Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The lambdaFunctions resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AwsConnector/lambdaFunctions resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.AwsConnector/lambdaFunctions@2024-12-01' = {
location: 'string'
name: 'string'
properties: {
arn: 'string'
awsAccountId: 'string'
awsProperties: {
architectures: [
'string'
]
arn: 'string'
code: {
imageUri: 'string'
s3Bucket: 'string'
s3Key: 'string'
s3ObjectVersion: 'string'
zipFile: 'string'
}
codeSigningConfigArn: 'string'
deadLetterConfig: {
targetArn: 'string'
}
description: 'string'
environment: {
variables: {
{customized property}: 'string'
}
}
ephemeralStorage: {
size: int
}
fileSystemConfigs: [
{
arn: 'string'
localMountPath: 'string'
}
]
functionName: 'string'
handler: 'string'
imageConfig: {
command: [
'string'
]
entryPoint: [
'string'
]
workingDirectory: 'string'
}
kmsKeyArn: 'string'
layers: [
'string'
]
loggingConfig: {
applicationLogLevel: 'string'
logFormat: 'string'
logGroup: 'string'
systemLogLevel: 'string'
}
memorySize: int
packageType: 'string'
reservedConcurrentExecutions: int
role: 'string'
runtime: 'string'
runtimeManagementConfig: {
runtimeVersionArn: 'string'
updateRuntimeOn: 'string'
}
snapStart: {
applyOn: 'string'
}
snapStartResponse: {
applyOn: 'string'
optimizationStatus: 'string'
}
tags: [
{
key: 'string'
value: 'string'
}
]
timeout: int
tracingConfig: {
mode: 'string'
}
vpcConfig: {
ipv6AllowedForDualStack: bool
securityGroupIds: [
'string'
]
subnetIds: [
'string'
]
}
}
awsRegion: 'string'
awsSourceSchema: 'string'
awsTags: {
{customized property}: 'string'
}
publicCloudConnectorsResourceId: 'string'
publicCloudResourceName: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.AwsConnector/lambdaFunctions
| Name | Description | Value |
|---|---|---|
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required) |
| properties | The resource-specific properties for this resource. | LambdaFunctionProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
AwsLambdaFunctionProperties
| Name | Description | Value |
|---|---|---|
| architectures | The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is x86_64. |
String array containing any of: 'arm64' 'x86_64' |
| arn | Property arn | string |
| code | The code for the function. The deployment package for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template. Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template. | Code |
| codeSigningConfigArn | To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. | string |
| deadLetterConfig | A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see Dead-letter queues. The dead-letter queue for failed asynchronous invocations. | DeadLetterConfig |
| description | A description of the function. | string |
| environment | Environment variables that are accessible from function code during execution. A function's environment variable settings. You can use environment variables to adjust your function's behavior without updating code. An environment variable is a pair of strings that are stored in a function's version-specific configuration. | Environment |
| ephemeralStorage | The size of the function's /tmp directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB. The size of the function's /tmp directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB. |
EphemeralStorageAutoGenerated |
| fileSystemConfigs | Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an AWS::EFS::MountTarget resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function. For more information about using the DependsOn attribute, see DependsOn Attribute. |
FileSystemConfig[] |
| functionName | The name of the Lambda function, up to 64 characters in length. If you don't specify a name, CFN generates one. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. | string |
| handler | The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see Lambda programming model. | string |
| imageConfig | Configuration values that override the container image Dockerfile settings. For more information, see Container image settings. Configuration values that override the container image Dockerfile settings. For more information, see Container image settings. | ImageConfig |
| kmsKeyArn | The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's environment variables. When Lambda SnapStart is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key. | string |
| layers | A list of function layers to add to the function's execution environment. Specify each layer by its ARN, including the version. | string[] |
| loggingConfig | The function's Amazon CloudWatch Logs configuration settings. The function's Amazon CloudWatch Logs configuration settings. | LoggingConfig |
| memorySize | The amount of memory available to the function at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase. | int |
| packageType | The type of deployment package. Set to Image for container image and set Zip for .zip file archive. |
'Image' 'Zip' |
| reservedConcurrentExecutions | The number of simultaneous executions to reserve for the function. | int |
| role | The Amazon Resource Name (ARN) of the function's execution role. | string |
| runtime | The identifier of the function's runtime. Runtime is required if the deployment package is a .zip file archive. The following list includes deprecated runtimes. For more information, see Runtime deprecation policy. | string |
| runtimeManagementConfig | Sets the runtime management configuration for a function's version. For more information, see Runtime updates. Sets the runtime management configuration for a function's version. For more information, see Runtime updates. | RuntimeManagementConfig |
| snapStart | The function's SnapStart setting. The function's SnapStart setting. | SnapStart |
| snapStartResponse | The function's SnapStart setting. | SnapStartResponse |
| tags | A list of tags to apply to the function. | TagAutoGenerated36[] |
| timeout | The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see Lambda execution environment. | int |
| tracingConfig | Set Mode to Active to sample and trace a subset of incoming requests with X-Ray. The function's tracing configuration. To sample and record incoming requests, set Mode to Active. |
TracingConfig |
| vpcConfig | For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see Configuring a Lambda function to access resources in a VPC. The VPC security groups and subnets that are attached to a Lambda function. When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see VPC Settings. When you delete a function, CFN monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before CFN can delete the VPC's resources. To monitor network interfaces, CFN needs the ec2:DescribeNetworkInterfaces permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, CFN does not wait for network interfaces to be deleted. |
VpcConfigAutoGenerated |
Code
| Name | Description | Value |
|---|---|---|
| imageUri | URI of a container image in the Amazon ECR registry. | string |
| s3Bucket | An Amazon S3 bucket in the same AWS-Region as your function. The bucket can be in a different AWS-account. | string |
| s3Key | The Amazon S3 key of the deployment package. | string |
| s3ObjectVersion | For versioned objects, the version of the deployment package object to use. | string |
| zipFile | (Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, CFN places it in a file named index and zips it to create a deployment package. This zip file cannot exceed 4MB. For the Handler property, the first part of the handler identifier must be index. For example, index.handler. For JSON, you must escape quotes and special characters such as newline (\n) with a backslash. If you specify a function that interacts with an AWS CloudFormation custom resource, you don't have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module (cfn-response) that simplifies sending responses. See Using Lambda with CloudFormation for details. |
string |
DeadLetterConfig
| Name | Description | Value |
|---|---|---|
| targetArn | The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic. | string |
Environment
| Name | Description | Value |
|---|---|---|
| variables | Environment variable key-value pairs. For more information, see Using Lambda environment variables. | EnvironmentVariables |
EnvironmentVariables
| Name | Description | Value |
|---|
EphemeralStorageAutoGenerated
| Name | Description | Value |
|---|---|---|
| size | The size of the function's /tmp directory. |
int |
FileSystemConfig
| Name | Description | Value |
|---|---|---|
| arn | The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system. | string |
| localMountPath | The path where the function can access the file system, starting with /mnt/. |
string |
ImageConfig
| Name | Description | Value |
|---|---|---|
| command | Specifies parameters that you want to pass in with ENTRYPOINT. You can specify a maximum of 1,500 parameters in the list. | string[] |
| entryPoint | Specifies the entry point to their application, which is typically the location of the runtime executable. You can specify a maximum of 1,500 string entries in the list. | string[] |
| workingDirectory | Specifies the working directory. The length of the directory string cannot exceed 1,000 characters. | string |
LambdaFunctionProperties
| Name | Description | Value |
|---|---|---|
| arn | Amazon Resource Name (ARN) | string |
| awsAccountId | AWS Account ID | string |
| awsProperties | AWS Properties | AwsLambdaFunctionProperties |
| awsRegion | AWS Region | string |
| awsSourceSchema | AWS Source Schema | string |
| awsTags | AWS Tags | LambdaFunctionPropertiesAwsTags |
| publicCloudConnectorsResourceId | Public Cloud Connectors Resource ID | string |
| publicCloudResourceName | Public Cloud Resource Name | string |
LambdaFunctionPropertiesAwsTags
| Name | Description | Value |
|---|
LoggingConfig
| Name | Description | Value |
|---|---|---|
| applicationLogLevel | Set this property to filter the application logs for your function that Lambda sends to CloudWatch. Lambda only sends application logs at the selected level of detail and lower, where TRACE is the highest level and FATAL is the lowest. |
'DEBUG' 'ERROR' 'FATAL' 'INFO' 'TRACE' 'WARN' |
| logFormat | The format in which Lambda sends your function's application and system logs to CloudWatch. Select between plain text and structured JSON. | 'JSON' 'Text' |
| logGroup | The name of the Amazon CloudWatch log group the function sends logs to. By default, Lambda functions send logs to a default log group named /aws/lambda/<function name>. To use a different log group, enter an existing log group or enter a new log group name. |
string |
| systemLogLevel | Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the selected level of detail and lower, where DEBUG is the highest level and WARN is the lowest. |
'DEBUG' 'INFO' 'WARN' |
RuntimeManagementConfig
| Name | Description | Value |
|---|---|---|
| runtimeVersionArn | The ARN of the runtime version you want the function to use. This is only required if you're using the Manual runtime update mode. | string |
| updateRuntimeOn | Specify the runtime update mode. + Auto (default) - Automatically update to the most recent and secure runtime version using a Two-phase runtime version rollout. This is the best choice for most customers to ensure they always benefit from runtime updates. + FunctionUpdate - LAM updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date. + Manual - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see Roll back a runtime version. Valid Values: Auto | FunctionUpdate | Manual |
'Auto' 'FunctionUpdate' 'Manual' |
SnapStart
| Name | Description | Value |
|---|---|---|
| applyOn | Set ApplyOn to PublishedVersions to create a snapshot of the initialized execution environment when you publish a function version. |
'None' 'PublishedVersions' |
SnapStartResponse
| Name | Description | Value |
|---|---|---|
| applyOn | When set to PublishedVersions, Lambda creates a snapshot of the execution environment when you publish a function version. |
'None' 'PublishedVersions' |
| optimizationStatus | When you provide a qualified Amazon Resource Name (ARN), this response element indicates whether SnapStart is activated for the specified function version. | 'Off' 'On' |
TagAutoGenerated36
| Name | Description | Value |
|---|---|---|
| key | Property key | string |
| value | Property value | string |
TracingConfig
| Name | Description | Value |
|---|---|---|
| mode | The tracing mode. | 'Active' 'PassThrough' |
TrackedResourceTags
| Name | Description | Value |
|---|
VpcConfigAutoGenerated
| Name | Description | Value |
|---|---|---|
| ipv6AllowedForDualStack | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. | bool |
| securityGroupIds | A list of VPC security group IDs. | string[] |
| subnetIds | A list of VPC subnet IDs. | string[] |
ARM template resource definition
The lambdaFunctions resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AwsConnector/lambdaFunctions resource, add the following JSON to your template.
{
"type": "Microsoft.AwsConnector/lambdaFunctions",
"apiVersion": "2024-12-01",
"name": "string",
"location": "string",
"properties": {
"arn": "string",
"awsAccountId": "string",
"awsProperties": {
"architectures": [ "string" ],
"arn": "string",
"code": {
"imageUri": "string",
"s3Bucket": "string",
"s3Key": "string",
"s3ObjectVersion": "string",
"zipFile": "string"
},
"codeSigningConfigArn": "string",
"deadLetterConfig": {
"targetArn": "string"
},
"description": "string",
"environment": {
"variables": {
"{customized property}": "string"
}
},
"ephemeralStorage": {
"size": "int"
},
"fileSystemConfigs": [
{
"arn": "string",
"localMountPath": "string"
}
],
"functionName": "string",
"handler": "string",
"imageConfig": {
"command": [ "string" ],
"entryPoint": [ "string" ],
"workingDirectory": "string"
},
"kmsKeyArn": "string",
"layers": [ "string" ],
"loggingConfig": {
"applicationLogLevel": "string",
"logFormat": "string",
"logGroup": "string",
"systemLogLevel": "string"
},
"memorySize": "int",
"packageType": "string",
"reservedConcurrentExecutions": "int",
"role": "string",
"runtime": "string",
"runtimeManagementConfig": {
"runtimeVersionArn": "string",
"updateRuntimeOn": "string"
},
"snapStart": {
"applyOn": "string"
},
"snapStartResponse": {
"applyOn": "string",
"optimizationStatus": "string"
},
"tags": [
{
"key": "string",
"value": "string"
}
],
"timeout": "int",
"tracingConfig": {
"mode": "string"
},
"vpcConfig": {
"ipv6AllowedForDualStack": "bool",
"securityGroupIds": [ "string" ],
"subnetIds": [ "string" ]
}
},
"awsRegion": "string",
"awsSourceSchema": "string",
"awsTags": {
"{customized property}": "string"
},
"publicCloudConnectorsResourceId": "string",
"publicCloudResourceName": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.AwsConnector/lambdaFunctions
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2024-12-01' |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required) |
| properties | The resource-specific properties for this resource. | LambdaFunctionProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.AwsConnector/lambdaFunctions' |
AwsLambdaFunctionProperties
| Name | Description | Value |
|---|---|---|
| architectures | The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is x86_64. |
String array containing any of: 'arm64' 'x86_64' |
| arn | Property arn | string |
| code | The code for the function. The deployment package for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template. Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template. | Code |
| codeSigningConfigArn | To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. | string |
| deadLetterConfig | A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see Dead-letter queues. The dead-letter queue for failed asynchronous invocations. | DeadLetterConfig |
| description | A description of the function. | string |
| environment | Environment variables that are accessible from function code during execution. A function's environment variable settings. You can use environment variables to adjust your function's behavior without updating code. An environment variable is a pair of strings that are stored in a function's version-specific configuration. | Environment |
| ephemeralStorage | The size of the function's /tmp directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB. The size of the function's /tmp directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB. |
EphemeralStorageAutoGenerated |
| fileSystemConfigs | Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an AWS::EFS::MountTarget resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function. For more information about using the DependsOn attribute, see DependsOn Attribute. |
FileSystemConfig[] |
| functionName | The name of the Lambda function, up to 64 characters in length. If you don't specify a name, CFN generates one. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. | string |
| handler | The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see Lambda programming model. | string |
| imageConfig | Configuration values that override the container image Dockerfile settings. For more information, see Container image settings. Configuration values that override the container image Dockerfile settings. For more information, see Container image settings. | ImageConfig |
| kmsKeyArn | The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's environment variables. When Lambda SnapStart is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key. | string |
| layers | A list of function layers to add to the function's execution environment. Specify each layer by its ARN, including the version. | string[] |
| loggingConfig | The function's Amazon CloudWatch Logs configuration settings. The function's Amazon CloudWatch Logs configuration settings. | LoggingConfig |
| memorySize | The amount of memory available to the function at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase. | int |
| packageType | The type of deployment package. Set to Image for container image and set Zip for .zip file archive. |
'Image' 'Zip' |
| reservedConcurrentExecutions | The number of simultaneous executions to reserve for the function. | int |
| role | The Amazon Resource Name (ARN) of the function's execution role. | string |
| runtime | The identifier of the function's runtime. Runtime is required if the deployment package is a .zip file archive. The following list includes deprecated runtimes. For more information, see Runtime deprecation policy. | string |
| runtimeManagementConfig | Sets the runtime management configuration for a function's version. For more information, see Runtime updates. Sets the runtime management configuration for a function's version. For more information, see Runtime updates. | RuntimeManagementConfig |
| snapStart | The function's SnapStart setting. The function's SnapStart setting. | SnapStart |
| snapStartResponse | The function's SnapStart setting. | SnapStartResponse |
| tags | A list of tags to apply to the function. | TagAutoGenerated36[] |
| timeout | The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see Lambda execution environment. | int |
| tracingConfig | Set Mode to Active to sample and trace a subset of incoming requests with X-Ray. The function's tracing configuration. To sample and record incoming requests, set Mode to Active. |
TracingConfig |
| vpcConfig | For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see Configuring a Lambda function to access resources in a VPC. The VPC security groups and subnets that are attached to a Lambda function. When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see VPC Settings. When you delete a function, CFN monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before CFN can delete the VPC's resources. To monitor network interfaces, CFN needs the ec2:DescribeNetworkInterfaces permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, CFN does not wait for network interfaces to be deleted. |
VpcConfigAutoGenerated |
Code
| Name | Description | Value |
|---|---|---|
| imageUri | URI of a container image in the Amazon ECR registry. | string |
| s3Bucket | An Amazon S3 bucket in the same AWS-Region as your function. The bucket can be in a different AWS-account. | string |
| s3Key | The Amazon S3 key of the deployment package. | string |
| s3ObjectVersion | For versioned objects, the version of the deployment package object to use. | string |
| zipFile | (Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, CFN places it in a file named index and zips it to create a deployment package. This zip file cannot exceed 4MB. For the Handler property, the first part of the handler identifier must be index. For example, index.handler. For JSON, you must escape quotes and special characters such as newline (\n) with a backslash. If you specify a function that interacts with an AWS CloudFormation custom resource, you don't have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module (cfn-response) that simplifies sending responses. See Using Lambda with CloudFormation for details. |
string |
DeadLetterConfig
| Name | Description | Value |
|---|---|---|
| targetArn | The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic. | string |
Environment
| Name | Description | Value |
|---|---|---|
| variables | Environment variable key-value pairs. For more information, see Using Lambda environment variables. | EnvironmentVariables |
EnvironmentVariables
| Name | Description | Value |
|---|
EphemeralStorageAutoGenerated
| Name | Description | Value |
|---|---|---|
| size | The size of the function's /tmp directory. |
int |
FileSystemConfig
| Name | Description | Value |
|---|---|---|
| arn | The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system. | string |
| localMountPath | The path where the function can access the file system, starting with /mnt/. |
string |
ImageConfig
| Name | Description | Value |
|---|---|---|
| command | Specifies parameters that you want to pass in with ENTRYPOINT. You can specify a maximum of 1,500 parameters in the list. | string[] |
| entryPoint | Specifies the entry point to their application, which is typically the location of the runtime executable. You can specify a maximum of 1,500 string entries in the list. | string[] |
| workingDirectory | Specifies the working directory. The length of the directory string cannot exceed 1,000 characters. | string |
LambdaFunctionProperties
| Name | Description | Value |
|---|---|---|
| arn | Amazon Resource Name (ARN) | string |
| awsAccountId | AWS Account ID | string |
| awsProperties | AWS Properties | AwsLambdaFunctionProperties |
| awsRegion | AWS Region | string |
| awsSourceSchema | AWS Source Schema | string |
| awsTags | AWS Tags | LambdaFunctionPropertiesAwsTags |
| publicCloudConnectorsResourceId | Public Cloud Connectors Resource ID | string |
| publicCloudResourceName | Public Cloud Resource Name | string |
LambdaFunctionPropertiesAwsTags
| Name | Description | Value |
|---|
LoggingConfig
| Name | Description | Value |
|---|---|---|
| applicationLogLevel | Set this property to filter the application logs for your function that Lambda sends to CloudWatch. Lambda only sends application logs at the selected level of detail and lower, where TRACE is the highest level and FATAL is the lowest. |
'DEBUG' 'ERROR' 'FATAL' 'INFO' 'TRACE' 'WARN' |
| logFormat | The format in which Lambda sends your function's application and system logs to CloudWatch. Select between plain text and structured JSON. | 'JSON' 'Text' |
| logGroup | The name of the Amazon CloudWatch log group the function sends logs to. By default, Lambda functions send logs to a default log group named /aws/lambda/<function name>. To use a different log group, enter an existing log group or enter a new log group name. |
string |
| systemLogLevel | Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the selected level of detail and lower, where DEBUG is the highest level and WARN is the lowest. |
'DEBUG' 'INFO' 'WARN' |
RuntimeManagementConfig
| Name | Description | Value |
|---|---|---|
| runtimeVersionArn | The ARN of the runtime version you want the function to use. This is only required if you're using the Manual runtime update mode. | string |
| updateRuntimeOn | Specify the runtime update mode. + Auto (default) - Automatically update to the most recent and secure runtime version using a Two-phase runtime version rollout. This is the best choice for most customers to ensure they always benefit from runtime updates. + FunctionUpdate - LAM updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date. + Manual - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see Roll back a runtime version. Valid Values: Auto | FunctionUpdate | Manual |
'Auto' 'FunctionUpdate' 'Manual' |
SnapStart
| Name | Description | Value |
|---|---|---|
| applyOn | Set ApplyOn to PublishedVersions to create a snapshot of the initialized execution environment when you publish a function version. |
'None' 'PublishedVersions' |
SnapStartResponse
| Name | Description | Value |
|---|---|---|
| applyOn | When set to PublishedVersions, Lambda creates a snapshot of the execution environment when you publish a function version. |
'None' 'PublishedVersions' |
| optimizationStatus | When you provide a qualified Amazon Resource Name (ARN), this response element indicates whether SnapStart is activated for the specified function version. | 'Off' 'On' |
TagAutoGenerated36
| Name | Description | Value |
|---|---|---|
| key | Property key | string |
| value | Property value | string |
TracingConfig
| Name | Description | Value |
|---|---|---|
| mode | The tracing mode. | 'Active' 'PassThrough' |
TrackedResourceTags
| Name | Description | Value |
|---|
VpcConfigAutoGenerated
| Name | Description | Value |
|---|---|---|
| ipv6AllowedForDualStack | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. | bool |
| securityGroupIds | A list of VPC security group IDs. | string[] |
| subnetIds | A list of VPC subnet IDs. | string[] |
Usage Examples
Terraform (AzAPI provider) resource definition
The lambdaFunctions resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AwsConnector/lambdaFunctions resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.AwsConnector/lambdaFunctions@2024-12-01"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
arn = "string"
awsAccountId = "string"
awsProperties = {
architectures = [
"string"
]
arn = "string"
code = {
imageUri = "string"
s3Bucket = "string"
s3Key = "string"
s3ObjectVersion = "string"
zipFile = "string"
}
codeSigningConfigArn = "string"
deadLetterConfig = {
targetArn = "string"
}
description = "string"
environment = {
variables = {
{customized property} = "string"
}
}
ephemeralStorage = {
size = int
}
fileSystemConfigs = [
{
arn = "string"
localMountPath = "string"
}
]
functionName = "string"
handler = "string"
imageConfig = {
command = [
"string"
]
entryPoint = [
"string"
]
workingDirectory = "string"
}
kmsKeyArn = "string"
layers = [
"string"
]
loggingConfig = {
applicationLogLevel = "string"
logFormat = "string"
logGroup = "string"
systemLogLevel = "string"
}
memorySize = int
packageType = "string"
reservedConcurrentExecutions = int
role = "string"
runtime = "string"
runtimeManagementConfig = {
runtimeVersionArn = "string"
updateRuntimeOn = "string"
}
snapStart = {
applyOn = "string"
}
snapStartResponse = {
applyOn = "string"
optimizationStatus = "string"
}
tags = [
{
key = "string"
value = "string"
}
]
timeout = int
tracingConfig = {
mode = "string"
}
vpcConfig = {
ipv6AllowedForDualStack = bool
securityGroupIds = [
"string"
]
subnetIds = [
"string"
]
}
}
awsRegion = "string"
awsSourceSchema = "string"
awsTags = {
{customized property} = "string"
}
publicCloudConnectorsResourceId = "string"
publicCloudResourceName = "string"
}
}
}
Property Values
Microsoft.AwsConnector/lambdaFunctions
| Name | Description | Value |
|---|---|---|
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^(?=.{0,259}[^\s.]$)(?!.*[<>%&\?/#]) (required) |
| properties | The resource-specific properties for this resource. | LambdaFunctionProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.AwsConnector/lambdaFunctions@2024-12-01" |
AwsLambdaFunctionProperties
| Name | Description | Value |
|---|---|---|
| architectures | The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is x86_64. |
String array containing any of: 'arm64' 'x86_64' |
| arn | Property arn | string |
| code | The code for the function. The deployment package for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template. Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template. | Code |
| codeSigningConfigArn | To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. | string |
| deadLetterConfig | A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see Dead-letter queues. The dead-letter queue for failed asynchronous invocations. | DeadLetterConfig |
| description | A description of the function. | string |
| environment | Environment variables that are accessible from function code during execution. A function's environment variable settings. You can use environment variables to adjust your function's behavior without updating code. An environment variable is a pair of strings that are stored in a function's version-specific configuration. | Environment |
| ephemeralStorage | The size of the function's /tmp directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB. The size of the function's /tmp directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB. |
EphemeralStorageAutoGenerated |
| fileSystemConfigs | Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an AWS::EFS::MountTarget resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function. For more information about using the DependsOn attribute, see DependsOn Attribute. |
FileSystemConfig[] |
| functionName | The name of the Lambda function, up to 64 characters in length. If you don't specify a name, CFN generates one. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. | string |
| handler | The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see Lambda programming model. | string |
| imageConfig | Configuration values that override the container image Dockerfile settings. For more information, see Container image settings. Configuration values that override the container image Dockerfile settings. For more information, see Container image settings. | ImageConfig |
| kmsKeyArn | The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's environment variables. When Lambda SnapStart is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key. | string |
| layers | A list of function layers to add to the function's execution environment. Specify each layer by its ARN, including the version. | string[] |
| loggingConfig | The function's Amazon CloudWatch Logs configuration settings. The function's Amazon CloudWatch Logs configuration settings. | LoggingConfig |
| memorySize | The amount of memory available to the function at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase. | int |
| packageType | The type of deployment package. Set to Image for container image and set Zip for .zip file archive. |
'Image' 'Zip' |
| reservedConcurrentExecutions | The number of simultaneous executions to reserve for the function. | int |
| role | The Amazon Resource Name (ARN) of the function's execution role. | string |
| runtime | The identifier of the function's runtime. Runtime is required if the deployment package is a .zip file archive. The following list includes deprecated runtimes. For more information, see Runtime deprecation policy. | string |
| runtimeManagementConfig | Sets the runtime management configuration for a function's version. For more information, see Runtime updates. Sets the runtime management configuration for a function's version. For more information, see Runtime updates. | RuntimeManagementConfig |
| snapStart | The function's SnapStart setting. The function's SnapStart setting. | SnapStart |
| snapStartResponse | The function's SnapStart setting. | SnapStartResponse |
| tags | A list of tags to apply to the function. | TagAutoGenerated36[] |
| timeout | The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see Lambda execution environment. | int |
| tracingConfig | Set Mode to Active to sample and trace a subset of incoming requests with X-Ray. The function's tracing configuration. To sample and record incoming requests, set Mode to Active. |
TracingConfig |
| vpcConfig | For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see Configuring a Lambda function to access resources in a VPC. The VPC security groups and subnets that are attached to a Lambda function. When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see VPC Settings. When you delete a function, CFN monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before CFN can delete the VPC's resources. To monitor network interfaces, CFN needs the ec2:DescribeNetworkInterfaces permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, CFN does not wait for network interfaces to be deleted. |
VpcConfigAutoGenerated |
Code
| Name | Description | Value |
|---|---|---|
| imageUri | URI of a container image in the Amazon ECR registry. | string |
| s3Bucket | An Amazon S3 bucket in the same AWS-Region as your function. The bucket can be in a different AWS-account. | string |
| s3Key | The Amazon S3 key of the deployment package. | string |
| s3ObjectVersion | For versioned objects, the version of the deployment package object to use. | string |
| zipFile | (Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, CFN places it in a file named index and zips it to create a deployment package. This zip file cannot exceed 4MB. For the Handler property, the first part of the handler identifier must be index. For example, index.handler. For JSON, you must escape quotes and special characters such as newline (\n) with a backslash. If you specify a function that interacts with an AWS CloudFormation custom resource, you don't have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module (cfn-response) that simplifies sending responses. See Using Lambda with CloudFormation for details. |
string |
DeadLetterConfig
| Name | Description | Value |
|---|---|---|
| targetArn | The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic. | string |
Environment
| Name | Description | Value |
|---|---|---|
| variables | Environment variable key-value pairs. For more information, see Using Lambda environment variables. | EnvironmentVariables |
EnvironmentVariables
| Name | Description | Value |
|---|
EphemeralStorageAutoGenerated
| Name | Description | Value |
|---|---|---|
| size | The size of the function's /tmp directory. |
int |
FileSystemConfig
| Name | Description | Value |
|---|---|---|
| arn | The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system. | string |
| localMountPath | The path where the function can access the file system, starting with /mnt/. |
string |
ImageConfig
| Name | Description | Value |
|---|---|---|
| command | Specifies parameters that you want to pass in with ENTRYPOINT. You can specify a maximum of 1,500 parameters in the list. | string[] |
| entryPoint | Specifies the entry point to their application, which is typically the location of the runtime executable. You can specify a maximum of 1,500 string entries in the list. | string[] |
| workingDirectory | Specifies the working directory. The length of the directory string cannot exceed 1,000 characters. | string |
LambdaFunctionProperties
| Name | Description | Value |
|---|---|---|
| arn | Amazon Resource Name (ARN) | string |
| awsAccountId | AWS Account ID | string |
| awsProperties | AWS Properties | AwsLambdaFunctionProperties |
| awsRegion | AWS Region | string |
| awsSourceSchema | AWS Source Schema | string |
| awsTags | AWS Tags | LambdaFunctionPropertiesAwsTags |
| publicCloudConnectorsResourceId | Public Cloud Connectors Resource ID | string |
| publicCloudResourceName | Public Cloud Resource Name | string |
LambdaFunctionPropertiesAwsTags
| Name | Description | Value |
|---|
LoggingConfig
| Name | Description | Value |
|---|---|---|
| applicationLogLevel | Set this property to filter the application logs for your function that Lambda sends to CloudWatch. Lambda only sends application logs at the selected level of detail and lower, where TRACE is the highest level and FATAL is the lowest. |
'DEBUG' 'ERROR' 'FATAL' 'INFO' 'TRACE' 'WARN' |
| logFormat | The format in which Lambda sends your function's application and system logs to CloudWatch. Select between plain text and structured JSON. | 'JSON' 'Text' |
| logGroup | The name of the Amazon CloudWatch log group the function sends logs to. By default, Lambda functions send logs to a default log group named /aws/lambda/<function name>. To use a different log group, enter an existing log group or enter a new log group name. |
string |
| systemLogLevel | Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the selected level of detail and lower, where DEBUG is the highest level and WARN is the lowest. |
'DEBUG' 'INFO' 'WARN' |
RuntimeManagementConfig
| Name | Description | Value |
|---|---|---|
| runtimeVersionArn | The ARN of the runtime version you want the function to use. This is only required if you're using the Manual runtime update mode. | string |
| updateRuntimeOn | Specify the runtime update mode. + Auto (default) - Automatically update to the most recent and secure runtime version using a Two-phase runtime version rollout. This is the best choice for most customers to ensure they always benefit from runtime updates. + FunctionUpdate - LAM updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date. + Manual - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see Roll back a runtime version. Valid Values: Auto | FunctionUpdate | Manual |
'Auto' 'FunctionUpdate' 'Manual' |
SnapStart
| Name | Description | Value |
|---|---|---|
| applyOn | Set ApplyOn to PublishedVersions to create a snapshot of the initialized execution environment when you publish a function version. |
'None' 'PublishedVersions' |
SnapStartResponse
| Name | Description | Value |
|---|---|---|
| applyOn | When set to PublishedVersions, Lambda creates a snapshot of the execution environment when you publish a function version. |
'None' 'PublishedVersions' |
| optimizationStatus | When you provide a qualified Amazon Resource Name (ARN), this response element indicates whether SnapStart is activated for the specified function version. | 'Off' 'On' |
TagAutoGenerated36
| Name | Description | Value |
|---|---|---|
| key | Property key | string |
| value | Property value | string |
TracingConfig
| Name | Description | Value |
|---|---|---|
| mode | The tracing mode. | 'Active' 'PassThrough' |
TrackedResourceTags
| Name | Description | Value |
|---|
VpcConfigAutoGenerated
| Name | Description | Value |
|---|---|---|
| ipv6AllowedForDualStack | Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. | bool |
| securityGroupIds | A list of VPC security group IDs. | string[] |
| subnetIds | A list of VPC subnet IDs. | string[] |