AWS compute services provide scalable computing capacity in the cloud. This includes serverless functions (Lambda), virtual machines (EC2), containers (ECS/EKS), and auto-scaling capabilities.
Serverless compute service for running code in response to events without provisioning servers.
/**
* AWS Lambda function construct
*/
class Function extends Resource implements IFunction {
constructor(scope: Construct, id: string, props: FunctionProps);
/**
* Grant invoke permissions to the given identity
*/
grantInvoke(identity: IGrantable): Grant;
/**
* Grant invoke permissions via function URL to the given identity
*/
grantInvokeUrl(identity: IGrantable): Grant;
/**
* Add an environment variable to this function
*/
addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function;
/**
* Add an event source that triggers this function
*/
addEventSource(source: IEventSource): void;
/**
* Add a lambda layer to this function
*/
addLayers(...layers: ILayerVersion[]): void;
/**
* Configure a resource policy for this function
*/
addPermission(id: string, permission: Permission): void;
/**
* Configures options for asynchronous invocation
*/
configureAsyncInvoke(options: EventInvokeConfigOptions): void;
readonly functionArn: string;
readonly functionName: string;
readonly grantPrincipal: IPrincipal;
readonly isBoundToVpc: boolean;
readonly latestVersion: IVersion;
readonly permissionsNode: ConstructNode;
readonly role?: IRole;
readonly timeout?: Duration;
}
/**
* Lambda runtime versions
*/
class Runtime {
static readonly NODEJS_14_X: Runtime;
static readonly NODEJS_16_X: Runtime;
static readonly NODEJS_18_X: Runtime;
static readonly NODEJS_20_X: Runtime;
static readonly NODEJS_22_X: Runtime;
static readonly NODEJS_LATEST: Runtime;
static readonly PYTHON_3_8: Runtime;
static readonly PYTHON_3_9: Runtime;
static readonly PYTHON_3_10: Runtime;
static readonly PYTHON_3_11: Runtime;
static readonly PYTHON_3_12: Runtime;
static readonly JAVA_8: Runtime;
static readonly JAVA_8_CORRETTO: Runtime;
static readonly JAVA_11: Runtime;
static readonly JAVA_17: Runtime;
static readonly JAVA_21: Runtime;
static readonly DOTNET_6: Runtime;
static readonly DOTNET_8: Runtime;
static readonly GO_1_X: Runtime;
static readonly PROVIDED: Runtime;
static readonly PROVIDED_AL2: Runtime;
static readonly PROVIDED_AL2023: Runtime;
readonly name: string;
readonly family: RuntimeFamily;
readonly supportsInlineCode: boolean;
readonly supportsCodeGuruProfiling: boolean;
readonly bundlingImage: DockerImage;
}
/**
* Function source code options
*/
class Code {
/**
* Loads function code from a local file
*/
static fromAsset(path: string, options?: AssetOptions): AssetCode;
/**
* Create an ECR image from the specified asset
*/
static fromAssetImage(directory: string, props?: AssetImageCodeProps): AssetImageCode;
/**
* Loads function code from an S3 bucket
*/
static fromBucket(bucket: IBucket, key: string, objectVersion?: string): S3Code;
/**
* Create an ECR image from the specified repository
*/
static fromEcrImage(repository: IRepository, props?: EcrImageCodeProps): EcrImageCode;
/**
* Inline code for simple functions
*/
static fromInline(code: string): InlineCode;
/**
* Determines whether this Code is inline code or not
*/
readonly isInline: boolean;
/**
* Called when the lambda or layer is initialized to allow this object to bind to the stack
*/
abstract bind(scope: Construct): CodeConfig;
}
/**
* Lambda layer version
*/
class LayerVersion extends Resource implements ILayerVersion {
constructor(scope: Construct, id: string, props: LayerVersionProps);
/**
* Import a layer version by ARN
*/
static fromLayerVersionArn(scope: Construct, id: string, layerVersionArn: string): ILayerVersion;
/**
* Import a layer version by attributes
*/
static fromLayerVersionAttributes(scope: Construct, id: string, attrs: LayerVersionAttributes): ILayerVersion;
/**
* Add permission to use this layer version
*/
addPermission(id: string, permission: LayerVersionPermission): void;
readonly layerVersionArn: string;
readonly compatibleRuntimes?: Runtime[];
}Usage Examples:
import { Function, Runtime, Code, LayerVersion } from "aws-cdk-lib/aws-lambda";
import { Duration } from "aws-cdk-lib";
// Simple Lambda function
const simpleFunction = new Function(this, "SimpleFunction", {
runtime: Runtime.NODEJS_18_X,
handler: "index.handler",
code: Code.fromInline(`
exports.handler = async function(event) {
console.log("Hello from Lambda!");
return { statusCode: 200, body: "Success" };
};
`),
timeout: Duration.seconds(30),
});
// Function from S3
const s3Function = new Function(this, "S3Function", {
runtime: Runtime.PYTHON_3_11,
handler: "main.handler",
code: Code.fromBucket(myBucket, "lambda-code.zip"),
environment: {
TABLE_NAME: myTable.tableName,
},
});
// Function with layers
const layer = new LayerVersion(this, "MyLayer", {
code: Code.fromAsset("lambda-layer"),
compatibleRuntimes: [Runtime.NODEJS_18_X],
});
const functionWithLayer = new Function(this, "FunctionWithLayer", {
runtime: Runtime.NODEJS_18_X,
handler: "index.handler",
code: Code.fromAsset("lambda-code"),
layers: [layer],
});Virtual Private Cloud (VPC) provides isolated cloud resources with configurable network settings.
/**
* Define a VPC with subnets, gateways, and routing
*/
class Vpc extends Resource implements IVpc {
constructor(scope: Construct, id: string, props?: VpcProps);
/**
* Import an existing VPC by ID
*/
static fromLookup(scope: Construct, id: string, options: VpcLookupOptions): IVpc;
/**
* Import a VPC by attributes
*/
static fromVpcAttributes(scope: Construct, id: string, attrs: VpcAttributes): IVpc;
/**
* Add a VPC endpoint for a service
*/
addVpcEndpoint(id: string, options: VpcEndpointOptions): VpcEndpoint;
/**
* Adds a new internet gateway to the VPC
*/
addInternetGateway(id?: string): InternetGateway;
/**
* Adds a new NAT gateway to the VPC
*/
addNatGateway(options?: NatGatewayOptions): NatGateway;
/**
* Enable DNS hostnames support for this VPC
*/
enableDnsHostnames(): void;
/**
* Enable DNS support for this VPC
*/
enableDnsSupport(): void;
readonly vpcId: string;
readonly vpcCidrBlock: string;
readonly vpcArn: string;
readonly availabilityZones: string[];
readonly internetConnectivityEstablished: IDependable;
readonly isolatedSubnets: ISubnet[];
readonly privateSubnets: ISubnet[];
readonly publicSubnets: ISubnet[];
}
/**
* Security group for controlling network access
*/
class SecurityGroup extends Resource implements ISecurityGroup {
constructor(scope: Construct, id: string, props: SecurityGroupProps);
/**
* Import an existing security group by ID
*/
static fromSecurityGroupId(scope: Construct, id: string, securityGroupId: string, options?: SecurityGroupImportOptions): ISecurityGroup;
/**
* Add an ingress rule to this security group
*/
addIngressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void;
/**
* Add an egress rule to this security group
*/
addEgressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void;
readonly securityGroupId: string;
readonly securityGroupVpcId: string;
readonly allowAllOutbound: boolean;
readonly canInlineRule: boolean;
readonly connections: Connections;
}
/**
* EC2 instance construct
*/
class Instance extends Resource implements IInstance {
constructor(scope: Construct, id: string, props: InstanceProps);
/**
* Add the security group to the instance
*/
addSecurityGroup(securityGroup: ISecurityGroup): void;
/**
* Add a user data script to the instance
*/
addUserData(...commands: string[]): void;
readonly instanceId: string;
readonly instanceAvailabilityZone: string;
readonly instancePrivateDnsName: string;
readonly instancePrivateIp: string;
readonly instancePublicDnsName: string;
readonly instancePublicIp: string;
readonly connections: Connections;
readonly grantPrincipal: IPrincipal;
readonly osType: OperatingSystemType;
readonly role: IRole;
readonly userData: UserData;
}Managed container services for running containerized applications.
/**
* ECS cluster for running containerized applications
*/
class Cluster extends Resource implements ICluster {
constructor(scope: Construct, id: string, props?: ClusterProps);
/**
* Import an existing cluster by ARN
*/
static fromClusterArn(scope: Construct, id: string, clusterArn: string): ICluster;
/**
* Add capacity to this cluster
*/
addCapacity(id: string, options: AddCapacityOptions): AutoScalingGroup;
/**
* Add default capacity provider strategy for cluster
*/
addDefaultCapacityProviderStrategy(strategy: CapacityProviderStrategy[]): void;
readonly clusterArn: string;
readonly clusterName: string;
readonly connections: Connections;
readonly hasEc2Capacity: boolean;
readonly defaultCloudMapNamespace?: INamespace;
readonly vpc: IVpc;
}
/**
* ECS task definition for container specifications
*/
class TaskDefinition extends Resource implements ITaskDefinition {
constructor(scope: Construct, id: string, props: TaskDefinitionProps);
/**
* Import an existing task definition by ARN
*/
static fromTaskDefinitionArn(scope: Construct, id: string, taskDefinitionArn: string): ITaskDefinition;
/**
* Add a container to this task definition
*/
addContainer(id: string, props: ContainerDefinitionOptions): ContainerDefinition;
/**
* Add a firelens log router to the task definition
*/
addFirelensLogRouter(id: string, props: FirelensLogRouterDefinitionOptions): FirelensLogRouter;
/**
* Add an inference accelerator to the task definition
*/
addInferenceAccelerator(inferenceAccelerator: InferenceAccelerator): void;
/**
* Add a placement constraint to the task definition
*/
addPlacementConstraint(constraint: PlacementConstraint): void;
/**
* Add a volume to the task definition
*/
addVolume(volume: Volume): void;
readonly compatibility: Compatibility;
readonly taskDefinitionArn: string;
readonly taskRole: IRole;
readonly executionRole?: IRole;
readonly family: string;
readonly networkMode: NetworkMode;
readonly revision: number;
}
/**
* EKS cluster for Kubernetes workloads
*/
class Cluster extends Resource implements ICluster {
constructor(scope: Construct, id: string, props?: ClusterProps);
/**
* Import an existing cluster by name
*/
static fromClusterAttributes(scope: Construct, id: string, attrs: ClusterAttributes): ICluster;
/**
* Add managed node group to the cluster
*/
addNodegroupCapacity(id: string, options?: NodegroupOptions): Nodegroup;
/**
* Add Fargate profile to the cluster
*/
addFargateProfile(id: string, options: FargateProfileOptions): FargateProfile;
/**
* Apply a Kubernetes manifest to this cluster
*/
addManifest(id: string, ...manifest: { [key: string]: any }[]): KubernetesManifest;
/**
* Add a Helm chart to this cluster
*/
addHelmChart(id: string, options: HelmChartOptions): HelmChart;
readonly clusterArn: string;
readonly clusterCertificateAuthorityData: string;
readonly clusterEncryptionConfigKeyArn: string;
readonly clusterEndpoint: string;
readonly clusterName: string;
readonly clusterSecurityGroupId: string;
readonly connections: Connections;
readonly kubectlEnvironment?: { [key: string]: string };
readonly kubectlLayer?: ILayerVersion;
readonly kubectlMemory?: Size;
readonly kubectlPrivateSubnets?: ISubnet[];
readonly kubectlProvider?: IKubectlProvider;
readonly kubectlRole?: IRole;
readonly kubectlSecurityGroup?: ISecurityGroup;
readonly openIdConnectProvider: IOpenIdConnectProvider;
readonly prune: boolean;
readonly role: IRole;
readonly vpc: IVpc;
}Automatic scaling of compute resources based on demand.
/**
* Auto Scaling Group for EC2 instances
*/
class AutoScalingGroup extends Resource implements IAutoScalingGroup {
constructor(scope: Construct, id: string, props: AutoScalingGroupProps);
/**
* Import an existing Auto Scaling Group by name
*/
static fromAutoScalingGroupName(scope: Construct, id: string, autoScalingGroupName: string): IAutoScalingGroup;
/**
* Add capacity to this Auto Scaling Group
*/
scaleOnCpuUtilization(id: string, props: CpuUtilizationScalingProps): TargetTrackingScalingPolicy;
/**
* Scale based on memory utilization
*/
scaleOnMemoryUtilization(id: string, props: MemoryUtilizationScalingProps): TargetTrackingScalingPolicy;
/**
* Scale based on a custom metric
*/
scaleOnMetric(id: string, props: BasicStepScalingPolicyProps): StepScalingPolicy;
/**
* Scale in response to a schedule
*/
scaleOnSchedule(id: string, props: BasicScheduledActionProps): ScheduledAction;
/**
* Attach to an application load balancer
*/
attachToApplicationTargetGroup(targetGroup: IApplicationTargetGroup): void;
/**
* Attach to a classic load balancer
*/
attachToClassicLB(loadBalancer: LoadBalancer): void;
/**
* Attach to a network load balancer
*/
attachToNetworkTargetGroup(targetGroup: INetworkTargetGroup): void;
readonly autoScalingGroupArn: string;
readonly autoScalingGroupName: string;
readonly connections: Connections;
readonly grantPrincipal: IPrincipal;
readonly osType: OperatingSystemType;
readonly role: IRole;
readonly userData: UserData;
}interface FunctionProps {
readonly code: Code;
readonly handler: string;
readonly runtime: Runtime;
readonly adotInstrumentation?: AdotInstrumentationConfig;
readonly allowAllOutbound?: boolean;
readonly allowPublicSubnet?: boolean;
readonly applicationLogLevel?: ApplicationLogLevel;
readonly architecture?: Architecture;
readonly codeSigningConfig?: ICodeSigningConfig;
readonly currentVersionOptions?: VersionOptions;
readonly deadLetterQueue?: IQueue;
readonly deadLetterQueueEnabled?: boolean;
readonly deadLetterTopic?: ITopic;
readonly description?: string;
readonly environment?: { [key: string]: string };
readonly environmentEncryption?: IKey;
readonly ephemeralStorageSize?: Size;
readonly events?: IEventSource[];
readonly filesystem?: FileSystem;
readonly functionName?: string;
readonly initialPolicy?: PolicyStatement[];
readonly insightsVersion?: LambdaInsightsVersion;
readonly layers?: ILayerVersion[];
readonly logFormat?: LogFormat;
readonly logGroup?: ILogGroup;
readonly logRetention?: RetentionDays;
readonly logRetentionRetryOptions?: LogRetentionRetryOptions;
readonly logRetentionRole?: IRole;
readonly maxEventAge?: Duration;
readonly memorySize?: number;
readonly onFailure?: IDestination;
readonly onSuccess?: IDestination;
readonly paramsAndSecrets?: ParamsAndSecretsLayerVersion;
readonly profiling?: boolean;
readonly profilingGroup?: IProfilingGroup;
readonly reservedConcurrentExecutions?: number;
readonly retryAttempts?: number;
readonly role?: IRole;
readonly runtimeManagementMode?: RuntimeManagementMode;
readonly securityGroups?: ISecurityGroup[];
readonly snapStart?: SnapStartConf;
readonly systemLogLevel?: SystemLogLevel;
readonly timeout?: Duration;
readonly tracing?: Tracing;
readonly vpc?: IVpc;
readonly vpcSubnets?: SubnetSelection;
}
interface VpcProps {
readonly availabilityZones?: string[];
readonly cidr?: string;
readonly defaultInstanceTenancy?: DefaultInstanceTenancy;
readonly enableDnsHostnames?: boolean;
readonly enableDnsSupport?: boolean;
readonly flowLogs?: { [id: string]: FlowLogOptions };
readonly gatewayEndpoints?: { [id: string]: GatewayVpcEndpointOptions };
readonly ipAddresses?: IIpAddresses;
readonly maxAzs?: number;
readonly natGatewayProvider?: NatProvider;
readonly natGateways?: number;
readonly natGatewaySubnets?: SubnetSelection;
readonly restrictDefaultSecurityGroup?: boolean;
readonly subnetConfiguration?: SubnetConfiguration[];
readonly vpcName?: string;
}
interface SecurityGroupProps {
readonly vpc: IVpc;
readonly allowAllOutbound?: boolean;
readonly description?: string;
readonly disableInlineRules?: boolean;
readonly securityGroupName?: string;
}
interface InstanceProps {
readonly instanceType: InstanceType;
readonly machineImage: IMachineImage;
readonly vpc: IVpc;
readonly allowAllOutbound?: boolean;
readonly associatePublicIpAddress?: boolean;
readonly autoScalingGroupName?: string;
readonly availabilityZone?: string;
readonly blockDevices?: BlockDevice[];
readonly creditSpecification?: CpuCredits;
readonly detailedMonitoring?: boolean;
readonly init?: CloudFormationInit;
readonly initOptions?: ApplyCloudFormationInitOptions;
readonly instanceName?: string;
readonly keyName?: string;
readonly keyPair?: IKeyPair;
readonly placementGroup?: IPlacementGroup;
readonly propagateTagsToVolumeOnCreation?: boolean;
readonly requireImdsv2?: boolean;
readonly resourceSignalTimeout?: Duration;
readonly role?: IRole;
readonly securityGroup?: ISecurityGroup;
readonly sourceDestCheck?: boolean;
readonly ssmSessionPermissions?: boolean;
readonly userData?: UserData;
readonly userDataCausesReplacement?: boolean;
readonly vpcSubnets?: SubnetSelection;
}
enum RuntimeFamily {
NODEJS,
JAVA,
PYTHON,
DOTNET_CORE,
GO,
RUBY,
OTHER
}
enum Tracing {
ACTIVE = "Active",
PASS_THROUGH = "PassThrough",
DISABLED = "Disabled"
}
enum Architecture {
X86_64 = "x86_64",
ARM_64 = "arm64"
}
enum SystemLogLevel {
DEBUG = "DEBUG",
INFO = "INFO",
WARN = "WARN"
}
enum ApplicationLogLevel {
TRACE = "TRACE",
DEBUG = "DEBUG",
INFO = "INFO",
WARN = "WARN",
ERROR = "ERROR",
FATAL = "FATAL"
}
enum LogFormat {
TEXT = "Text",
JSON = "JSON"
}
enum OperatingSystemType {
LINUX = "linux",
WINDOWS = "windows"
}
enum InstanceClass {
STANDARD3 = "m3",
STANDARD4 = "m4",
STANDARD5 = "m5",
STANDARD5_NVME_DRIVE = "m5d",
STANDARD5_AMD = "m5a",
STANDARD5_AMD_NVME_DRIVE = "m5ad",
STANDARD5_HIGH_PERFORMANCE = "m5n",
STANDARD5_HIGH_PERFORMANCE_NVME_DRIVE = "m5dn",
STANDARD6_INTEL = "m6i",
STANDARD6_INTEL_NVME_DRIVE = "m6id",
STANDARD6_AMD = "m6a"
}
enum InstanceSize {
NANO = "nano",
MICRO = "micro",
SMALL = "small",
MEDIUM = "medium",
LARGE = "large",
XLARGE = "xlarge",
XLARGE2 = "2xlarge",
XLARGE3 = "3xlarge",
XLARGE4 = "4xlarge",
XLARGE8 = "8xlarge",
XLARGE9 = "9xlarge",
XLARGE10 = "10xlarge",
XLARGE12 = "12xlarge",
XLARGE16 = "16xlarge",
XLARGE18 = "18xlarge",
XLARGE24 = "24xlarge",
XLARGE32 = "32xlarge"
}