptionOptional
public readonly environmentEncryption: IKey;
  • Type: aws-cdk-lib.aws_kms.IKey
  • Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.


ephemeralStorageSizeOptional
public readonly ephemeralStorageSize: Size;
  • Type: aws-cdk-lib.Size
  • Default: 512 MiB

The size of the function’s /tmp directory in MiB.


eventsOptional
public readonly events: IEventSource[];
  • Type: aws-cdk-lib.aws_lambda.IEventSource[]
  • Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.


filesystemOptional
public readonly filesystem: FileSystem;
  • Type: aws-cdk-lib.aws_lambda.FileSystem
  • Default: will not mount any filesystem

The filesystem configuration for the lambda function.


functionNameOptional
public readonly functionName: string;
  • Type: string
  • Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.


initialPolicyOptional
public readonly initialPolicy: PolicyStatement[];
  • Type: aws-cdk-lib.aws_iam.PolicyStatement[]
  • Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.


insightsVersionOptional
public readonly insightsVersion: LambdaInsightsVersion;
  • Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
  • Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-Getting-Started-docker.html


ipv6AllowedForDualStackOptional
public readonly ipv6AllowedForDualStack: boolean;
  • Type: boolean
  • Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.


layersOptional
public readonly layers: ILayerVersion[];
  • Type: aws-cdk-lib.aws_lambda.ILayerVersion[]
  • Default: No layers.

A list of layers to add to the function's execution environment.

You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions.


logFormatOptional
  • Deprecated: Use loggingFormat as a property instead.
public readonly logFormat: string;
  • Type: string
  • Default: "Text"

Sets the logFormat for the function.


loggingFormatOptional
public readonly loggingFormat: LoggingFormat;
  • Type: aws-cdk-lib.aws_lambda.LoggingFormat
  • Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.


logGroupOptional
public readonly logGroup: ILogGroup;
  • Type: aws-cdk-lib.aws_logs.ILogGroup
  • Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.


logRetentionOptional
public readonly logRetention: RetentionDays;
  • Type: aws-cdk-lib.aws_logs.RetentionDays
  • Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

logRetentionRetryOptionsOptional
public readonly logRetentionRetryOptions: LogRetentionRetryOptions;
  • Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
  • Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.


logRetentionRoleOptional
public readonly logRetentionRole: IRole;
  • Type: aws-cdk-lib.aws_iam.IRole
  • Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.


memorySizeOptional
public readonly memorySize: number;
  • Type: number
  • Default: 128

The amount of memory, in MB, that is allocated to your Lambda function.

Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide.


paramsAndSecretsOptional
public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;
  • Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
  • Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html


profilingOptional
public readonly profiling: boolean;
  • Type: boolean
  • Default: No profiling.

Enable profiling.

https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html


profilingGroupOptional
public readonly profilingGroup: IProfilingGroup;
  • Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
  • Default: A new profiling group will be created if profiling is set.

Profiling Group.

https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html


recursiveLoopOptional
public readonly recursiveLoop: RecursiveLoop;
  • Type: aws-cdk-lib.aws_lambda.RecursiveLoop
  • Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recusrive loops.


reservedConcurrentExecutionsOptional
public readonly reservedConcurrentExecutions: number;
  • Type: number
  • Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html


roleOptional
public readonly role: IRole;
  • Type: aws-cdk-lib.aws_iam.IRole
  • Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".


runtimeManagementModeOptional
public readonly runtimeManagementMode: RuntimeManagementMode;
  • Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
  • Default: Auto

Sets the runtime management configuration for a function's version.


securityGroupsOptional
public readonly securityGroups: ISecurityGroup[];
  • Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
  • Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.


snapStartOptional
public readonly snapStart: SnapStartConf;
  • Type: aws-cdk-lib.aws_lambda.SnapStartConf
  • Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported only for Java 11, 17 runtime


systemLogLevelOptional
  • Deprecated: Use systemLogLevelV2 as a property instead.
public readonly systemLogLevel: string;
  • Type: string
  • Default: "INFO"

Sets the system log level for the function.


systemLogLevelV2Optional
public readonly systemLogLevelV2: SystemLogLevel;
  • Type: aws-cdk-lib.aws_lambda.SystemLogLevel
  • Default: SystemLogLevel.INFO

Sets the system log level for the function.


timeoutOptional
public readonly timeout: Duration;
  • Type: aws-cdk-lib.Duration
  • Default: Duration.seconds(3)

The function execution time (in seconds) after which Lambda terminates the function.

Because the execution time affects cost, set this value based on the function's expected execution time.


tracingOptional
public readonly tracing: Tracing;
  • Type: aws-cdk-lib.aws_lambda.Tracing
  • Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.


vpcOptional
public readonly vpc: IVpc;
  • Type: aws-cdk-lib.aws_ec2.IVpc
  • Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.


vpcSubnetsOptional
public readonly vpcSubnets: SubnetSelection;
  • Type: aws-cdk-lib.aws_ec2.SubnetSelection
  • Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).


awsSdkConnectionReuseOptional
public readonly awsSdkConnectionReuse: boolean;
  • Type: boolean
  • Default: false (obsolete) for runtimes >= Node 18, true for runtimes <= Node 16.

The AWS_NODEJS_CONNECTION_REUSE_ENABLED environment variable does not exist in the AWS SDK for JavaScript v3.

This prop will be deprecated when the Lambda Node16 runtime is deprecated on June 12, 2024. See https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy

Info for Node 16 runtimes / SDK v2 users:

Whether to automatically reuse TCP connections when working with the AWS SDK for JavaScript v2.

This sets the AWS_NODEJS_CONNECTION_REUSE_ENABLED environment variable to 1.

https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/node-reusing-connections.html


bundlingOptional
public readonly bundling: BundlingOptions;
  • Type: aws-cdk-lib.aws_lambda_nodejs.BundlingOptions
  • Default: use default bundling options: no minify, no sourcemap, all modules are bundled.

Bundling options.


codeOptional
public readonly code: Code;
  • Type: aws-cdk-lib.aws_lambda.Code
  • Default: the code is bundled by esbuild

The code that will be deployed to the Lambda Handler.

If included, then properties related to bundling of the code are ignored.

  • If the code field is specified, then you must include the handler property.

depsLockFilePathOptional
public readonly depsLockFilePath: string;
  • Type: string
  • Default: the path is found by walking up parent directories searching for a yarn.lock, pnpm-lock.yaml or package-lock.json file

The path to the dependencies lock file (yarn.lock, pnpm-lock.yaml or package-lock.json).

This will be used as the source for the volume mounted in the Docker container.

Modules specified in nodeModules will be installed using the right installer (yarn, pnpm or npm) along with this lock file.


entryOptional
public readonly entry: string;
  • Type: string
  • Default: Derived from the name of the defining file and the construct's id. If the NodejsFunction is defined in stack.ts with my-handler as id (new NodejsFunction(this, 'my-handler')), the construct will look at stack.my-handler.ts and stack.my-handler.js.

Path to the entry file (JavaScript or TypeScript).


handlerOptional
public readonly handler: string;
  • Type: string
  • Default: handler

The name of the exported handler in the entry file.

  • If the code property is supplied, then you must include the handler property. The handler should be the name of the file that contains the exported handler and the function that should be called when the AWS Lambda is invoked. For example, if you had a file called myLambda.js and the function to be invoked was myHandler, then you should input handler property as myLambda.myHandler.

  • If the code property is not supplied and the handler input does not contain a ., then the handler is prefixed with index. (index period). Otherwise, the handler property is not modified.


projectRootOptional
public readonly projectRoot: string;
  • Type: string
  • Default: the directory containing the depsLockFilePath

The path to the directory containing project config files (package.json or tsconfig.json).


runtimeOptional
public readonly runtime: Runtime;
  • Type: aws-cdk-lib.aws_lambda.Runtime
  • Default: Runtime.NODEJS_LATEST if the @aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion feature flag is enabled, otherwise Runtime.NODEJS_16_X

The runtime environment.

Only runtimes of the Node.js family are supported.


llrtBinaryPathOptional
public readonly llrtBinaryPath: string;
  • Type: string
  • Default: If this option is not provided, the LLRT binary is downloaded from GitHub and cached in the .tmp directory.

A custom relative path to use as a local LLRT bootstrap binary.

This path must be specified relative to the function's projectRoot directory.


llrtBinaryTypeOptional
public readonly llrtBinaryType: LlrtBinaryType;

The type of LLRT bundle to use.


llrtVersionOptional
public readonly llrtVersion: string;
  • Type: string
  • Default: "latest"

The version of LLRT.

See https://github.com/awslabs/llrt/releases


Enums

LlrtBinaryType

The type of LLRT binary to use.

Members

Name Description
FULL_SDK The LLRT bundle including full AWS SDK.
NO_SDK The LLRT bundle without AWS SDK.
STANDARD The standard LLRT bundle, including only major services of AWS SDK.

FULL_SDK

The LLRT bundle including full AWS SDK.


NO_SDK

The LLRT bundle without AWS SDK.


STANDARD

The standard LLRT bundle, including only major services of AWS SDK.