github.com/koding/terraform@v0.6.4-0.20170608090606-5d7e0339779d/website/source/docs/providers/aws/r/lambda_function.html.markdown (about) 1 --- 2 layout: "aws" 3 page_title: "AWS: aws_lambda_function" 4 sidebar_current: "docs-aws-resource-lambda-function" 5 description: |- 6 Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS. The Lambda Function itself includes source code and runtime configuration. 7 --- 8 9 # aws\_lambda\_function 10 11 Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS. The Lambda Function itself includes source code and runtime configuration. 12 13 For information about Lambda and how to use it, see [What is AWS Lambda?][1] 14 15 ## Example Usage 16 17 ```hcl 18 resource "aws_iam_role" "iam_for_lambda" { 19 name = "iam_for_lambda" 20 21 assume_role_policy = <<EOF 22 { 23 "Version": "2012-10-17", 24 "Statement": [ 25 { 26 "Action": "sts:AssumeRole", 27 "Principal": { 28 "Service": "lambda.amazonaws.com" 29 }, 30 "Effect": "Allow", 31 "Sid": "" 32 } 33 ] 34 } 35 EOF 36 } 37 38 resource "aws_lambda_function" "test_lambda" { 39 filename = "lambda_function_payload.zip" 40 function_name = "lambda_function_name" 41 role = "${aws_iam_role.iam_for_lambda.arn}" 42 handler = "exports.test" 43 source_code_hash = "${base64sha256(file("lambda_function_payload.zip"))}" 44 runtime = "nodejs4.3" 45 46 environment { 47 variables = { 48 foo = "bar" 49 } 50 } 51 } 52 ``` 53 54 ## Specifying the Deployment Package 55 56 AWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which `runtime` is in use. 57 See [Runtimes][6] for the valid values of `runtime`. The expected structure of the deployment package can be found in 58 [the AWS Lambda documentation for each runtime][8]. 59 60 Once you have created your deployment package you can specify it either directly as a local file (using the `filename` argument) or 61 indirectly via Amazon S3 (using the `s3_bucket`, `s3_key` and `s3_object_version` arguments). When providing the deployment 62 package via S3 it may be useful to use [the `aws_s3_bucket_object` resource](s3_bucket_object.html) to upload it. 63 64 For larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading 65 large files efficiently. 66 67 ## Argument Reference 68 69 * `filename` - (Optional) The path to the function's deployment package within the local filesystem. If defined, The `s3_`-prefixed options cannot be used. 70 * `s3_bucket` - (Optional) The S3 bucket location containing the function's deployment package. Conflicts with `filename`. 71 * `s3_key` - (Optional) The S3 key of an object containing the function's deployment package. Conflicts with `filename`. 72 * `s3_object_version` - (Optional) The object version containing the function's deployment package. Conflicts with `filename`. 73 * `function_name` - (Required) A unique name for your Lambda Function. 74 * `dead_letter_config` - (Optional) Nested block to configure the function's *dead letter queue*. See details below. 75 * `handler` - (Required) The function [entrypoint][3] in your code. 76 * `role` - (Required) IAM role attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See [Lambda Permission Model][4] for more details. 77 * `description` - (Optional) Description of what your Lambda Function does. 78 * `memory_size` - (Optional) Amount of memory in MB your Lambda Function can use at runtime. Defaults to `128`. See [Limits][5] 79 * `runtime` - (Required) See [Runtimes][6] for valid values. 80 * `timeout` - (Optional) The amount of time your Lambda Function has to run in seconds. Defaults to `3`. See [Limits][5] 81 * `publish` - (Optional) Whether to publish creation/change as new Lambda Function Version. Defaults to `false`. 82 * `vpc_config` - (Optional) Provide this to allow your function to access your VPC. Fields documented below. See [Lambda in VPC][7] 83 * `environment` - (Optional) The Lambda environment's configuration settings. Fields documented below. 84 * `kms_key_arn` - (Optional) The ARN for the KMS encryption key. 85 * `source_code_hash` - (Optional) Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either `filename` or `s3_key`. The usual way to set this is `${base64sha256(file("file.zip"))}`, where "file.zip" is the local filename of the lambda function source archive. 86 * `tags` - (Optional) A mapping of tags to assign to the object. 87 88 **dead_letter_config** is a child block with a single argument: 89 90 * `target_arn` - (Required) The ARN of an SNS topic or SQS queue to notify when an invocation fails. If this 91 option is used, the function's IAM role must be granted suitable access to write to the target object, 92 which means allowing either the `sns:Publish` or `sqs:SendMessage` action on this ARN, depending on 93 which service is targeted. 94 95 **tracing_config** is a child block with a single argument: 96 97 * `mode` - (Required) Can be either `PassThrough` or `Active`. If PassThrough, Lambda will only trace 98 the request from an upstream service if it contains a tracing header with 99 "sampled=1". If Active, Lambda will respect any tracing header it receives 100 from an upstream service. If no tracing header is received, Lambda will call 101 X-Ray for a tracing decision. 102 103 **vpc\_config** requires the following: 104 105 * `subnet_ids` - (Required) A list of subnet IDs associated with the Lambda function. 106 * `security_group_ids` - (Required) A list of security group IDs associated with the Lambda function. 107 108 ~> **NOTE:** if both `subnet_ids` and `security_group_ids` are empty then vpc_config is considered to be empty or unset. 109 110 For **environment** the following attributes are supported: 111 112 * `variables` - (Optional) A map that defines environment variables for the Lambda function. 113 114 ## Attributes Reference 115 116 * `arn` - The Amazon Resource Name (ARN) identifying your Lambda Function. 117 * `qualified_arn` - The Amazon Resource Name (ARN) identifying your Lambda Function Version 118 (if versioning is enabled via `publish = true`). 119 * `invoke_arn` - The ARN to be used for invoking Lambda Function from API Gateway - to be used in [`aws_api_gateway_integration`](/docs/providers/aws/r/api_gateway_integration.html)'s `uri` 120 * `version` - Latest published version of your Lambda Function. 121 * `last_modified` - The date this resource was last modified. 122 * `kms_key_arn` - (Optional) The ARN for the KMS encryption key. 123 * `source_code_hash` - Base64-encoded representation of raw SHA-256 sum of the zip file 124 provided either via `filename` or `s3_*` parameters. 125 126 [1]: https://docs.aws.amazon.com/lambda/latest/dg/welcome.html 127 [2]: https://docs.aws.amazon.com/lambda/latest/dg/walkthrough-s3-events-adminuser-create-test-function-create-function.html 128 [3]: https://docs.aws.amazon.com/lambda/latest/dg/walkthrough-custom-events-create-test-function.html 129 [4]: https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html 130 [5]: https://docs.aws.amazon.com/lambda/latest/dg/limits.html 131 [6]: https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime 132 [7]: http://docs.aws.amazon.com/lambda/latest/dg/vpc.html 133 [8]: https://docs.aws.amazon.com/lambda/latest/dg/deployment-package-v2.html 134 135 ## Import 136 137 Lambda Functions can be imported using the `function_name`, e.g. 138 139 ``` 140 $ terraform import aws_lambda_function.test_lambda my_test_lambda_function 141 ```