aws.lambda-function resource¶
Description¶
Function manages a Lambda function and the configuration Lambda assembles around it, the way CloudFormation models AWS::Lambda::Function. The function name and package type are fixed at creation, so a change to either replaces the function; every other input reconciles in place. The deployment package is given in the code block through exactly one source: an inline or on-disk zip, an object in S3, or a container image. Most settings ride CreateFunction, but reserved concurrency and code signing are separate calls reconciled after the function exists, and a published version is a further call. SkipDestroy retains the function on delete rather than removing it; it is a delete-time switch, not a property of the live function.
Source: internal/service/lambda/function_rsrc.go:44
Example usage:
imports: {
aws: 'github.com/cloudboss/unobin-library-aws'
}
resources: {
example: aws.lambda-function {
# Set input fields here.
}
}
Inputs¶
function-name
string
role
string
code
object
object({
zip-file-content: optional(string)
zip-file-path: optional(string)
s3-bucket: optional(string)
s3-key: optional(string)
s3-object-version: optional(string)
image-uri: optional(string)
source-kms-key-arn: optional(string)
})package-type
optional(string)
handler
optional(string)
runtime
optional(string)
architectures
list(string)
description
optional(string)
memory-size
optional(integer)
timeout
optional(integer)
layers
list(string)
kms-key-arn
optional(string)
code-signing-config-arn
optional(string)
reserved-concurrent-executions
optional(integer)
publish
optional(boolean)
skip-destroy
optional(boolean)
environment
optional(object)
optional(
object({
variables: map(string)
})
)vpc-config
optional(object)
optional(
object({
subnet-ids: list(string)
security-group-ids: list(string)
ipv6-allowed-for-dual-stack: optional(boolean)
})
)dead-letter-config
optional(object)
optional(
object({
target-arn: optional(string)
})
)tracing-config
optional(object)
optional(
object({
mode: optional(string)
})
)image-config
optional(object)
optional(
object({
command: list(string)
entry-point: list(string)
working-directory: optional(string)
})
)logging-config
optional(object)
optional(
object({
log-format: optional(string)
log-group: optional(string)
application-log-level: optional(string)
system-log-level: optional(string)
})
)snap-start
optional(object)
optional(
object({
apply-on: optional(string)
})
)ephemeral-storage
optional(object)
optional(
object({
size: optional(integer)
})
)file-system-configs
list(object)
list(
object({
arn: string
local-mount-path: string
})
)tags
map(string)
Input Constraints¶
Code rules
Exactly one of code.zip-file-content, code.zip-file-path, code.s3-bucket, or code.image-uri.
At most one of code.zip-file-content or code.zip-file-path.
Required together: code.s3-bucket and code.s3-key.
Required together: code.s3-key and code.s3-bucket.
Forbidden together: code.s3-object-version, code.zip-file-content, code.zip-file-path, and code.image-uri.
Forbidden together: code.source-kms-key-arn and code.image-uri.
Package type rules
handler and runtime are required for a Zip package.
Rule logic
- When
!(input.package-type == 'Image')- Require
input.handler != null
&& input.runtime != null
an Image package requires code.image-uri.
Rule logic
- When
input.package-type == 'Image'- Require
input.code.image-uri != null
package-type must be Zip or Image.
Rule logic
- When
input.package-type != null- Require
input.package-type == 'Zip'
|| input.package-type == 'Image'
Memory size rules
memory-size must be between 128 and 32768.
Rule logic
- When
input.memory-size != null- Require
(input.memory-size == null || input.memory-size >= 128)
&& (input.memory-size == null || input.memory-size <= 32768)
Timeout rules
timeout must be between 1 and 900.
Rule logic
- When
input.timeout != null- Require
(input.timeout == null || input.timeout >= 1)
&& (input.timeout == null || input.timeout <= 900)
Reserved concurrent executions rules
reserved-concurrent-executions must be zero or greater.
Rule logic
- When
input.reserved-concurrent-executions != null- Require
input.reserved-concurrent-executions == null
|| input.reserved-concurrent-executions >= 0
Image config rules
image-config applies only to an Image package.
Rule logic
- When
input.image-config != null- Require
input.package-type == 'Image'
Tracing config rules
tracing-config mode must be Active or PassThrough.
Rule logic
- When
input.tracing-config.mode != null- Require
input.tracing-config.mode == 'Active'
|| input.tracing-config.mode == 'PassThrough'
Logging config rules
logging-config log-format must be Text or JSON.
Rule logic
- When
input.logging-config.log-format != null- Require
input.logging-config.log-format == 'Text'
|| input.logging-config.log-format == 'JSON'
application-log-level must be TRACE, DEBUG, INFO, WARN, ERROR, or FATAL.
Rule logic
- When
input.logging-config.application-log-level != null- Require
input.logging-config.application-log-level == 'TRACE'
|| input.logging-config.application-log-level == 'DEBUG'
|| input.logging-config.application-log-level == 'INFO'
|| input.logging-config.application-log-level == 'WARN'
|| input.logging-config.application-log-level == 'ERROR'
|| input.logging-config.application-log-level == 'FATAL'
application-log-level requires log-format JSON.
Rule logic
- When
input.logging-config.application-log-level != null- Require
input.logging-config.log-format == 'JSON'
system-log-level must be DEBUG, INFO, or WARN.
Rule logic
- When
input.logging-config.system-log-level != null- Require
input.logging-config.system-log-level == 'DEBUG'
|| input.logging-config.system-log-level == 'INFO'
|| input.logging-config.system-log-level == 'WARN'
system-log-level requires log-format JSON.
Rule logic
- When
input.logging-config.system-log-level != null- Require
input.logging-config.log-format == 'JSON'
Snap start rules
snap-start apply-on must be None or PublishedVersions.
Rule logic
- When
input.snap-start.apply-on != null- Require
input.snap-start.apply-on == 'None'
|| input.snap-start.apply-on == 'PublishedVersions'
Ephemeral storage rules
ephemeral-storage size must be between 512 and 10240.
Rule logic
- When
input.ephemeral-storage.size != null- Require
(input.ephemeral-storage.size == null || input.ephemeral-storage.size >= 512)
&& (input.ephemeral-storage.size == null || input.ephemeral-storage.size <= 10240)
Outputs¶
arn
string
qualified-arn
string
version
string
invoke-arn
string
qualified-invoke-arn
string
code-sha256
string
source-code-size
integer
last-modified
string
signing-job-arn
string
signing-profile-version-arn
string
snap-start-optimization-status
string