tessl/golang-github-com-pulumi-pulumi-aws-sdk-v7
A Pulumi provider SDK for creating and managing Amazon Web Services (AWS) cloud resources in Go, providing strongly-typed resource classes and data sources for all major AWS services.
lambda.mddocs/reference/compute/
AWS Lambda
Import
import "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"Overview
The lambda package provides resources and data sources for managing AWS Lambda functions, aliases, event source mappings, permissions, and layers. Lambda lets you run code without provisioning or managing servers.
Available Resources:
Function— Lambda functionAlias— Lambda function aliasPermission— Lambda resource-based policy statementEventSourceMapping— Connects a Lambda function to an event sourceLayerVersion— Lambda layer versionFunctionUrl— Lambda function URLFunctionEventInvokeConfig— Asynchronous invocation configurationProvisionedConcurrencyConfig— Provisioned concurrency configurationCodeSigningConfig— Code signing configurationLayerVersionPermission— Layer version permissionInvocation— Lambda function invocation (data source or resource)RuntimeManagementConfig— Runtime management configurationFunctionRecursionConfig— Recursive loop detection configurationCapacityProvider— Lambda capacity provider
Function
Manages an AWS Lambda function. Lambda functions execute code in response to triggers from supported AWS services or direct invocations.
func NewFunction(ctx *pulumi.Context, name string, args *FunctionArgs, opts ...pulumi.ResourceOption) (*Function, error)func GetFunction(ctx *pulumi.Context, name string, id pulumi.IDInput, state *FunctionState, opts ...pulumi.ResourceOption) (*Function, error)FunctionArgs
type FunctionArgs struct {
// Instruction set architecture. Valid values: ["x86_64"], ["arm64"].
// Default: ["x86_64"].
Architectures pulumi.StringArrayInput
// Configuration block for Lambda Capacity Provider.
CapacityProviderConfig FunctionCapacityProviderConfigPtrInput
// Path to the deployment package (.zip file) on the local filesystem.
// Conflicts with ImageUri and S3Bucket.
// One of Code, ImageUri, or S3Bucket must be specified.
Code pulumi.ArchiveInput
// Base64-encoded SHA-256 hash of the package file.
// Use to trigger updates when source code changes.
CodeSha256 pulumi.StringPtrInput
// ARN of a code-signing configuration to enable code signing.
CodeSigningConfigArn pulumi.StringPtrInput
// Configuration block for dead letter queue destination.
DeadLetterConfig FunctionDeadLetterConfigPtrInput
// Description of what the Lambda function does.
Description pulumi.StringPtrInput
// Configuration block for durable function settings.
// Only available in limited regions (currently us-east-2).
DurableConfig FunctionDurableConfigPtrInput
// Configuration block for environment variables.
Environment FunctionEnvironmentPtrInput
// Amount of ephemeral storage (/tmp) to allocate.
// Valid range: 512 MB to 10,240 MB (10 GB).
EphemeralStorage FunctionEphemeralStoragePtrInput
// Configuration block for EFS file system.
FileSystemConfig FunctionFileSystemConfigPtrInput
// Function entry point in your code (e.g., "main.handler", "index.handler").
// Required if PackageType is "Zip".
Handler pulumi.StringPtrInput
// Container image configuration values. Used with Image package type.
ImageConfig FunctionImageConfigPtrInput
// ECR image URI for the function's deployment package.
// Conflicts with Code and S3Bucket.
// One of Code, ImageUri, or S3Bucket must be specified.
ImageUri pulumi.StringPtrInput
// ARN of the KMS key used to encrypt environment variables.
KmsKeyArn pulumi.StringPtrInput
// List of Lambda Layer Version ARNs to attach (maximum 5).
Layers pulumi.StringArrayInput
// Configuration block for advanced logging settings.
LoggingConfig FunctionLoggingConfigPtrInput
// Amount of memory in MB. Valid range: 128 MB to 10,240 MB, in 1 MB increments.
// Default: 128.
MemorySize pulumi.IntPtrInput
// Unique name for the Lambda function.
// If omitted, Pulumi generates a unique name.
Name pulumi.StringPtrInput
// Deployment package type. Valid values: "Zip", "Image".
// Default: "Zip".
PackageType pulumi.StringPtrInput
// Whether to publish creation/change as a new Lambda function version.
// Default: false.
Publish pulumi.BoolPtrInput
// Whether to publish to an alias or version number.
// Omit for regular version publishing. Option: "LATEST_PUBLISHED".
PublishTo pulumi.StringPtrInput
// Region where the function will be managed.
// Defaults to the provider region.
Region pulumi.StringPtrInput
// Whether to replace security groups on the VPC configuration prior to destruction.
// Default: false.
ReplaceSecurityGroupsOnDestroy pulumi.BoolPtrInput
// Security group IDs to assign prior to destruction.
// Required if ReplaceSecurityGroupsOnDestroy is true.
ReplacementSecurityGroupIds pulumi.StringArrayInput
// Reserved concurrent executions for this function.
// 0 disables the function. -1 removes concurrency limitations.
// Default: -1 (unreserved).
ReservedConcurrentExecutions pulumi.IntPtrInput
// Required. ARN of the function's execution role.
// The role provides the function's identity and access to AWS services.
Role pulumi.StringInput
// Runtime identifier. Required if PackageType is "Zip".
// Use the Runtime* constants (e.g., lambda.RuntimePython3d12).
Runtime pulumi.StringPtrInput
// S3 bucket containing the function's deployment package.
// Conflicts with Code and ImageUri.
// One of Code, ImageUri, or S3Bucket must be specified.
S3Bucket pulumi.StringPtrInput
// S3 key of the object containing the deployment package.
// Required if S3Bucket is set.
S3Key pulumi.StringPtrInput
// Object version containing the deployment package.
// Conflicts with Code and ImageUri.
S3ObjectVersion pulumi.StringPtrInput
// Whether to retain the old version of a previously deployed function.
// Default: false.
SkipDestroy pulumi.BoolPtrInput
// Configuration block for SnapStart settings.
// Only supported for Java 11+ runtimes.
SnapStart FunctionSnapStartPtrInput
// User-defined hash of the source code package file.
// Use to trigger updates when local source code changes.
SourceCodeHash pulumi.StringPtrInput
// ARN of the KMS key used to encrypt the .zip deployment package.
// Conflicts with ImageUri.
SourceKmsKeyArn pulumi.StringPtrInput
// Key-value map of tags for the function.
Tags pulumi.StringMapInput
// Configuration block for tenancy settings.
TenancyConfig FunctionTenancyConfigPtrInput
// Function execution time limit in seconds.
// Valid range: 1 to 900. Default: 3.
Timeout pulumi.IntPtrInput
// Configuration block for AWS X-Ray tracing.
TracingConfig FunctionTracingConfigPtrInput
// Configuration block for VPC networking.
VpcConfig FunctionVpcConfigPtrInput
}Function Output Fields
type Function struct {
pulumi.CustomResourceState
// Instruction set architectures for the function.
Architectures pulumi.StringArrayOutput
// ARN identifying the Lambda function.
Arn pulumi.StringOutput
// Base64-encoded SHA-256 hash of the deployment package.
CodeSha256 pulumi.StringOutput
// ARN of the code-signing configuration.
CodeSigningConfigArn pulumi.StringPtrOutput
// Description of the function.
Description pulumi.StringPtrOutput
// Function entry point (handler).
Handler pulumi.StringPtrOutput
// ARN to use for invoking the function from API Gateway.
InvokeArn pulumi.StringOutput
// KMS key ARN used for environment variable encryption.
KmsKeyArn pulumi.StringPtrOutput
// Date the function was last modified.
LastModified pulumi.StringOutput
// ARNs of attached Lambda layers.
Layers pulumi.StringArrayOutput
// Memory allocation in MB.
MemorySize pulumi.IntPtrOutput
// Function name.
Name pulumi.StringOutput
// Package type ("Zip" or "Image").
PackageType pulumi.StringPtrOutput
// Whether versioning is enabled.
Publish pulumi.BoolPtrOutput
// ARN identifying the function's qualified version.
QualifiedArn pulumi.StringOutput
// Qualified ARN for invoking from API Gateway (includes version).
QualifiedInvokeArn pulumi.StringOutput
// Region the function is managed in.
Region pulumi.StringOutput
// Reserved concurrent executions.
ReservedConcurrentExecutions pulumi.IntPtrOutput
// ARN of the function's execution role.
Role pulumi.StringOutput
// Runtime identifier.
Runtime pulumi.StringPtrOutput
// Signing job ARN (for code-signed functions).
SigningJobArn pulumi.StringOutput
// Signing profile version ARN.
SigningProfileVersionArn pulumi.StringOutput
// Size in bytes of the deployment package.
SourceCodeSize pulumi.IntOutput
// Tags applied to the function.
Tags pulumi.StringMapOutput
// All tags including provider default tags.
TagsAll pulumi.StringMapOutput
// Timeout in seconds.
Timeout pulumi.IntPtrOutput
// Latest published version number.
Version pulumi.StringOutput
}Supporting Configuration Types
type FunctionEnvironmentArgs struct {
// Map of environment variables available during execution.
Variables pulumi.StringMapInput
}type FunctionDeadLetterConfigArgs struct {
// Required. ARN of the SNS topic or SQS queue to notify on invocation failure.
TargetArn pulumi.StringInput
}type FunctionVpcConfigArgs struct {
// Allow outbound IPv6 traffic for functions connected to dual-stack subnets.
// Default: false.
Ipv6AllowedForDualStack pulumi.BoolPtrInput
// List of security group IDs for the function's VPC configuration.
SecurityGroupIds pulumi.StringArrayInput
// List of subnet IDs for the function's VPC configuration.
SubnetIds pulumi.StringArrayInput
// ID of the VPC.
VpcId pulumi.StringPtrInput
}type FunctionTracingConfigArgs struct {
// X-Ray tracing mode. Valid values: "Active", "PassThrough".
Mode pulumi.StringInput
}type FunctionLoggingConfigArgs struct {
// Detail level of application logs.
// Valid values: "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL".
ApplicationLogLevel pulumi.StringPtrInput
// Log format. Valid values: "Text", "JSON".
LogFormat pulumi.StringInput
// CloudWatch log group where logs are sent.
// Defaults to /aws/lambda/<function-name>.
LogGroup pulumi.StringPtrInput
// Detail level of Lambda platform logs.
// Valid values: "DEBUG", "INFO", "WARN".
SystemLogLevel pulumi.StringPtrInput
}type FunctionEphemeralStorageArgs struct {
// Ephemeral storage size in MB. Valid range: 512 to 10240. Default: 512.
Size pulumi.IntPtrInput
}type FunctionSnapStartArgs struct {
// When to apply snap start optimization.
// Valid value: "PublishedVersions". Only supported for Java 11+ runtimes.
ApplyOn pulumi.StringInput
// Optimization status. Valid values: "On", "Off".
OptimizationStatus pulumi.StringPtrInput
}Runtime Constants
The following Runtime constants are available for the Runtime field:
const (
// Supported runtimes
RuntimeDotnet8 = Runtime("dotnet8")
RuntimeDotnet6 = Runtime("dotnet6")
RuntimeJava21 = Runtime("java21")
RuntimeJava17 = Runtime("java17")
RuntimeJava11 = Runtime("java11")
RuntimeJava8AL2 = Runtime("java8.al2")
RuntimeNodeJS22dX = Runtime("nodejs22.x")
RuntimeNodeJS20dX = Runtime("nodejs20.x")
RuntimeNodeJS18dX = Runtime("nodejs18.x")
RuntimeCustomAL2023 = Runtime("provided.al2023")
RuntimeCustomAL2 = Runtime("provided.al2")
RuntimePython3d13 = Runtime("python3.13")
RuntimePython3d12 = Runtime("python3.12")
RuntimePython3d11 = Runtime("python3.11")
RuntimePython3d10 = Runtime("python3.10")
RuntimePython3d9 = Runtime("python3.9")
RuntimeRuby3d4 = Runtime("ruby3.4")
RuntimeRuby3d3 = Runtime("ruby3.3")
RuntimeRuby3d2 = Runtime("ruby3.2")
)Examples
Basic Zip Function (Python)
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
// Create execution role
assumeRolePolicy, _ := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "lambda.amazonaws.com",
},
},
},
})
role, err := iam.NewRole(ctx, "lambdaRole", &iam.RoleArgs{
Name: pulumi.String("lambda-execution-role"),
AssumeRolePolicy: pulumi.String(string(assumeRolePolicy)),
})
if err != nil {
return err
}
// Attach basic execution policy
_, err = iam.NewRolePolicyAttachment(ctx, "lambdaBasicExecution", &iam.RolePolicyAttachmentArgs{
Role: role.Name,
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"),
})
if err != nil {
return err
}
// Create function
fn, err := lambda.NewFunction(ctx, "myFunction", &lambda.FunctionArgs{
Name: pulumi.String("my-python-function"),
Runtime: pulumi.String(lambda.RuntimePython3d12),
Handler: pulumi.String("index.handler"),
Role: role.Arn,
Code: pulumi.NewFileArchive("function.zip"),
Timeout: pulumi.IntPtr(30),
Environment: &lambda.FunctionEnvironmentArgs{
Variables: pulumi.StringMap{
"LOG_LEVEL": pulumi.String("INFO"),
"STAGE": pulumi.String("production"),
},
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
},
})Container Image Function
fn, err := lambda.NewFunction(ctx, "imageFunction", &lambda.FunctionArgs{
Name: pulumi.String("my-container-function"),
PackageType: pulumi.String("Image"),
ImageUri: pulumi.String("123456789012.dkr.ecr.us-east-1.amazonaws.com/my-repo:latest"),
Role: role.Arn,
Timeout: pulumi.IntPtr(60),
MemorySize: pulumi.IntPtr(512),
})VPC Function with Enhanced Logging
fn, err := lambda.NewFunction(ctx, "vpcFunction", &lambda.FunctionArgs{
Name: pulumi.String("my-vpc-function"),
Runtime: pulumi.String(lambda.RuntimeNodeJS20dX),
Handler: pulumi.String("index.handler"),
Role: role.Arn,
Code: pulumi.NewFileArchive("function.zip"),
VpcConfig: &lambda.FunctionVpcConfigArgs{
SubnetIds: pulumi.StringArray{pulumi.String("subnet-12345"), pulumi.String("subnet-67890")},
SecurityGroupIds: pulumi.StringArray{pulumi.String("sg-abcdef")},
},
LoggingConfig: &lambda.FunctionLoggingConfigArgs{
LogFormat: pulumi.String("JSON"),
ApplicationLogLevel: pulumi.String("INFO"),
SystemLogLevel: pulumi.String("WARN"),
LogGroup: pulumi.String("/aws/lambda/my-vpc-function"),
},
TracingConfig: &lambda.FunctionTracingConfigArgs{
Mode: pulumi.String("Active"),
},
DeadLetterConfig: &lambda.FunctionDeadLetterConfigArgs{
TargetArn: dlqQueue.Arn,
},
})Alias
Manages a Lambda function alias. An alias is a pointer to a specific function version, enabling traffic splitting and blue-green deployments without changing the caller's endpoint.
func NewAlias(ctx *pulumi.Context, name string, args *AliasArgs, opts ...pulumi.ResourceOption) (*Alias, error)func GetAlias(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AliasState, opts ...pulumi.ResourceOption) (*Alias, error)AliasArgs
type AliasArgs struct {
// Description of the alias.
Description pulumi.StringPtrInput
// Required. Name or ARN of the Lambda function.
FunctionName pulumi.StringInput
// Required. Lambda function version the alias points to.
// Pattern: ($LATEST|[0-9]+)
FunctionVersion pulumi.StringInput
// Name for the alias.
// Pattern: (?!^[0-9]+$)([a-zA-Z0-9-_]+)
// If omitted, Pulumi generates a unique name.
Name pulumi.StringPtrInput
// Region where the alias will be managed.
// Defaults to the provider region.
Region pulumi.StringPtrInput
// Traffic routing configuration for weighted deployments.
RoutingConfig AliasRoutingConfigPtrInput
}type AliasRoutingConfigArgs struct {
// Map of additional version ARN to traffic weight (0.0 to 1.0).
// The remaining traffic goes to the version specified in FunctionVersion.
// Example: {"2": 0.1} routes 10% to version 2, 90% to the primary version.
AdditionalVersionWeights pulumi.Float64MapInput
}Alias Output Fields
type Alias struct {
pulumi.CustomResourceState
// ARN identifying the Lambda alias.
Arn pulumi.StringOutput
// Description of the alias.
Description pulumi.StringPtrOutput
// Name or ARN of the Lambda function.
FunctionName pulumi.StringOutput
// Function version the alias points to.
FunctionVersion pulumi.StringOutput
// ARN to use for invoking the function via API Gateway.
InvokeArn pulumi.StringOutput
// Alias name.
Name pulumi.StringOutput
// Region the alias is managed in.
Region pulumi.StringOutput
// Traffic routing configuration.
RoutingConfig AliasRoutingConfigPtrOutput
}Examples
Basic Alias
alias, err := lambda.NewAlias(ctx, "production", &lambda.AliasArgs{
Name: pulumi.String("production"),
Description: pulumi.String("Production environment alias"),
FunctionName: fn.Arn,
FunctionVersion: pulumi.String("5"),
})Alias Pointing to $LATEST
devAlias, err := lambda.NewAlias(ctx, "dev", &lambda.AliasArgs{
Name: pulumi.String("dev"),
Description: pulumi.String("Development alias - always latest"),
FunctionName: fn.Name,
FunctionVersion: pulumi.String("$LATEST"),
})Alias with Traffic Splitting (Canary Deployment)
canaryAlias, err := lambda.NewAlias(ctx, "live", &lambda.AliasArgs{
Name: pulumi.String("live"),
Description: pulumi.String("Live traffic with 5% canary to new version"),
FunctionName: fn.Name,
FunctionVersion: pulumi.String("5"), // 95% of traffic
RoutingConfig: &lambda.AliasRoutingConfigArgs{
AdditionalVersionWeights: pulumi.Float64Map{
"6": pulumi.Float64(0.05), // 5% canary traffic to version 6
},
},
})Permission
Manages a Lambda resource-based policy statement. Use this to grant external AWS services or accounts permission to invoke a Lambda function.
func NewPermission(ctx *pulumi.Context, name string, args *PermissionArgs, opts ...pulumi.ResourceOption) (*Permission, error)func GetPermission(ctx *pulumi.Context, name string, id pulumi.IDInput, state *PermissionState, opts ...pulumi.ResourceOption) (*Permission, error)PermissionArgs
type PermissionArgs struct {
// Required. Lambda action to allow (e.g., "lambda:InvokeFunction", "lambda:InvokeFunctionUrl").
Action pulumi.StringInput
// Event Source Token for Alexa Skills.
EventSourceToken pulumi.StringPtrInput
// Required. Name or ARN of the Lambda function.
Function pulumi.Input
// Function URL authentication type. Valid values: "AWS_IAM", "NONE".
// Only valid with lambda:InvokeFunctionUrl action.
FunctionUrlAuthType pulumi.StringPtrInput
// Whether the permission is for invoking via a Function URL.
// Only valid with lambda:InvokeFunction action.
InvokedViaFunctionUrl pulumi.BoolPtrInput
// Required. AWS service or account that invokes the function.
// Examples: "s3.amazonaws.com", "sns.amazonaws.com", "events.amazonaws.com",
// "apigateway.amazonaws.com", AWS account ID, IAM ARN.
Principal pulumi.StringInput
// AWS Organizations ID to grant permission to all accounts in the organization.
PrincipalOrgId pulumi.StringPtrInput
// Lambda function version or alias name to scope the permission.
Qualifier pulumi.StringPtrInput
// Region where the permission will be managed.
Region pulumi.StringPtrInput
// AWS account ID of the source owner (for cross-account, S3, or SES sources).
SourceAccount pulumi.StringPtrInput
// ARN of the source resource granting permission to invoke the function.
// Prevents the confused deputy problem.
SourceArn pulumi.StringPtrInput
// Statement identifier (unique within the function's policy).
// Generated by Pulumi if not provided.
StatementId pulumi.StringPtrInput
// Statement identifier prefix. Conflicts with StatementId.
StatementIdPrefix pulumi.StringPtrInput
}Examples
Allow EventBridge to Invoke Function
_, err = lambda.NewPermission(ctx, "allowEventBridge", &lambda.PermissionArgs{
StatementId: pulumi.String("AllowExecutionFromEventBridge"),
Action: pulumi.String("lambda:InvokeFunction"),
Function: fn.Name,
Principal: pulumi.String("events.amazonaws.com"),
SourceArn: rule.Arn,
})Allow SNS to Invoke Function
_, err = lambda.NewPermission(ctx, "allowSNS", &lambda.PermissionArgs{
StatementId: pulumi.String("AllowExecutionFromSNS"),
Action: pulumi.String("lambda:InvokeFunction"),
Function: fn.Name,
Principal: pulumi.String("sns.amazonaws.com"),
SourceArn: topic.Arn,
})Allow API Gateway to Invoke Function
_, err = lambda.NewPermission(ctx, "allowAPIGateway", &lambda.PermissionArgs{
StatementId: pulumi.String("AllowExecutionFromAPIGateway"),
Action: pulumi.String("lambda:InvokeFunction"),
Function: fn.Name,
Principal: pulumi.String("apigateway.amazonaws.com"),
SourceArn: api.ExecutionArn.ApplyT(func(arn string) string {
return fmt.Sprintf("%s/*/*", arn)
}).(pulumi.StringOutput),
})Allow S3 to Invoke Function (with SourceAccount for Security)
_, err = lambda.NewPermission(ctx, "allowS3", &lambda.PermissionArgs{
StatementId: pulumi.String("AllowExecutionFromS3"),
Action: pulumi.String("lambda:InvokeFunction"),
Function: fn.Name,
Principal: pulumi.String("s3.amazonaws.com"),
SourceArn: bucket.Arn,
SourceAccount: pulumi.String("123456789012"),
})Permission Scoped to an Alias
_, err = lambda.NewPermission(ctx, "allowEventBridgeOnAlias", &lambda.PermissionArgs{
StatementId: pulumi.String("AllowExecutionFromEventBridge"),
Action: pulumi.String("lambda:InvokeFunction"),
Function: fn.Name,
Principal: pulumi.String("events.amazonaws.com"),
SourceArn: rule.Arn,
Qualifier: productionAlias.Name,
})EventSourceMapping
Manages an AWS Lambda Event Source Mapping. Connects a Lambda function to an event source such as Kinesis, DynamoDB, SQS, Amazon MQ, or MSK.
func NewEventSourceMapping(ctx *pulumi.Context, name string, args *EventSourceMappingArgs, opts ...pulumi.ResourceOption) (*EventSourceMapping, error)func GetEventSourceMapping(ctx *pulumi.Context, name string, id pulumi.IDInput, state *EventSourceMappingState, opts ...pulumi.ResourceOption) (*EventSourceMapping, error)EventSourceMappingArgs
type EventSourceMappingArgs struct {
// Additional configuration for Amazon Managed Kafka (MSK) sources.
// Incompatible with SelfManagedEventSource and SelfManagedKafkaEventSourceConfig.
AmazonManagedKafkaEventSourceConfig EventSourceMappingAmazonManagedKafkaEventSourceConfigPtrInput
// Maximum number of records retrieved per invocation.
// Defaults: 100 for DynamoDB/Kinesis/MQ/MSK, 10 for SQS.
BatchSize pulumi.IntPtrInput
// Split batch in two and retry if the function returns an error.
// Only for stream sources (DynamoDB, Kinesis). Default: false.
BisectBatchOnFunctionError pulumi.BoolPtrInput
// SQS queue, SNS topic, or S3 bucket for failed records (dead letter destination).
// Only for stream sources and Kafka sources.
DestinationConfig EventSourceMappingDestinationConfigPtrInput
// Configuration for DocumentDB change stream event source.
DocumentDbEventSourceConfig EventSourceMappingDocumentDbEventSourceConfigPtrInput
// Whether the mapping is enabled. Default: true.
Enabled pulumi.BoolPtrInput
// ARN of the event source (Kinesis stream, DynamoDB stream, SQS queue,
// MQ broker, MSK cluster, or DocumentDB change stream).
// Required for all sources except Self-managed Kafka.
EventSourceArn pulumi.StringPtrInput
// Event filtering criteria for Kinesis, DynamoDB, and SQS sources.
FilterCriteria EventSourceMappingFilterCriteriaPtrInput
// Required. Name or ARN of the Lambda function subscribing to events.
FunctionName pulumi.StringInput
// Response types for Lambda checkpointing.
// Only for SQS and stream sources. Valid values: "ReportBatchItemFailures".
FunctionResponseTypes pulumi.StringArrayInput
// ARN of the KMS customer managed key for encrypting filter criteria.
KmsKeyArn pulumi.StringPtrInput
// Maximum time to gather records before invoking (0-300 seconds).
// For streaming sources, defaults to as soon as records are available.
// Only for stream sources (DynamoDB, Kinesis) and SQS standard queues.
MaximumBatchingWindowInSeconds pulumi.IntPtrInput
// Maximum age of a record sent to the function.
// Only for stream sources. Must be -1 (forever) or 60-604800 seconds.
MaximumRecordAgeInSeconds pulumi.IntPtrInput
// Maximum retry attempts on function error.
// Only for stream sources. Range: -1 (forever) to 10000.
MaximumRetryAttempts pulumi.IntPtrInput
// CloudWatch metrics configuration.
// Only for stream sources and SQS queues.
MetricsConfig EventSourceMappingMetricsConfigPtrInput
// Number of batches processed concurrently from each shard.
// Only for stream sources (DynamoDB, Kinesis). Range: 1-10.
ParallelizationFactor pulumi.IntPtrInput
// Event poller configuration.
// Only for Amazon MSK and self-managed Apache Kafka sources.
ProvisionedPollerConfig EventSourceMappingProvisionedPollerConfigPtrInput
// Name of the Amazon MQ broker destination queue.
// Only for MQ sources. Must contain exactly one queue name.
Queues pulumi.StringPtrInput
// Region where the mapping will be managed.
Region pulumi.StringPtrInput
// Scaling configuration for SQS queues (sets maximum concurrency).
ScalingConfig EventSourceMappingScalingConfigPtrInput
// Location of the self-managed Kafka cluster.
// Required if using self-managed Kafka. Must also set SourceAccessConfigurations.
SelfManagedEventSource EventSourceMappingSelfManagedEventSourcePtrInput
// Additional configuration for self-managed Kafka sources.
// Incompatible with EventSourceArn and AmazonManagedKafkaEventSourceConfig.
SelfManagedKafkaEventSourceConfig EventSourceMappingSelfManagedKafkaEventSourceConfigPtrInput
// Access configuration for self-managed Kafka sources.
// Required if SelfManagedEventSource is set.
SourceAccessConfigurations EventSourceMappingSourceAccessConfigurationArrayInput
// Starting position in the stream. Required for Kinesis, DynamoDB, MSK, and self-managed Kafka.
// Must not be provided for SQS.
// Valid values: "AT_TIMESTAMP" (Kinesis only), "LATEST", "TRIM_HORIZON".
StartingPosition pulumi.StringPtrInput
// RFC3339 timestamp for AT_TIMESTAMP starting position.
StartingPositionTimestamp pulumi.StringPtrInput
// Tags to assign to the event source mapping.
Tags pulumi.StringMapInput
// Kafka topic names (MSK sources only). Must contain exactly one topic.
Topics pulumi.StringArrayInput
// Duration in seconds of a processing window for streaming analytics.
// Range: 1-900 seconds. Only for stream sources (DynamoDB, Kinesis).
TumblingWindowInSeconds pulumi.IntPtrInput
}Examples
SQS Queue
mapping, err := lambda.NewEventSourceMapping(ctx, "sqsMapping", &lambda.EventSourceMappingArgs{
EventSourceArn: sqsQueue.Arn,
FunctionName: fn.Arn,
BatchSize: pulumi.IntPtr(10),
ScalingConfig: &lambda.EventSourceMappingScalingConfigArgs{
MaximumConcurrency: pulumi.Int(100),
},
FunctionResponseTypes: pulumi.StringArray{
pulumi.String("ReportBatchItemFailures"),
},
})DynamoDB Stream
mapping, err := lambda.NewEventSourceMapping(ctx, "dynamoStream", &lambda.EventSourceMappingArgs{
EventSourceArn: table.StreamArn,
FunctionName: fn.Arn,
StartingPosition: pulumi.String("LATEST"),
BatchSize: pulumi.IntPtr(100),
MaximumBatchingWindowInSeconds: pulumi.IntPtr(5),
BisectBatchOnFunctionError: pulumi.BoolPtr(true),
MaximumRetryAttempts: pulumi.IntPtr(3),
DestinationConfig: &lambda.EventSourceMappingDestinationConfigArgs{
OnFailure: &lambda.EventSourceMappingDestinationConfigOnFailureArgs{
DestinationArn: dlqQueue.Arn,
},
},
})Kinesis Stream
mapping, err := lambda.NewEventSourceMapping(ctx, "kinesisMapping", &lambda.EventSourceMappingArgs{
EventSourceArn: kinesisStream.Arn,
FunctionName: fn.Arn,
StartingPosition: pulumi.String("LATEST"),
BatchSize: pulumi.IntPtr(100),
ParallelizationFactor: pulumi.IntPtr(5),
})Amazon MSK (Managed Kafka)
mapping, err := lambda.NewEventSourceMapping(ctx, "mskMapping", &lambda.EventSourceMappingArgs{
EventSourceArn: mskCluster.Arn,
FunctionName: fn.Arn,
Topics: pulumi.StringArray{pulumi.String("orders")},
StartingPosition: pulumi.String("TRIM_HORIZON"),
BatchSize: pulumi.IntPtr(100),
AmazonManagedKafkaEventSourceConfig: &lambda.EventSourceMappingAmazonManagedKafkaEventSourceConfigArgs{
ConsumerGroupId: pulumi.String("lambda-consumer-group"),
},
})SQS with Event Filtering
filterPattern, _ := json.Marshal(map[string]interface{}{
"body": map[string]interface{}{
"eventType": []string{"ORDER_PLACED"},
"amount": []map[string]interface{}{{"numeric": []interface{}{">", 100}}},
},
})
mapping, err := lambda.NewEventSourceMapping(ctx, "filteredSqs", &lambda.EventSourceMappingArgs{
EventSourceArn: sqsQueue.Arn,
FunctionName: fn.Arn,
FilterCriteria: &lambda.EventSourceMappingFilterCriteriaArgs{
Filters: lambda.EventSourceMappingFilterCriteriaFilterArray{
&lambda.EventSourceMappingFilterCriteriaFilterArgs{
Pattern: pulumi.String(string(filterPattern)),
},
},
},
})LayerVersion
Manages an AWS Lambda Layer Version. Layers allow sharing code, libraries, and dependencies across multiple Lambda functions.
func NewLayerVersion(ctx *pulumi.Context, name string, args *LayerVersionArgs, opts ...pulumi.ResourceOption) (*LayerVersion, error)func GetLayerVersion(ctx *pulumi.Context, name string, id pulumi.IDInput, state *LayerVersionState, opts ...pulumi.ResourceOption) (*LayerVersion, error)LayerVersionArgs
type LayerVersionArgs struct {
// Path to the deployment package (.zip file) on the local filesystem.
// Conflicts with S3Bucket. One of Code or S3Bucket must be specified.
Code pulumi.ArchiveInput
// List of architectures this layer is compatible with.
// Valid values: "x86_64", "arm64".
CompatibleArchitectures pulumi.StringArrayInput
// List of runtimes this layer is compatible with (maximum 15).
// Use the same runtime identifier strings as for functions.
CompatibleRuntimes pulumi.StringArrayInput
// Description of the layer.
Description pulumi.StringPtrInput
// Required. Unique name for the Lambda layer.
LayerName pulumi.StringInput
// License information for the layer.
// See https://docs.aws.amazon.com/lambda/latest/dg/API_PublishLayerVersion.html#SSS-PublishLayerVersion-request-LicenseInfo
LicenseInfo pulumi.StringPtrInput
// Region where the layer will be managed.
Region pulumi.StringPtrInput
// S3 bucket containing the layer deployment package.
// Conflicts with Code. Must be in the same region as the layer.
S3Bucket pulumi.StringPtrInput
// S3 key of the object containing the deployment package.
// Required if S3Bucket is set.
S3Key pulumi.StringPtrInput
// Object version of the deployment package.
// Conflicts with Code.
S3ObjectVersion pulumi.StringPtrInput
// Whether to retain the old layer version on updates.
// Default: false.
// When false, changing any of the deployment or metadata fields forces
// deletion of the existing version and creation of a new version.
SkipDestroy pulumi.BoolPtrInput
// Base64-encoded SHA256 hash of the package file.
// Set to filebase64sha256("file.zip") or base64sha256(file("file.zip"))
// to trigger updates when source code changes.
SourceCodeHash pulumi.StringPtrInput
}LayerVersion Output Fields
type LayerVersion struct {
pulumi.CustomResourceState
// Full ARN of the layer with version suffix.
// e.g., "arn:aws:lambda:us-east-1:123456789012:layer:my-layer:5"
Arn pulumi.StringOutput
// Base64-encoded SHA-256 hash of the zip file.
CodeSha256 pulumi.StringOutput
// Compatible architectures.
CompatibleArchitectures pulumi.StringArrayOutput
// Compatible runtimes.
CompatibleRuntimes pulumi.StringArrayOutput
// Date the layer version was created.
CreatedDate pulumi.StringOutput
// Description of the layer.
Description pulumi.StringPtrOutput
// ARN of the layer without the version suffix.
LayerArn pulumi.StringOutput
// Name of the layer.
LayerName pulumi.StringOutput
// License information.
LicenseInfo pulumi.StringPtrOutput
// Region the layer is managed in.
Region pulumi.StringOutput
// ARN of signing job (for code-signed layers).
SigningJobArn pulumi.StringOutput
// ARN of the signing profile version.
SigningProfileVersionArn pulumi.StringOutput
// Source code size in bytes.
SourceCodeSize pulumi.IntOutput
// Layer version number.
Version pulumi.StringOutput
}Examples
Basic Layer from Local File
layer, err := lambda.NewLayerVersion(ctx, "sharedUtils", &lambda.LayerVersionArgs{
LayerName: pulumi.String("shared-utilities"),
Code: pulumi.NewFileArchive("layer.zip"),
Description: pulumi.String("Shared utility libraries"),
CompatibleRuntimes: pulumi.StringArray{
pulumi.String("python3.12"),
pulumi.String("python3.11"),
},
CompatibleArchitectures: pulumi.StringArray{
pulumi.String("x86_64"),
pulumi.String("arm64"),
},
LicenseInfo: pulumi.String("MIT"),
})Layer from S3
layer, err := lambda.NewLayerVersion(ctx, "dependencyLayer", &lambda.LayerVersionArgs{
LayerName: pulumi.String("node-dependencies"),
S3Bucket: layerBucket.Bucket,
S3Key: layerObject.Key,
CompatibleRuntimes: pulumi.StringArray{
pulumi.String("nodejs20.x"),
pulumi.String("nodejs22.x"),
},
})Attach Layer to a Function
fn, err := lambda.NewFunction(ctx, "myFunction", &lambda.FunctionArgs{
Name: pulumi.String("my-function"),
Runtime: pulumi.String(lambda.RuntimePython3d12),
Handler: pulumi.String("index.handler"),
Role: role.Arn,
Code: pulumi.NewFileArchive("function.zip"),
Layers: pulumi.StringArray{
layer.Arn,
},
})Additional Resources
FunctionUrl
Creates a Lambda function URL, providing a dedicated HTTP(S) endpoint for the function.
func NewFunctionUrl(ctx *pulumi.Context, name string, args *FunctionUrlArgs, opts ...pulumi.ResourceOption) (*FunctionUrl, error)Key FunctionUrlArgs fields:
FunctionName pulumi.StringInput— Required. Name or ARN of the function.AuthorizationType pulumi.StringInput— Required. Authentication type:"AWS_IAM"or"NONE".Cors FunctionUrlCorsPtrInput— CORS configuration.InvokeMode pulumi.StringPtrInput—"BUFFERED"(default) or"RESPONSE_STREAM".Qualifier pulumi.StringPtrInput— Alias or version to create the URL for.
FunctionEventInvokeConfig
Configures how Lambda handles asynchronous invocations (retries, destinations).
func NewFunctionEventInvokeConfig(ctx *pulumi.Context, name string, args *FunctionEventInvokeConfigArgs, opts ...pulumi.ResourceOption) (*FunctionEventInvokeConfig, error)Key FunctionEventInvokeConfigArgs fields:
FunctionName pulumi.StringInput— Required. Function name or ARN.MaximumEventAgeInSeconds pulumi.IntPtrInput— Maximum event age (60-21600 seconds).MaximumRetryAttempts pulumi.IntPtrInput— Retry attempts on failure (0-2).DestinationConfig FunctionEventInvokeConfigDestinationConfigPtrInput— On-success and on-failure destinations.Qualifier pulumi.StringPtrInput— Alias or version.
ProvisionedConcurrencyConfig
Manages pre-initialized execution environments for a Lambda alias or version.
func NewProvisionedConcurrencyConfig(ctx *pulumi.Context, name string, args *ProvisionedConcurrencyConfigArgs, opts ...pulumi.ResourceOption) (*ProvisionedConcurrencyConfig, error)Key ProvisionedConcurrencyConfigArgs fields:
FunctionName pulumi.StringInput— Required. Function name or ARN.Qualifier pulumi.StringInput— Required. Alias or version.ProvisionedConcurrentExecutions pulumi.IntInput— Required. Number of pre-initialized environments.SkipDestroy pulumi.BoolPtrInput— Retain provisioned concurrency on destroy.
Install with Tessl CLI
npx tessl i tessl/golang-github-com-pulumi-pulumi-aws-sdk-v7@7.16.1docs