CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-pulumi--aws

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources with infrastructure-as-code.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

lambda.mddocs/compute/

Lambda - AWS Lambda Serverless Functions

AWS Lambda runs code without provisioning or managing servers. You pay only for the compute time consumed.

Common Tasks

Create a basic Lambda function with IAM role

const role = new aws.iam.Role("lambda-role", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Principal: { Service: "lambda.amazonaws.com" },
        }],
    }),
});

const func = new aws.lambda.Function("my-function", {
    runtime: aws.lambda.Runtime.NodeJS20dX,
    code: new pulumi.asset.AssetArchive({
        ".": new pulumi.asset.FileArchive("./app"),
    }),
    handler: "index.handler",
    role: role.arn,
});

Create a function with public URL

const url = new aws.lambda.FunctionUrl("func-url", {
    functionName: func.name,
    authorizationType: "NONE",
    cors: {
        allowOrigins: ["*"],
        allowMethods: ["GET", "POST"],
    },
});

export const functionUrl = url.functionUrl;

Connect Lambda to SQS queue

const mapping = new aws.lambda.EventSourceMapping("sqs-trigger", {
    eventSourceArn: queue.arn,
    functionName: func.name,
    batchSize: 10,
});

Capabilities

Function

Create and manage Lambda functions.

class Function extends pulumi.CustomResource {
    constructor(name: string, args: FunctionArgs, opts?: pulumi.CustomResourceOptions);

    readonly arn: pulumi.Output<string>;
    readonly invokeArn: pulumi.Output<string>;
    readonly version: pulumi.Output<string>;
}

interface FunctionArgs {
    runtime: pulumi.Input<Runtime>;
    handler: pulumi.Input<string>;
    role: pulumi.Input<string>;
    code: pulumi.Input<pulumi.asset.Archive>;
    timeout?: pulumi.Input<number>;
    memorySize?: pulumi.Input<number>;
    environment?: pulumi.Input<FunctionEnvironment>;
    vpcConfig?: pulumi.Input<FunctionVpcConfig>;
    layers?: pulumi.Input<pulumi.Input<string>[]>;
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

interface FunctionEnvironment {
    variables?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

enum Runtime {
    NodeJS20dX = "nodejs20.x",
    NodeJS18dX = "nodejs18.x",
    Python312 = "python3.12",
    Python311 = "python3.11",
    // ... other runtimes
}

interface FunctionVpcConfig {
    subnetIds: pulumi.Input<pulumi.Input<string>[]>;
    securityGroupIds: pulumi.Input<pulumi.Input<string>[]>;
}

Usage Example:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// IAM role for Lambda
const role = new aws.iam.Role("lambda-role", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Principal: { Service: "lambda.amazonaws.com" },
        }],
    }),
});

// Attach basic execution policy
new aws.iam.RolePolicyAttachment("lambda-execution", {
    role: role.name,
    policyArn: "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
});

// Create Lambda function
const func = new aws.lambda.Function("my-function", {
    runtime: aws.lambda.Runtime.NodeJS20dX,
    code: new pulumi.asset.AssetArchive({
        ".": new pulumi.asset.FileArchive("./app"),
    }),
    handler: "index.handler",
    role: role.arn,
    timeout: 30,
    memorySize: 512,
    environment: {
        variables: {
            NODE_ENV: "production",
        },
    },
});

export const functionArn = func.arn;

Permission

Grant invocation permissions to Lambda functions.

class Permission extends pulumi.CustomResource {
    constructor(name: string, args: PermissionArgs, opts?: pulumi.CustomResourceOptions);
}

interface PermissionArgs {
    action: pulumi.Input<string>;
    function: pulumi.Input<string>;
    principal: pulumi.Input<string>;
    sourceArn?: pulumi.Input<string>;
    sourceAccount?: pulumi.Input<string>;
}

Usage Example:

// Allow API Gateway to invoke
new aws.lambda.Permission("apigw-permission", {
    action: "lambda:InvokeFunction",
    function: func.name,
    principal: "apigateway.amazonaws.com",
    sourceArn: api.executionArn,
});

EventSourceMapping

Connect Lambda to event sources (SQS, Kinesis, DynamoDB Streams).

class EventSourceMapping extends pulumi.CustomResource {
    constructor(name: string, args: EventSourceMappingArgs, opts?: pulumi.CustomResourceOptions);
}

interface EventSourceMappingArgs {
    eventSourceArn: pulumi.Input<string>;
    functionName: pulumi.Input<string>;
    batchSize?: pulumi.Input<number>;
    startingPosition?: pulumi.Input<string>;
}

Usage Example:

// Connect to SQS queue
const mapping = new aws.lambda.EventSourceMapping("sqs-trigger", {
    eventSourceArn: queue.arn,
    functionName: func.name,
    batchSize: 10,
});

// Connect to Kinesis stream
const kinesisMapping = new aws.lambda.EventSourceMapping("kinesis-trigger", {
    eventSourceArn: stream.arn,
    functionName: func.name,
    startingPosition: "LATEST",
    batchSize: 100,
});

LayerVersion

Create Lambda layers for shared code and dependencies.

class LayerVersion extends pulumi.CustomResource {
    constructor(name: string, args: LayerVersionArgs, opts?: pulumi.CustomResourceOptions);
}

interface LayerVersionArgs {
    code: pulumi.Input<pulumi.asset.Archive>;
    layerName: pulumi.Input<string>;
    compatibleRuntimes?: pulumi.Input<pulumi.Input<string>[]>;
}

Usage Example:

const layer = new aws.lambda.LayerVersion("my-layer", {
    layerName: "shared-dependencies",
    code: new pulumi.asset.AssetArchive({
        ".": new pulumi.asset.FileArchive("./layer"),
    }),
    compatibleRuntimes: ["nodejs20.x", "nodejs18.x"],
});

// Use layer in function
const func = new aws.lambda.Function("my-function", {
    // ... other args
    layers: [layer.arn],
});

FunctionUrl

Create Lambda function URLs for HTTP(S) invocation.

class FunctionUrl extends pulumi.CustomResource {
    constructor(name: string, args: FunctionUrlArgs, opts?: pulumi.CustomResourceOptions);

    readonly functionUrl: pulumi.Output<string>;
}

interface FunctionUrlArgs {
    functionName: pulumi.Input<string>;
    authorizationType: pulumi.Input<"NONE" | "AWS_IAM">;
    cors?: pulumi.Input<FunctionUrlCors>;
}

interface FunctionUrlCors {
    allowCredentials?: pulumi.Input<boolean>;
    allowHeaders?: pulumi.Input<pulumi.Input<string>[]>;
    allowMethods?: pulumi.Input<pulumi.Input<string>[]>;
    allowOrigins?: pulumi.Input<pulumi.Input<string>[]>;
    exposeHeaders?: pulumi.Input<pulumi.Input<string>[]>;
    maxAge?: pulumi.Input<number>;
}

Usage Example:

// Create function URL with CORS
const url = new aws.lambda.FunctionUrl("func-url", {
    functionName: func.name,
    authorizationType: "NONE",
    cors: {
        allowOrigins: ["https://example.com"],
        allowMethods: ["GET", "POST"],
        allowHeaders: ["Content-Type", "Authorization"],
        maxAge: 300,
    },
});

export const functionUrl = url.functionUrl;

Alias

Create aliases for Lambda function versions to enable traffic shifting and versioning.

class Alias extends pulumi.CustomResource {
    constructor(name: string, args: AliasArgs, opts?: pulumi.CustomResourceOptions);
}

interface AliasArgs {
    functionName: pulumi.Input<string>;
    functionVersion: pulumi.Input<string>;
    name?: pulumi.Input<string>;
    description?: pulumi.Input<string>;
    routingConfig?: pulumi.Input<AliasRoutingConfig>;
}

interface AliasRoutingConfig {
    additionalVersionWeights?: pulumi.Input<{[key: string]: pulumi.Input<number>}>;
}

Usage Example:

// Create alias with traffic shifting
const alias = new aws.lambda.Alias("prod", {
    functionName: func.name,
    functionVersion: "$LATEST",
    routingConfig: {
        additionalVersionWeights: {
            "2": 0.1, // 10% traffic to version 2
        },
    },
});

CodeSigningConfig

Configure code signing for Lambda functions to ensure only trusted code runs.

class CodeSigningConfig extends pulumi.CustomResource {
    constructor(name: string, args: CodeSigningConfigArgs, opts?: pulumi.CustomResourceOptions);
}

interface CodeSigningConfigArgs {
    allowedPublishers: pulumi.Input<AllowedPublishers>;
    description?: pulumi.Input<string>;
    policies?: pulumi.Input<CodeSigningPolicies>;
}

interface AllowedPublishers {
    signingProfileVersionArns: pulumi.Input<pulumi.Input<string>[]>;
}

interface CodeSigningPolicies {
    untrustedArtifactOnDeployment?: pulumi.Input<"Warn" | "Enforce">;
}

FunctionEventInvokeConfig

Configure asynchronous invocation behavior including retries and destinations.

class FunctionEventInvokeConfig extends pulumi.CustomResource {
    constructor(name: string, args: FunctionEventInvokeConfigArgs, opts?: pulumi.CustomResourceOptions);
}

interface FunctionEventInvokeConfigArgs {
    functionName: pulumi.Input<string>;
    maximumRetryAttempts?: pulumi.Input<number>;
    maximumEventAgeInSeconds?: pulumi.Input<number>;
    destinationConfig?: pulumi.Input<DestinationConfig>;
}

interface DestinationConfig {
    onFailure?: pulumi.Input<OnFailure>;
    onSuccess?: pulumi.Input<OnSuccess>;
}

interface OnFailure {
    destination: pulumi.Input<string>;
}

interface OnSuccess {
    destination: pulumi.Input<string>;
}

Usage Example:

// Configure retry and failure destination
const config = new aws.lambda.FunctionEventInvokeConfig("invoke-config", {
    functionName: func.name,
    maximumRetryAttempts: 1,
    maximumEventAgeInSeconds: 3600,
    destinationConfig: {
        onFailure: {
            destination: dlqQueue.arn,
        },
    },
});

LayerVersionPermission

Grant permissions to share Lambda layers with other AWS accounts.

class LayerVersionPermission extends pulumi.CustomResource {
    constructor(name: string, args: LayerVersionPermissionArgs, opts?: pulumi.CustomResourceOptions);
}

interface LayerVersionPermissionArgs {
    layerName: pulumi.Input<string>;
    versionNumber: pulumi.Input<number>;
    action: pulumi.Input<string>;
    principal: pulumi.Input<string>;
    organizationId?: pulumi.Input<string>;
}

Invocation

Invoke a Lambda function programmatically from Pulumi.

class Invocation extends pulumi.CustomResource {
    constructor(name: string, args: InvocationArgs, opts?: pulumi.CustomResourceOptions);

    readonly result: pulumi.Output<string>;
}

interface InvocationArgs {
    functionName: pulumi.Input<string>;
    input: pulumi.Input<string>;
    qualifier?: pulumi.Input<string>;
}

ProvisionedConcurrencyConfig

Configure provisioned concurrency for Lambda functions to reduce cold start latency.

class ProvisionedConcurrencyConfig extends pulumi.CustomResource {
    constructor(name: string, args: ProvisionedConcurrencyConfigArgs, opts?: pulumi.CustomResourceOptions);
}

interface ProvisionedConcurrencyConfigArgs {
    functionName: pulumi.Input<string>;
    provisionedConcurrentExecutions: pulumi.Input<number>;
    qualifier: pulumi.Input<string>;
    skipDestroy?: pulumi.Input<boolean>;
}

Usage Example:

const provisionedConcurrency = new aws.lambda.ProvisionedConcurrencyConfig("example", {
    functionName: func.name,
    provisionedConcurrentExecutions: 2,
    qualifier: alias.name,
});

RuntimeManagementConfig

Control how Lambda updates the runtime for your function.

class RuntimeManagementConfig extends pulumi.CustomResource {
    constructor(name: string, args: RuntimeManagementConfigArgs, opts?: pulumi.CustomResourceOptions);

    readonly functionArn: pulumi.Output<string>;
}

interface RuntimeManagementConfigArgs {
    functionName: pulumi.Input<string>;
    updateRuntimeOn: pulumi.Input<"Auto" | "FunctionUpdate" | "Manual">;
    qualifier?: pulumi.Input<string>;
    runtimeVersionArn?: pulumi.Input<string>;
}

Usage Example:

const runtimeConfig = new aws.lambda.RuntimeManagementConfig("example", {
    functionName: func.name,
    updateRuntimeOn: "FunctionUpdate",
});

FunctionRecursionConfig

Control how Lambda handles recursive function invocations to prevent infinite loops.

class FunctionRecursionConfig extends pulumi.CustomResource {
    constructor(name: string, args: FunctionRecursionConfigArgs, opts?: pulumi.CustomResourceOptions);
}

interface FunctionRecursionConfigArgs {
    functionName: pulumi.Input<string>;
    recursiveLoop: pulumi.Input<"Allow" | "Terminate">;
}

Usage Example:

const recursionConfig = new aws.lambda.FunctionRecursionConfig("example", {
    functionName: func.name,
    recursiveLoop: "Terminate",
});

CapacityProvider

Manage AWS Lambda Capacity Providers for advanced compute capacity management.

class CapacityProvider extends pulumi.CustomResource {
    constructor(name: string, args: CapacityProviderArgs, opts?: pulumi.CustomResourceOptions);

    readonly arn: pulumi.Output<string>;
}

interface CapacityProviderArgs {
    name: pulumi.Input<string>;
    vpcConfig: pulumi.Input<CapacityProviderVpcConfig>;
    permissionsConfig?: pulumi.Input<CapacityProviderPermissionsConfig>;
    instanceRequirements?: pulumi.Input<pulumi.Input<CapacityProviderInstanceRequirement>[]>;
    capacityProviderScalingConfigs?: pulumi.Input<pulumi.Input<CapacityProviderScalingConfig>[]>;
    kmsKeyArn?: pulumi.Input<string>;
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

interface CapacityProviderVpcConfig {
    subnetIds: pulumi.Input<pulumi.Input<string>[]>;
    securityGroupIds: pulumi.Input<pulumi.Input<string>[]>;
}

interface CapacityProviderPermissionsConfig {
    capacityProviderOperatorRoleArn: pulumi.Input<string>;
}

interface CapacityProviderInstanceRequirement {
    // Instance requirement configuration
}

interface CapacityProviderScalingConfig {
    // Scaling configuration
}

Usage Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// IAM role for Lambda
const role = new aws.iam.Role("lambda-role", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Principal: { Service: "lambda.amazonaws.com" },
        }],
    }),
});

// Attach basic execution policy
new aws.iam.RolePolicyAttachment("lambda-execution", {
    role: role.name,
    policyArn: "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
});

// Create Lambda function
const func = new aws.lambda.Function("my-function", {
    runtime: aws.lambda.Runtime.NodeJS20dX,
    code: new pulumi.asset.AssetArchive({
        ".": new pulumi.asset.FileArchive("./app"),
    }),
    handler: "index.handler",
    role: role.arn,
    timeout: 30,
    memorySize: 512,
    environment: {
        variables: {
            NODE_ENV: "production",
        },
    },
});

// Create function URL
const url = new aws.lambda.FunctionUrl("func-url", {
    functionName: func.name,
    authorizationType: "NONE",
});

// Allow API Gateway to invoke
new aws.lambda.Permission("apigw-permission", {
    action: "lambda:InvokeFunction",
    function: func.name,
    principal: "apigateway.amazonaws.com",
});

export const functionArn = func.arn;
export const functionUrl = url.functionUrl;

Related Services

  • API Gateway - Create HTTP APIs that trigger Lambda functions
  • EventBridge - Schedule Lambda functions or trigger them from AWS events
  • SQS - Queue messages for asynchronous Lambda processing
  • DynamoDB - Trigger Lambda functions from DynamoDB Streams
  • S3 - Invoke Lambda functions when objects are created or modified
  • SNS - Publish messages to trigger Lambda functions
  • Step Functions - Orchestrate multiple Lambda functions in workflows
  • CloudWatch - Monitor Lambda function metrics and logs
  • IAM - Manage Lambda execution roles and permissions

Install with Tessl CLI

npx tessl i tessl/npm-pulumi--aws@7.16.0

docs

compute

autoscaling.md

batch.md

ec2.md

ecr.md

ecs.md

eks.md

lambda.md

overview.md

index.md

quickstart.md

README.md

tile.json