Skip navigation links

@Stability(value=Stable)

Package software.amazon.awscdk.services.lambda

AWS Lambda Construct Library

See: Description

Package software.amazon.awscdk.services.lambda Description

AWS Lambda Construct Library

---

cfn-resources: Stable

cdk-constructs: Stable

This construct library allows you to define AWS Lambda Functions. 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.lambda.*;
 import path.*;
 
 Function fn = new Function(this, "MyFunction", new FunctionProps()
         .runtime(lambda.Runtime.getNODEJS_10_X())
         .handler("index.handler")
         .code(lambda.Code.fromAsset(path.join(__dirname, "lambda-handler"))));

Handler Code

The lambda.Code class includes static convenience methods for various types of runtime code.

The following example shows how to define a Python function and deploy the code from the local directory my-lambda-handler to it: 

 // Example automatically generated. See https://github.com/aws/jsii/issues/826
 new Function(this, "MyLambda", new FunctionProps()
         .code(lambda.Code.fromAsset(path.join(__dirname, "my-lambda-handler")))
         .handler("index.main")
         .runtime(lambda.Runtime.getPYTHON_3_6()));

When deploying a stack that contains this code, the directory will be zip archived and then uploaded to an S3 bucket, then the exact location of the S3 objects will be passed when the stack is deployed.

During synthesis, the CDK expects to find a directory on disk at the asset directory specified. Note that we are referencing the asset directory relatively to our CDK project directory. This is especially important when we want to share this construct through a library. Different programming languages will have different techniques for bundling resources into libraries.

Execution Role

Lambda functions assume an IAM role during execution. In CDK by default, Lambda functions will use an autogenerated Role if one is not provided.

The autogenerated Role is automatically given permissions to execute the Lambda function. To reference the autogenerated Role: 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 var fn = Function.Builder.create(this, "MyFunction")
         .runtime(lambda.Runtime.getNODEJS_10_X())
         .handler("index.handler")
         .code(lambda.Code.fromAsset(path.join(__dirname, "lambda-handler")))
 
         .fn(fn).(.getRole())
         .build();

You can also provide your own IAM role. Provided IAM roles will not automatically be given permissions to execute the Lambda function. To provide a role and grant it appropriate permissions: 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 var fn = Function.Builder.create(this, "MyFunction")
         .runtime(lambda.Runtime.getNODEJS_10_X())
         .handler("index.handler")
         .code(lambda.Code.fromAsset(path.join(__dirname, "lambda-handler")))
         .role(myRole)
         .build();
 
 myRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"));
 myRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole"));

Versions and Aliases

You can use versions to manage the deployment of your AWS Lambda functions. For example, you can publish a new version of a function for beta testing without affecting users of the stable production version.

The function version includes the following information:

You can define one or more aliases for your AWS Lambda function. A Lambda alias is like a pointer to a specific Lambda function version. Users can access the function version using the alias ARN.

The fn.currentVersion property can be used to obtain a lambda.Version resource that represents the AWS Lambda function defined in your application. Any change to your function's code or configuration will result in the creation of a new version resource. You can specify options for this version through the currentVersionOptions property.

The currentVersion property is only supported when your AWS Lambda function uses either lambda.Code.fromAsset or lambda.Code.fromInline. Other types of code providers (such as lambda.Code.fromBucket) require that you define a lambda.Version resource directly since the CDK is unable to determine if their contents had changed.

The version.addAlias() method can be used to define an AWS Lambda alias that points to a specific version.

The following example defines an alias named live which will always point to a version that represents the function as defined in your CDK app. When you change your lambda code or configuration, a new resource will be created. You can specify options for the current version through the currentVersionOptions property. 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 var fn = Function.Builder.create(this, "MyFunction")
         .currentVersionOptions(Map.of(
                 "removalPolicy", RemovalPolicy.getRETAIN(), // retain old versions
                 "retryAttempts", 1))
         .build();
 
 fn.currentVersion.addAlias("live");

NOTE: The fn.latestVersion property returns a lambda.IVersion which represents the $LATEST pseudo-version. Most AWS services require a specific AWS Lambda version, and won't allow you to use $LATEST. Therefore, you would normally want to use lambda.currentVersion.

Layers

The lambda.LayerVersion class can be used to define Lambda layers and manage granting permissions to other AWS accounts or organizations. 

 // Example automatically generated. See https://github.com/aws/jsii/issues/826
 LayerVersion layer = new LayerVersion(stack, "MyLayer", new LayerVersionProps()
         .code(lambda.Code.fromAsset(path.join(__dirname, "layer-code")))
         .compatibleRuntimes(asList(lambda.Runtime.getNODEJS_10_X()))
         .license("Apache-2.0")
         .description("A layer to test the L2 construct"));
 
 // To grant usage by other AWS accounts
 layer.addPermission("remote-account-grant", new LayerVersionPermission().accountId(awsAccountId));
 
 // To grant usage to all accounts in some AWS Ogranization
 // layer.grantUsage({ accountId: '*', organizationId });
 
 // To grant usage to all accounts in some AWS Ogranization
 // layer.grantUsage({ accountId: '*', organizationId });
 new Function(stack, "MyLayeredLambda", new FunctionProps()
         .code(new InlineCode("foo"))
         .handler("index.handler")
         .runtime(lambda.Runtime.getNODEJS_10_X())
         .layers(asList(layer)));

Event Rule Target

You can use an AWS Lambda function as a target for an Amazon CloudWatch event rule: 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.events.targets.*;
 rule.addTarget(new LambdaFunction(myFunction));

Event Sources

AWS Lambda supports a variety of event sources.

In most cases, it is possible to trigger a function as a result of an event by using one of the add<Event>Notification methods on the source construct. For example, the s3.Bucket construct has an onEvent method which can be used to trigger a Lambda when an event, such as PutObject occurs on an S3 bucket.

An alternative way to add event sources to a function is to use function.addEventSource(source). This method accepts an IEventSource object. The module @aws-cdk/aws-lambda-event-sources includes classes for the various event sources supported by AWS Lambda.

For example, the following code adds an SQS queue as an event source for a function: 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.lambda.eventsources.SqsEventSource;
 fn.addEventSource(new SqsEventSource(queue));

The following code adds an S3 bucket notification as an event source: 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.lambda.eventsources.S3EventSource;
 fn.addEventSource(new S3EventSource(bucket, new S3EventSourceProps()
         .events(asList(s3.EventType.getOBJECT_CREATED(), s3.EventType.getOBJECT_DELETED()))
         .filters(asList(new NotificationKeyFilter().prefix("subdir/")))));

See the documentation for the @aws-cdk/aws-lambda-event-sources module for more details.

Lambda with DLQ

A dead-letter queue can be automatically created for a Lambda function by setting the deadLetterQueueEnabled: true configuration. 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.lambda.*;
 
 Function fn = new Function(this, "MyFunction", new FunctionProps()
         .runtime(lambda.Runtime.getNODEJS_10_X())
         .handler("index.handler")
         .code(lambda.Code.fromInline("exports.handler = function(event, ctx, cb) { return cb(null, \"hi\"); }"))
         .deadLetterQueueEnabled(true));

It is also possible to provide a dead-letter queue instead of getting a new queue created: 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.lambda.*;
 import software.amazon.awscdk.services.sqs.*;
 
 Queue dlq = new Queue(this, "DLQ");
 Function fn = new Function(this, "MyFunction", new FunctionProps()
         .runtime(lambda.Runtime.getNODEJS_10_X())
         .handler("index.handler")
         .code(lambda.Code.fromInline("exports.handler = function(event, ctx, cb) { return cb(null, \"hi\"); }"))
         .deadLetterQueue(dlq));

See the AWS documentation to learn more about AWS Lambdas and DLQs.

Lambda with X-Ray Tracing

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.lambda.*;
 
 Function fn = new Function(this, "MyFunction", new FunctionProps()
         .runtime(lambda.Runtime.getNODEJS_10_X())
         .handler("index.handler")
         .code(lambda.Code.fromInline("exports.handler = function(event, ctx, cb) { return cb(null, \"hi\"); }"))
         .tracing(lambda.Tracing.getACTIVE()));

See the AWS documentation to learn more about AWS Lambda's X-Ray support.

Lambda with Profiling

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.lambda.*;
 
 Function fn = new Function(this, "MyFunction", new FunctionProps()
         .runtime(lambda.Runtime.getNODEJS_10_X())
         .handler("index.handler")
         .code(lambda.Code.fromInline("exports.handler = function(event, ctx, cb) { return cb(null, \"hi\"); }"))
         .profiling(true));

See the AWS documentation to learn more about AWS Lambda's Profiling support.

Lambda with Reserved Concurrent Executions

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.lambda.*;
 
 Function fn = new Function(this, "MyFunction", new FunctionProps()
         .runtime(lambda.Runtime.getNODEJS_10_X())
         .handler("index.handler")
         .code(lambda.Code.fromInline("exports.handler = function(event, ctx, cb) { return cb(null, \"hi\"); }"))
         .reservedConcurrentExecutions(100));

See the AWS documentation managing concurrency.

AutoScaling

You can use Application AutoScaling to automatically configure the provisioned concurrency for your functions. AutoScaling can be set to track utilization or be based on a schedule. To configure AutoScaling on a function alias: 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 var alias = Alias.Builder.create(stack, "Alias")
         .aliasName("prod")
         .version(version)
         .build();
 
 // Create AutoScaling target
 var as = alias.addAutoScaling(Map.of("maxCapacity", 50));
 
 // Configure Target Tracking
 as.scaleOnUtilization(Map.of(
         "utilizationTarget", 0.5));
 
 // Configure Scheduled Scaling
 as.scaleOnSchedule("ScaleUpInTheMorning", Map.of(
         "schedule", appscaling.Schedule.cron(Map.of("hour", "8", "minute", "0")),
         "minCapacity", 20));
 

 // Example automatically generated. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.applicationautoscaling.*;
 import software.amazon.awscdk.core.*;
 import lib.*;
 
 /**
 * Stack verification steps:
 * aws application-autoscaling describe-scalable-targets --service-namespace lambda --resource-ids function:<function name>:prod
 * has a minCapacity of 3 and maxCapacity of 50
 * /
 public class TestStack extends Stack {
     public TestStack(App scope, String id) {
         super(scope, id);
 
         Function fn = new Function(this, "MyLambda", new FunctionProps()
                 .code(new InlineCode("exports.handler = async () => {\nconsole.log('hello world');\n};"))
                 .handler("index.handler")
                 .runtime(lambda.Runtime.getNODEJS_10_X()));
 
         Version version = fn.addVersion("1", undefined, "integ-test");
 
         Alias alias = new Alias(this, "Alias", new AliasProps()
                 .aliasName("prod")
                 .version(version));
 
         IScalableFunctionAttribute scalingTarget = alias.addAutoScaling(new AutoScalingOptions().minCapacity(3).maxCapacity(50));
 
         scalingTarget.scaleOnUtilization(new UtilizationScalingOptions()
                 .utilizationTarget(0.5));
 
         scalingTarget.scaleOnSchedule("ScaleUpInTheMorning", new ScalingSchedule()
                 .schedule(appscaling.Schedule.cron(new CronOptions().hour("8").minute("0")))
                 .minCapacity(20));
 
         scalingTarget.scaleOnSchedule("ScaleDownAtNight", new ScalingSchedule()
                 .schedule(appscaling.Schedule.cron(new CronOptions().hour("20").minute("0")))
                 .maxCapacity(20));
 
         new CfnOutput(this, "FunctionName", new CfnOutputProps()
                 .value(fn.getFunctionName()));
     }
 }
 
 App app = new App();
 
 new TestStack(app, "aws-lambda-autoscaling");
 
 app.synth();

See the AWS documentation on autoscaling lambda functions.

Log Group

Lambda functions automatically create a log group with the name /aws/lambda/<function-name> upon first execution with log data set to never expire.

The logRetention property can be used to set a different expiration period.

It is possible to obtain the function's log group as a logs.ILogGroup by calling the logGroup property of the Function construct.

By default, CDK uses the AWS SDK retry options when creating a log group. The logRetentionRetryOptions property allows you to customize the maximum number of retries and base backoff duration.

Note that, if either logRetention is set or logGroup property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further note that, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

FileSystem Access

You can configure a function to mount an Amazon Elastic File System (Amazon EFS) to a directory in your runtime environment with the filesystem property. To access Amazon EFS from lambda function, the Amazon EFS access point will be required.

The following sample allows the lambda function to mount the Amazon EFS access point to /mnt/msg in the runtime environment and access the filesystem with the POSIX identity defined in posixUser. 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 // create a new Amazon EFS filesystem
 var fileSystem = FileSystem.Builder.create(stack, "Efs").vpc(vpc).build();
 
 // create a new access point from the filesystem
 var accessPoint = fileSystem.addAccessPoint("AccessPoint", Map.of(
         // set /export/lambda as the root of the access point
         "path", "/export/lambda",
         // as /export/lambda does not exist in a new efs filesystem, the efs will create the directory with the following createAcl
         "createAcl", Map.of(
                 "ownerUid", "1001",
                 "ownerGid", "1001",
                 "permissions", "750"),
         // enforce the POSIX identity so lambda function will access with this identity
         "posixUser", Map.of(
                 "uid", "1001",
                 "gid", "1001")));
 
 var fn = Function.Builder.create(stack, "MyLambda")
         .code(code)
         .handler(handler)
         .runtime(runtime)
         .vpc(vpc)
         // mount the access point to /mnt/msg in the lambda runtime environment
         .filesystem(lambda.FileSystem.fromEfsAccessPoint(accessPoint, "/mnt/msg"))
         .build();

Singleton Function

The SingletonFunction construct is a way to guarantee that a lambda function will be guaranteed to be part of the stack, once and only once, irrespective of how many times the construct is declared to be part of the stack. This is guaranteed as long as the uuid property and the optional lambdaPurpose property stay the same whenever they're declared into the stack.

A typical use case of this function is when a higher level construct needs to declare a Lambda function as part of it but needs to guarantee that the function is declared once. However, a user of this higher level construct can declare it any number of times and with different properties. Using SingletonFunction here with a fixed uuid will guarantee this.

For example, the LogRetention construct requires only one single lambda function for all different log groups whose retention it seeks to manage.

Bundling Asset Code

When using lambda.Code.fromAsset(path) it is possible to bundle the code by running a command in a Docker container. The asset path will be mounted at /asset-input. The Docker container is responsible for putting content at /asset-output. The content at /asset-output will be zipped and used as Lambda code.

Example with Python: 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 Function.Builder.create(this, "Function")
         .code(lambda.Code.fromAsset(path.join(__dirname, "my-python-handler"), Map.of(
                 "bundling", Map.of(
                         "image", lambda.Runtime.PYTHON_3_6.getBundlingDockerImage(),
                         "command", asList("bash", "-c", "\n        pip install -r requirements.txt -t /asset-output &&\n        cp -au . /asset-output\n        ")))))
         .runtime(lambda.Runtime.getPYTHON_3_6())
         .handler("index.handler")
         .build();

Runtimes expose a bundlingDockerImage property that points to the AWS SAM build image.

Use cdk.BundlingDockerImage.fromRegistry(image) to use an existing image or cdk.BundlingDockerImage.fromAsset(path) to build a specific image: 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.core.*;
 
 Function.Builder.create(this, "Function")
         .code(lambda.Code.fromAsset("/path/to/handler", Map.of(
                 "bundling", Map.of(
                         "image", cdk.BundlingDockerImage.fromAsset("/path/to/dir/with/DockerFile", new DockerBuildOptions()
                                 .buildArgs(Map.of(
                                         "ARG1", "value1"))),
                         "command", asList("my", "cool", "command")))))
         .build();

Language-specific APIs

Language-specific higher level constructs are provided in separate modules:

Skip navigation links

Copyright © 2020. All rights reserved.