AWS v7.8.0, Oct 7 25

AWS v7.8.0 published on Tuesday, Oct 7, 2025 by Pulumi

aws.lambda.Function

Explore with Pulumi AI

AWS v7.8.0 published on Tuesday, Oct 7, 2025 by Pulumi

Note: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete. Pulumi AWS Provider version 2.31.0 and later automatically handles this increased timeout, however prior versions require setting the customizable deletion timeouts of those Pulumi resources to 45 minutes (delete = "45m"). AWS and HashiCorp are working together to reduce the amount of time required for resource deletion and updates can be tracked in this GitHub issue.

Note: If you get a KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was denied error when invoking an aws.lambda.Function with environment variables, the IAM role associated with the function may have been deleted and recreated after the function was created. You can fix the problem two ways: 1) updating the function’s role to another role and then updating it back again to the recreated role. (When you create a function, Lambda grants permissions on the KMS key to the function’s IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function’s role or recreating the function causes Lambda to update the grant.)

Tip: To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the aws.lambda.Permission resource. See Lambda Permission Model for more details. On the other hand, the role argument of this resource is the function’s execution role for identity and access to AWS services and resources.

Example Usage

Container Image Function

import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws";  const example = new aws.lambda.Function("example", {  name: "example_container_function",  role: exampleAwsIamRole.arn,  packageType: "Image",  imageUri: `${exampleAwsEcrRepository.repositoryUrl}:latest`,  imageConfig: {  entryPoints: ["/lambda-entrypoint.sh"],  commands: ["app.handler"],  },  memorySize: 512,  timeout: 30,  architectures: ["arm64"], });

import pulumi import pulumi_aws as aws  example = aws.lambda_.Function("example",  name="example_container_function",  role=example_aws_iam_role["arn"],  package_type="Image",  image_uri=f"{example_aws_ecr_repository['repositoryUrl']}:latest",  image_config={  "entry_points": ["/lambda-entrypoint.sh"],  "commands": ["app.handler"],  },  memory_size=512,  timeout=30,  architectures=["arm64"])

package main  import ( "fmt"  "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" )  func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{ Name: pulumi.String("example_container_function"), Role: pulumi.Any(exampleAwsIamRole.Arn), PackageType: pulumi.String("Image"), ImageUri: pulumi.Sprintf("%v:latest", exampleAwsEcrRepository.RepositoryUrl), ImageConfig: &lambda.FunctionImageConfigArgs{ EntryPoints: pulumi.StringArray{ pulumi.String("/lambda-entrypoint.sh"), }, Commands: pulumi.StringArray{ pulumi.String("app.handler"), }, }, MemorySize: pulumi.Int(512), Timeout: pulumi.Int(30), Architectures: pulumi.StringArray{ pulumi.String("arm64"), }, }) if err != nil { return err } return nil }) }

using System.Collections.Generic; using System.Linq; using Pulumi; using Aws = Pulumi.Aws;  return await Deployment.RunAsync(() => {  var example = new Aws.Lambda.Function("example", new()  {  Name = "example_container_function",  Role = exampleAwsIamRole.Arn,  PackageType = "Image",  ImageUri = $"{exampleAwsEcrRepository.RepositoryUrl}:latest",  ImageConfig = new Aws.Lambda.Inputs.FunctionImageConfigArgs  {  EntryPoints = new[]  {  "/lambda-entrypoint.sh",  },  Commands = new[]  {  "app.handler",  },  },  MemorySize = 512,  Timeout = 30,  Architectures = new[]  {  "arm64",  },  });  });

package generated_program;  import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.lambda.Function; import com.pulumi.aws.lambda.FunctionArgs; import com.pulumi.aws.lambda.inputs.FunctionImageConfigArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths;  public class App {  public static void main(String[] args) {  Pulumi.run(App::stack);  }   public static void stack(Context ctx) {  var example = new Function("example", FunctionArgs.builder()  .name("example_container_function")  .role(exampleAwsIamRole.arn())  .packageType("Image")  .imageUri(String.format("%s:latest", exampleAwsEcrRepository.repositoryUrl()))  .imageConfig(FunctionImageConfigArgs.builder()  .entryPoints("/lambda-entrypoint.sh")  .commands("app.handler")  .build())  .memorySize(512)  .timeout(30)  .architectures("arm64")  .build());   } }

resources:  example:  type: aws:lambda:Function  properties:  name: example_container_function  role: ${exampleAwsIamRole.arn}  packageType: Image  imageUri: ${exampleAwsEcrRepository.repositoryUrl}:latest  imageConfig:  entryPoints:  - /lambda-entrypoint.sh  commands:  - app.handler  memorySize: 512  timeout: 30  architectures: # Graviton support for better price/performance  - arm64

Function with Lambda Layers

Note: The aws.lambda.LayerVersion attribute values for arn and layer_arn were swapped in version 2.0.0 of the Pulumi AWS Provider. For version 2.x, use arn references.

import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws";  // Common dependencies layer const example = new aws.lambda.LayerVersion("example", {  code: new pulumi.asset.FileArchive("layer.zip"),  layerName: "example_dependencies_layer",  description: "Common dependencies for Lambda functions",  compatibleRuntimes: [  "nodejs20.x",  "python3.12",  ],  compatibleArchitectures: [  "x86_64",  "arm64",  ], }); // Function using the layer const exampleFunction = new aws.lambda.Function("example", {  code: new pulumi.asset.FileArchive("function.zip"),  name: "example_layered_function",  role: exampleAwsIamRole.arn,  handler: "index.handler",  runtime: aws.lambda.Runtime.NodeJS20dX,  layers: [example.arn],  tracingConfig: {  mode: "Active",  }, });

import pulumi import pulumi_aws as aws  # Common dependencies layer example = aws.lambda_.LayerVersion("example",  code=pulumi.FileArchive("layer.zip"),  layer_name="example_dependencies_layer",  description="Common dependencies for Lambda functions",  compatible_runtimes=[  "nodejs20.x",  "python3.12",  ],  compatible_architectures=[  "x86_64",  "arm64",  ]) # Function using the layer example_function = aws.lambda_.Function("example",  code=pulumi.FileArchive("function.zip"),  name="example_layered_function",  role=example_aws_iam_role["arn"],  handler="index.handler",  runtime=aws.lambda_.Runtime.NODE_JS20D_X,  layers=[example.arn],  tracing_config={  "mode": "Active",  })

package main  import ( "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" )  func main() { pulumi.Run(func(ctx *pulumi.Context) error { // Common dependencies layer example, err := lambda.NewLayerVersion(ctx, "example", &lambda.LayerVersionArgs{ Code: pulumi.NewFileArchive("layer.zip"), LayerName: pulumi.String("example_dependencies_layer"), Description: pulumi.String("Common dependencies for Lambda functions"), CompatibleRuntimes: pulumi.StringArray{ pulumi.String("nodejs20.x"), pulumi.String("python3.12"), }, CompatibleArchitectures: pulumi.StringArray{ pulumi.String("x86_64"), pulumi.String("arm64"), }, }) if err != nil { return err } // Function using the layer _, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{ Code: pulumi.NewFileArchive("function.zip"), Name: pulumi.String("example_layered_function"), Role: pulumi.Any(exampleAwsIamRole.Arn), Handler: pulumi.String("index.handler"), Runtime: pulumi.String(lambda.RuntimeNodeJS20dX), Layers: pulumi.StringArray{ example.Arn, }, TracingConfig: &lambda.FunctionTracingConfigArgs{ Mode: pulumi.String("Active"), }, }) if err != nil { return err } return nil }) }

using System.Collections.Generic; using System.Linq; using Pulumi; using Aws = Pulumi.Aws;  return await Deployment.RunAsync(() => {  // Common dependencies layer  var example = new Aws.Lambda.LayerVersion("example", new()  {  Code = new FileArchive("layer.zip"),  LayerName = "example_dependencies_layer",  Description = "Common dependencies for Lambda functions",  CompatibleRuntimes = new[]  {  "nodejs20.x",  "python3.12",  },  CompatibleArchitectures = new[]  {  "x86_64",  "arm64",  },  });   // Function using the layer  var exampleFunction = new Aws.Lambda.Function("example", new()  {  Code = new FileArchive("function.zip"),  Name = "example_layered_function",  Role = exampleAwsIamRole.Arn,  Handler = "index.handler",  Runtime = Aws.Lambda.Runtime.NodeJS20dX,  Layers = new[]  {  example.Arn,  },  TracingConfig = new Aws.Lambda.Inputs.FunctionTracingConfigArgs  {  Mode = "Active",  },  });  });

package generated_program;  import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.lambda.LayerVersion; import com.pulumi.aws.lambda.LayerVersionArgs; import com.pulumi.aws.lambda.Function; import com.pulumi.aws.lambda.FunctionArgs; import com.pulumi.aws.lambda.inputs.FunctionTracingConfigArgs; import com.pulumi.asset.FileArchive; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths;  public class App {  public static void main(String[] args) {  Pulumi.run(App::stack);  }   public static void stack(Context ctx) {  // Common dependencies layer  var example = new LayerVersion("example", LayerVersionArgs.builder()  .code(new FileArchive("layer.zip"))  .layerName("example_dependencies_layer")  .description("Common dependencies for Lambda functions")  .compatibleRuntimes(  "nodejs20.x",  "python3.12")  .compatibleArchitectures(  "x86_64",  "arm64")  .build());   // Function using the layer  var exampleFunction = new Function("exampleFunction", FunctionArgs.builder()  .code(new FileArchive("function.zip"))  .name("example_layered_function")  .role(exampleAwsIamRole.arn())  .handler("index.handler")  .runtime("nodejs20.x")  .layers(example.arn())  .tracingConfig(FunctionTracingConfigArgs.builder()  .mode("Active")  .build())  .build());   } }

resources:  # Common dependencies layer  example:  type: aws:lambda:LayerVersion  properties:  code:  fn::FileArchive: layer.zip  layerName: example_dependencies_layer  description: Common dependencies for Lambda functions  compatibleRuntimes:  - nodejs20.x  - python3.12  compatibleArchitectures:  - x86_64  - arm64  # Function using the layer  exampleFunction:  type: aws:lambda:Function  name: example  properties:  code:  fn::FileArchive: function.zip  name: example_layered_function  role: ${exampleAwsIamRole.arn}  handler: index.handler  runtime: nodejs20.x  layers:  - ${example.arn}  tracingConfig:  mode: Active

VPC Function with Enhanced Networking

import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws";  const example = new aws.lambda.Function("example", {  code: new pulumi.asset.FileArchive("function.zip"),  name: "example_vpc_function",  role: exampleAwsIamRole.arn,  handler: "app.handler",  runtime: aws.lambda.Runtime.Python3d12,  memorySize: 1024,  timeout: 30,  vpcConfig: {  subnetIds: [  examplePrivate1.id,  examplePrivate2.id,  ],  securityGroupIds: [exampleLambda.id],  ipv6AllowedForDualStack: true,  },  ephemeralStorage: {  size: 5120,  },  snapStart: {  applyOn: "PublishedVersions",  }, });

import pulumi import pulumi_aws as aws  example = aws.lambda_.Function("example",  code=pulumi.FileArchive("function.zip"),  name="example_vpc_function",  role=example_aws_iam_role["arn"],  handler="app.handler",  runtime=aws.lambda_.Runtime.PYTHON3D12,  memory_size=1024,  timeout=30,  vpc_config={  "subnet_ids": [  example_private1["id"],  example_private2["id"],  ],  "security_group_ids": [example_lambda["id"]],  "ipv6_allowed_for_dual_stack": True,  },  ephemeral_storage={  "size": 5120,  },  snap_start={  "apply_on": "PublishedVersions",  })

package main  import ( "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" )  func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{ Code: pulumi.NewFileArchive("function.zip"), Name: pulumi.String("example_vpc_function"), Role: pulumi.Any(exampleAwsIamRole.Arn), Handler: pulumi.String("app.handler"), Runtime: pulumi.String(lambda.RuntimePython3d12), MemorySize: pulumi.Int(1024), Timeout: pulumi.Int(30), VpcConfig: &lambda.FunctionVpcConfigArgs{ SubnetIds: pulumi.StringArray{ examplePrivate1.Id, examplePrivate2.Id, }, SecurityGroupIds: pulumi.StringArray{ exampleLambda.Id, }, Ipv6AllowedForDualStack: pulumi.Bool(true), }, EphemeralStorage: &lambda.FunctionEphemeralStorageArgs{ Size: pulumi.Int(5120), }, SnapStart: &lambda.FunctionSnapStartArgs{ ApplyOn: pulumi.String("PublishedVersions"), }, }) if err != nil { return err } return nil }) }

using System.Collections.Generic; using System.Linq; using Pulumi; using Aws = Pulumi.Aws;  return await Deployment.RunAsync(() => {  var example = new Aws.Lambda.Function("example", new()  {  Code = new FileArchive("function.zip"),  Name = "example_vpc_function",  Role = exampleAwsIamRole.Arn,  Handler = "app.handler",  Runtime = Aws.Lambda.Runtime.Python3d12,  MemorySize = 1024,  Timeout = 30,  VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs  {  SubnetIds = new[]  {  examplePrivate1.Id,  examplePrivate2.Id,  },  SecurityGroupIds = new[]  {  exampleLambda.Id,  },  Ipv6AllowedForDualStack = true,  },  EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs  {  Size = 5120,  },  SnapStart = new Aws.Lambda.Inputs.FunctionSnapStartArgs  {  ApplyOn = "PublishedVersions",  },  });  });

package generated_program;  import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.lambda.Function; import com.pulumi.aws.lambda.FunctionArgs; import com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs; import com.pulumi.aws.lambda.inputs.FunctionEphemeralStorageArgs; import com.pulumi.aws.lambda.inputs.FunctionSnapStartArgs; import com.pulumi.asset.FileArchive; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths;  public class App {  public static void main(String[] args) {  Pulumi.run(App::stack);  }   public static void stack(Context ctx) {  var example = new Function("example", FunctionArgs.builder()  .code(new FileArchive("function.zip"))  .name("example_vpc_function")  .role(exampleAwsIamRole.arn())  .handler("app.handler")  .runtime("python3.12")  .memorySize(1024)  .timeout(30)  .vpcConfig(FunctionVpcConfigArgs.builder()  .subnetIds(  examplePrivate1.id(),  examplePrivate2.id())  .securityGroupIds(exampleLambda.id())  .ipv6AllowedForDualStack(true)  .build())  .ephemeralStorage(FunctionEphemeralStorageArgs.builder()  .size(5120)  .build())  .snapStart(FunctionSnapStartArgs.builder()  .applyOn("PublishedVersions")  .build())  .build());   } }

resources:  example:  type: aws:lambda:Function  properties:  code:  fn::FileArchive: function.zip  name: example_vpc_function  role: ${exampleAwsIamRole.arn}  handler: app.handler  runtime: python3.12  memorySize: 1024  timeout: 30  vpcConfig:  subnetIds:  - ${examplePrivate1.id}  - ${examplePrivate2.id}  securityGroupIds:  - ${exampleLambda.id}  ipv6AllowedForDualStack: true  ephemeralStorage:  size: 5120  snapStart:  applyOn: PublishedVersions

Function with EFS Integration

import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws";  // EFS file system for Lambda const example = new aws.efs.FileSystem("example", {  encrypted: true,  tags: {  Name: "lambda-efs",  }, }); const config = new pulumi.Config(); // List of subnet IDs for EFS mount targets const subnetIds = config.getObject<Array<string>>("subnetIds") || [  "subnet-12345678",  "subnet-87654321", ]; // Mount target in each subnet const exampleMountTarget: aws.efs.MountTarget[] = []; for (const range = {value: 0}; range.value < subnetIds.length; range.value++) {  exampleMountTarget.push(new aws.efs.MountTarget(`example-${range.value}`, {  fileSystemId: example.id,  subnetId: subnetIds[range.value],  securityGroups: [efs.id],  })); } // Access point for Lambda const exampleAccessPoint = new aws.efs.AccessPoint("example", {  fileSystemId: example.id,  rootDirectory: {  path: "/lambda",  creationInfo: {  ownerGid: 1000,  ownerUid: 1000,  permissions: "755",  },  },  posixUser: {  gid: 1000,  uid: 1000,  }, }); // Lambda function with EFS const exampleFunction = new aws.lambda.Function("example", {  code: new pulumi.asset.FileArchive("function.zip"),  name: "example_efs_function",  role: exampleAwsIamRole.arn,  handler: "index.handler",  runtime: aws.lambda.Runtime.NodeJS20dX,  vpcConfig: {  subnetIds: subnetIds,  securityGroupIds: [lambda.id],  },  fileSystemConfig: {  arn: exampleAccessPoint.arn,  localMountPath: "/mnt/data",  }, }, {  dependsOn: [exampleMountTarget], });

import pulumi import pulumi_aws as aws  # EFS file system for Lambda example = aws.efs.FileSystem("example",  encrypted=True,  tags={  "Name": "lambda-efs",  }) config = pulumi.Config() # List of subnet IDs for EFS mount targets subnet_ids = config.get_object("subnetIds") if subnet_ids is None:  subnet_ids = [  "subnet-12345678",  "subnet-87654321",  ] # Mount target in each subnet example_mount_target = [] for range in [{"value": i} for i in range(0, len(subnet_ids))]:  example_mount_target.append(aws.efs.MountTarget(f"example-{range['value']}",  file_system_id=example.id,  subnet_id=subnet_ids[range["value"]],  security_groups=[efs["id"]])) # Access point for Lambda example_access_point = aws.efs.AccessPoint("example",  file_system_id=example.id,  root_directory={  "path": "/lambda",  "creation_info": {  "owner_gid": 1000,  "owner_uid": 1000,  "permissions": "755",  },  },  posix_user={  "gid": 1000,  "uid": 1000,  }) # Lambda function with EFS example_function = aws.lambda_.Function("example",  code=pulumi.FileArchive("function.zip"),  name="example_efs_function",  role=example_aws_iam_role["arn"],  handler="index.handler",  runtime=aws.lambda_.Runtime.NODE_JS20D_X,  vpc_config={  "subnet_ids": subnet_ids,  "security_group_ids": [lambda_["id"]],  },  file_system_config={  "arn": example_access_point.arn,  "local_mount_path": "/mnt/data",  },  opts = pulumi.ResourceOptions(depends_on=[example_mount_target]))

package main  import ( "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/efs" "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" )  func main() { pulumi.Run(func(ctx *pulumi.Context) error { // EFS file system for Lambda example, err := efs.NewFileSystem(ctx, "example", &efs.FileSystemArgs{ Encrypted: pulumi.Bool(true), Tags: pulumi.StringMap{ "Name": pulumi.String("lambda-efs"), }, }) if err != nil { return err } cfg := config.New(ctx, "") // List of subnet IDs for EFS mount targets subnetIds := []string{ "subnet-12345678", "subnet-87654321", } if param := cfg.GetObject("subnetIds"); param != nil { subnetIds = param } // Mount target in each subnet var exampleMountTarget []*efs.MountTarget for index := 0; index < len(subnetIds); index++ { key0 := index val0 := index __res, err := efs.NewMountTarget(ctx, fmt.Sprintf("example-%v", key0), &efs.MountTargetArgs{ FileSystemId: example.ID(), SubnetId: pulumi.String(subnetIds[val0]), SecurityGroups: pulumi.StringArray{ efs.Id, }, }) if err != nil { return err } exampleMountTarget = append(exampleMountTarget, __res) } // Access point for Lambda exampleAccessPoint, err := efs.NewAccessPoint(ctx, "example", &efs.AccessPointArgs{ FileSystemId: example.ID(), RootDirectory: &efs.AccessPointRootDirectoryArgs{ Path: pulumi.String("/lambda"), CreationInfo: &efs.AccessPointRootDirectoryCreationInfoArgs{ OwnerGid: pulumi.Int(1000), OwnerUid: pulumi.Int(1000), Permissions: pulumi.String("755"), }, }, PosixUser: &efs.AccessPointPosixUserArgs{ Gid: pulumi.Int(1000), Uid: pulumi.Int(1000), }, }) if err != nil { return err } // Lambda function with EFS _, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{ Code: pulumi.NewFileArchive("function.zip"), Name: pulumi.String("example_efs_function"), Role: pulumi.Any(exampleAwsIamRole.Arn), Handler: pulumi.String("index.handler"), Runtime: pulumi.String(lambda.RuntimeNodeJS20dX), VpcConfig: &lambda.FunctionVpcConfigArgs{ SubnetIds: subnetIds, SecurityGroupIds: pulumi.StringArray{ lambda.Id, }, }, FileSystemConfig: &lambda.FunctionFileSystemConfigArgs{ Arn: exampleAccessPoint.Arn, LocalMountPath: pulumi.String("/mnt/data"), }, }, pulumi.DependsOn([]pulumi.Resource{ exampleMountTarget, })) if err != nil { return err } return nil }) }

using System.Collections.Generic; using System.Linq; using Pulumi; using Aws = Pulumi.Aws;  return await Deployment.RunAsync(() => {  // EFS file system for Lambda  var example = new Aws.Efs.FileSystem("example", new()  {  Encrypted = true,  Tags =  {  { "Name", "lambda-efs" },  },  });   var config = new Config();  // List of subnet IDs for EFS mount targets  var subnetIds = config.GetObject<string[]>("subnetIds") ?? new[]  {  "subnet-12345678",  "subnet-87654321",  };  // Mount target in each subnet  var exampleMountTarget = new List<Aws.Efs.MountTarget>();  for (var rangeIndex = 0; rangeIndex < subnetIds.Length; rangeIndex++)  {  var range = new { Value = rangeIndex };  exampleMountTarget.Add(new Aws.Efs.MountTarget($"example-{range.Value}", new()  {  FileSystemId = example.Id,  SubnetId = subnetIds[range.Value],  SecurityGroups = new[]  {  efs.Id,  },  }));  }  // Access point for Lambda  var exampleAccessPoint = new Aws.Efs.AccessPoint("example", new()  {  FileSystemId = example.Id,  RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs  {  Path = "/lambda",  CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs  {  OwnerGid = 1000,  OwnerUid = 1000,  Permissions = "755",  },  },  PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs  {  Gid = 1000,  Uid = 1000,  },  });   // Lambda function with EFS  var exampleFunction = new Aws.Lambda.Function("example", new()  {  Code = new FileArchive("function.zip"),  Name = "example_efs_function",  Role = exampleAwsIamRole.Arn,  Handler = "index.handler",  Runtime = Aws.Lambda.Runtime.NodeJS20dX,  VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs  {  SubnetIds = subnetIds,  SecurityGroupIds = new[]  {  lambda.Id,  },  },  FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs  {  Arn = exampleAccessPoint.Arn,  LocalMountPath = "/mnt/data",  },  }, new CustomResourceOptions  {  DependsOn =  {  exampleMountTarget,  },  });  });

package generated_program;  import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.efs.FileSystem; import com.pulumi.aws.efs.FileSystemArgs; import com.pulumi.aws.efs.MountTarget; import com.pulumi.aws.efs.MountTargetArgs; import com.pulumi.aws.efs.AccessPoint; import com.pulumi.aws.efs.AccessPointArgs; import com.pulumi.aws.efs.inputs.AccessPointRootDirectoryArgs; import com.pulumi.aws.efs.inputs.AccessPointRootDirectoryCreationInfoArgs; import com.pulumi.aws.efs.inputs.AccessPointPosixUserArgs; import com.pulumi.aws.lambda.Function; import com.pulumi.aws.lambda.FunctionArgs; import com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs; import com.pulumi.aws.lambda.inputs.FunctionFileSystemConfigArgs; import com.pulumi.asset.FileArchive; import com.pulumi.codegen.internal.KeyedValue; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths;  public class App {  public static void main(String[] args) {  Pulumi.run(App::stack);  }   public static void stack(Context ctx) {  final var config = ctx.config();  // EFS file system for Lambda  var example = new FileSystem("example", FileSystemArgs.builder()  .encrypted(true)  .tags(Map.of("Name", "lambda-efs"))  .build());   final var subnetIds = config.get("subnetIds").orElse(  "subnet-12345678",  "subnet-87654321");  // Mount target in each subnet  for (var i = 0; i < subnetIds.length(); i++) {  new MountTarget("exampleMountTarget-" + i, MountTargetArgs.builder()  .fileSystemId(example.id())  .subnetId(subnetIds[range.value()])  .securityGroups(efs.id())  .build());   }  // Access point for Lambda  var exampleAccessPoint = new AccessPoint("exampleAccessPoint", AccessPointArgs.builder()  .fileSystemId(example.id())  .rootDirectory(AccessPointRootDirectoryArgs.builder()  .path("/lambda")  .creationInfo(AccessPointRootDirectoryCreationInfoArgs.builder()  .ownerGid(1000)  .ownerUid(1000)  .permissions("755")  .build())  .build())  .posixUser(AccessPointPosixUserArgs.builder()  .gid(1000)  .uid(1000)  .build())  .build());   // Lambda function with EFS  var exampleFunction = new Function("exampleFunction", FunctionArgs.builder()  .code(new FileArchive("function.zip"))  .name("example_efs_function")  .role(exampleAwsIamRole.arn())  .handler("index.handler")  .runtime("nodejs20.x")  .vpcConfig(FunctionVpcConfigArgs.builder()  .subnetIds(subnetIds)  .securityGroupIds(lambda.id())  .build())  .fileSystemConfig(FunctionFileSystemConfigArgs.builder()  .arn(exampleAccessPoint.arn())  .localMountPath("/mnt/data")  .build())  .build(), CustomResourceOptions.builder()  .dependsOn(exampleMountTarget)  .build());   } }

Example coming soon!

Function with Advanced Logging

import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws";  const example = new aws.cloudwatch.LogGroup("example", {  name: "/aws/lambda/example_function",  retentionInDays: 14,  tags: {  Environment: "production",  Application: "example",  }, }); const exampleFunction = new aws.lambda.Function("example", {  code: new pulumi.asset.FileArchive("function.zip"),  name: "example_function",  role: exampleAwsIamRole.arn,  handler: "index.handler",  runtime: aws.lambda.Runtime.NodeJS20dX,  loggingConfig: {  logFormat: "JSON",  applicationLogLevel: "INFO",  systemLogLevel: "WARN",  }, }, {  dependsOn: [example], });

import pulumi import pulumi_aws as aws  example = aws.cloudwatch.LogGroup("example",  name="/aws/lambda/example_function",  retention_in_days=14,  tags={  "Environment": "production",  "Application": "example",  }) example_function = aws.lambda_.Function("example",  code=pulumi.FileArchive("function.zip"),  name="example_function",  role=example_aws_iam_role["arn"],  handler="index.handler",  runtime=aws.lambda_.Runtime.NODE_JS20D_X,  logging_config={  "log_format": "JSON",  "application_log_level": "INFO",  "system_log_level": "WARN",  },  opts = pulumi.ResourceOptions(depends_on=[example]))

package main  import ( "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/cloudwatch" "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" )  func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{ Name: pulumi.String("/aws/lambda/example_function"), RetentionInDays: pulumi.Int(14), Tags: pulumi.StringMap{ "Environment": pulumi.String("production"), "Application": pulumi.String("example"), }, }) if err != nil { return err } _, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{ Code: pulumi.NewFileArchive("function.zip"), Name: pulumi.String("example_function"), Role: pulumi.Any(exampleAwsIamRole.Arn), Handler: pulumi.String("index.handler"), Runtime: pulumi.String(lambda.RuntimeNodeJS20dX), LoggingConfig: &lambda.FunctionLoggingConfigArgs{ LogFormat: pulumi.String("JSON"), ApplicationLogLevel: pulumi.String("INFO"), SystemLogLevel: pulumi.String("WARN"), }, }, pulumi.DependsOn([]pulumi.Resource{ example, })) if err != nil { return err } return nil }) }

using System.Collections.Generic; using System.Linq; using Pulumi; using Aws = Pulumi.Aws;  return await Deployment.RunAsync(() => {  var example = new Aws.CloudWatch.LogGroup("example", new()  {  Name = "/aws/lambda/example_function",  RetentionInDays = 14,  Tags =  {  { "Environment", "production" },  { "Application", "example" },  },  });   var exampleFunction = new Aws.Lambda.Function("example", new()  {  Code = new FileArchive("function.zip"),  Name = "example_function",  Role = exampleAwsIamRole.Arn,  Handler = "index.handler",  Runtime = Aws.Lambda.Runtime.NodeJS20dX,  LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs  {  LogFormat = "JSON",  ApplicationLogLevel = "INFO",  SystemLogLevel = "WARN",  },  }, new CustomResourceOptions  {  DependsOn =  {  example,  },  });  });

package generated_program;  import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.cloudwatch.LogGroup; import com.pulumi.aws.cloudwatch.LogGroupArgs; import com.pulumi.aws.lambda.Function; import com.pulumi.aws.lambda.FunctionArgs; import com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs; import com.pulumi.asset.FileArchive; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths;  public class App {  public static void main(String[] args) {  Pulumi.run(App::stack);  }   public static void stack(Context ctx) {  var example = new LogGroup("example", LogGroupArgs.builder()  .name("/aws/lambda/example_function")  .retentionInDays(14)  .tags(Map.ofEntries(  Map.entry("Environment", "production"),  Map.entry("Application", "example")  ))  .build());   var exampleFunction = new Function("exampleFunction", FunctionArgs.builder()  .code(new FileArchive("function.zip"))  .name("example_function")  .role(exampleAwsIamRole.arn())  .handler("index.handler")  .runtime("nodejs20.x")  .loggingConfig(FunctionLoggingConfigArgs.builder()  .logFormat("JSON")  .applicationLogLevel("INFO")  .systemLogLevel("WARN")  .build())  .build(), CustomResourceOptions.builder()  .dependsOn(example)  .build());   } }

resources:  example:  type: aws:cloudwatch:LogGroup  properties:  name: /aws/lambda/example_function  retentionInDays: 14  tags:  Environment: production  Application: example  exampleFunction:  type: aws:lambda:Function  name: example  properties:  code:  fn::FileArchive: function.zip  name: example_function  role: ${exampleAwsIamRole.arn}  handler: index.handler  runtime: nodejs20.x  loggingConfig:  logFormat: JSON  applicationLogLevel: INFO  systemLogLevel: WARN  options:  dependsOn:  - ${example}

Function with logging to S3 or Data Firehose

Required Resources

An S3 bucket or Data Firehose delivery stream to store the logs.
A CloudWatch Log Group with:
- log_group_class = "DELIVERY"
- A subscription filter whose destination_arn points to the S3 bucket or the Data Firehose delivery stream.
IAM roles:
- Assumed by the logs.amazonaws.com service to deliver logs to the S3 bucket or Data Firehose delivery stream.
- Assumed by the lambda.amazonaws.com service to send logs to CloudWatch Logs
A Lambda function:
- In the logging_configuration, specify the name of the Log Group created above using the log_group field
- No special configuration is required to use S3 or Firehose as the log destination

For more details, see Sending Lambda function logs to Amazon S3.

Example: Exporting Lambda Logs to S3 Bucket

import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws";  const lambdaFunctionName = "lambda-log-export-example"; const lambdaLogExportBucket = new aws.s3.Bucket("lambda_log_export", {bucket: `${lambdaFunctionName}-bucket`}); const _export = new aws.cloudwatch.LogGroup("export", {  name: `/aws/lambda/${lambdaFunctionName}`,  logGroupClass: "DELIVERY", }); const logsAssumeRole = aws.iam.getPolicyDocument({  statements: [{  actions: ["sts:AssumeRole"],  effect: "Allow",  principals: [{  type: "Service",  identifiers: ["logs.amazonaws.com"],  }],  }], }); const logsLogExport = new aws.iam.Role("logs_log_export", {  name: `${lambdaFunctionName}-lambda-log-export-role`,  assumeRolePolicy: logsAssumeRole.then(logsAssumeRole => logsAssumeRole.json), }); const lambdaLogExport = aws.iam.getPolicyDocumentOutput({  statements: [{  actions: ["s3:PutObject"],  effect: "Allow",  resources: [pulumi.interpolate`${lambdaLogExportBucket.arn}/*`],  }], }); const lambdaLogExportRolePolicy = new aws.iam.RolePolicy("lambda_log_export", {  policy: lambdaLogExport.apply(lambdaLogExport => lambdaLogExport.json),  role: logsLogExport.name, }); const lambdaLogExportLogSubscriptionFilter = new aws.cloudwatch.LogSubscriptionFilter("lambda_log_export", {  name: `${lambdaFunctionName}-filter`,  logGroup: _export.name,  filterPattern: "",  destinationArn: lambdaLogExportBucket.arn,  roleArn: logsLogExport.arn, }); const logExport = new aws.lambda.Function("log_export", {  name: lambdaFunctionName,  handler: "index.lambda_handler",  runtime: aws.lambda.Runtime.Python3d13,  role: example.arn,  code: new pulumi.asset.FileArchive("function.zip"),  loggingConfig: {  logFormat: "Text",  logGroup: _export.name,  }, }, {  dependsOn: [_export], });

import pulumi import pulumi_aws as aws  lambda_function_name = "lambda-log-export-example" lambda_log_export_bucket = aws.s3.Bucket("lambda_log_export", bucket=f"{lambda_function_name}-bucket") export = aws.cloudwatch.LogGroup("export",  name=f"/aws/lambda/{lambda_function_name}",  log_group_class="DELIVERY") logs_assume_role = aws.iam.get_policy_document(statements=[{  "actions": ["sts:AssumeRole"],  "effect": "Allow",  "principals": [{  "type": "Service",  "identifiers": ["logs.amazonaws.com"],  }], }]) logs_log_export = aws.iam.Role("logs_log_export",  name=f"{lambda_function_name}-lambda-log-export-role",  assume_role_policy=logs_assume_role.json) lambda_log_export = aws.iam.get_policy_document_output(statements=[{  "actions": ["s3:PutObject"],  "effect": "Allow",  "resources": [lambda_log_export_bucket.arn.apply(lambda arn: f"{arn}/*")], }]) lambda_log_export_role_policy = aws.iam.RolePolicy("lambda_log_export",  policy=lambda_log_export.json,  role=logs_log_export.name) lambda_log_export_log_subscription_filter = aws.cloudwatch.LogSubscriptionFilter("lambda_log_export",  name=f"{lambda_function_name}-filter",  log_group=export.name,  filter_pattern="",  destination_arn=lambda_log_export_bucket.arn,  role_arn=logs_log_export.arn) log_export = aws.lambda_.Function("log_export",  name=lambda_function_name,  handler="index.lambda_handler",  runtime=aws.lambda_.Runtime.PYTHON3D13,  role=example["arn"],  code=pulumi.FileArchive("function.zip"),  logging_config={  "log_format": "Text",  "log_group": export.name,  },  opts = pulumi.ResourceOptions(depends_on=[export]))

package main  import ( "fmt"  "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/cloudwatch" "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam" "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda" "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" )  func main() { pulumi.Run(func(ctx *pulumi.Context) error { lambdaFunctionName := "lambda-log-export-example" lambdaLogExportBucket, err := s3.NewBucket(ctx, "lambda_log_export", &s3.BucketArgs{ Bucket: pulumi.Sprintf("%v-bucket", lambdaFunctionName), }) if err != nil { return err } export, err := cloudwatch.NewLogGroup(ctx, "export", &cloudwatch.LogGroupArgs{ Name: pulumi.Sprintf("/aws/lambda/%v", lambdaFunctionName), LogGroupClass: pulumi.String("DELIVERY"), }) if err != nil { return err } logsAssumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ Statements: []iam.GetPolicyDocumentStatement{ { Actions: []string{ "sts:AssumeRole", }, Effect: pulumi.StringRef("Allow"), Principals: []iam.GetPolicyDocumentStatementPrincipal{ { Type: "Service", Identifiers: []string{ "logs.amazonaws.com", }, }, }, }, }, }, nil) if err != nil { return err } logsLogExport, err := iam.NewRole(ctx, "logs_log_export", &iam.RoleArgs{ Name: pulumi.Sprintf("%v-lambda-log-export-role", lambdaFunctionName), AssumeRolePolicy: pulumi.String(logsAssumeRole.Json), }) if err != nil { return err } lambdaLogExport := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{ Statements: iam.GetPolicyDocumentStatementArray{ &iam.GetPolicyDocumentStatementArgs{ Actions: pulumi.StringArray{ pulumi.String("s3:PutObject"), }, Effect: pulumi.String("Allow"), Resources: pulumi.StringArray{ lambdaLogExportBucket.Arn.ApplyT(func(arn string) (string, error) { return fmt.Sprintf("%v/*", arn), nil }).(pulumi.StringOutput), }, }, }, }, nil) _, err = iam.NewRolePolicy(ctx, "lambda_log_export", &iam.RolePolicyArgs{ Policy: pulumi.String(lambdaLogExport.ApplyT(func(lambdaLogExport iam.GetPolicyDocumentResult) (*string, error) { return &lambdaLogExport.Json, nil }).(pulumi.StringPtrOutput)), Role: logsLogExport.Name, }) if err != nil { return err } _, err = cloudwatch.NewLogSubscriptionFilter(ctx, "lambda_log_export", &cloudwatch.LogSubscriptionFilterArgs{ Name: pulumi.Sprintf("%v-filter", lambdaFunctionName), LogGroup: export.Name, FilterPattern: pulumi.String(""), DestinationArn: lambdaLogExportBucket.Arn, RoleArn: logsLogExport.Arn, }) if err != nil { return err } _, err = lambda.NewFunction(ctx, "log_export", &lambda.FunctionArgs{ Name: pulumi.String(lambdaFunctionName), Handler: pulumi.String("index.lambda_handler"), Runtime: pulumi.String(lambda.RuntimePython3d13), Role: pulumi.Any(example.Arn), Code: pulumi.NewFileArchive("function.zip"), LoggingConfig: &lambda.FunctionLoggingConfigArgs{ LogFormat: pulumi.String("Text"), LogGroup: export.Name, }, }, pulumi.DependsOn([]pulumi.Resource{ export, })) if err != nil { return err } return nil }) }

using System.Collections.Generic; using System.Linq; using Pulumi; using Aws = Pulumi.Aws;  return await Deployment.RunAsync(() => {  var lambdaFunctionName = "lambda-log-export-example";   var lambdaLogExportBucket = new Aws.S3.Bucket("lambda_log_export", new()  {  BucketName = $"{lambdaFunctionName}-bucket",  });   var export = new Aws.CloudWatch.LogGroup("export", new()  {  Name = $"/aws/lambda/{lambdaFunctionName}",  LogGroupClass = "DELIVERY",  });   var logsAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()  {  Statements = new[]  {  new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs  {  Actions = new[]  {  "sts:AssumeRole",  },  Effect = "Allow",  Principals = new[]  {  new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs  {  Type = "Service",  Identifiers = new[]  {  "logs.amazonaws.com",  },  },  },  },  },  });   var logsLogExport = new Aws.Iam.Role("logs_log_export", new()  {  Name = $"{lambdaFunctionName}-lambda-log-export-role",  AssumeRolePolicy = logsAssumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),  });   var lambdaLogExport = Aws.Iam.GetPolicyDocument.Invoke(new()  {  Statements = new[]  {  new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs  {  Actions = new[]  {  "s3:PutObject",  },  Effect = "Allow",  Resources = new[]  {  $"{lambdaLogExportBucket.Arn}/*",  },  },  },  });   var lambdaLogExportRolePolicy = new Aws.Iam.RolePolicy("lambda_log_export", new()  {  Policy = lambdaLogExport.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),  Role = logsLogExport.Name,  });   var lambdaLogExportLogSubscriptionFilter = new Aws.CloudWatch.LogSubscriptionFilter("lambda_log_export", new()  {  Name = $"{lambdaFunctionName}-filter",  LogGroup = export.Name,  FilterPattern = "",  DestinationArn = lambdaLogExportBucket.Arn,  RoleArn = logsLogExport.Arn,  });   var logExport = new Aws.Lambda.Function("log_export", new()  {  Name = lambdaFunctionName,  Handler = "index.lambda_handler",  Runtime = Aws.Lambda.Runtime.Python3d13,  Role = example.Arn,  Code = new FileArchive("function.zip"),  LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs  {  LogFormat = "Text",  LogGroup = export.Name,  },  }, new CustomResourceOptions  {  DependsOn =  {  export,  },  });  });

package generated_program;  import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.s3.Bucket; import com.pulumi.aws.s3.BucketArgs; import com.pulumi.aws.cloudwatch.LogGroup; import com.pulumi.aws.cloudwatch.LogGroupArgs; import com.pulumi.aws.iam.IamFunctions; import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs; import com.pulumi.aws.iam.Role; import com.pulumi.aws.iam.RoleArgs; import com.pulumi.aws.iam.RolePolicy; import com.pulumi.aws.iam.RolePolicyArgs; import com.pulumi.aws.cloudwatch.LogSubscriptionFilter; import com.pulumi.aws.cloudwatch.LogSubscriptionFilterArgs; import com.pulumi.aws.lambda.Function; import com.pulumi.aws.lambda.FunctionArgs; import com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs; import com.pulumi.asset.FileArchive; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths;  public class App {  public static void main(String[] args) {  Pulumi.run(App::stack);  }   public static void stack(Context ctx) {  final var lambdaFunctionName = "lambda-log-export-example";   var lambdaLogExportBucket = new Bucket("lambdaLogExportBucket", BucketArgs.builder()  .bucket(String.format("%s-bucket", lambdaFunctionName))  .build());   var export = new LogGroup("export", LogGroupArgs.builder()  .name(String.format("/aws/lambda/%s", lambdaFunctionName))  .logGroupClass("DELIVERY")  .build());   final var logsAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()  .statements(GetPolicyDocumentStatementArgs.builder()  .actions("sts:AssumeRole")  .effect("Allow")  .principals(GetPolicyDocumentStatementPrincipalArgs.builder()  .type("Service")  .identifiers("logs.amazonaws.com")  .build())  .build())  .build());   var logsLogExport = new Role("logsLogExport", RoleArgs.builder()  .name(String.format("%s-lambda-log-export-role", lambdaFunctionName))  .assumeRolePolicy(logsAssumeRole.json())  .build());   final var lambdaLogExport = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()  .statements(GetPolicyDocumentStatementArgs.builder()  .actions("s3:PutObject")  .effect("Allow")  .resources(lambdaLogExportBucket.arn().applyValue(_arn -> String.format("%s/*", _arn)))  .build())  .build());   var lambdaLogExportRolePolicy = new RolePolicy("lambdaLogExportRolePolicy", RolePolicyArgs.builder()  .policy(lambdaLogExport.applyValue(_lambdaLogExport -> _lambdaLogExport.json()))  .role(logsLogExport.name())  .build());   var lambdaLogExportLogSubscriptionFilter = new LogSubscriptionFilter("lambdaLogExportLogSubscriptionFilter", LogSubscriptionFilterArgs.builder()  .name(String.format("%s-filter", lambdaFunctionName))  .logGroup(export.name())  .filterPattern("")  .destinationArn(lambdaLogExportBucket.arn())  .roleArn(logsLogExport.arn())  .build());   var logExport = new Function("logExport", FunctionArgs.builder()  .name(lambdaFunctionName)  .handler("index.lambda_handler")  .runtime("python3.13")  .role(example.arn())  .code(new FileArchive("function.zip"))  .loggingConfig(FunctionLoggingConfigArgs.builder()  .logFormat("Text")  .logGroup(export.name())  .build())  .build(), CustomResourceOptions.builder()  .dependsOn(export)  .build());   } }

resources:  lambdaLogExportBucket:  type: aws:s3:Bucket  name: lambda_log_export  properties:  bucket: ${lambdaFunctionName}-bucket  export:  type: aws:cloudwatch:LogGroup  properties:  name: /aws/lambda/${lambdaFunctionName}  logGroupClass: DELIVERY  logsLogExport:  type: aws:iam:Role  name: logs_log_export  properties:  name: ${lambdaFunctionName}-lambda-log-export-role  assumeRolePolicy: ${logsAssumeRole.json}  lambdaLogExportRolePolicy:  type: aws:iam:RolePolicy  name: lambda_log_export  properties:  policy: ${lambdaLogExport.json}  role: ${logsLogExport.name}  lambdaLogExportLogSubscriptionFilter:  type: aws:cloudwatch:LogSubscriptionFilter  name: lambda_log_export  properties:  name: ${lambdaFunctionName}-filter  logGroup: ${export.name}  filterPattern: ""  destinationArn: ${lambdaLogExportBucket.arn}  roleArn: ${logsLogExport.arn}  logExport:  type: aws:lambda:Function  name: log_export  properties:  name: ${lambdaFunctionName}  handler: index.lambda_handler  runtime: python3.13  role: ${example.arn}  code:  fn::FileArchive: function.zip  loggingConfig:  logFormat: Text  logGroup: ${export.name}  options:  dependsOn:  - ${export} variables:  lambdaFunctionName: lambda-log-export-example  logsAssumeRole:  fn::invoke:  function: aws:iam:getPolicyDocument  arguments:  statements:  - actions:  - sts:AssumeRole  effect: Allow  principals:  - type: Service  identifiers:  - logs.amazonaws.com  lambdaLogExport:  fn::invoke:  function: aws:iam:getPolicyDocument  arguments:  statements:  - actions:  - s3:PutObject  effect: Allow  resources:  - ${lambdaLogExportBucket.arn}/*

Function with Error Handling

import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws";  // Main Lambda function const example = new aws.lambda.Function("example", {  code: new pulumi.asset.FileArchive("function.zip"),  name: "example_function",  role: exampleAwsIamRole.arn,  handler: "index.handler",  runtime: aws.lambda.Runtime.NodeJS20dX,  deadLetterConfig: {  targetArn: dlq.arn,  }, }); // Event invoke configuration for retries const exampleFunctionEventInvokeConfig = new aws.lambda.FunctionEventInvokeConfig("example", {  functionName: example.name,  maximumEventAgeInSeconds: 60,  maximumRetryAttempts: 2,  destinationConfig: {  onFailure: {  destination: dlq.arn,  },  onSuccess: {  destination: success.arn,  },  }, });

import pulumi import pulumi_aws as aws  # Main Lambda function example = aws.lambda_.Function("example",  code=pulumi.FileArchive("function.zip"),  name="example_function",  role=example_aws_iam_role["arn"],  handler="index.handler",  runtime=aws.lambda_.Runtime.NODE_JS20D_X,  dead_letter_config={  "target_arn": dlq["arn"],  }) # Event invoke configuration for retries example_function_event_invoke_config = aws.lambda_.FunctionEventInvokeConfig("example",  function_name=example.name,  maximum_event_age_in_seconds=60,  maximum_retry_attempts=2,  destination_config={  "on_failure": {  "destination": dlq["arn"],  },  "on_success": {  "destination": success["arn"],  },  })

package main  import ( "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" )  func main() { pulumi.Run(func(ctx *pulumi.Context) error { // Main Lambda function example, err := lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{ Code: pulumi.NewFileArchive("function.zip"), Name: pulumi.String("example_function"), Role: pulumi.Any(exampleAwsIamRole.Arn), Handler: pulumi.String("index.handler"), Runtime: pulumi.String(lambda.RuntimeNodeJS20dX), DeadLetterConfig: &lambda.FunctionDeadLetterConfigArgs{ TargetArn: pulumi.Any(dlq.Arn), }, }) if err != nil { return err } // Event invoke configuration for retries _, err = lambda.NewFunctionEventInvokeConfig(ctx, "example", &lambda.FunctionEventInvokeConfigArgs{ FunctionName: example.Name, MaximumEventAgeInSeconds: pulumi.Int(60), MaximumRetryAttempts: pulumi.Int(2), DestinationConfig: &lambda.FunctionEventInvokeConfigDestinationConfigArgs{ OnFailure: &lambda.FunctionEventInvokeConfigDestinationConfigOnFailureArgs{ Destination: pulumi.Any(dlq.Arn), }, OnSuccess: &lambda.FunctionEventInvokeConfigDestinationConfigOnSuccessArgs{ Destination: pulumi.Any(success.Arn), }, }, }) if err != nil { return err } return nil }) }

using System.Collections.Generic; using System.Linq; using Pulumi; using Aws = Pulumi.Aws;  return await Deployment.RunAsync(() => {  // Main Lambda function  var example = new Aws.Lambda.Function("example", new()  {  Code = new FileArchive("function.zip"),  Name = "example_function",  Role = exampleAwsIamRole.Arn,  Handler = "index.handler",  Runtime = Aws.Lambda.Runtime.NodeJS20dX,  DeadLetterConfig = new Aws.Lambda.Inputs.FunctionDeadLetterConfigArgs  {  TargetArn = dlq.Arn,  },  });   // Event invoke configuration for retries  var exampleFunctionEventInvokeConfig = new Aws.Lambda.FunctionEventInvokeConfig("example", new()  {  FunctionName = example.Name,  MaximumEventAgeInSeconds = 60,  MaximumRetryAttempts = 2,  DestinationConfig = new Aws.Lambda.Inputs.FunctionEventInvokeConfigDestinationConfigArgs  {  OnFailure = new Aws.Lambda.Inputs.FunctionEventInvokeConfigDestinationConfigOnFailureArgs  {  Destination = dlq.Arn,  },  OnSuccess = new Aws.Lambda.Inputs.FunctionEventInvokeConfigDestinationConfigOnSuccessArgs  {  Destination = success.Arn,  },  },  });  });

package generated_program;  import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.lambda.Function; import com.pulumi.aws.lambda.FunctionArgs; import com.pulumi.aws.lambda.inputs.FunctionDeadLetterConfigArgs; import com.pulumi.aws.lambda.FunctionEventInvokeConfig; import com.pulumi.aws.lambda.FunctionEventInvokeConfigArgs; import com.pulumi.aws.lambda.inputs.FunctionEventInvokeConfigDestinationConfigArgs; import com.pulumi.aws.lambda.inputs.FunctionEventInvokeConfigDestinationConfigOnFailureArgs; import com.pulumi.aws.lambda.inputs.FunctionEventInvokeConfigDestinationConfigOnSuccessArgs; import com.pulumi.asset.FileArchive; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths;  public class App {  public static void main(String[] args) {  Pulumi.run(App::stack);  }   public static void stack(Context ctx) {  // Main Lambda function  var example = new Function("example", FunctionArgs.builder()  .code(new FileArchive("function.zip"))  .name("example_function")  .role(exampleAwsIamRole.arn())  .handler("index.handler")  .runtime("nodejs20.x")  .deadLetterConfig(FunctionDeadLetterConfigArgs.builder()  .targetArn(dlq.arn())  .build())  .build());   // Event invoke configuration for retries  var exampleFunctionEventInvokeConfig = new FunctionEventInvokeConfig("exampleFunctionEventInvokeConfig", FunctionEventInvokeConfigArgs.builder()  .functionName(example.name())  .maximumEventAgeInSeconds(60)  .maximumRetryAttempts(2)  .destinationConfig(FunctionEventInvokeConfigDestinationConfigArgs.builder()  .onFailure(FunctionEventInvokeConfigDestinationConfigOnFailureArgs.builder()  .destination(dlq.arn())  .build())  .onSuccess(FunctionEventInvokeConfigDestinationConfigOnSuccessArgs.builder()  .destination(success.arn())  .build())  .build())  .build());   } }

resources:  # Main Lambda function  example:  type: aws:lambda:Function  properties:  code:  fn::FileArchive: function.zip  name: example_function  role: ${exampleAwsIamRole.arn}  handler: index.handler  runtime: nodejs20.x  deadLetterConfig:  targetArn: ${dlq.arn}  # Event invoke configuration for retries  exampleFunctionEventInvokeConfig:  type: aws:lambda:FunctionEventInvokeConfig  name: example  properties:  functionName: ${example.name}  maximumEventAgeInSeconds: 60  maximumRetryAttempts: 2  destinationConfig:  onFailure:  destination: ${dlq.arn}  onSuccess:  destination: ${success.arn}

CloudWatch Logging and Permissions

import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws";  const config = new pulumi.Config(); // Name of the Lambda function const functionName = config.get("functionName") || "example_function"; // CloudWatch Log Group with retention const example = new aws.cloudwatch.LogGroup("example", {  name: `/aws/lambda/${functionName}`,  retentionInDays: 14,  tags: {  Environment: "production",  Function: functionName,  }, }); // Lambda execution role const exampleRole = new aws.iam.Role("example", {  name: "lambda_execution_role",  assumeRolePolicy: JSON.stringify({  Version: "2012-10-17",  Statement: [{  Action: "sts:AssumeRole",  Effect: "Allow",  Principal: {  Service: "lambda.amazonaws.com",  },  }],  }), }); // CloudWatch Logs policy const lambdaLogging = new aws.iam.Policy("lambda_logging", {  name: "lambda_logging",  path: "/",  description: "IAM policy for logging from Lambda",  policy: JSON.stringify({  Version: "2012-10-17",  Statement: [{  Effect: "Allow",  Action: [  "logs:CreateLogGroup",  "logs:CreateLogStream",  "logs:PutLogEvents",  ],  Resource: ["arn:aws:logs:*:*:*"],  }],  }), }); // Attach logging policy to Lambda role const lambdaLogs = new aws.iam.RolePolicyAttachment("lambda_logs", {  role: exampleRole.name,  policyArn: lambdaLogging.arn, }); // Lambda function with logging const exampleFunction = new aws.lambda.Function("example", {  code: new pulumi.asset.FileArchive("function.zip"),  name: functionName,  role: exampleRole.arn,  handler: "index.handler",  runtime: aws.lambda.Runtime.NodeJS20dX,  loggingConfig: {  logFormat: "JSON",  applicationLogLevel: "INFO",  systemLogLevel: "WARN",  }, }, {  dependsOn: [  lambdaLogs,  example,  ], });

import pulumi import json import pulumi_aws as aws  config = pulumi.Config() # Name of the Lambda function function_name = config.get("functionName") if function_name is None:  function_name = "example_function" # CloudWatch Log Group with retention example = aws.cloudwatch.LogGroup("example",  name=f"/aws/lambda/{function_name}",  retention_in_days=14,  tags={  "Environment": "production",  "Function": function_name,  }) # Lambda execution role example_role = aws.iam.Role("example",  name="lambda_execution_role",  assume_role_policy=json.dumps({  "Version": "2012-10-17",  "Statement": [{  "Action": "sts:AssumeRole",  "Effect": "Allow",  "Principal": {  "Service": "lambda.amazonaws.com",  },  }],  })) # CloudWatch Logs policy lambda_logging = aws.iam.Policy("lambda_logging",  name="lambda_logging",  path="/",  description="IAM policy for logging from Lambda",  policy=json.dumps({  "Version": "2012-10-17",  "Statement": [{  "Effect": "Allow",  "Action": [  "logs:CreateLogGroup",  "logs:CreateLogStream",  "logs:PutLogEvents",  ],  "Resource": ["arn:aws:logs:*:*:*"],  }],  })) # Attach logging policy to Lambda role lambda_logs = aws.iam.RolePolicyAttachment("lambda_logs",  role=example_role.name,  policy_arn=lambda_logging.arn) # Lambda function with logging example_function = aws.lambda_.Function("example",  code=pulumi.FileArchive("function.zip"),  name=function_name,  role=example_role.arn,  handler="index.handler",  runtime=aws.lambda_.Runtime.NODE_JS20D_X,  logging_config={  "log_format": "JSON",  "application_log_level": "INFO",  "system_log_level": "WARN",  },  opts = pulumi.ResourceOptions(depends_on=[  lambda_logs,  example,  ]))

package main  import ( "encoding/json" "fmt"  "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/cloudwatch" "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam" "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" )  func main() { pulumi.Run(func(ctx *pulumi.Context) error { cfg := config.New(ctx, "") // Name of the Lambda function functionName := "example_function" if param := cfg.Get("functionName"); param != "" { functionName = param } // CloudWatch Log Group with retention example, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{ Name: pulumi.Sprintf("/aws/lambda/%v", functionName), RetentionInDays: pulumi.Int(14), Tags: pulumi.StringMap{ "Environment": pulumi.String("production"), "Function": pulumi.String(functionName), }, }) if err != nil { return err } tmpJSON0, err := json.Marshal(map[string]interface{}{ "Version": "2012-10-17", "Statement": []map[string]interface{}{ map[string]interface{}{ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": map[string]interface{}{ "Service": "lambda.amazonaws.com", }, }, }, }) if err != nil { return err } json0 := string(tmpJSON0) // Lambda execution role exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{ Name: pulumi.String("lambda_execution_role"), AssumeRolePolicy: pulumi.String(json0), }) if err != nil { return err } tmpJSON1, err := json.Marshal(map[string]interface{}{ "Version": "2012-10-17", "Statement": []map[string]interface{}{ map[string]interface{}{ "Effect": "Allow", "Action": []string{ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", }, "Resource": []string{ "arn:aws:logs:*:*:*", }, }, }, }) if err != nil { return err } json1 := string(tmpJSON1) // CloudWatch Logs policy lambdaLogging, err := iam.NewPolicy(ctx, "lambda_logging", &iam.PolicyArgs{ Name: pulumi.String("lambda_logging"), Path: pulumi.String("/"), Description: pulumi.String("IAM policy for logging from Lambda"), Policy: pulumi.String(json1), }) if err != nil { return err } // Attach logging policy to Lambda role lambdaLogs, err := iam.NewRolePolicyAttachment(ctx, "lambda_logs", &iam.RolePolicyAttachmentArgs{ Role: exampleRole.Name, PolicyArn: lambdaLogging.Arn, }) if err != nil { return err } // Lambda function with logging _, err = lambda.NewFunction(ctx, "example", &lambda.FunctionArgs{ Code: pulumi.NewFileArchive("function.zip"), Name: pulumi.String(functionName), Role: exampleRole.Arn, Handler: pulumi.String("index.handler"), Runtime: pulumi.String(lambda.RuntimeNodeJS20dX), LoggingConfig: &lambda.FunctionLoggingConfigArgs{ LogFormat: pulumi.String("JSON"), ApplicationLogLevel: pulumi.String("INFO"), SystemLogLevel: pulumi.String("WARN"), }, }, pulumi.DependsOn([]pulumi.Resource{ lambdaLogs, example, })) if err != nil { return err } return nil }) }

using System.Collections.Generic; using System.Linq; using System.Text.Json; using Pulumi; using Aws = Pulumi.Aws;  return await Deployment.RunAsync(() => {  var config = new Config();  // Name of the Lambda function  var functionName = config.Get("functionName") ?? "example_function";  // CloudWatch Log Group with retention  var example = new Aws.CloudWatch.LogGroup("example", new()  {  Name = $"/aws/lambda/{functionName}",  RetentionInDays = 14,  Tags =  {  { "Environment", "production" },  { "Function", functionName },  },  });   // Lambda execution role  var exampleRole = new Aws.Iam.Role("example", new()  {  Name = "lambda_execution_role",  AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>  {  ["Version"] = "2012-10-17",  ["Statement"] = new[]  {  new Dictionary<string, object?>  {  ["Action"] = "sts:AssumeRole",  ["Effect"] = "Allow",  ["Principal"] = new Dictionary<string, object?>  {  ["Service"] = "lambda.amazonaws.com",  },  },  },  }),  });   // CloudWatch Logs policy  var lambdaLogging = new Aws.Iam.Policy("lambda_logging", new()  {  Name = "lambda_logging",  Path = "/",  Description = "IAM policy for logging from Lambda",  PolicyDocument = JsonSerializer.Serialize(new Dictionary<string, object?>  {  ["Version"] = "2012-10-17",  ["Statement"] = new[]  {  new Dictionary<string, object?>  {  ["Effect"] = "Allow",  ["Action"] = new[]  {  "logs:CreateLogGroup",  "logs:CreateLogStream",  "logs:PutLogEvents",  },  ["Resource"] = new[]  {  "arn:aws:logs:*:*:*",  },  },  },  }),  });   // Attach logging policy to Lambda role  var lambdaLogs = new Aws.Iam.RolePolicyAttachment("lambda_logs", new()  {  Role = exampleRole.Name,  PolicyArn = lambdaLogging.Arn,  });   // Lambda function with logging  var exampleFunction = new Aws.Lambda.Function("example", new()  {  Code = new FileArchive("function.zip"),  Name = functionName,  Role = exampleRole.Arn,  Handler = "index.handler",  Runtime = Aws.Lambda.Runtime.NodeJS20dX,  LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs  {  LogFormat = "JSON",  ApplicationLogLevel = "INFO",  SystemLogLevel = "WARN",  },  }, new CustomResourceOptions  {  DependsOn =  {  lambdaLogs,  example,  },  });  });

package generated_program;  import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.cloudwatch.LogGroup; import com.pulumi.aws.cloudwatch.LogGroupArgs; import com.pulumi.aws.iam.Role; import com.pulumi.aws.iam.RoleArgs; import com.pulumi.aws.iam.Policy; import com.pulumi.aws.iam.PolicyArgs; import com.pulumi.aws.iam.RolePolicyAttachment; import com.pulumi.aws.iam.RolePolicyAttachmentArgs; import com.pulumi.aws.lambda.Function; import com.pulumi.aws.lambda.FunctionArgs; import com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs; import com.pulumi.asset.FileArchive; import static com.pulumi.codegen.internal.Serialization.*; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths;  public class App {  public static void main(String[] args) {  Pulumi.run(App::stack);  }   public static void stack(Context ctx) {  final var config = ctx.config();  final var functionName = config.get("functionName").orElse("example_function");  // CloudWatch Log Group with retention  var example = new LogGroup("example", LogGroupArgs.builder()  .name(String.format("/aws/lambda/%s", functionName))  .retentionInDays(14)  .tags(Map.ofEntries(  Map.entry("Environment", "production"),  Map.entry("Function", functionName)  ))  .build());   // Lambda execution role  var exampleRole = new Role("exampleRole", RoleArgs.builder()  .name("lambda_execution_role")  .assumeRolePolicy(serializeJson(  jsonObject(  jsonProperty("Version", "2012-10-17"),  jsonProperty("Statement", jsonArray(jsonObject(  jsonProperty("Action", "sts:AssumeRole"),  jsonProperty("Effect", "Allow"),  jsonProperty("Principal", jsonObject(  jsonProperty("Service", "lambda.amazonaws.com")  ))  )))  )))  .build());   // CloudWatch Logs policy  var lambdaLogging = new Policy("lambdaLogging", PolicyArgs.builder()  .name("lambda_logging")  .path("/")  .description("IAM policy for logging from Lambda")  .policy(serializeJson(  jsonObject(  jsonProperty("Version", "2012-10-17"),  jsonProperty("Statement", jsonArray(jsonObject(  jsonProperty("Effect", "Allow"),  jsonProperty("Action", jsonArray(  "logs:CreateLogGroup",  "logs:CreateLogStream",  "logs:PutLogEvents"  )),  jsonProperty("Resource", jsonArray("arn:aws:logs:*:*:*"))  )))  )))  .build());   // Attach logging policy to Lambda role  var lambdaLogs = new RolePolicyAttachment("lambdaLogs", RolePolicyAttachmentArgs.builder()  .role(exampleRole.name())  .policyArn(lambdaLogging.arn())  .build());   // Lambda function with logging  var exampleFunction = new Function("exampleFunction", FunctionArgs.builder()  .code(new FileArchive("function.zip"))  .name(functionName)  .role(exampleRole.arn())  .handler("index.handler")  .runtime("nodejs20.x")  .loggingConfig(FunctionLoggingConfigArgs.builder()  .logFormat("JSON")  .applicationLogLevel("INFO")  .systemLogLevel("WARN")  .build())  .build(), CustomResourceOptions.builder()  .dependsOn(  lambdaLogs,  example)  .build());   } }

configuration:  # Function name variable  functionName:  type: string  default: example_function resources:  # CloudWatch Log Group with retention  example:  type: aws:cloudwatch:LogGroup  properties:  name: /aws/lambda/${functionName}  retentionInDays: 14  tags:  Environment: production  Function: ${functionName}  # Lambda execution role  exampleRole:  type: aws:iam:Role  name: example  properties:  name: lambda_execution_role  assumeRolePolicy:  fn::toJSON:  Version: 2012-10-17  Statement:  - Action: sts:AssumeRole  Effect: Allow  Principal:  Service: lambda.amazonaws.com  # CloudWatch Logs policy  lambdaLogging:  type: aws:iam:Policy  name: lambda_logging  properties:  name: lambda_logging  path: /  description: IAM policy for logging from Lambda  policy:  fn::toJSON:  Version: 2012-10-17  Statement:  - Effect: Allow  Action:  - logs:CreateLogGroup  - logs:CreateLogStream  - logs:PutLogEvents  Resource:  - arn:aws:logs:*:*:*  # Attach logging policy to Lambda role  lambdaLogs:  type: aws:iam:RolePolicyAttachment  name: lambda_logs  properties:  role: ${exampleRole.name}  policyArn: ${lambdaLogging.arn}  # Lambda function with logging  exampleFunction:  type: aws:lambda:Function  name: example  properties:  code:  fn::FileArchive: function.zip  name: ${functionName}  role: ${exampleRole.arn}  handler: index.handler  runtime: nodejs20.x  loggingConfig:  logFormat: JSON  applicationLogLevel: INFO  systemLogLevel: WARN  options:  dependsOn:  - ${lambdaLogs}  - ${example}

Specifying the Deployment Package

AWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which runtime is in use. See Runtimes for the valid values of runtime. The expected structure of the deployment package can be found in the AWS Lambda documentation for each runtime.

Once you have created your deployment package you can specify it either directly as a local file (using the filename argument) or indirectly via Amazon S3 (using the s3_bucket, s3_key and s3_object_version arguments). When providing the deployment package via S3 it may be useful to use the aws.s3.BucketObjectv2 resource to upload it.

For larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.

Create Function Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Function(name: string, args: FunctionArgs, opts?: CustomResourceOptions);

@overload def Function(resource_name: str, args: FunctionArgs, opts: Optional[ResourceOptions] = None)  @overload def Function(resource_name: str, opts: Optional[ResourceOptions] = None, role: Optional[str] = None, package_type: Optional[str] = None, region: Optional[str] = None, dead_letter_config: Optional[FunctionDeadLetterConfigArgs] = None, description: Optional[str] = None, environment: Optional[FunctionEnvironmentArgs] = None, ephemeral_storage: Optional[FunctionEphemeralStorageArgs] = None, file_system_config: Optional[FunctionFileSystemConfigArgs] = None, handler: Optional[str] = None, image_config: Optional[FunctionImageConfigArgs] = None, image_uri: Optional[str] = None, replace_security_groups_on_destroy: Optional[bool] = None, layers: Optional[Sequence[str]] = None, logging_config: Optional[FunctionLoggingConfigArgs] = None, memory_size: Optional[int] = None, name: Optional[str] = None, architectures: Optional[Sequence[str]] = None, code_signing_config_arn: Optional[str] = None, publish: Optional[bool] = None, kms_key_arn: Optional[str] = None, replacement_security_group_ids: Optional[Sequence[str]] = None, reserved_concurrent_executions: Optional[int] = None, code: Optional[pulumi.Archive] = None, runtime: Optional[Union[str, Runtime]] = None, s3_bucket: Optional[str] = None, s3_key: Optional[str] = None, s3_object_version: Optional[str] = None, skip_destroy: Optional[bool] = None, snap_start: Optional[FunctionSnapStartArgs] = None, source_code_hash: Optional[str] = None, source_kms_key_arn: Optional[str] = None, tags: Optional[Mapping[str, str]] = None, timeout: Optional[int] = None, tracing_config: Optional[FunctionTracingConfigArgs] = None, vpc_config: Optional[FunctionVpcConfigArgs] = None)

func NewFunction(ctx *Context, name string, args FunctionArgs, opts ...ResourceOption) (*Function, error)

public Function(string name, FunctionArgs args, CustomResourceOptions? opts = null)

 public Function(String name, FunctionArgs args) public Function(String name, FunctionArgs args, CustomResourceOptions options)

type: aws:lambda:Function properties: # The arguments to resource properties. options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FunctionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var examplefunctionResourceResourceFromLambdafunction = new Aws.Lambda.Function("examplefunctionResourceResourceFromLambdafunction", new() {  Role = "string",  PackageType = "string",  Region = "string",  DeadLetterConfig = new Aws.Lambda.Inputs.FunctionDeadLetterConfigArgs  {  TargetArn = "string",  },  Description = "string",  Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs  {  Variables =  {  { "string", "string" },  },  },  EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs  {  Size = 0,  },  FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs  {  Arn = "string",  LocalMountPath = "string",  },  Handler = "string",  ImageConfig = new Aws.Lambda.Inputs.FunctionImageConfigArgs  {  Commands = new[]  {  "string",  },  EntryPoints = new[]  {  "string",  },  WorkingDirectory = "string",  },  ImageUri = "string",  ReplaceSecurityGroupsOnDestroy = false,  Layers = new[]  {  "string",  },  LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs  {  LogFormat = "string",  ApplicationLogLevel = "string",  LogGroup = "string",  SystemLogLevel = "string",  },  MemorySize = 0,  Name = "string",  Architectures = new[]  {  "string",  },  CodeSigningConfigArn = "string",  Publish = false,  KmsKeyArn = "string",  ReplacementSecurityGroupIds = new[]  {  "string",  },  ReservedConcurrentExecutions = 0,  Code = new FileArchive("./path/to/archive"),  Runtime = "string",  S3Bucket = "string",  S3Key = "string",  S3ObjectVersion = "string",  SkipDestroy = false,  SnapStart = new Aws.Lambda.Inputs.FunctionSnapStartArgs  {  ApplyOn = "string",  OptimizationStatus = "string",  },  SourceCodeHash = "string",  SourceKmsKeyArn = "string",  Tags =  {  { "string", "string" },  },  Timeout = 0,  TracingConfig = new Aws.Lambda.Inputs.FunctionTracingConfigArgs  {  Mode = "string",  },  VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs  {  SecurityGroupIds = new[]  {  "string",  },  SubnetIds = new[]  {  "string",  },  Ipv6AllowedForDualStack = false,  VpcId = "string",  }, });

example, err := lambda.NewFunction(ctx, "examplefunctionResourceResourceFromLambdafunction", &lambda.FunctionArgs{ Role: pulumi.String("string"), PackageType: pulumi.String("string"), Region: pulumi.String("string"), DeadLetterConfig: &lambda.FunctionDeadLetterConfigArgs{ TargetArn: pulumi.String("string"), }, Description: pulumi.String("string"), Environment: &lambda.FunctionEnvironmentArgs{ Variables: pulumi.StringMap{ "string": pulumi.String("string"), }, }, EphemeralStorage: &lambda.FunctionEphemeralStorageArgs{ Size: pulumi.Int(0), }, FileSystemConfig: &lambda.FunctionFileSystemConfigArgs{ Arn: pulumi.String("string"), LocalMountPath: pulumi.String("string"), }, Handler: pulumi.String("string"), ImageConfig: &lambda.FunctionImageConfigArgs{ Commands: pulumi.StringArray{ pulumi.String("string"), }, EntryPoints: pulumi.StringArray{ pulumi.String("string"), }, WorkingDirectory: pulumi.String("string"), }, ImageUri: pulumi.String("string"), ReplaceSecurityGroupsOnDestroy: pulumi.Bool(false), Layers: pulumi.StringArray{ pulumi.String("string"), }, LoggingConfig: &lambda.FunctionLoggingConfigArgs{ LogFormat: pulumi.String("string"), ApplicationLogLevel: pulumi.String("string"), LogGroup: pulumi.String("string"), SystemLogLevel: pulumi.String("string"), }, MemorySize: pulumi.Int(0), Name: pulumi.String("string"), Architectures: pulumi.StringArray{ pulumi.String("string"), }, CodeSigningConfigArn: pulumi.String("string"), Publish: pulumi.Bool(false), KmsKeyArn: pulumi.String("string"), ReplacementSecurityGroupIds: pulumi.StringArray{ pulumi.String("string"), }, ReservedConcurrentExecutions: pulumi.Int(0), Code: pulumi.NewFileArchive("./path/to/archive"), Runtime: pulumi.String("string"), S3Bucket: pulumi.String("string"), S3Key: pulumi.String("string"), S3ObjectVersion: pulumi.String("string"), SkipDestroy: pulumi.Bool(false), SnapStart: &lambda.FunctionSnapStartArgs{ ApplyOn: pulumi.String("string"), OptimizationStatus: pulumi.String("string"), }, SourceCodeHash: pulumi.String("string"), SourceKmsKeyArn: pulumi.String("string"), Tags: pulumi.StringMap{ "string": pulumi.String("string"), }, Timeout: pulumi.Int(0), TracingConfig: &lambda.FunctionTracingConfigArgs{ Mode: pulumi.String("string"), }, VpcConfig: &lambda.FunctionVpcConfigArgs{ SecurityGroupIds: pulumi.StringArray{ pulumi.String("string"), }, SubnetIds: pulumi.StringArray{ pulumi.String("string"), }, Ipv6AllowedForDualStack: pulumi.Bool(false), VpcId: pulumi.String("string"), }, })

var examplefunctionResourceResourceFromLambdafunction = new com.pulumi.aws.lambda.Function("examplefunctionResourceResourceFromLambdafunction", com.pulumi.aws.lambda.FunctionArgs.builder()  .role("string")  .packageType("string")  .region("string")  .deadLetterConfig(FunctionDeadLetterConfigArgs.builder()  .targetArn("string")  .build())  .description("string")  .environment(FunctionEnvironmentArgs.builder()  .variables(Map.of("string", "string"))  .build())  .ephemeralStorage(FunctionEphemeralStorageArgs.builder()  .size(0)  .build())  .fileSystemConfig(FunctionFileSystemConfigArgs.builder()  .arn("string")  .localMountPath("string")  .build())  .handler("string")  .imageConfig(FunctionImageConfigArgs.builder()  .commands("string")  .entryPoints("string")  .workingDirectory("string")  .build())  .imageUri("string")  .replaceSecurityGroupsOnDestroy(false)  .layers("string")  .loggingConfig(FunctionLoggingConfigArgs.builder()  .logFormat("string")  .applicationLogLevel("string")  .logGroup("string")  .systemLogLevel("string")  .build())  .memorySize(0)  .name("string")  .architectures("string")  .codeSigningConfigArn("string")  .publish(false)  .kmsKeyArn("string")  .replacementSecurityGroupIds("string")  .reservedConcurrentExecutions(0)  .code(new FileArchive("./path/to/archive"))  .runtime("string")  .s3Bucket("string")  .s3Key("string")  .s3ObjectVersion("string")  .skipDestroy(false)  .snapStart(FunctionSnapStartArgs.builder()  .applyOn("string")  .optimizationStatus("string")  .build())  .sourceCodeHash("string")  .sourceKmsKeyArn("string")  .tags(Map.of("string", "string"))  .timeout(0)  .tracingConfig(FunctionTracingConfigArgs.builder()  .mode("string")  .build())  .vpcConfig(FunctionVpcConfigArgs.builder()  .securityGroupIds("string")  .subnetIds("string")  .ipv6AllowedForDualStack(false)  .vpcId("string")  .build())  .build());

examplefunction_resource_resource_from_lambdafunction = aws.lambda_.Function("examplefunctionResourceResourceFromLambdafunction",  role="string",  package_type="string",  region="string",  dead_letter_config={  "target_arn": "string",  },  description="string",  environment={  "variables": {  "string": "string",  },  },  ephemeral_storage={  "size": 0,  },  file_system_config={  "arn": "string",  "local_mount_path": "string",  },  handler="string",  image_config={  "commands": ["string"],  "entry_points": ["string"],  "working_directory": "string",  },  image_uri="string",  replace_security_groups_on_destroy=False,  layers=["string"],  logging_config={  "log_format": "string",  "application_log_level": "string",  "log_group": "string",  "system_log_level": "string",  },  memory_size=0,  name="string",  architectures=["string"],  code_signing_config_arn="string",  publish=False,  kms_key_arn="string",  replacement_security_group_ids=["string"],  reserved_concurrent_executions=0,  code=pulumi.FileArchive("./path/to/archive"),  runtime="string",  s3_bucket="string",  s3_key="string",  s3_object_version="string",  skip_destroy=False,  snap_start={  "apply_on": "string",  "optimization_status": "string",  },  source_code_hash="string",  source_kms_key_arn="string",  tags={  "string": "string",  },  timeout=0,  tracing_config={  "mode": "string",  },  vpc_config={  "security_group_ids": ["string"],  "subnet_ids": ["string"],  "ipv6_allowed_for_dual_stack": False,  "vpc_id": "string",  })

const examplefunctionResourceResourceFromLambdafunction = new aws.lambda.Function("examplefunctionResourceResourceFromLambdafunction", {  role: "string",  packageType: "string",  region: "string",  deadLetterConfig: {  targetArn: "string",  },  description: "string",  environment: {  variables: {  string: "string",  },  },  ephemeralStorage: {  size: 0,  },  fileSystemConfig: {  arn: "string",  localMountPath: "string",  },  handler: "string",  imageConfig: {  commands: ["string"],  entryPoints: ["string"],  workingDirectory: "string",  },  imageUri: "string",  replaceSecurityGroupsOnDestroy: false,  layers: ["string"],  loggingConfig: {  logFormat: "string",  applicationLogLevel: "string",  logGroup: "string",  systemLogLevel: "string",  },  memorySize: 0,  name: "string",  architectures: ["string"],  codeSigningConfigArn: "string",  publish: false,  kmsKeyArn: "string",  replacementSecurityGroupIds: ["string"],  reservedConcurrentExecutions: 0,  code: new pulumi.asset.FileArchive("./path/to/archive"),  runtime: "string",  s3Bucket: "string",  s3Key: "string",  s3ObjectVersion: "string",  skipDestroy: false,  snapStart: {  applyOn: "string",  optimizationStatus: "string",  },  sourceCodeHash: "string",  sourceKmsKeyArn: "string",  tags: {  string: "string",  },  timeout: 0,  tracingConfig: {  mode: "string",  },  vpcConfig: {  securityGroupIds: ["string"],  subnetIds: ["string"],  ipv6AllowedForDualStack: false,  vpcId: "string",  }, });

type: aws:lambda:Function properties:  architectures:  - string  code:  fn::FileArchive: ./path/to/archive  codeSigningConfigArn: string  deadLetterConfig:  targetArn: string  description: string  environment:  variables:  string: string  ephemeralStorage:  size: 0  fileSystemConfig:  arn: string  localMountPath: string  handler: string  imageConfig:  commands:  - string  entryPoints:  - string  workingDirectory: string  imageUri: string  kmsKeyArn: string  layers:  - string  loggingConfig:  applicationLogLevel: string  logFormat: string  logGroup: string  systemLogLevel: string  memorySize: 0  name: string  packageType: string  publish: false  region: string  replaceSecurityGroupsOnDestroy: false  replacementSecurityGroupIds:  - string  reservedConcurrentExecutions: 0  role: string  runtime: string  s3Bucket: string  s3Key: string  s3ObjectVersion: string  skipDestroy: false  snapStart:  applyOn: string  optimizationStatus: string  sourceCodeHash: string  sourceKmsKeyArn: string  tags:  string: string  timeout: 0  tracingConfig:  mode: string  vpcConfig:  ipv6AllowedForDualStack: false  securityGroupIds:  - string  subnetIds:  - string  vpcId: string

Function Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Function resource accepts the following input properties:

Role string

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

Architectures List<string>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

Code Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

CodeSigningConfigArn string

ARN of a code-signing configuration to enable code signing for this function.

DeadLetterConfig FunctionDeadLetterConfig

Configuration block for dead letter queue. See below.

Description string

Description of what your Lambda Function does.

Environment FunctionEnvironment

Configuration block for environment variables. See below.

EphemeralStorage FunctionEphemeralStorage

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

FileSystemConfig FunctionFileSystemConfig

Configuration block for EFS file system. See below.

Handler string

Function entry point in your code. Required if package_type is Zip.

ImageConfig FunctionImageConfig

Container image configuration values. See below.

ImageUri string

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

KmsKeyArn string

ARN of the AWS Key Management Service key used to encrypt environment variables. If not provided when environment variables are in use, AWS Lambda uses a default service key. If provided when environment variables are not in use, the AWS Lambda API does not save this configuration.

Layers List<string>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

LoggingConfig FunctionLoggingConfig

Configuration block for advanced logging settings. See below.

MemorySize int

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

Name string

Unique name for your Lambda Function.

PackageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

Publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

Region string

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

ReplaceSecurityGroupsOnDestroy bool

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

ReplacementSecurityGroupIds List<string>

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

ReservedConcurrentExecutions int

Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1.

Runtime string | Pulumi.Aws.Lambda.Runtime

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

S3Bucket string

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

S3Key string

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

S3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

SkipDestroy bool

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

SnapStart FunctionSnapStart

Configuration block for snap start settings. See below.

SourceCodeHash string

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

SourceKmsKeyArn string

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

Tags Dictionary<string, string>

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

TracingConfig FunctionTracingConfig

Configuration block for X-Ray tracing. See below.

VpcConfig FunctionVpcConfig

Configuration block for VPC. See below.

Role string

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

Architectures []string

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

Code pulumi.Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

CodeSigningConfigArn string

ARN of a code-signing configuration to enable code signing for this function.

DeadLetterConfig FunctionDeadLetterConfigArgs

Configuration block for dead letter queue. See below.

Description string

Description of what your Lambda Function does.

Environment FunctionEnvironmentArgs

Configuration block for environment variables. See below.

EphemeralStorage FunctionEphemeralStorageArgs

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

FileSystemConfig FunctionFileSystemConfigArgs

Configuration block for EFS file system. See below.

Handler string

Function entry point in your code. Required if package_type is Zip.

ImageConfig FunctionImageConfigArgs

Container image configuration values. See below.

ImageUri string

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

KmsKeyArn string

Layers []string

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

LoggingConfig FunctionLoggingConfigArgs

Configuration block for advanced logging settings. See below.

MemorySize int

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

Name string

Unique name for your Lambda Function.

PackageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

Publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

Region string

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

ReplaceSecurityGroupsOnDestroy bool

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

ReplacementSecurityGroupIds []string

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

ReservedConcurrentExecutions int

Runtime string | Runtime

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

S3Bucket string

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

S3Key string

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

S3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

SkipDestroy bool

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

SnapStart FunctionSnapStartArgs

Configuration block for snap start settings. See below.

SourceCodeHash string

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

SourceKmsKeyArn string

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

Tags map[string]string

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

TracingConfig FunctionTracingConfigArgs

Configuration block for X-Ray tracing. See below.

VpcConfig FunctionVpcConfigArgs

Configuration block for VPC. See below.

role String

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

architectures List<String>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

code Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

codeSigningConfigArn String

ARN of a code-signing configuration to enable code signing for this function.

deadLetterConfig FunctionDeadLetterConfig

Configuration block for dead letter queue. See below.

description String

Description of what your Lambda Function does.

environment FunctionEnvironment

Configuration block for environment variables. See below.

ephemeralStorage FunctionEphemeralStorage

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

fileSystemConfig FunctionFileSystemConfig

Configuration block for EFS file system. See below.

handler String

Function entry point in your code. Required if package_type is Zip.

imageConfig FunctionImageConfig

Container image configuration values. See below.

imageUri String

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

kmsKeyArn String

layers List<String>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

loggingConfig FunctionLoggingConfig

Configuration block for advanced logging settings. See below.

memorySize Integer

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

name String

Unique name for your Lambda Function.

packageType String

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish Boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

region String

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

replaceSecurityGroupsOnDestroy Boolean

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

replacementSecurityGroupIds List<String>

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

reservedConcurrentExecutions Integer

runtime String | Runtime

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

s3Bucket String

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

s3Key String

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

s3ObjectVersion String

Object version containing the function's deployment package. Conflicts with filename and image_uri.

skipDestroy Boolean

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

snapStart FunctionSnapStart

Configuration block for snap start settings. See below.

sourceCodeHash String

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

sourceKmsKeyArn String

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

tags Map<String,String>

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

timeout Integer

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

tracingConfig FunctionTracingConfig

Configuration block for X-Ray tracing. See below.

vpcConfig FunctionVpcConfig

Configuration block for VPC. See below.

role string

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

architectures string[]

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

code pulumi.asset.Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

codeSigningConfigArn string

ARN of a code-signing configuration to enable code signing for this function.

deadLetterConfig FunctionDeadLetterConfig

Configuration block for dead letter queue. See below.

description string

Description of what your Lambda Function does.

environment FunctionEnvironment

Configuration block for environment variables. See below.

ephemeralStorage FunctionEphemeralStorage

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

fileSystemConfig FunctionFileSystemConfig

Configuration block for EFS file system. See below.

handler string

Function entry point in your code. Required if package_type is Zip.

imageConfig FunctionImageConfig

Container image configuration values. See below.

imageUri string

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

kmsKeyArn string

layers string[]

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

loggingConfig FunctionLoggingConfig

Configuration block for advanced logging settings. See below.

memorySize number

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

name string

Unique name for your Lambda Function.

packageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

region string

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

replaceSecurityGroupsOnDestroy boolean

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

replacementSecurityGroupIds string[]

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

reservedConcurrentExecutions number

runtime string | Runtime

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

s3Bucket string

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

s3Key string

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

s3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

skipDestroy boolean

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

snapStart FunctionSnapStart

Configuration block for snap start settings. See below.

sourceCodeHash string

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

sourceKmsKeyArn string

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

tags {[key: string]: string}

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

timeout number

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

tracingConfig FunctionTracingConfig

Configuration block for X-Ray tracing. See below.

vpcConfig FunctionVpcConfig

Configuration block for VPC. See below.

role str

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

architectures Sequence[str]

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

code pulumi.Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

code_signing_config_arn str

ARN of a code-signing configuration to enable code signing for this function.

dead_letter_config FunctionDeadLetterConfigArgs

Configuration block for dead letter queue. See below.

description str

Description of what your Lambda Function does.

environment FunctionEnvironmentArgs

Configuration block for environment variables. See below.

ephemeral_storage FunctionEphemeralStorageArgs

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

file_system_config FunctionFileSystemConfigArgs

Configuration block for EFS file system. See below.

handler str

Function entry point in your code. Required if package_type is Zip.

image_config FunctionImageConfigArgs

Container image configuration values. See below.

image_uri str

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

kms_key_arn str

layers Sequence[str]

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

logging_config FunctionLoggingConfigArgs

Configuration block for advanced logging settings. See below.

memory_size int

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

name str

Unique name for your Lambda Function.

package_type str

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

region str

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

replace_security_groups_on_destroy bool

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

replacement_security_group_ids Sequence[str]

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

reserved_concurrent_executions int

runtime str | Runtime

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

s3_bucket str

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

s3_key str

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

s3_object_version str

Object version containing the function's deployment package. Conflicts with filename and image_uri.

skip_destroy bool

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

snap_start FunctionSnapStartArgs

Configuration block for snap start settings. See below.

source_code_hash str

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

source_kms_key_arn str

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

tags Mapping[str, str]

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

tracing_config FunctionTracingConfigArgs

Configuration block for X-Ray tracing. See below.

vpc_config FunctionVpcConfigArgs

Configuration block for VPC. See below.

role String

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

architectures List<String>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

code Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

codeSigningConfigArn String

ARN of a code-signing configuration to enable code signing for this function.

deadLetterConfig Property Map

Configuration block for dead letter queue. See below.

description String

Description of what your Lambda Function does.

environment Property Map

Configuration block for environment variables. See below.

ephemeralStorage Property Map

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

fileSystemConfig Property Map

Configuration block for EFS file system. See below.

handler String

Function entry point in your code. Required if package_type is Zip.

imageConfig Property Map

Container image configuration values. See below.

imageUri String

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

kmsKeyArn String

layers List<String>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

loggingConfig Property Map

Configuration block for advanced logging settings. See below.

memorySize Number

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

name String

Unique name for your Lambda Function.

packageType String

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish Boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

region String

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

replaceSecurityGroupsOnDestroy Boolean

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

replacementSecurityGroupIds List<String>

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

reservedConcurrentExecutions Number

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

s3Bucket String

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

s3Key String

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

s3ObjectVersion String

Object version containing the function's deployment package. Conflicts with filename and image_uri.

skipDestroy Boolean

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

snapStart Property Map

Configuration block for snap start settings. See below.

sourceCodeHash String

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

sourceKmsKeyArn String

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

tags Map<String>

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

timeout Number

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

tracingConfig Property Map

Configuration block for X-Ray tracing. See below.

vpcConfig Property Map

Configuration block for VPC. See below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Function resource produces the following output properties:

Arn string: ARN identifying your Lambda Function.
CodeSha256 string: Base64-encoded representation of raw SHA-256 sum of the zip file.
Id string: The provider-assigned unique ID for this managed resource.
InvokeArn string: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
LastModified string: Date this resource was last modified.
QualifiedArn string: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
QualifiedInvokeArn string: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
SigningJobArn string: ARN of the signing job.
SigningProfileVersionArn string: ARN of the signing profile version.
SourceCodeSize int: Size in bytes of the function .zip file.
TagsAll Dictionary<string, string>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Version string: Latest published version of your Lambda Function.

Arn string: ARN identifying your Lambda Function.
CodeSha256 string: Base64-encoded representation of raw SHA-256 sum of the zip file.
Id string: The provider-assigned unique ID for this managed resource.
InvokeArn string: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
LastModified string: Date this resource was last modified.
QualifiedArn string: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
QualifiedInvokeArn string: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
SigningJobArn string: ARN of the signing job.
SigningProfileVersionArn string: ARN of the signing profile version.
SourceCodeSize int: Size in bytes of the function .zip file.
TagsAll map[string]string: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Version string: Latest published version of your Lambda Function.

arn String: ARN identifying your Lambda Function.
codeSha256 String: Base64-encoded representation of raw SHA-256 sum of the zip file.
id String: The provider-assigned unique ID for this managed resource.
invokeArn String: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
lastModified String: Date this resource was last modified.
qualifiedArn String: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
qualifiedInvokeArn String: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
signingJobArn String: ARN of the signing job.
signingProfileVersionArn String: ARN of the signing profile version.
sourceCodeSize Integer: Size in bytes of the function .zip file.
tagsAll Map<String,String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
version String: Latest published version of your Lambda Function.

arn string: ARN identifying your Lambda Function.
codeSha256 string: Base64-encoded representation of raw SHA-256 sum of the zip file.
id string: The provider-assigned unique ID for this managed resource.
invokeArn string: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
lastModified string: Date this resource was last modified.
qualifiedArn string: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
qualifiedInvokeArn string: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
signingJobArn string: ARN of the signing job.
signingProfileVersionArn string: ARN of the signing profile version.
sourceCodeSize number: Size in bytes of the function .zip file.
tagsAll {[key: string]: string}: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
version string: Latest published version of your Lambda Function.

arn str: ARN identifying your Lambda Function.
code_sha256 str: Base64-encoded representation of raw SHA-256 sum of the zip file.
id str: The provider-assigned unique ID for this managed resource.
invoke_arn str: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
last_modified str: Date this resource was last modified.
qualified_arn str: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
qualified_invoke_arn str: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
signing_job_arn str: ARN of the signing job.
signing_profile_version_arn str: ARN of the signing profile version.
source_code_size int: Size in bytes of the function .zip file.
tags_all Mapping[str, str]: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
version str: Latest published version of your Lambda Function.

arn String: ARN identifying your Lambda Function.
codeSha256 String: Base64-encoded representation of raw SHA-256 sum of the zip file.
id String: The provider-assigned unique ID for this managed resource.
invokeArn String: ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
lastModified String: Date this resource was last modified.
qualifiedArn String: ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).
qualifiedInvokeArn String: Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.
signingJobArn String: ARN of the signing job.
signingProfileVersionArn String: ARN of the signing profile version.
sourceCodeSize Number: Size in bytes of the function .zip file.
tagsAll Map<String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
version String: Latest published version of your Lambda Function.

Look up Existing Function Resource

Get an existing Function resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FunctionState, opts?: CustomResourceOptions): Function

@staticmethod def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, architectures: Optional[Sequence[str]] = None, arn: Optional[str] = None, code: Optional[pulumi.Archive] = None, code_sha256: Optional[str] = None, code_signing_config_arn: Optional[str] = None, dead_letter_config: Optional[FunctionDeadLetterConfigArgs] = None, description: Optional[str] = None, environment: Optional[FunctionEnvironmentArgs] = None, ephemeral_storage: Optional[FunctionEphemeralStorageArgs] = None, file_system_config: Optional[FunctionFileSystemConfigArgs] = None, handler: Optional[str] = None, image_config: Optional[FunctionImageConfigArgs] = None, image_uri: Optional[str] = None, invoke_arn: Optional[str] = None, kms_key_arn: Optional[str] = None, last_modified: Optional[str] = None, layers: Optional[Sequence[str]] = None, logging_config: Optional[FunctionLoggingConfigArgs] = None, memory_size: Optional[int] = None, name: Optional[str] = None, package_type: Optional[str] = None, publish: Optional[bool] = None, qualified_arn: Optional[str] = None, qualified_invoke_arn: Optional[str] = None, region: Optional[str] = None, replace_security_groups_on_destroy: Optional[bool] = None, replacement_security_group_ids: Optional[Sequence[str]] = None, reserved_concurrent_executions: Optional[int] = None, role: Optional[str] = None, runtime: Optional[Union[str, Runtime]] = None, s3_bucket: Optional[str] = None, s3_key: Optional[str] = None, s3_object_version: Optional[str] = None, signing_job_arn: Optional[str] = None, signing_profile_version_arn: Optional[str] = None, skip_destroy: Optional[bool] = None, snap_start: Optional[FunctionSnapStartArgs] = None, source_code_hash: Optional[str] = None, source_code_size: Optional[int] = None, source_kms_key_arn: Optional[str] = None, tags: Optional[Mapping[str, str]] = None, tags_all: Optional[Mapping[str, str]] = None, timeout: Optional[int] = None, tracing_config: Optional[FunctionTracingConfigArgs] = None, version: Optional[str] = None, vpc_config: Optional[FunctionVpcConfigArgs] = None) -> Function

func GetFunction(ctx *Context, name string, id IDInput, state *FunctionState, opts ...ResourceOption) (*Function, error)

public static Function Get(string name, Input<string> id, FunctionState? state, CustomResourceOptions? opts = null)

public static Function get(String name, Output<String> id, FunctionState state, CustomResourceOptions options)

resources: _: type: aws:lambda:Function get: id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Architectures List<string>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

Arn string

ARN identifying your Lambda Function.

Code Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

CodeSha256 string

Base64-encoded representation of raw SHA-256 sum of the zip file.

CodeSigningConfigArn string

ARN of a code-signing configuration to enable code signing for this function.

DeadLetterConfig FunctionDeadLetterConfig

Configuration block for dead letter queue. See below.

Description string

Description of what your Lambda Function does.

Environment FunctionEnvironment

Configuration block for environment variables. See below.

EphemeralStorage FunctionEphemeralStorage

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

FileSystemConfig FunctionFileSystemConfig

Configuration block for EFS file system. See below.

Handler string

Function entry point in your code. Required if package_type is Zip.

ImageConfig FunctionImageConfig

Container image configuration values. See below.

ImageUri string

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

InvokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

KmsKeyArn string

LastModified string

Date this resource was last modified.

Layers List<string>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

LoggingConfig FunctionLoggingConfig

Configuration block for advanced logging settings. See below.

MemorySize int

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

Name string

Unique name for your Lambda Function.

PackageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

Publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

QualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

QualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

Region string

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

ReplaceSecurityGroupsOnDestroy bool

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

ReplacementSecurityGroupIds List<string>

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

ReservedConcurrentExecutions int

Role string

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

Runtime string | Pulumi.Aws.Lambda.Runtime

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

S3Bucket string

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

S3Key string

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

S3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

SigningJobArn string

ARN of the signing job.

SigningProfileVersionArn string

ARN of the signing profile version.

SkipDestroy bool

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

SnapStart FunctionSnapStart

Configuration block for snap start settings. See below.

SourceCodeHash string

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

SourceCodeSize int

Size in bytes of the function .zip file.

SourceKmsKeyArn string

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

Tags Dictionary<string, string>

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

TracingConfig FunctionTracingConfig

Configuration block for X-Ray tracing. See below.

Version string

Latest published version of your Lambda Function.

VpcConfig FunctionVpcConfig

Configuration block for VPC. See below.

Architectures []string

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

Arn string

ARN identifying your Lambda Function.

Code pulumi.Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

CodeSha256 string

Base64-encoded representation of raw SHA-256 sum of the zip file.

CodeSigningConfigArn string

ARN of a code-signing configuration to enable code signing for this function.

DeadLetterConfig FunctionDeadLetterConfigArgs

Configuration block for dead letter queue. See below.

Description string

Description of what your Lambda Function does.

Environment FunctionEnvironmentArgs

Configuration block for environment variables. See below.

EphemeralStorage FunctionEphemeralStorageArgs

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

FileSystemConfig FunctionFileSystemConfigArgs

Configuration block for EFS file system. See below.

Handler string

Function entry point in your code. Required if package_type is Zip.

ImageConfig FunctionImageConfigArgs

Container image configuration values. See below.

ImageUri string

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

InvokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

KmsKeyArn string

LastModified string

Date this resource was last modified.

Layers []string

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

LoggingConfig FunctionLoggingConfigArgs

Configuration block for advanced logging settings. See below.

MemorySize int

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

Name string

Unique name for your Lambda Function.

PackageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

Publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

QualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

QualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

Region string

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

ReplaceSecurityGroupsOnDestroy bool

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

ReplacementSecurityGroupIds []string

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

ReservedConcurrentExecutions int

Role string

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

Runtime string | Runtime

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

S3Bucket string

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

S3Key string

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

S3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

SigningJobArn string

ARN of the signing job.

SigningProfileVersionArn string

ARN of the signing profile version.

SkipDestroy bool

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

SnapStart FunctionSnapStartArgs

Configuration block for snap start settings. See below.

SourceCodeHash string

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

SourceCodeSize int

Size in bytes of the function .zip file.

SourceKmsKeyArn string

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

Tags map[string]string

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

TracingConfig FunctionTracingConfigArgs

Configuration block for X-Ray tracing. See below.

Version string

Latest published version of your Lambda Function.

VpcConfig FunctionVpcConfigArgs

Configuration block for VPC. See below.

architectures List<String>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

arn String

ARN identifying your Lambda Function.

code Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

codeSha256 String

Base64-encoded representation of raw SHA-256 sum of the zip file.

codeSigningConfigArn String

ARN of a code-signing configuration to enable code signing for this function.

deadLetterConfig FunctionDeadLetterConfig

Configuration block for dead letter queue. See below.

description String

Description of what your Lambda Function does.

environment FunctionEnvironment

Configuration block for environment variables. See below.

ephemeralStorage FunctionEphemeralStorage

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

fileSystemConfig FunctionFileSystemConfig

Configuration block for EFS file system. See below.

handler String

Function entry point in your code. Required if package_type is Zip.

imageConfig FunctionImageConfig

Container image configuration values. See below.

imageUri String

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

invokeArn String

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kmsKeyArn String

lastModified String

Date this resource was last modified.

layers List<String>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

loggingConfig FunctionLoggingConfig

Configuration block for advanced logging settings. See below.

memorySize Integer

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

name String

Unique name for your Lambda Function.

packageType String

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish Boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualifiedArn String

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn String

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

region String

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

replaceSecurityGroupsOnDestroy Boolean

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

replacementSecurityGroupIds List<String>

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

reservedConcurrentExecutions Integer

role String

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

runtime String | Runtime

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

s3Bucket String

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

s3Key String

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

s3ObjectVersion String

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signingJobArn String

ARN of the signing job.

signingProfileVersionArn String

ARN of the signing profile version.

skipDestroy Boolean

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

snapStart FunctionSnapStart

Configuration block for snap start settings. See below.

sourceCodeHash String

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

sourceCodeSize Integer

Size in bytes of the function .zip file.

sourceKmsKeyArn String

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

tags Map<String,String>

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

timeout Integer

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

tracingConfig FunctionTracingConfig

Configuration block for X-Ray tracing. See below.

version String

Latest published version of your Lambda Function.

vpcConfig FunctionVpcConfig

Configuration block for VPC. See below.

architectures string[]

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

arn string

ARN identifying your Lambda Function.

code pulumi.asset.Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

codeSha256 string

Base64-encoded representation of raw SHA-256 sum of the zip file.

codeSigningConfigArn string

ARN of a code-signing configuration to enable code signing for this function.

deadLetterConfig FunctionDeadLetterConfig

Configuration block for dead letter queue. See below.

description string

Description of what your Lambda Function does.

environment FunctionEnvironment

Configuration block for environment variables. See below.

ephemeralStorage FunctionEphemeralStorage

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

fileSystemConfig FunctionFileSystemConfig

Configuration block for EFS file system. See below.

handler string

Function entry point in your code. Required if package_type is Zip.

imageConfig FunctionImageConfig

Container image configuration values. See below.

imageUri string

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

invokeArn string

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kmsKeyArn string

lastModified string

Date this resource was last modified.

layers string[]

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

loggingConfig FunctionLoggingConfig

Configuration block for advanced logging settings. See below.

memorySize number

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

name string

Unique name for your Lambda Function.

packageType string

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualifiedArn string

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn string

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

region string

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

replaceSecurityGroupsOnDestroy boolean

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

replacementSecurityGroupIds string[]

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

reservedConcurrentExecutions number

role string

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

runtime string | Runtime

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

s3Bucket string

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

s3Key string

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

s3ObjectVersion string

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signingJobArn string

ARN of the signing job.

signingProfileVersionArn string

ARN of the signing profile version.

skipDestroy boolean

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

snapStart FunctionSnapStart

Configuration block for snap start settings. See below.

sourceCodeHash string

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

sourceCodeSize number

Size in bytes of the function .zip file.

sourceKmsKeyArn string

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

tags {[key: string]: string}

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

timeout number

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

tracingConfig FunctionTracingConfig

Configuration block for X-Ray tracing. See below.

version string

Latest published version of your Lambda Function.

vpcConfig FunctionVpcConfig

Configuration block for VPC. See below.

architectures Sequence[str]

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

arn str

ARN identifying your Lambda Function.

code pulumi.Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

code_sha256 str

Base64-encoded representation of raw SHA-256 sum of the zip file.

code_signing_config_arn str

ARN of a code-signing configuration to enable code signing for this function.

dead_letter_config FunctionDeadLetterConfigArgs

Configuration block for dead letter queue. See below.

description str

Description of what your Lambda Function does.

environment FunctionEnvironmentArgs

Configuration block for environment variables. See below.

ephemeral_storage FunctionEphemeralStorageArgs

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

file_system_config FunctionFileSystemConfigArgs

Configuration block for EFS file system. See below.

handler str

Function entry point in your code. Required if package_type is Zip.

image_config FunctionImageConfigArgs

Container image configuration values. See below.

image_uri str

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

invoke_arn str

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kms_key_arn str

last_modified str

Date this resource was last modified.

layers Sequence[str]

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

logging_config FunctionLoggingConfigArgs

Configuration block for advanced logging settings. See below.

memory_size int

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

name str

Unique name for your Lambda Function.

package_type str

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish bool

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualified_arn str

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualified_invoke_arn str

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

region str

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

replace_security_groups_on_destroy bool

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

replacement_security_group_ids Sequence[str]

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

reserved_concurrent_executions int

role str

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

runtime str | Runtime

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

s3_bucket str

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

s3_key str

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

s3_object_version str

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signing_job_arn str

ARN of the signing job.

signing_profile_version_arn str

ARN of the signing profile version.

skip_destroy bool

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

snap_start FunctionSnapStartArgs

Configuration block for snap start settings. See below.

source_code_hash str

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

source_code_size int

Size in bytes of the function .zip file.

source_kms_key_arn str

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

tags Mapping[str, str]

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

timeout int

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

tracing_config FunctionTracingConfigArgs

Configuration block for X-Ray tracing. See below.

version str

Latest published version of your Lambda Function.

vpc_config FunctionVpcConfigArgs

Configuration block for VPC. See below.

architectures List<String>

Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"]. Default is ["x86_64"]. Removing this attribute, function's architecture stays the same.

arn String

ARN identifying your Lambda Function.

code Archive

Path to the function's deployment package within the local filesystem. Conflicts with image_uri and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

codeSha256 String

Base64-encoded representation of raw SHA-256 sum of the zip file.

codeSigningConfigArn String

ARN of a code-signing configuration to enable code signing for this function.

deadLetterConfig Property Map

Configuration block for dead letter queue. See below.

description String

Description of what your Lambda Function does.

environment Property Map

Configuration block for environment variables. See below.

ephemeralStorage Property Map

Amount of ephemeral storage (/tmp) to allocate for the Lambda Function. See below.

fileSystemConfig Property Map

Configuration block for EFS file system. See below.

handler String

Function entry point in your code. Required if package_type is Zip.

imageConfig Property Map

Container image configuration values. See below.

imageUri String

ECR image URI containing the function's deployment package. Conflicts with filename and s3_bucket. One of filename, image_uri, or s3_bucket must be specified.

invokeArn String

ARN to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

kmsKeyArn String

lastModified String

Date this resource was last modified.

layers List<String>

List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function.

loggingConfig Property Map

Configuration block for advanced logging settings. See below.

memorySize Number

Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 1 MB increments. Defaults to 128.

name String

Unique name for your Lambda Function.

packageType String

Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.

publish Boolean

Whether to publish creation/change as new Lambda Function Version. Defaults to false.

qualifiedArn String

ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).

qualifiedInvokeArn String

Qualified ARN (ARN with lambda version number) to be used for invoking Lambda Function from API Gateway - to be used in aws.apigateway.Integration's uri.

region String

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

replaceSecurityGroupsOnDestroy Boolean

Whether to replace the security groups on the function's VPC configuration prior to destruction. Default is false.

replacementSecurityGroupIds List<String>

List of security group IDs to assign to the function's VPC configuration prior to destruction. Required if replace_security_groups_on_destroy is true.

reservedConcurrentExecutions Number

role String

ARN of the function's execution role. The role provides the function's identity and access to AWS services and resources.

The following arguments are optional:

Identifier of the function's runtime. Required if package_type is Zip. See Runtimes for valid values.

s3Bucket String

S3 bucket location containing the function's deployment package. Conflicts with filename and image_uri. One of filename, image_uri, or s3_bucket must be specified.

s3Key String

S3 key of an object containing the function's deployment package. Required if s3_bucket is set.

s3ObjectVersion String

Object version containing the function's deployment package. Conflicts with filename and image_uri.

signingJobArn String

ARN of the signing job.

signingProfileVersionArn String

ARN of the signing profile version.

skipDestroy Boolean

Whether to retain the old version of a previously deployed Lambda Layer. Default is false.

snapStart Property Map

Configuration block for snap start settings. See below.

sourceCodeHash String

Base64-encoded SHA256 hash of the package file. Used to trigger updates when source code changes.

sourceCodeSize Number

Size in bytes of the function .zip file.

sourceKmsKeyArn String

ARN of the AWS Key Management Service key used to encrypt the function's .zip deployment package. Conflicts with image_uri.

tags Map<String>

Key-value map of tags for the Lambda function. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

timeout Number

Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.

tracingConfig Property Map

Configuration block for X-Ray tracing. See below.

version String

Latest published version of your Lambda Function.

vpcConfig Property Map

Configuration block for VPC. See below.

Supporting Types

FunctionDeadLetterConfig, FunctionDeadLetterConfigArgs

TargetArn string: ARN of an SNS topic or SQS queue to notify when an invocation fails.

TargetArn string: ARN of an SNS topic or SQS queue to notify when an invocation fails.

targetArn String: ARN of an SNS topic or SQS queue to notify when an invocation fails.

targetArn string: ARN of an SNS topic or SQS queue to notify when an invocation fails.

target_arn str: ARN of an SNS topic or SQS queue to notify when an invocation fails.

targetArn String: ARN of an SNS topic or SQS queue to notify when an invocation fails.

FunctionEnvironment, FunctionEnvironmentArgs

Variables Dictionary<string, string>: Map of environment variables available to your Lambda function during execution.

Variables map[string]string: Map of environment variables available to your Lambda function during execution.

variables Map<String,String>: Map of environment variables available to your Lambda function during execution.

variables {[key: string]: string}: Map of environment variables available to your Lambda function during execution.

variables Mapping[str, str]: Map of environment variables available to your Lambda function during execution.

variables Map<String>: Map of environment variables available to your Lambda function during execution.

FunctionEphemeralStorage, FunctionEphemeralStorageArgs

Size int: Amount of ephemeral storage (/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).

Size int: Amount of ephemeral storage (/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).

size Integer: Amount of ephemeral storage (/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).

size number: Amount of ephemeral storage (/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).

size int: Amount of ephemeral storage (/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).

size Number: Amount of ephemeral storage (/tmp) in MB. Valid between 512 MB and 10,240 MB (10 GB).

FunctionFileSystemConfig, FunctionFileSystemConfigArgs

Arn string: ARN of the Amazon EFS Access Point.
LocalMountPath string: Path where the function can access the file system. Must start with /mnt/.

Arn string: ARN of the Amazon EFS Access Point.
LocalMountPath string: Path where the function can access the file system. Must start with /mnt/.

arn String: ARN of the Amazon EFS Access Point.
localMountPath String: Path where the function can access the file system. Must start with /mnt/.

arn string: ARN of the Amazon EFS Access Point.
localMountPath string: Path where the function can access the file system. Must start with /mnt/.

arn str: ARN of the Amazon EFS Access Point.
local_mount_path str: Path where the function can access the file system. Must start with /mnt/.

arn String: ARN of the Amazon EFS Access Point.
localMountPath String: Path where the function can access the file system. Must start with /mnt/.

FunctionImageConfig, FunctionImageConfigArgs

Commands List<string>: Parameters to pass to the container image.
EntryPoints List<string>: Entry point to your application.
WorkingDirectory string: Working directory for the container image.

Commands []string: Parameters to pass to the container image.
EntryPoints []string: Entry point to your application.
WorkingDirectory string: Working directory for the container image.

commands List<String>: Parameters to pass to the container image.
entryPoints List<String>: Entry point to your application.
workingDirectory String: Working directory for the container image.

commands string[]: Parameters to pass to the container image.
entryPoints string[]: Entry point to your application.
workingDirectory string: Working directory for the container image.

commands Sequence[str]: Parameters to pass to the container image.
entry_points Sequence[str]: Entry point to your application.
working_directory str: Working directory for the container image.

commands List<String>: Parameters to pass to the container image.
entryPoints List<String>: Entry point to your application.
workingDirectory String: Working directory for the container image.

FunctionLoggingConfig, FunctionLoggingConfigArgs

LogFormat string: Log format. Valid values: Text, JSON.
ApplicationLogLevel string: Detail level of application logs. Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL.
LogGroup string: CloudWatch log group where logs are sent.
SystemLogLevel string: Detail level of Lambda platform logs. Valid values: DEBUG, INFO, WARN.

LogFormat string: Log format. Valid values: Text, JSON.
ApplicationLogLevel string: Detail level of application logs. Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL.
LogGroup string: CloudWatch log group where logs are sent.
SystemLogLevel string: Detail level of Lambda platform logs. Valid values: DEBUG, INFO, WARN.

logFormat String: Log format. Valid values: Text, JSON.
applicationLogLevel String: Detail level of application logs. Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL.
logGroup String: CloudWatch log group where logs are sent.
systemLogLevel String: Detail level of Lambda platform logs. Valid values: DEBUG, INFO, WARN.

logFormat string: Log format. Valid values: Text, JSON.
applicationLogLevel string: Detail level of application logs. Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL.
logGroup string: CloudWatch log group where logs are sent.
systemLogLevel string: Detail level of Lambda platform logs. Valid values: DEBUG, INFO, WARN.

log_format str: Log format. Valid values: Text, JSON.
application_log_level str: Detail level of application logs. Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL.
log_group str: CloudWatch log group where logs are sent.
system_log_level str: Detail level of Lambda platform logs. Valid values: DEBUG, INFO, WARN.

logFormat String: Log format. Valid values: Text, JSON.
applicationLogLevel String: Detail level of application logs. Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL.
logGroup String: CloudWatch log group where logs are sent.
systemLogLevel String: Detail level of Lambda platform logs. Valid values: DEBUG, INFO, WARN.

FunctionSnapStart, FunctionSnapStartArgs

ApplyOn string: When to apply snap start optimization. Valid value: PublishedVersions.
OptimizationStatus string: Optimization status of the snap start configuration. Valid values are On and Off.

ApplyOn string: When to apply snap start optimization. Valid value: PublishedVersions.
OptimizationStatus string: Optimization status of the snap start configuration. Valid values are On and Off.

applyOn String: When to apply snap start optimization. Valid value: PublishedVersions.
optimizationStatus String: Optimization status of the snap start configuration. Valid values are On and Off.

applyOn string: When to apply snap start optimization. Valid value: PublishedVersions.
optimizationStatus string: Optimization status of the snap start configuration. Valid values are On and Off.

apply_on str: When to apply snap start optimization. Valid value: PublishedVersions.
optimization_status str: Optimization status of the snap start configuration. Valid values are On and Off.

applyOn String: When to apply snap start optimization. Valid value: PublishedVersions.
optimizationStatus String: Optimization status of the snap start configuration. Valid values are On and Off.

FunctionTracingConfig, FunctionTracingConfigArgs

Mode string: X-Ray tracing mode. Valid values: Active, PassThrough.

Mode string: X-Ray tracing mode. Valid values: Active, PassThrough.

mode String: X-Ray tracing mode. Valid values: Active, PassThrough.

mode string: X-Ray tracing mode. Valid values: Active, PassThrough.

mode str: X-Ray tracing mode. Valid values: Active, PassThrough.

mode String: X-Ray tracing mode. Valid values: Active, PassThrough.

FunctionVpcConfig, FunctionVpcConfigArgs

SecurityGroupIds List<string>: List of security group IDs associated with the Lambda function.
SubnetIds List<string>: List of subnet IDs associated with the Lambda function.
Ipv6AllowedForDualStack bool: Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default: false.
VpcId string: ID of the VPC.

SecurityGroupIds []string: List of security group IDs associated with the Lambda function.
SubnetIds []string: List of subnet IDs associated with the Lambda function.
Ipv6AllowedForDualStack bool: Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default: false.
VpcId string: ID of the VPC.

securityGroupIds List<String>: List of security group IDs associated with the Lambda function.
subnetIds List<String>: List of subnet IDs associated with the Lambda function.
ipv6AllowedForDualStack Boolean: Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default: false.
vpcId String: ID of the VPC.

securityGroupIds string[]: List of security group IDs associated with the Lambda function.
subnetIds string[]: List of subnet IDs associated with the Lambda function.
ipv6AllowedForDualStack boolean: Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default: false.
vpcId string: ID of the VPC.

security_group_ids Sequence[str]: List of security group IDs associated with the Lambda function.
subnet_ids Sequence[str]: List of subnet IDs associated with the Lambda function.
ipv6_allowed_for_dual_stack bool: Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default: false.
vpc_id str: ID of the VPC.

securityGroupIds List<String>: List of security group IDs associated with the Lambda function.
subnetIds List<String>: List of subnet IDs associated with the Lambda function.
ipv6AllowedForDualStack Boolean: Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default: false.
vpcId String: ID of the VPC.

Runtime, RuntimeArgs

Dotnet6: dotnet6
Dotnet8: dotnet8
Java11: java11
Java17: java17
Java21: java21
Java8AL2: java8.al2
NodeJS18dX: nodejs18.x
NodeJS20dX: nodejs20.x
NodeJS22dX: nodejs22.x
CustomAL2: provided.al2
CustomAL2023: provided.al2023
Python3d10: python3.10
Python3d11: python3.11
Python3d12: python3.12
Python3d13: python3.13
Python3d9: python3.9
Ruby3d2: ruby3.2
Ruby3d3: ruby3.3
Ruby3d4: ruby3.4
Dotnet5d0: dotnet5.0
Deprecated: This runtime is now deprecated
Dotnet7: dotnet7
Deprecated: This runtime is now deprecated
DotnetCore2d1: dotnetcore2.1
Deprecated: This runtime is now deprecated
DotnetCore3d1: dotnetcore3.1
Deprecated: This runtime is now deprecated
Go1dx: go1.x
Deprecated: This runtime is now deprecated
Java8: java8
Deprecated: This runtime is now deprecated
NodeJS10dX: nodejs10.x
Deprecated: This runtime is now deprecated
NodeJS12dX: nodejs12.x
Deprecated: This runtime is now deprecated
NodeJS14dX: nodejs14.x
Deprecated: This runtime is now deprecated
NodeJS16dX: nodejs16.x
Deprecated: This runtime is now deprecated
Custom: provided
Deprecated: This runtime is now deprecated
Python2d7: python2.7
Deprecated: This runtime is now deprecated
Python3d6: python3.6
Deprecated: This runtime is now deprecated
Python3d7: python3.7
Deprecated: This runtime is now deprecated
Python3d8: python3.8
Deprecated: This runtime is now deprecated
Ruby2d5: ruby2.5
Deprecated: This runtime is now deprecated
Ruby2d7: ruby2.7
Deprecated: This runtime is now deprecated

RuntimeDotnet6: dotnet6
RuntimeDotnet8: dotnet8
RuntimeJava11: java11
RuntimeJava17: java17
RuntimeJava21: java21
RuntimeJava8AL2: java8.al2
RuntimeNodeJS18dX: nodejs18.x
RuntimeNodeJS20dX: nodejs20.x
RuntimeNodeJS22dX: nodejs22.x
RuntimeCustomAL2: provided.al2
RuntimeCustomAL2023: provided.al2023
RuntimePython3d10: python3.10
RuntimePython3d11: python3.11
RuntimePython3d12: python3.12
RuntimePython3d13: python3.13
RuntimePython3d9: python3.9
RuntimeRuby3d2: ruby3.2
RuntimeRuby3d3: ruby3.3
RuntimeRuby3d4: ruby3.4
RuntimeDotnet5d0: dotnet5.0
Deprecated: This runtime is now deprecated
RuntimeDotnet7: dotnet7
Deprecated: This runtime is now deprecated
RuntimeDotnetCore2d1: dotnetcore2.1
Deprecated: This runtime is now deprecated
RuntimeDotnetCore3d1: dotnetcore3.1
Deprecated: This runtime is now deprecated
RuntimeGo1dx: go1.x
Deprecated: This runtime is now deprecated
RuntimeJava8: java8
Deprecated: This runtime is now deprecated
RuntimeNodeJS10dX: nodejs10.x
Deprecated: This runtime is now deprecated
RuntimeNodeJS12dX: nodejs12.x
Deprecated: This runtime is now deprecated
RuntimeNodeJS14dX: nodejs14.x
Deprecated: This runtime is now deprecated
RuntimeNodeJS16dX: nodejs16.x
Deprecated: This runtime is now deprecated
RuntimeCustom: provided
Deprecated: This runtime is now deprecated
RuntimePython2d7: python2.7
Deprecated: This runtime is now deprecated
RuntimePython3d6: python3.6
Deprecated: This runtime is now deprecated
RuntimePython3d7: python3.7
Deprecated: This runtime is now deprecated
RuntimePython3d8: python3.8
Deprecated: This runtime is now deprecated
RuntimeRuby2d5: ruby2.5
Deprecated: This runtime is now deprecated
RuntimeRuby2d7: ruby2.7
Deprecated: This runtime is now deprecated

Dotnet6: dotnet6
Dotnet8: dotnet8
Java11: java11
Java17: java17
Java21: java21
Java8AL2: java8.al2
NodeJS18dX: nodejs18.x
NodeJS20dX: nodejs20.x
NodeJS22dX: nodejs22.x
CustomAL2: provided.al2
CustomAL2023: provided.al2023
Python3d10: python3.10
Python3d11: python3.11
Python3d12: python3.12
Python3d13: python3.13
Python3d9: python3.9
Ruby3d2: ruby3.2
Ruby3d3: ruby3.3
Ruby3d4: ruby3.4
Dotnet5d0: dotnet5.0
Deprecated: This runtime is now deprecated
Dotnet7: dotnet7
Deprecated: This runtime is now deprecated
DotnetCore2d1: dotnetcore2.1
Deprecated: This runtime is now deprecated
DotnetCore3d1: dotnetcore3.1
Deprecated: This runtime is now deprecated
Go1dx: go1.x
Deprecated: This runtime is now deprecated
Java8: java8
Deprecated: This runtime is now deprecated
NodeJS10dX: nodejs10.x
Deprecated: This runtime is now deprecated
NodeJS12dX: nodejs12.x
Deprecated: This runtime is now deprecated
NodeJS14dX: nodejs14.x
Deprecated: This runtime is now deprecated
NodeJS16dX: nodejs16.x
Deprecated: This runtime is now deprecated
Custom: provided
Deprecated: This runtime is now deprecated
Python2d7: python2.7
Deprecated: This runtime is now deprecated
Python3d6: python3.6
Deprecated: This runtime is now deprecated
Python3d7: python3.7
Deprecated: This runtime is now deprecated
Python3d8: python3.8
Deprecated: This runtime is now deprecated
Ruby2d5: ruby2.5
Deprecated: This runtime is now deprecated
Ruby2d7: ruby2.7
Deprecated: This runtime is now deprecated

Dotnet6: dotnet6
Dotnet8: dotnet8
Java11: java11
Java17: java17
Java21: java21
Java8AL2: java8.al2
NodeJS18dX: nodejs18.x
NodeJS20dX: nodejs20.x
NodeJS22dX: nodejs22.x
CustomAL2: provided.al2
CustomAL2023: provided.al2023
Python3d10: python3.10
Python3d11: python3.11
Python3d12: python3.12
Python3d13: python3.13
Python3d9: python3.9
Ruby3d2: ruby3.2
Ruby3d3: ruby3.3
Ruby3d4: ruby3.4
Dotnet5d0: dotnet5.0
Deprecated: This runtime is now deprecated
Dotnet7: dotnet7
Deprecated: This runtime is now deprecated
DotnetCore2d1: dotnetcore2.1
Deprecated: This runtime is now deprecated
DotnetCore3d1: dotnetcore3.1
Deprecated: This runtime is now deprecated
Go1dx: go1.x
Deprecated: This runtime is now deprecated
Java8: java8
Deprecated: This runtime is now deprecated
NodeJS10dX: nodejs10.x
Deprecated: This runtime is now deprecated
NodeJS12dX: nodejs12.x
Deprecated: This runtime is now deprecated
NodeJS14dX: nodejs14.x
Deprecated: This runtime is now deprecated
NodeJS16dX: nodejs16.x
Deprecated: This runtime is now deprecated
Custom: provided
Deprecated: This runtime is now deprecated
Python2d7: python2.7
Deprecated: This runtime is now deprecated
Python3d6: python3.6
Deprecated: This runtime is now deprecated
Python3d7: python3.7
Deprecated: This runtime is now deprecated
Python3d8: python3.8
Deprecated: This runtime is now deprecated
Ruby2d5: ruby2.5
Deprecated: This runtime is now deprecated
Ruby2d7: ruby2.7
Deprecated: This runtime is now deprecated

DOTNET6: dotnet6
DOTNET8: dotnet8
JAVA11: java11
JAVA17: java17
JAVA21: java21
JAVA8_AL2: java8.al2
NODE_JS18D_X: nodejs18.x
NODE_JS20D_X: nodejs20.x
NODE_JS22D_X: nodejs22.x
CUSTOM_AL2: provided.al2
CUSTOM_AL2023: provided.al2023
PYTHON3D10: python3.10
PYTHON3D11: python3.11
PYTHON3D12: python3.12
PYTHON3D13: python3.13
PYTHON3D9: python3.9
RUBY3D2: ruby3.2
RUBY3D3: ruby3.3
RUBY3D4: ruby3.4
DOTNET5D0: dotnet5.0
Deprecated: This runtime is now deprecated
DOTNET7: dotnet7
Deprecated: This runtime is now deprecated
DOTNET_CORE2D1: dotnetcore2.1
Deprecated: This runtime is now deprecated
DOTNET_CORE3D1: dotnetcore3.1
Deprecated: This runtime is now deprecated
GO1DX: go1.x
Deprecated: This runtime is now deprecated
JAVA8: java8
Deprecated: This runtime is now deprecated
NODE_JS10D_X: nodejs10.x
Deprecated: This runtime is now deprecated
NODE_JS12D_X: nodejs12.x
Deprecated: This runtime is now deprecated
NODE_JS14D_X: nodejs14.x
Deprecated: This runtime is now deprecated
NODE_JS16D_X: nodejs16.x
Deprecated: This runtime is now deprecated
CUSTOM: provided
Deprecated: This runtime is now deprecated
PYTHON2D7: python2.7
Deprecated: This runtime is now deprecated
PYTHON3D6: python3.6
Deprecated: This runtime is now deprecated
PYTHON3D7: python3.7
Deprecated: This runtime is now deprecated
PYTHON3D8: python3.8
Deprecated: This runtime is now deprecated
RUBY2D5: ruby2.5
Deprecated: This runtime is now deprecated
RUBY2D7: ruby2.7
Deprecated: This runtime is now deprecated

"dotnet6": dotnet6
"dotnet8": dotnet8
"java11": java11
"java17": java17
"java21": java21
"java8.al2": java8.al2
"nodejs18.x": nodejs18.x
"nodejs20.x": nodejs20.x
"nodejs22.x": nodejs22.x
"provided.al2": provided.al2
"provided.al2023": provided.al2023
"python3.10": python3.10
"python3.11": python3.11
"python3.12": python3.12
"python3.13": python3.13
"python3.9": python3.9
"ruby3.2": ruby3.2
"ruby3.3": ruby3.3
"ruby3.4": ruby3.4
"dotnet5.0": dotnet5.0
Deprecated: This runtime is now deprecated
"dotnet7": dotnet7
Deprecated: This runtime is now deprecated
"dotnetcore2.1": dotnetcore2.1
Deprecated: This runtime is now deprecated
"dotnetcore3.1": dotnetcore3.1
Deprecated: This runtime is now deprecated
"go1.x": go1.x
Deprecated: This runtime is now deprecated
"java8": java8
Deprecated: This runtime is now deprecated
"nodejs10.x": nodejs10.x
Deprecated: This runtime is now deprecated
"nodejs12.x": nodejs12.x
Deprecated: This runtime is now deprecated
"nodejs14.x": nodejs14.x
Deprecated: This runtime is now deprecated
"nodejs16.x": nodejs16.x
Deprecated: This runtime is now deprecated
"provided": provided
Deprecated: This runtime is now deprecated
"python2.7": python2.7
Deprecated: This runtime is now deprecated
"python3.6": python3.6
Deprecated: This runtime is now deprecated
"python3.7": python3.7
Deprecated: This runtime is now deprecated
"python3.8": python3.8
Deprecated: This runtime is now deprecated
"ruby2.5": ruby2.5
Deprecated: This runtime is now deprecated
"ruby2.7": ruby2.7
Deprecated: This runtime is now deprecated

Import

Identity Schema

Required

function_name (String) Name of the Lambda function.

Optional

account_id (String) AWS Account where this resource is managed.
region (String) Region where this resource is managed.

Using pulumi import, import Lambda Functions using the function_name. For example:

console

% pulumi import aws_lambda_function.example example

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v7.8.0 published on Tuesday, Oct 7, 2025 by Pulumi

pulumi/pulumi-aws

aws.lambda.Function

On this page

On this page

Example Usage

Container Image Function

Function with Lambda Layers

VPC Function with Enhanced Networking

Function with EFS Integration

Function with Advanced Logging

Function with logging to S3 or Data Firehose

Required Resources

Example: Exporting Lambda Logs to S3 Bucket

Function with Error Handling

CloudWatch Logging and Permissions

Specifying the Deployment Package

Create Function Resource

Constructor syntax

Parameters

Constructor example

Function Resource Properties

Inputs

Outputs

Look up Existing Function Resource

Supporting Types

FunctionDeadLetterConfig, FunctionDeadLetterConfigArgs

FunctionEnvironment, FunctionEnvironmentArgs

FunctionEphemeralStorage, FunctionEphemeralStorageArgs

FunctionFileSystemConfig, FunctionFileSystemConfigArgs

FunctionImageConfig, FunctionImageConfigArgs

FunctionLoggingConfig, FunctionLoggingConfigArgs

FunctionSnapStart, FunctionSnapStartArgs

FunctionTracingConfig, FunctionTracingConfigArgs

FunctionVpcConfig, FunctionVpcConfigArgs

Runtime, RuntimeArgs

Import

Identity Schema

Required

Optional

Package Details

On this page

On this page