Protected Optional Internal_connectionsActual connections object for this Lambda
May be unset, in which case this Lambda is not configured use in a VPC.
Protected Internal_functionMapping of fucntion URL invocation principals to grants. Used to de-dupe grantInvokeUrl() calls.
Protected Internal_invocationMapping of invocation principals to grants. Used to de-dupe grantInvoke() calls.
Readonly Internal_layersOptional Internal_logProtected Optional Readonly Internal_skipWhether the user decides to skip adding permissions. The only use case is for cross-account, imported lambdas where the user commits to modifying the permisssions on the imported lambda outside CDK.
Protected Internal_warnFlag to delay adding a warning message until current version is invoked.
Optional ReadonlyaliasReadonlyappReadonlyarchitectureThe architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
ReadonlybucketProtected ReadonlycanWhether the addPermission() call adds any permissions
True for new Lambdas, false for version $LATEST and imported Lambdas from different accounts.
Optional ReadonlydeadThe DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
Optional ReadonlydeadThe DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
ReadonlyenvThe environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
ReadonlyfileReadonlyfunctionARN of this function
ReadonlyfunctionName of this function
ReadonlygrantThe principal this Lambda Function is running as
ReadonlynodeThe tree node.
ReadonlypermissionsThe construct node where permissions are attached.
Protected ReadonlyphysicalReturns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
"my-awesome-bucket")undefined, when a name should be generated by CloudFormationOptional ReadonlyroleExecution role associated with this function
ReadonlyruntimeThe runtime configured for this lambda.
ReadonlystackThe stack in which this resource is defined.
Optional ReadonlytimeoutThe timeout configured for this lambda.
ReadonlywithoutReadonlywithoutStatic Internal_VER_Access the Connections object
Will fail if not a VPC-enabled Lambda Function
Returns a lambda.Version which represents the current version of this
Lambda function. A new version will be created every time the function's
configuration changes.
You can specify options for this version using the currentVersionOptions
prop when initializing the lambda.Function.
Whether or not this Lambda function was bound to a VPC
If this is is false, trying to access the connections object will fail.
The $LATEST version of this function.
Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.
To obtain a reference to an explicit version which references the current
function configuration, use lambdaFunction.currentVersion instead.
The LogGroup where the Lambda function's logs are made available.
If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that
pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention
period (never expire, by default).
Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention
to never expire even if it was configured with a different value.
The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke()
Protected_functionProtected_isInternalGiven the function arn, check if the account id matches this account
Function ARNs look like this:
arn:aws:lambda:region:account-id:function:function-name
..which means that in order to extract the account-id component from the ARN, we can
split the ARN using ":" and select the component in index 4.
true if account id of function matches the account specified on the stack, false otherwise.
Defines an alias for this function.
The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.
declare const fn: lambda.Function;
fn.addAlias('Live');
// Is equivalent to
new lambda.Alias(this, 'AliasLive', {
aliasName: 'Live',
version: fn.currentVersion,
});
The name of the alias
Optionaloptions: AliasOptionsAlias options
Adds an environment variable to this Lambda function. If this is a ref to a Lambda function, this operation results in a no-op.
The environment variable key.
The environment variable's value.
Optionaloptions: EnvironmentOptionsEnvironment variable options.
Adds an event source to this function.
Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.
The following example adds an SQS Queue as an event source:
import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));
Apply the given removal policy to this resource
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
A warning will be added to functions under the following conditions:
lambda:InvokeFunction are added to the unqualified function.This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.
ProtectedgenerateProtectedgetReturns an environment-sensitive token that should be used for the
resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arnAttr, but if the resource is
referenced across environments, arnComponents will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arnComponents.
The CFN attribute which resolves to the ARN of the resource.
Commonly it will be called "Arn" (e.g. resource.attrArn), but sometimes
it's the CFN resource's ref.
The format of the ARN of this resource. You must
reference this.physicalName somewhere within the ARN in order for
cross-environment references to work.
ProtectedgetReturns an environment-sensitive token that should be used for the
resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to nameAttr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
The CFN attribute which resolves to the resource's name.
Commonly this is the resource's ref.
Mix additional information into the hash of the Version object
The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).
However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.
This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.
This method may be called more than once.
ProtectedwarnStaticclassifyRecord whether specific properties in the AWS::Lambda::Function resource should
also be associated to the Version resource.
See 'currentVersion' section in the module README for more details.
The property to classify
whether the property should be associated to the version or not.
StaticfromImport a lambda function into the CDK using its ARN.
For Function.addPermissions() to work on this imported lambda, make sure that is
in the same account and region as the stack you are importing it into.
StaticfromCreates a Lambda function object which represents a function not defined within this stack.
For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true
if this imported lambda is in the same account and region as the stack you are importing it into.
The parent construct
The name of the lambda construct
the attributes of the function to import
StaticfromStaticisChecks if x is a construct.
Use this method instead of instanceof to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct in each copy of the constructs library
is seen as a different class, and an instance of one class will not test as
instanceof the other class. npm install will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof will behave
unpredictably. It is safest to avoid using instanceof, and using
this type-testing method instead.
Any object
true if x is an object created from a class which extends Construct.
StaticisStaticisStaticmetricStaticmetricStaticmetricStaticmetricStaticmetricStaticmetricStaticmetric
Construct which creates a Lambda function.
This Lambda relies on the code artifact residing in a standard location in S3. For more details on the bucket used, see [[
GuDistributionBucketParameter]]. By default, the path used will be<stack>/<stage>/<app</<fileName>. If required, e.g. if you are sharing lambda code across apps or accounts, override the source bucket using thebucketNamePathprop.The default memory size of this Lambda will vary depending on the runtime chosen. For Java runtimes (i.e. resource hungry Scala Lambdas!), 1024MB will be used. For all other runtimes, the memory size defaults to 512MB. This can be overridden via the
memorySizeprop.By default, the timeout for this Lambda is 30 seconds. This can be overridden via the
timeoutprop.By default the Lambda is granted permission to read from the SSM parameter store subtree specific to this Lambda (i.e. it can read all keys under
/<stage>/<stack>/<app>/). If you need to add additional permissions, you can useaddToRolePolicy.The Lambda has
STACK,STAGEandAPPenvironment variables which can be used to determine its identity.Note that this construct creates a Lambda without an event source. Depending on your use-case, you may wish to consider using a pattern which instantiates a Lambda with an event source e.g. [[
GuScheduledLambda]].