Optional
Readonly
adotSpecify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation
Optional
Readonly
allowWhether to allow the Lambda to send all ipv6 network traffic
If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.
Do not specify this property if the securityGroups
or securityGroup
property is set.
Instead, configure allowAllIpv6Outbound
directly on the security group.
Optional
Readonly
allowWhether to allow the Lambda to send all network traffic (except ipv6)
If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets.
Do not specify this property if the securityGroups
or securityGroup
property is set.
Instead, configure allowAllOutbound
directly on the security group.
Optional
Readonly
allowLambda Functions in a public subnet can NOT access the internet. Use this property to acknowledge this limitation and still place the function in a public subnet.
Optional
Readonly
applicationSets the application log level for the function.
Optional
Readonly
applicationSets the application log level for the function.
Optional
Readonly
architectureThe system architectures compatible with this lambda function.
Optional
bucketSSM parameter for the S3 bucket that contains your lambda file.
Typically you should not override this but you may need to if, for example, you are referencing a file that is shared across many apps and/or AWS accounts.
Optional
Readonly
codeCode signing config associated with this function
Optional
Readonly
currentOptions for the lambda.Version
resource automatically created by the
fn.currentVersion
method.
Optional
Readonly
deadThe SQS queue to use if DLQ is enabled.
If SNS topic is desired, specify deadLetterTopic
property instead.
Optional
Readonly
deadEnabled DLQ. If deadLetterQueue
is undefined,
an SQS queue with default options will be defined for your Function.
Optional
Readonly
deadThe SNS topic to use as a DLQ.
Note that if deadLetterQueueEnabled
is set to true
, an SQS queue will be created
rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.
Optional
Readonly
descriptionA description of the function.
Optional
enableCreate a new Lambda version and alias. This is only necessary if you want to use features which rely on versioning (e.g. SnapStart or Provisioned Concurrency).
If you enable versioning you must ensure that your Lambda function is updated whenever a new build is deployed via
CloudFormation. The simplest way to do this is to include the build number in the fileName
prop.
Optional
Readonly
environmentKey-value pairs that Lambda caches and makes available for your Lambda functions. Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code.
Optional
Readonly
environmentThe AWS KMS key that's used to encrypt your function's environment variables.
Optional
Readonly
ephemeralThe size of the function’s /tmp directory in MiB.
Optional
Readonly
eventsEvent sources for this function.
You can also add event sources using addEventSource
.
Optional
existingThe filename for an executable package within the bucket [[GuDistributionBucketParameter
]].
We'll look for fileName
on the path "bucket/stack/stage/app/
Optional
Readonly
filesystemThe filesystem configuration for the lambda function
Optional
Readonly
functionA name for the function.
Readonly
handlerThe name of the method within your code that Lambda calls to execute your function. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html.
Use Handler.FROM_IMAGE
when defining a function from a Docker image.
NOTE: If you specify your source code as inline text by specifying the ZipFile property within the Code property, specify index.function_name as the handler.
Optional
Readonly
initialInitial policy statements to add to the created Lambda Role.
You can call addToRolePolicy
to the created lambda to add statements post creation.
Optional
Readonly
insightsSpecify the version of CloudWatch Lambda insights to use for monitoring
Optional
Readonly
ipv6Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
Only used if 'vpc' is supplied.
Optional
kinesisOptional
Readonly
layersA list of layers to add to the function's execution environment. You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions.
Optional
Readonly
logSets the logFormat for the function.
Optional
Readonly
loggingSets the loggingFormat for the function.
Optional
Readonly
logThe log group the function sends logs to.
By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.
Use the logGroup
property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.
Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.
Optional
Readonly
logThe number of days log events are kept in CloudWatch Logs. When updating
this property, unsetting it doesn't remove the log retention policy. To
remove the retention policy, set the value to INFINITE
.
This is a legacy API and we strongly recommend you move away from it if you can.
Instead create a fully customizable log group with logs.LogGroup
and use the logGroup
property
to instruct the Lambda function to send logs to it.
Migrating from logRetention
to logGroup
will cause the name of the log group to change.
Users and code and referencing the name verbatim will have to adjust.
In AWS CDK code, you can access the log group name directly from the LogGroup construct:
import * as logs from 'aws-cdk-lib/aws-logs';
declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;
Optional
Readonly
logWhen log retention is specified, a custom resource attempts to create the CloudWatch log group. These options control the retry policy when interacting with CloudWatch APIs.
This is a legacy API and we strongly recommend you migrate to logGroup
if you can.
logGroup
allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.
Optional
Readonly
logThe IAM role for the Lambda function associated with the custom resource that sets the retention policy.
This is a legacy API and we strongly recommend you migrate to logGroup
if you can.
logGroup
allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.
Optional
Readonly
maxThe maximum age of a request that Lambda sends to a function for processing.
Minimum: 60 seconds Maximum: 6 hours
Optional
Readonly
memoryThe amount of memory, in MB, that is allocated to your Lambda function. Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide.
Optional
Readonly
onThe destination for failed invocations.
Optional
Readonly
onThe destination for successful invocations.
Optional
Readonly
paramsSpecify the configuration of Parameters and Secrets Extension
Optional
processingOptional
Readonly
profilingEnable profiling.
Optional
Readonly
profilingProfiling Group.
Optional
Readonly
recursiveSets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops.
Optional
Readonly
reservedThe maximum of concurrent executions you want to reserve for the function.
Optional
Readonly
retryThe maximum number of times to retry when the function returns an error.
Minimum: 0 Maximum: 2
Optional
Readonly
roleLambda execution role.
This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.
The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.
The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".
Readonly
runtimeThe runtime environment for the Lambda function that you are uploading. For valid values, see the Runtime property in the AWS Lambda Developer Guide.
Use Runtime.FROM_IMAGE
when defining a function from a Docker image.
Optional
Readonly
runtimeSets the runtime management configuration for a function's version.
Optional
Readonly
securityThe list of security groups to associate with the Lambda's network interfaces.
Only used if 'vpc' is supplied.
Optional
Readonly
snapEnable SnapStart for Lambda Function. SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime
Optional
Readonly
systemSets the system log level for the function.
Optional
Readonly
systemSets the system log level for the function.
Optional
throttlingAlarm if throttling occurs. Note, it is also worth considering a
concurrency limit (the reservedConcurrentExecutions
prop) if you are
concerned about throttling.
Optional
Readonly
timeoutThe function execution time (in seconds) after which Lambda terminates the function. Because the execution time affects cost, set this value based on the function's expected execution time.
Optional
Readonly
tracingEnable AWS X-Ray Tracing for Lambda Function.
Optional
Readonly
vpcVPC network to place Lambda network interfaces
Specify this if the Lambda function needs to access resources in a VPC.
This is required when vpcSubnets
is specified.
Optional
Readonly
vpcWhere to place the network interfaces within the VPC.
This requires vpc
to be specified in order for interfaces to actually be
placed in the subnets. If vpc
is not specify, this will raise an error.
Note: Internet access for Lambda Functions requires a NAT Gateway, so picking
public subnets is not allowed (unless allowPublicSubnet
is set to true
).
Optional
withoutSet to true
this informs consumers of this function that upload is
managed elsewhere by DevX.
This is used by RiffRaffYamlFileExperimental to skip generating an uploadLambda step.
Optional
withoutSet to true
to use the filename without the stage/stack/app prefix.
Typically you should not override this but you may need to if, for example, you are referencing a file that is shared across many apps and/or AWS accounts.
Configuration options for the [[
GuKinesisLambda
]] pattern.For all lambda function configuration options, see [[
GuFunctionProps
]].The
existingKinesisStream
property can be used to reference a Kinesis stream which has been created outside of this pattern (i.e. via CloudFormation, or via a differentcdk
pattern, or stack). For more details see [[ExistingKinesisStream
]].If you have specific stream configuration requirements (e.g. data retention period), these can be set via
kinesisStreamProps
.If you need to override the default stream processing options (e.g. batch size and parallelization), pass [[
StreamProcessingProps
]] viaprocessingProps
.You must provide
errorHandlingConfiguration
to this pattern. Retry conditions can be configured via [[StreamErrorHandlingProps
]].It is advisable to configure an alarm based on the lambda's error percentage. To do this, add the
monitoringConfiguration
property. The required properties for this are:Other alarm properties (e.g. alarm name and description) will be pre-populated with sensible defaults. For a full list of optional properties, see [[
GuLambdaErrorPercentageMonitoringProps
]].If your team do not use CloudWatch, it's possible to opt-out with the following configuration: