Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource and Property Types Reference » AWS Lambda Resource Types Reference » AWS::Lambda::Function

AWS::Lambda::Function

The AWS::Lambda::Function resource creates an AWS Lambda (Lambda) function that can run code in response to events. For more information, see CreateFunction in the AWS Lambda Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Lambda::Function",
  "Properties" : {
    "Code" : Code,
    "DeadLetterConfig" : DeadLetterConfig,
    "Description" : String,
    "Environment" : Environment,
    "FunctionName" : String,
    "Handler" : String,
    "KmsKeyArn" : String,
    "Layers" : [ String, ... ],
    "MemorySize" : Integer,
    "ReservedConcurrentExecutions" : Integer,
    "Role" : String,
    "Runtime" : String,
    "Timeout" : Integer,
    "TracingConfig" : TracingConfig,
    "VpcConfig" : VPCConfig,
    "Tags" : [ Resource Tag, ... ]
  }
}

YAML

Type: "AWS::Lambda::Function"
Properties: 
  Code:
    Code
  DeadLetterConfig:
    DeadLetterConfig
  Description: String
  Environment:
    Environment
  FunctionName: String
  Handler: String
  KmsKeyArn: String
  Layers: 
    - String
  MemorySize: Integer
  ReservedConcurrentExecutions: Integer
  Role: String
  Runtime: String
  Timeout: Integer
  TracingConfig:
    TracingConfig
  VpcConfig:
    VPCConfig
  Tags: 
    Resource Tag

Properties

For more information about each property, including defaults, valid values, and constraints, see CreateFunction in the AWS Lambda Developer Guide.

Code

The source code of your Lambda function. You can point to a file in an Amazon Simple Storage Service (Amazon S3) bucket or specify your source code as inline text.

Required: Yes

Type: AWS Lambda Function Code

Update requires: No interruption

DeadLetterConfig

Configures how Lambda handles events that it can't process. If you don't specify a Dead Letter Queue (DLQ) configuration, Lambda discards events after the maximum number of retries. For more information, see Dead Letter Queues in the AWS Lambda Developer Guide.

Required: No

Type: AWS Lambda Function DeadLetterConfig

Update requires: No interruption

Description

A description of the function.

Required: No

Type: String

Update requires: No interruption

Environment

Key-value pairs that Lambda caches and makes available for your Lambda functions. Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code.

Required: No

Type: AWS Lambda Function Environment

Update requires: No interruption

FunctionName

A name for the function. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

Important

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.

Required: No

Type: String

Update requires: Replacement

Handler

The name of the function (within your source code) that Lambda calls to start running your code. For more information, see the Handler property in the AWS Lambda Developer Guide.

Note

If you specify your source code as inline text by specifying the ZipFile property within the Code property, specify index.function_name as the handler.

Required: Yes

Type: String

Update requires: No interruption

KmsKeyArn

The Amazon Resource Name (ARN) of an AWS Key Management Service (AWS KMS) key that Lambda uses to encrypt and decrypt environment variable values.

Type: String

Required: No

Update requires: No interruption

Layers

A list of Amazon Resource Names (ARNs) for the function layers to add to the function's execution environment. You can configure your Lambda function to pull in additional code during intitialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions.

Required: No

Type: List of String values

Update requires: No interruption

MemorySize

The amount of memory, in MB, that is allocated to your Lambda function. Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide.

Your function use case determines your CPU and memory requirements. For example, a database operation might need less memory than an image processing function. You must specify a value that is greater than or equal to 128, and it must be a multiple of 64. You cannot specify a size larger than 3008. The default value is 128 MB.

Required: No

Type: Integer

Update requires: No interruption

ReservedConcurrentExecutions

The maximum of concurrent executions you want reserved for the function. For more information on reserved concurrency limits, see Managing Concurrency in the AWS Lambda Developer Guide.

Required: No

Type: Integer

Update requires: No interruption

Role

The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) execution role that Lambda assumes when it runs your code to access AWS services.

Required: Yes

Type: String

Update requires: No interruption

Runtime

The runtime environment for the Lambda function that you are uploading. For valid values, see the Runtime property in the AWS Lambda Developer Guide.

Required: Yes

Type: String

Update requires: No interruption

Note

Because Node.js 0.10.32 has been deprecated, you can no longer roll back a template that uses Node.js 0.10.32. If you update a stack to Node.js 0.10.32 and the update fails, AWS CloudFormation won't roll it back.

Timeout

The function execution time (in seconds) after which Lambda terminates the function. Because the execution time affects cost, set this value based on the function's expected execution time. By default, Timeout is set to 3 seconds. For more information, see the FAQs.

Required: No

Type: Integer

Update requires: No interruption

TracingConfig

The parent object that contains your Lambda function's tracing settings. By default, the Mode property is set to PassThrough. For valid values, see the TracingConfig data type in the AWS Lambda Developer Guide.

Required: No

Type: AWS Lambda Function TracingConfig

Update requires: No interruption

VpcConfig

If the Lambda function requires access to resources in a VPC, specify a VPC configuration that Lambda uses to set up an elastic network interface (ENI). The ENI enables your function to connect to other resources in your VPC, but it doesn't provide public Internet access. If your function requires Internet access (for example, to access AWS services that don't have VPC endpoints), configure a Network Address Translation (NAT) instance inside your VPC or use an Amazon Virtual Private Cloud (Amazon VPC) NAT gateway. For more information, see NAT Gateways in the Amazon VPC User Guide.

Note

When you specify this property, AWS CloudFormation might not be able to delete the stack if another resource in the template (such as a security group) requires the attached ENI to be deleted before it can be deleted. We recommend that you run AWS CloudFormation with the ec2:DescribeNetworkInterfaces permission, which enables AWS CloudFormation to monitor the state of the ENI and to wait (up to 40 minutes) for Lambda to delete the ENI.

Required: No

Type: AWS Lambda Function VpcConfig

Update requires: No interruption

Tags

An arbitrary set of tags (key–value pairs) for this Lambda function.

Required: No

Type: Resource Tag

Update requires: No interruption

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource name.

In the following sample, the Ref function returns the name of the AMILookUp function, such as MyStack-AMILookUp-NT5EUXTNTXXD. 

{ "Ref": "AMILookUp" }

For more information about using the Ref function, see Ref.

Fn::GetAtt

Fn::GetAtt returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

Arn

The ARN of the Lambda function, such as arn:aws:lambda:us-west-2:123456789012:MyStack-AMILookUp-NT5EUXTNTXXD.

For more information about using Fn::GetAtt, see Fn::GetAtt.

Example

The following example uses a packaged file in an S3 bucket to create a Lambda function.

JSON

"AMIIDLookup": {
  "Type": "AWS::Lambda::Function",
  "Properties": {
    "Handler": "index.handler",
    "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] },
    "Code": {
      "S3Bucket": "lambda-functions",
      "S3Key": "amilookup.zip"
    },
    "Runtime": "nodejs4.3",
    "Timeout": 25,
    "TracingConfig": {
      "Mode": "Active"
   }
  }
}

YAML

AMIIDLookup: 
  Type: "AWS::Lambda::Function"
  Properties: 
    Handler: "index.handler"
    Role: 
      Fn::GetAtt: 
        - "LambdaExecutionRole"
        - "Arn"
    Code: 
      S3Bucket: "lambda-functions"
      S3Key: "amilookup.zip"
    Runtime: "nodejs4.3"
    Timeout: 25
    TracingConfig:
      Mode: "Active"

Related Resources

For more information about how you can use a Lambda function with AWS CloudFormation custom resources, see AWS Lambda-backed Custom Resources.

For a sample template, see AWS Lambda Template.